Which of the following was the FIRST mathematical model of a multilevel security policy used to define the
concepts of a security state and mode of access, and to outline rules of access?

Which of the following security models introduced the idea of mutual exclusivity which generates dynamically
changing permissions?

You have been approached by one of your clients. They are interested in doing some security re-engineering.
The client is looking at various information security models. It is a highly secure environment where data at high
classifications cannot be leaked to subjects at lower classifications. Of primary concern to them, is the
identification of potential covert channel. As an Information Security Professional, which model would you
recommend to the client?

Which security model uses an access control triple and also requires separation of duty?

For competitive reasons, the customers of a large shipping company called the “Integrated International Secure
Shipping Containers Corporation” (IISSCC) like to keep private the various cargos that they ship. IISSCC uses
a secure database system based on the Bell-LaPadula access control model to keep this information private.
Different information in this database is classified at different levels. For example, the time and date a ship
departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all
shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other’s
cargos.
An unscrupulous fruit shipper, the “Association of Private Fruit Exporters, Limited” (APFEL) wants to learn
whether or not a competitor, the “Fruit Is Good Corporation” (FIGCO), is shipping pineapples on the ship “S.S.
Cruise Pacific” (S.S. CP). APFEL can’t simply read the top secret contents in the IISSCC database because of
the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the
database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a
FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can’t
be sure whether or not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading FIGCO’s cargo
information? What is a secure database technique that could explain why, when the insertion attemptsucceeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?

The BIGGEST difference between System High Security Mode and Dedicated Security Mode is:

Which integrity model defines a constrained data item, an integrity verification procedure and a transformation
procedure?

Which of the following models does NOT include data integrity or conflict of interest?

What is the name of the FIRST mathematical model of a multi-level security policy used to define the concept
of a secure state, the modes of access, and rules for granting access?

Which security model uses division of operations into different parts and requires different users to perform
each part?