| (I) "An access control concept that refers to an abstract machine
that mediates all accesses to objects by subjects." [NCS04] (See:
security kernel.)
(C) A reference monitor should be (a) complete (i.e., it mediates
every access), (b) isolated (i.e., it cannot be modified by other
system entities), and (c) verifiable (i.e., small enough to be
subjected to analysis and tests to ensure that it is correct).
|
