authentication - through an ID card or biometrics before
            allowing a subject (the person) to gain access. The security
            guard may also log all activity - who enters and leaves, who
            signed in a visitor, who tried to enter but was refused - all of
            these can be logged and used for future investigation, if
            necessary. It is important to remember that the security guard
            only enforces the rules given by the owner. The security guard is
            NOT responsible for determining who should and who should
            not have access - only the owner can decide who should be let
            in, and what procedures must be followed to enable that access.
            Several simple and logical rules must apply to the reference
            monitor. The rules are:
                   1.  The access control system must mediate ALL access
                       - in other words, whenever an entity desires to
                       access. It must intercept the access request, verify
                       whether that access should be permitted and then
                       grant (or deny) access according to the rules
                       provided by the owner.
                   2.  The access control system must be testable; there
                       must be a way to validate that the access controls are
                       working correctly and only allowing appropriate
                       access to authorized personnel.
                   3.  The access control system must be protected from
                       modification or tampering -  no one should be able to
                       change the access control rules except through an
                       authorized process. The entity requesting access (the
                       subject) should not be able to change its own rules).