Definition
Reference Monitor
A reference monitor is a component that authorises or denies access requests to system objects.
Required Properties
Non-Bypassable
All access requests to objects must pass through the reference monitor. This prevents unexpected violations of the enforced security policy.
Verifiable
The monitor should be amenable to analysis and tests. It should be verifiable that the monitor correctly enforces the security policy.
Tamper-Proof
The correct functioning of the reference monitor cannot be compromised by an attacker.
Example
File System
The component of the file system in an operating system that regulates access to files.