Subject Security Level / Object Classification Label

jonwinterburn

Hi all.

I wonder if someone could give me some clarification. Taking a practice test over the weekend (ISC2 StudiScope), one of the questions was related to multilevel security policies. It was asking which should have higher domination: subject or object. I chose the answer of the subject's security level being higher than or equal to the object's label. The test engine said I was wrong, and that the object should be of a higher classification than the subject's security level. It even quotes the CBK (I don't recall what section).

Logically, this doesn't make sense to me. Looking through my books, I found this excerpt from Shon Harris that confirms my understanding:

"Security policies that prevent information from flowing from a high security level to a lower security level are called multilevel security policies. These types of policies permit a subject to access an object only if the subject’s security level is higher than or equal to the object’s classification."

Can anyone shed light on this for me, please?

Thanks!

Jon

chickenlicken09

Hi Jon,

Quick one, have you purchased online sample questions? what ones are best to go for, i read transcender are decent.

5ekurity

Usually the answer is in the context of the question itself - can you be more specific with how they worded the question? i.e. what did it mean by 'higher domination'?

colemic

^^this -the exact wording of the question would be helpful; my guess is that the way it was worded is key to their selected answer. Although if the explanation is wrong - not sure. Do you have the CBK to look up what it was referencing?

jonwinterburn

eddo1 wrote: »

Hi Jon,

Quick one, have you purchased online sample questions? what ones are best to go for, i read transcender are decent.

Check my responses in this thread: http://www.techexams.net/forums/isc-sscp-cissp/106845-isc-2-studiscope-self-assessment-exam-simulator-tool.html - I've not tried Transcender. From what I understand, none of the questions online can truly prepare you for the exam. It's more a way of 1) gauging your understanding and 2) preparing yourself mentally for the challenge.

jonwinterburn

5ekurity wrote: »

Usually the answer is in the context of the question itself - can you be more specific with how they worded the question? i.e. what did it mean by 'higher domination'?

Here's the question:

What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?

a) The subject's sensitivity label must be dominated by the object's sensitivity label.

b) The subject's sensitivity label must dominate the object's sensitivity label.

c) The subject's sensitivity label is greater than the object's sensitivity label.

d) The subject's sensitivity label must be equal to the object's sensitivity label.

I chose B. The engine said:
The correct answer is: The subject's sensitivity label must be dominated by the object's sensitivity label.

If the subject's sensitivity label is dominated by the object's sensitivity label then the subject's security clearance label would be less than or equal to that of the object.

The following answers are incorrect:

The subject's sensitivity label must dominate the object's sensitivity label. Is incorrect because this would mean that the sensitivity label of the subject could be greater than the object and would violate the no write down policy.

The subject's sensitivity label is greater then the object's sensitivity label. Is incorrect because if the subject's sensitivity label is greater than the object's sensitivity label it would violate the no write down policy.

The subject's sensitivity label must be equal to the object's sensitivity label. This is incorrect because it is only partially complete. The object's sensitivity label must dominate the subject's sensitivity label so it could be greater than or equal to that of the subject.

jonwinterburn

Update - someone else has posted the same question on another forum. I don't quite understand the responses:

Multi-Level Security Policy Question (CISSP Related) - Ars Technica OpenForum

aftereffector

This question is trying to ask you about integrity labels, not confidentiality labels. I don't know why they used the term "sensitivity labels", though, as you are correct - that term refers to confidentiality and classification as per the CBK, the AIO, and even RFC 1457 (2.2).


If I encountered this question on the exam, I'd use my exam-taking techniques to get answer A. I'll explain my thought process: (A) says that the subject must be LESS than the object. (B) says the subject must be MORE than the object. (C) says that the subject must be MORE than the object. (D) says the subject must be EQUAL to the object. (B) and (C) are the same value, so in a multiple-choice-pick-one question format, they must both be incorrect. That leaves (A) and (D), and (D) doesn't make sense in the context of the question, which just leaves (A).


Regardless of the above, I think the question is incorrectly worded

dustervoice

aftereffector wrote: »

Regardless of the above, I think the question is incorrectly worded

That is why its no longer on the test.

jonwinterburn

aftereffector wrote: »

If I encountered this question on the exam, I'd use my exam-taking techniques to get answer A. I'll explain my thought process: (A) says that the subject must be LESS than the object. (B) says the subject must be MORE than the object. (C) says that the subject must be MORE than the object. (D) says the subject must be EQUAL to the object. (B) and (C) are the same value, so in a multiple-choice-pick-one question format, they must both be incorrect. That leaves (A) and (D), and (D) doesn't make sense in the context of the question, which just leaves (A).

