Retrofitting Multilevel Security

A.

If you are "retrofitting" that means you are adding to an existing database management system (DBMS)

You could go back and redesign the entire DBMS but the cost of that could be expensive and there is no telling what the effect will be on existing applications, but that is redesigning and the question states retrofitting.

The most cost effective way with the least effect on existing applications while adding a layer of security on top is through a trusted front-end.

Clark-Wilson is a synonym of that model as well.It was used to add more granular control or control to database that did not provide appropriate controls or no controls at all.It is one of the most popular model today.Any dynamic website with a back-end database is an example of this today.

Such a model would also introduce separation of duties by allowing the subject only specific rights on the objects they need to access.

The following answers are incorrect: trusted back-end.

Is incorrect because a trusted back-end would be the database management system (DBMS)

Since the question stated "retrofitting" that eliminates this answer.

controller.

Is incorrect because this is a distractor and has nothing to do with "retrofitting"

kernel.

Is incorrect because this is a distractor and has nothing to do with "retrofitting"

A security kernel would provide protection to devices and processes but would be inefficient in protecting rows or columns in a table.

Multilevel security is a mechanism that allows a computer system to enforce different levels of access based on the sensitivity of the data being accessed. It is often used in environments where there are varying levels of security clearance, such as government or military organizations.

When it comes to retrofitting multilevel security to a database management system (DBMS), the most common approach is to use a trusted front-end. A trusted front-end is a software component that sits between the user and the DBMS and enforces access controls based on the user's security clearance level.

The trusted front-end typically implements a security policy that determines which users are allowed to access which data, and at what level of sensitivity. For example, users with a top-secret clearance might be allowed to access data classified as "top secret," "secret," or "confidential," while users with a lower clearance might only be allowed to access "confidential" data.

In contrast, a trusted back-end is a software component that sits between the DBMS and the storage media (such as disks or tapes) and enforces access controls at the storage level. This approach is less commonly used for retrofitting multilevel security to a DBMS, as it is typically more difficult to implement and can have a greater impact on performance.

A controller is a component that manages the overall operation of a system, but it is not specifically related to multilevel security or database management.

A kernel is the central component of an operating system that provides basic services for all other parts of the system. While it is responsible for enforcing access controls, it is not specifically related to retrofitting multilevel security to a DBMS.

Therefore, the correct answer to the question is A. trusted front-end.