There can be more than one answer for each question.

10) What are some examples that conceptually map to the BLP or Biba model? a) In buffer overflow, command line argument is considered a low-integrity object. A root process is considered a high-integrity subject that should not be allowed to read the low-integrity data (thus allowing control flow to be hijacked) b) In time-of-check, time-of-use attack, the file or directory controlled by an attacker is considered a low-integrity object. A root process is considered a high integrity subject that should not be allowed to read the low-integrity data (thus being tricked to perform unintended operations) c) In directory traversal attack, the passwd file is considered the high-secrecy object. A root process (web server) is considered a low-secrecy subject since it needs to read the public HTML files and serve them to clients. A low-secrecy subject should not be allowed to read a high-secrecy object (thus leaking the passwd file unintendedly) 11) Which of the following about resource access attacks are correct? a) They are caused by violations of BLP or Biba security policies. b) They are caused by mismatches of expectations (e.g., high-integrity subjects expect high-integrity objects but mistakenly got low-integrity objects). c) We need to look at both the code and access control policy to identify resource access attacks. 12) In computer security, there's a well-known principle called principle of the least privilege. The idea is that every subject (process, user, program) should have access to only the information and resources they absolutely need (no more should be allowed). Which of the following are correct based on your judgement? a) Not running processes as root when not necessary (e.g., chrome or firefox) is a one example of principle of least privilege b) The reasoning behind the principle is to prevent an attacker to compromise a subject c) The reasoning behind the principle is to reduce the damage once a subject is compromised