Which of the following least likely enforces integrity in a mandatory access control environment? (Wentz QOTD)
A. Assign an attribute as the primary key in a relation
B. Encrypt the digest of a document using the recipient’s public key as the digital signature
C. Generate the message authentication code using a block cipher
D. Prevent a subject at a lower security level from writing information to a higher level object
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Encrypt the digest of a document using the recipient’s public key as the digital signature.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
In the FISMA, authenticity and nonrepudiation are properties of integrity, even though they are separated from integrity in the US DoD Information Assurance program and the US Cybersecurity policy.
To encrypt the digest of a document as the digital signature shall use the sender’s private key, instead of the recipient’s public key.
Relational Database Integrity
There are three types of relational database integrity: entity, semantic, and referential integrity. Assigning an attribute as the primary key in a relation (table) enforces entity integrity.
Message Authentication Code (MAC)
Message Authentication Code (MAC) enforces authenticity, a property of integrity. It can be generated based on hash functions or cryptographic ciphers. HMAC and CBC-MAC are good examples. Generating the message authentication code using a block cipher is an example of CBC-MAC, used in WPA2 CCMP.
The Biba Model enforces integrity by preventing information from flowing to a higher security level through simple and star integrity axioms/properties. The start integrity axiom prevents a subject at a lower security level from writing information to a higher-level object.
以下哪項最不可能在強制訪問控制(MAC)的環境中強化完整性？ (Wentz QOTD)
A. 在一個關聯(relation)中指定一個屬性(attribute)作為主鍵(primary key)
C. 使用區塊型加密器(block cipher)生成訊息驗證代碼(MAC)