The invention relates to a distributed system comprised of a multitude of
computer units, so-called nodes, which are connected to one another over
a network and inside of which a local monitoring unit is provided for
applying at least one security policy incumbent upon the respective
nodes. Said monitoring unit is connected to at least one external
monitoring unit, which is located within the network and inside of which
systems of rules concerning the security policies of all nodes or of at
least one group of nodes can be stored. The invention also relates to a
method for operating a distributed system of the aforementioned type. The
invention is characterized in that the local monitoring unit is a
reference monitor (ECRM=Externally Controlled Reference Monitor) that, at
the operation system level of the respective node, controls all
operations with objects and interactions between subjects and objects
within the nodes based on the system of rules that is at least
temporarily implemented in the reference monitor (ECRM) of the respective
node.
