L7 - Mandatory Access Control Flashcards
What is DAC?
Discretionary Access Control, where an owner of a resource decides how it can be shared.
What is MAC?
Access Control where an organization decides how a resource can be shared.
In a certain company, payroll data is sensitive. A file that stores payroll data is created by a certain user who is an employee of the company. Access to this file should be controlled with a …
a) DAC policy that allows the user to share it with others judiciously
b) It must use a MAC model as the company must decide who can access it
b) It must use a MAC model as the company must decide who can access it
The company needs to control access to salary data.
A hospital is found to be lax in securing access to patient records after it suffers a major breach. It may have violated the following policy:
a) HIPAA
b) BLP
a) HIPAA
BLP is not for healthcare.
Highly sensitive defense or intelligence information should only be accessed by cleared personnel. Approximately, how many people in the United States have various types of clearances?
a) 10,000
b) 100,000
c) 1,000,000
d) 5,000,000
d) 5,000,000
The “
a) Total order
If 2 numbers are different, then one of them will definitely be greater than the other.
If L1 = (secret, {Asia, Europe}) and
L2 = (top-secret, {Europe, South-America}), …
a) L1 dominates L2
b) L2 dominates L1
c) Neither L1 nor L2 dominates the other one
c) Neither L1 nor L2 dominates the other one
Compartment for L1 and L2 are different so they can’t be compared.
Assume that label L1 of a document D1 dominates label L2 of document D2 when these labels are defined by (sensitivity level, compartment).
a) D1 contains more sensitive data than D2
b) D2 is more sensitive than D1
c) The data contained in D2 has a narrower scope as defined by its compartment
A and C
a) D1 contains more sensitive data than D2
c) The data contained in D2 has a narrower scope as defined by its compartment
D1 has more topics than D2. D1 is a superset of D2
Since an unclassified document contains no sensitive information, it can be read or written by anyone in a system that implements BLP
a) True
b) False
b) False
It can be read by anyone. Cannot be written by anyone.
BLP allows an unclassified user to write a top secret document.
a) True
b) False
a) True
Tranquility principle in the BLP model states that classification of a subject or object does not change during a session. This principle is needed to avoid…
a) Information flow that may violate confidentiality requirements defined by BLP
b) To reduce overhead associated with change of classification level
a) Information flow that may violate confidentiality requirements defined by BLP
If you’re reading Top-secret, then your label changes to Secret. Now you can write at the Secret level. The Top-Secret document you could read previously can now be written as Secret.
BIPA is
a) Read-down, write-up
b) Read-up, write-down
b) Read-up, write-down
The NY Times is high, Tabloids are low. Tabloids should not be able to write high integrity articles.
Clark-Wilson is a mandatory access control policy because…
a) Any user in a company can decide what files can be accessed by a program
b) Only the company can decide (e.g. sysadmin) what files can be accessed by a program
b) Only the company can decide (e.g. sysadmin) what files can be accessed by a program
A large law firm currently has two client companies that compete with each other. Thus, its lawyers working on cases related to one company must not be able to access documents related to the other company. To ensure proper access control, which policy should the law firm use?
a) Clark-Wilson
b) Chinese Wall
b) Chinese Wall
Role-based access control (RBAC) is often used in a commercial setting. RBAC is an example of MAC because…
a) File permissions are associated only with riles and not users
b) Only the company can decide roles of its employees
b) Only the company can decide roles of its employees
Which of the following operating systems supports a BLP-like model?
a) SELinux
b) Windows
c) MacOS
d) SCOMP
A and D
a) SELinux
d) SCOMP
Least privilege is useful for damage containment when something goes wrong. Is this principle applicable to a TCB that must be trusted?
a) No, because a TCB is guaranteed to function correctly
b) Yes, because TCB only provides high assurance and not a guarantee
b) Yes, because TCB only provides high assurance and not a guarantee
A TCB vendor claims its proprietary techniques help ensure high assurance, but cannot be disclosed. What principle does it violate?
a) Complete mediation
b) Open design
b) Open design
A home wireless router comes with a setting that does not encrypt traffic unless security settings are explicitly enabled. This violates…
a) Ease of use principle
b) Fail-safe default principle
b) Fail-safe default principle
We discussed the need for reducing the size of the TCB. This helps with…
a) Testing of the TCB
b) Verification of the TCB
c) Isolation of the TCB
All of the above
a) Testing of the TCB
b) Verification of the TCB
c) Isolation of the TCB
Testing is challenging for a complex system like a TCB because of…
a) It is hard to cover all executions
b) It can show both existence and absence of problems
a) It is hard to cover all executions
A key problem with model checking is…
a) It cannot show absence of a problem
b) It does not scale to practical large size systems
b) It does not scale to practical large size systems
Model checking can show the absence of a problem
Many widely used operating systems to not support MAC and hence cannot be in a TCSEC division higher than…
a) D
b) C
b) C
How did VMware vCloud Networking and Security v5.5 system receive an EAL4+ certification?
a) The system developers used formal techniques in its design and testing
b) A systematic review and testing process was used by the system developers
b) A systematic review and testing process was used by the system developers
EAL7 requires formal techniques
Many OS vendors do not aim for the highest certifications because…
a) There is no market demand for such certifications
b) Cost/benefit trade-offs dictate the highest certification
b) Cost/benefit trade-offs dictate the highest certification
