Privacy and security Cyber Defense Triad for Where Security Matters

Cyber defense triad components are critical for defense of both confidentiality and integrity of information, whether the sensitive information is personally identifiable information, financial transactions, industrial control systems in the critical infrastructure, or something else that matters. The reference monitor is fundamentally about access control. All access control policies fall into two classes: Discretionary Access Control (DAC) and MAC. Only a label-based MAC policy can, with high assurance, enforce secure information flow. The Reference Monitor implementation defined as a security kernel is the only proven technology for reliably achieving verifiable protection. It does not depend on unproven elegant technical solutions, such as open source for source code inspection' or gratuitous formal methods. A necessary step is to identify where high-assurance security matters for a system.