Bethany is working on a mandatory access control (MAC) system. She has been working on a file that was classified as Secret. She can no longer access this file because it has been reclassified as Top Secret. She deduces that the project she was working on has just increased in confidentiality and she now knows more about this project than her clearance and need-to-know allows. Which of the following refers to a concept that attempts to prevent this type of scenario from occurring?

A.
Covert storage channel

B.
Inference attack

C.
Noninterference

D.
Aggregation

Explanation:
C: Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure that any actions that take place
at a higher security level do not affect, or interfere with, actions that take place at a lower level. So if an entity at a higher security level performs an action, it cannot
change the state for the entity at the lower level. If a lower-level entity were aware of a certain activity that took place by an entity at a higher level and the state of the
system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of
leaking information.
A is incorrect because a covert channel allows for the ability to share information between processes that weren’t intended to communicate. Noninterference is a
model intended to prevent covert channels along with other malicious ways of communication to take place. The model looks at the shared resources that the different
users of a system will use and tries to identify how information can be passed from a process working at a higher security clearance to a process working at a lower
security clearance. If two users are working on the same system at the same time, they will most likely have to share some type of resources. So the model is made up
of rules to ensure that User A cannot carry out any activities that can allow User B to infer information she does not have the clearance to know.
B is incorrect because an inference attack refers to Bethany’s ability to infer that the project that she was working on was now Top Secret and has now increased in
importance and secrecy. The question is asking for the concept that helps to prevent an inference attack. An inference attack occurs when someone has access to
some type of information and can infer (or guess) something that she does not have the clearance level or authority to know. For example, let’s say that Tom is working
on a file that contains information about supplies that are being sent to Russia. He closes out of that file and one hour later attempts to open the same file. During this
time, the file’s classification has been elevated to Top Secret, so when Tom attempts to access it, he is denied. Tom can infer that some type of Top Secret mission is
getting ready to take place with Russia. He does not have clearance to know this; thus, it would be an inference attack or “leaking information.”
D is incorrect because aggregation is the act of combining information from separate sources. The combination of the data forms new information, which the subject
does not have the necessary rights to access. The combined information can have a sensitivity that is greater than that of the individual parts. Aggregation happens
when a user does not have the clearance or permission to access specific information but does have the permission to access components of this information. She can
then figure out the rest and obtain restricted information.