**A France computer manufacturer submits a trusted computer system for the Common Criteria evaluation and receives an EAL 7. The system supports the security policy that allows a user cleared as confidential to prepare reports to the supervisor at the secret level. Which of the following is least likely to be used in the design as a formal model****? (Wentz QOTD)**

A. Finite state machine

B. Information flow model

C. Non-interference model

D. Mandatory access control

**Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.**

My suggested answer is D. Mandatory access control.

Mandatory access control is the access control policy or requirement; it’s not a formal model. Instead, it can be fulfilled by formal models. A **model **is a detailed description or scaled representation of an entity; a **formal model** is a rigorous model developed by applying mathematically-based notation and language.

- The finite state machine is a common formal model.
- The information flow model is not really a model but generally refers to formal models that can control information flow. So does the non-interference model. However, most of the study guides treat them as a “model.” This question follows this perspective.

An EAL 7 product implies it is backed by a formal design.

# Reference

- Model
- formal method
- Trusted Computer System Evaluation Criteria
- Bell–LaPadula model
- Certified Products List – Statistics

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, *The Effective CISSP: Security and Risk Management*, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

**一家法國的計算機製造商提交了可信的計算機系統以進行“通用標準(CC)” 評估，並收到了符合EAL7的評估結果。該系統支持安全政策，允許被核定為密級(confidential)的用戶向具有機密(secret)級別的主管報告。 以下哪個**

**最不可能在**

**本系統的設計中**使用，以作為正式模型(formal model)**？(Wentz QOTD)**

A. Finite state machine

B. Information flow model

C. Non-interference model

D. Mandatory access control