A reference monitor is a system component that enforces access controls
on an object. Specifically, the reference monitor concept is an abstract
machine that mediates all access of subjects to objects. The hardware,
firmware, and software elements of a trusted computing base that
implement the reference monitor concept are called:
A.
Identification and authentication (I & A) mechanisms
B.
The auditing subsystem
C.
The security kernel
D.
The authorization database
Explanation:
The security kernel implements the reference model concept. The
reference model must have the following characteristics:
It must mediate all accesses.
It must be protected from modification.
It must be verifiable as correct.
Answer “the authorization database” is used by the reference monitor
to mediate accesses by subjects to objects. When a request for access
is received, the reference monitor refers to entries in the authorization
database to verify that the operation requested by a subject for application
to an object is permitted. The authorization database has entries or
authorizations of the form subject, object, access mode.
In answer “Identification and authentication (I & A) mechanisms”, the
I & A operation is separate from the reference monitor. The user entershis/her identification to the I & A function. Then the user must be
authenticated. Authentication is verification that the user’s claimed identity
is valid. Authentication is based on the following three factor types:
Type 1. Something you know, such as a PIN or password
Type 2. Something you have, such as an ATM card or smart card
Type 3. Something you are (physically), such as a fingerprint or
retina scan
Answer “The auditing subsystem” is a key complement to the reference
monitor. The auditing subsystem is used by the reference
monitor to keep track of the reference monitor’s activities. Examples
of such activities include the date and time of an access request, identification
of the subject and objects involved, the access privileges
requested and the result of the request.