That's a very good point! I will bear that method in mind on the big day. Thanks.

jonwinterburn

Sorry, one last question. So just to clarify: if we're referring to a confidentiality model (BLP), the subject must dominate the object. But if we're referring to an integrity model (Biba), the object must dominate the subject (in order for the NWU property to work). Is that correct?

aftereffector

That's correct. Confidentiality is easy to understand - you have to have at least a Secret clearance to see Secret stuff, so if you have a Top Secret, you're still good. Integrity was a little more difficult for me to grasp, but basically it's concerned with the veracity of information, not so much the classification or sensitivity of it... honestly I just remembered that it was like a confidentiality model, but backwards, and I was good.

You should just go take the test! From what I've seen, I think you passed the "overprepared" mark a while ago, haha.

Spin Lock

jonwinterburn wrote: »

Sorry, one last question. So just to clarify: if we're referring to a confidentiality model (BLP), the subject must dominate the object....

In order to answer your question, we have to know if you are referring to reading or writing to an object.

For Bell LaPadula, the subject's security level must be greater than or equal to the object's security level in order to read it. (Subject with security level SECRET can read objects labeled SENSITIVE or SECRET, but not TOP SECRET). This is the Simple Security Property under Bell LaPadula (aka No Read Up)

But if you are asking about write privilege, then the subject cannot write to an object that has a lower security level (Subject with security level SECRET can't write to an object with security level SENSITIVE, but it can write to objects that are SECRET or TOP SECRET). This is the "*"(Star) Property under Bell La Padula (aka no write down)

I agree this question is very poorly worded. But based on the answer explanation, it sounds to me like the author intended this question to test confidentiality. More specifically, he was trying to test your knowledge of the Bell LaPadula * Property. I could be wrong about this, I'm speculating - but when I read the author's explanation for why B was wrong, it says B violates the No Write Down rule. Which means the author was referring to Bell LaPadula not Biba/Clark & Wilson.

In any case, the question is bad. Even if he specifically mentioned Bell LaPadula, I'd have been stuck between A & D. I don't think he reason for ruling out D is valid.

What I liked about the question though, was that it reminded me that even when dealing with Bell LaPadula, make sure you note if the question is asking about read or write privilege because different restrictions apply.

gespenstern

aftereffector wrote: »

This question is trying to ask you about integrity labels, not confidentiality labels.

If it was about integrity (Biba) it wouldn't mention "no write down" policy in explanation, cause for integrity model it is "no read down" and * rule is to "no write up".

aftereffector wrote: »

(B) and (C) are the same value

B and C aren't actually the same, they use different terminology to describe the same situation and the catch here could be to use correct terminology which, I think, should be "domination" for sensitivity labels...

I'd say the question is dubious. The author clearly messed up Bell-LaPadula and Biba.

amol9w

Correct Answer is B. In AIO under SAD-->after reference monitor and security kernel below is the note given by Shon..Seems like they are purposely giving wrong answers which is not correct if i am paying money. Someone should SUE them

Security policies that prevent information from flowing from a high security level to a lower security level are called multilevel security policies. These types of policies permit a subject to access an object only if the subject’s security level is higher than or equal to the object’s classification.

amol9w

I would like to invite all experts and comment on this. This is ridiculos and ISC should handle such ambiguity in better way. If not why are taking so much money ???? NOT ETHICAL AT ALL

amol9w

Interesting link...seems like i remember those words

There are only 2 pplz i trust in this world - You and I. And I am not sure about You

...this topics are more than a book.. i think the above lines in book mentions for READ access and the question on studiscope WRITE access.And they are right.

Definately a good and tough question like security through obscurity..seem like need to learn CISSP through books is obscurity

Cyber Defense: Multi-Level Security Policy

amol9w

One more good read:

Cyber Defense: Electronic Vaulting

amol9w

One more

Cyber Defense: Virtualization - Patching

amol9w

Just thinking why D cannot be right option as per last rule of BellLaPadula

• Strong star property rule For a subject to be able to read and write to an object, the subject’s clearance and the object’s classification must be equal.

amol9w

After thinking got the answer. Any state must satisfy all the 3 rules so that Multilevel ploicy state is maintained. So D would have been answer if first 3 choices were not correct. Too much depth for 1question