Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
A covert channel is an unintended communication path within a system, therefore it is not protected by the system's normal security mechanisms.
Covert channels are a secret way to convey information.
Covert channels are addressed from TCSEC level B2
The following are incorrect answers: A trusted path is the protected channel that allows a user to access the Trusted Computing Base (TCB) without being compromised by other processes or users.
A protection domain consists of the execution and memory space assigned to each process.
A maintenance hook is a hardware or software mechanism that was installed to permit system maintenance and to bypass the system's security protections.
Reference used for this question: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 219).
The correct answer is C. A covert channel.
A covert channel is an unintended communication path that is not protected by a system's normal security mechanisms. It allows information to be communicated between two entities in a way that violates the system's security policy. Covert channels can be created intentionally or unintentionally and can be difficult to detect and prevent.
A trusted path, on the other hand, is a communication path that is protected by the system's security mechanisms. It is a mechanism that ensures that sensitive information is only displayed on a trusted output device and that user input is only received from a trusted input device.
A protection domain is a collection of resources that are protected by a specific security policy. Protection domains are used to control access to resources and to limit the damage that can be done by a compromised system.
A maintenance hook is a debugging mechanism that is used to provide access to system internals for diagnostic and troubleshooting purposes. Maintenance hooks are typically used by system administrators and developers and are not accessible to regular users.
In summary, covert channels are an unintended communication path that can be used to circumvent a system's security mechanisms. Trusted paths, protection domains, and maintenance hooks are all security mechanisms that are designed to protect the system from unauthorized access and to limit the damage that can be done by a compromised system.