Symbiosis Centre for Information Technology

(Exam Paper – Term II)

Course: Information Security Models Max Marks: 40

Time: 2 hrs

I. Explain Clark-Wilson Model and its five elements. (Marks: 5)

II. What is Process Isolation? Explain in brief the different methods used to carry out
the same. (Marks: 3)

III. What are the three main goals of Integrity Models? (Marks: 3)

IV. Explain the importance of Security Policy? (Marks: 2)

V. What are the two main rules of Biba Model? (Marks: 2)

VI. Fill in the blanks (Marks: 5)

1) Security policies that prevent information from flowing from a high security
level to a lower security level are called __________________.
2) The physical memory addresses that the CPU uses are called ____________.
The indexed memory addresses that software uses are referred to as
_____________. And _______________ are based on a known address with
an offset value applied.
3) A process that resides in a privileged domain needs to be able to execute its
instructions and process its data with the assurance that programs in a
different domain cannot negatively affect its environment. This is referred to
as __________________.

VII. Select the correct option

(Marks: 20)
1) Managing an information security system is a matter of using the following
principles except which one?
a) Accountability
b) Integrity
c) Confidentiality
d) Availability
2) What information security model formalizes the U.S. Department of Defense
multi-level security policy?
a) Clark-Wilson
b) Stark-Wilson
c) Biba
d) Bell-LaPadula

Information Security Models Page 1 of 4

 3) The property that states, ﾍ Reading or writing is permitted at a particular level
of sensitivity, but not to either higher or lower levels of sensitivity is called
the:
a) Strong * (star) Property.
b) Discretionary Security Property.
c) Simple * (star) Property.
d) * (star) Security Property.
4) As an analog of confidentiality labels, integrity labels in the Biba model are
assigned according to which of the following rules?
a) Objects are assigned integrity labels identical to the corresponding
confidentiality labels.
b) Objects are assigned integrity labels according to their trustworthiness;
subjects are assigned classes according to the harm that would be done if
the data were modified improperly.
c) Subjects are assigned classes according to their trustworthiness; objects
are assigned integrity labels according to the harm that would be done if
the data were modified improperly.
d) Integrity labels are assigned according to the harm that would occur
from unauthorized disclosure of the information.
5) The model that addresses the situation wherein one group is not affected by
another group using specific commands is called the:
a) Information flow model.
b) Non-interference model.
c) Composition model.
d) Clark-Wilson model.
6) The secure path between a user and the Trusted Computing Base (TCB) is
called:
a) Trusted distribution.
b) Trusted path.
c) Trusted facility management.
d) The security perimeter.
7) The addressing mode in a digital computer in which the address location that
is specified in the program instructions contains the address of the final
desired location is called:
a) Indexed addressing.
b) Implied addressing.
c) Indirect addressing.
d) Absolute addressing.
8) Random access memory is:
a) Non-volatile.
b) Sequentially addressable.
c) Programmed by using fusible links.
d) Volatile.
9) Processes are placed in a ring structure according to:
a) Least privilege.
b) Separation of duty.

Information Security Models Page 2 of 4

 c) Owner classification.
d) First in, first out.
10) In a ring protection system, where is the security kernel usually located?
a) Highest ring number
b) Arbitrarily placed
c) Lowest ring number
d) Middle ring number
11) A Trusted Computing Base (TCB) is defined as:
a) The total combination of protection mechanisms within a computer
system that is trusted to enforce a security policy.
b) The boundary separating the trusted mechanisms from the remainder of
the system.
c) A trusted path that permits a user to access resources.
d) A system that employs the necessary hardware and software assurance
measures to enable processing of multiple levels of classified or
sensitive information to occur.
12) The Clark-Wilson model focuses on data’s:
a) Integrity.
b) Confidentiality.
c) Availability.
d) Format.
13) Many PC operating systems provide functionality that enables them to support
the simultaneous execution of multiple applications on single-processor
systems. What term is used to describe this capability?
a) Multiprogramming
b) Multithreading
c) Multitasking
d) Multiprocessing
14) What type of federal government computing system requires that all
individuals accessing the system have a need-to-know all of the information
processed by that system?
a) Dedicated
b) System high
c) Compartmented
d) Multilevel
15) Which type of memory chip can be erased only when it is removed from the
computer and exposed to a special type of ultraviolet light?
a) ROM
b) PROM
c) EPROM
d) EEPROM
16) What type of electrical component serves as the primary building block for
dynamic RAM chips?
a) Capacitor
b) Resistor
c) Flip-flop

Information Security Models Page 3 of 4

 d) Transistor
17) Which one of the following security modes does not require that all users have
a security clearance for the highest level of information processed by the
system?
a) Dedicated
b) System high
c) Compartmented
18) In what type of addressing scheme is the data actually supplied to the CPU as
an argument to the instruction?
a) Direct addressing
b) Immediate addressing
c) Base+Offset addressing
d) Indirect addressing
19) A security program is a balance of what?
a) Risks and countermeasures
b) Access controls and physical measures
c) Firewalls and intrusion detection
d) Technical and non-technical roles
20) What is the purpose of designing a system using Bell LaPadula Model?
a) To hide data from other layers
b) To manage data and methods as objects
c) To convert data to something that cannot be read
d) To separate resources of a system into security zones.

Information Security Models Page 4 of 4