Eve spying undercover as an employee was cleared as Secret and imposed with the *-security (star) property. She printed a classified document to a printer labeled as Confidential. After printing two pages of the document, the printer ran out of paper. Which of the following best describes the printing work?
A. Eve’s clearance dominates that of the printer.
B. The collection of the printer’s non-hierarchical categories is a superset of Eve’s.
C. Eve controls a covert channel to the printer.
D. A trusted channel is established between Eve and the printer.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Eve controls a covert channel to the printer.

My suggested answer is: C. The star property enforces no write-down, but Eve still can print documents. It suggests there exists a covert channel.

• Bell-LaPadula Model – A formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be “secure” if the only permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice. See also: Lattice, Simple Security Property, *Property.
• Simple Security Condition – A Bell-LaPadula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level
  of the object.
• *-Property (Star Property) – A Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object. Also known as the Confinement Property.
• Dominate – Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset.
• Covert Channel – A communication channel that allows a process to transfer information in a manner that violates the system’s security policy.

Source: TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA

Reference

• The Orange Book
• Classified information in the United States
• Special access program
• What is Sensitive Compartmented Information (SCI)?
• Sensitive Compartmented Information (SCI) Program
• Sensitive Compartmented Information
• Sensitive Compartmented Information Facility
• How is Sensitive Compartmented Information (SCI) Marked?
• What Does ‘Need to Know’ Mean?
• Can You Have a Secret Clearance with SCI?
• Clearances & Investigations
• Security Clearance Frequently Asked Questions
• Security Clearance Investigations Process Updated
• Differences Between Tier 4 and Tier 5 Security Clearance Investigations – Ask CJ
• List of U.S. security clearance terms