What is a practical example of an action that violates the non-interference model?

Question

I'm studying the non-interference model as part of CISSP prep and am having trouble thinking of a practical example where a violation would be involved (and the consequences of those violations).

I understand the mechanics of it -- the idea is to establish and maintain dividers between hierarchical levels to prevent actions in level from being noticed or having any effect in other levels. But when would this happen? Can someone provide an example?

I guess I'm having trouble understanding how information leaked to other levels can be used to derive the actions that are taking place in the originating level.

Just thinking outloud... maybe a violation of this would be an automated email notification sending alerts to recipients that shouldn't know about them anyway?

Answer 1

The non-interference model is all about preventing covert channels through shared resources or inference attacks.

An example can be the following: Suppose that two users of different security levels are working on the same system (remotely, using shells for example). The lower level user should not be know anything about the work done by the higher level user. But, he can infer things through observing shared resources as the cpu utilisation or the disk usage: the ability to do that creates a covert channel. Another example: say that the lower level user is working on a file, and suddenly the file gets locked because a user with higher privileges has opened it and is reading it. By observing this, the lower level user can infer what higher level users are doing right now, which leads him to have knowledge he should not permitted to have (this knowledge would be the fact that he knows the file is important enough for someone with higher clearance to read it).