What is surreptitious transfer of information from a higher classification compartment to a lower classification
compartment without going through the formal communication channels?

A.
Object Reuse

B.
Covert Channel

C.
Security domain

D.
Data Transfer

Explanation:
A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information
flow that is not controlled by a security mechanism. This type of information path was not developed for
communication; thus, the system does not properly protect this path, because the developers never envisioned
information being passed in this way. Receiving information in this manner clearly violates the system’s security
policy.
The channel to transfer this unauthorized data is the result of one of the following conditions:
Improper oversight in the development of the product
Improper implementation of access controls within the software
Existence of a shared resource between the two entities which are not properly controlled
Incorrect Answers:
A: Object reuse is where media is given to someone without first deleting any existing data. This is not what is
described in the question.
C: The term security describes a logical structure (domain) where resources are working under the same
security policy and managed by the same group. This is not what is described in the question.
D: Data transfer describes all types and methods of transferring data whether it is authorized or not. It does not
describe the specific type of transfer in the question.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 378