# Course: CS 585 03f ####################################### :TYPE:MC:1:0:C :TITLE: Separation of Duties :QUESTION:H Separation of duties if an integral part of which of the following model(s)? :ANSWER1:0:T Bell LaPadula :ANSWER2:0:T Biba :ANSWER3:0:T Chinese Wall :ANSWER4:100:T Clark Wilson :ANSWER5:0:T all of the above :ANSWER6:0:T none of the above :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Biba :QUESTION:H The Biba model is interested in which of the following property(s) of a data item? :ANSWER1:0:T accessibility :ANSWER2:0:T secrecy :ANSWER3:100:T trustability :ANSWER4:0:T all of the above :ANSWER5:0:T none of the above :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Roles and Groups :QUESTION:H The difference between a role and a group is :ANSWER1:0:T a user may be in many roles but in only one group :ANSWER2:0:T a user may be in many groups but in only one role :ANSWER3:100:T group identity is fixed while role identity is changeable :ANSWER4:0:T role identity is fixed while group identity is changeable :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Covert Channels :QUESTION:H Non interference and non deducibility are both ways of addressing the existence of covert channels. How do they differ? :ANSWER1:100:H if a system has non interference then it has non deducibility :ANSWER2:0:H if a system has non deducibility then it has non interference :ANSWER3:0:H non interference prevents someone from sending on a covert channel, non deducibility prevents someone from receiving on a covert channel :ANSWER4:0:H non deducibility prevents someone from sending on a covert channel, non interference prevents someone from receiving on a covert channel :ANSWER5:0:H non interference describes a security policy and non deducibility describes a security mechanism :ANSWER6:0:H non deducibility describes a security policy and non interference describes a security mechanism :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Biba model :QUESTION:H If a subject with a lower security clearance than an object tries to write to the object then which of the following will occur: :ANSWER1:100:T the object's level will be lowered :ANSWER2:0:T the object's level will be raised :ANSWER3:0:T the subject's level will be lowered :ANSWER4:0:T the subject's level will be raised :ANSWER5:0:T the object's level will be lowered and the subject's level will be raised :ANSWER6:0:T the object's level will be raised and the subject's level will be lowered :ANSWER7:0:T access will be denied :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Clark Wilson Model :QUESTION:H Which of the following is not part of the Clark Wilson model :ANSWER1:0:T certification rules :ANSWER2:100:T low water marks :ANSWER3:0:T separation of duty :ANSWER4:0:T transactions :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE:Chinese Wall Simple Security :QUESTION:H Using the book's model consider two conflict of interest classes, A and B. Let Ax represent company x in conflict class A and let Axy represent object y owned by company x in class A. Consider the following sequence of actions taken be a subject s: read Axa, read Bxb, read Ayc, write Axd, read Axe. Which action should be removed to allow read Axe to succeed? :ANSWER1:0:T read Axa :ANSWER2:0:T read Bxb :ANSWER3:0:T read Ayc :ANSWER4:0:T write Axd :ANSWER5:0:T none, Axe will succeed, with no other errors :ANSWER6:100:T none, Axe will succeed, there will be other errors though :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Chinese Wall Star Property :QUESTION:H Using the book's model consider two conflict of interest classes, A, B, and C. Let Ax represent company x in conflict class A and let Axy represent object y owned by company x in class A. Consider the following sequence of actions taken be a subject s: read Axa, read Bxb, read Cyc, write Axd. What needs to be true for the write to succeed? :ANSWER1:0:T s's security level must be less than or equal to d's :ANSWER2:0:T s's security level must be greater than or equal to d's :ANSWER3:0:T a must be sanitized :ANSWER4:0:T b must be sanitized :ANSWER5:0:T c must be sanitized :ANSWER6:0:T d must be sanitized :ANSWER7:100:T two of the objects (a, b, c, and d) must be sanitized :ANSWER8:0:T three of the objects (a, b, c, and d) must be sanitized :ANSWER9:0:T four of the objects (a, b, c, and d) must be sanitized :ANSWER10:0:T nothing, it will succeed :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Chinese Wall Models :QUESTION:H In class we discussed two ways to model conflict of interests, one with equivalence classes and the other with a function. :ANSWER1:0:T The two are equivalent. :ANSWER2:0:T Using equivalence classes is more expressive. :ANSWER3:100:T Using a function is more expressive. :ANSWER4:0:T Not directly comparable. :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE:Information Transfer Path :QUESTION:H Which model uses the concept of an information transfer path :ANSWER1:100:T Biba :ANSWER2:0:T Chinese Wall :ANSWER3:0:T Clark Wilson :ANSWER4:0:T Clinical Information System :ANSWER5:0:T all of the above :ANSWER6:0:T none of the above :CAT:test3_mc ####################################### :TYPE:MC:1:0:C :TITLE: Auditing :QUESTION:H Although auditing can be considered outside of a security model it is closest to which of the following security properties :ANSWER1:0:T availability :ANSWER2:0:T confidentiality :ANSWER3:100:T integrity :CAT:test3_mc ####################################### :TYPE:P :TITLE: View Equivalence :QUESTION:H:60:30 Describe what view equivalence is and what its significance is in terms of combating covert channels. :CAT:test3_p ####################################### :TYPE:P :TITLE: Role based :QUESTION:H:60:30 Describe how role based access control could be used to implement separation of duty. :CAT:test3_p ####################################### :TYPE:P :TITLE: Perl :QUESTION:H:60:30 Perl is a programming language, and it can be executed in such a way that every piece of data that the program receives from the outside world is marked as tainted until the program explicitly marks it as untainted. Tainted data is contagious meaning that it can taint untainted data. Tainted data can not be used in certain commands, typically commands that have some effect on the outside world. Based on this information describe a security model with a similar concept and the differences between taintedness and that concept. :CAT:test3_p