Subject Security Level / Object Classification Label

in SSCP
Hi all.
I wonder if someone could give me some clarification. Taking a practice test over the weekend (ISC2 StudiScope), one of the questions was related to multilevel security policies. It was asking which should have higher domination: subject or object. I chose the answer of the subject's security level being higher than or equal to the object's label. The test engine said I was wrong, and that the object should be of a higher classification than the subject's security level. It even quotes the CBK (I don't recall what section).
Logically, this doesn't make sense to me. Looking through my books, I found this excerpt from Shon Harris that confirms my understanding:
"Security policies that prevent information from flowing from a high security level to a lower security level are called multilevel security policies. These types of policies permit a subject to access an object only if the subject’s security level is higher than or equal to the object’s classification."
Can anyone shed light on this for me, please?
Thanks!
Jon
I wonder if someone could give me some clarification. Taking a practice test over the weekend (ISC2 StudiScope), one of the questions was related to multilevel security policies. It was asking which should have higher domination: subject or object. I chose the answer of the subject's security level being higher than or equal to the object's label. The test engine said I was wrong, and that the object should be of a higher classification than the subject's security level. It even quotes the CBK (I don't recall what section).
Logically, this doesn't make sense to me. Looking through my books, I found this excerpt from Shon Harris that confirms my understanding:
"Security policies that prevent information from flowing from a high security level to a lower security level are called multilevel security policies. These types of policies permit a subject to access an object only if the subject’s security level is higher than or equal to the object’s classification."
Can anyone shed light on this for me, please?
Thanks!
Jon
Comments
Quick one, have you purchased online sample questions? what ones are best to go for, i read transcender are decent.
Check my responses in this thread: http://www.techexams.net/forums/isc-sscp-cissp/106845-isc-2-studiscope-self-assessment-exam-simulator-tool.html - I've not tried Transcender. From what I understand, none of the questions online can truly prepare you for the exam. It's more a way of 1) gauging your understanding and 2) preparing yourself mentally for the challenge.
Here's the question:
What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
a) The subject's sensitivity label must be dominated by the object's sensitivity label.
b) The subject's sensitivity label must dominate the object's sensitivity label.
c) The subject's sensitivity label is greater than the object's sensitivity label.
d) The subject's sensitivity label must be equal to the object's sensitivity label.
I chose B. The engine said:
The correct answer is: The subject's sensitivity label must be dominated by the object's sensitivity label.
If the subject's sensitivity label is dominated by the object's sensitivity label then the subject's security clearance label would be less than or equal to that of the object.
The following answers are incorrect:
The subject's sensitivity label must dominate the object's sensitivity label. Is incorrect because this would mean that the sensitivity label of the subject could be greater than the object and would violate the no write down policy.
The subject's sensitivity label is greater then the object's sensitivity label. Is incorrect because if the subject's sensitivity label is greater than the object's sensitivity label it would violate the no write down policy.
The subject's sensitivity label must be equal to the object's sensitivity label. This is incorrect because it is only partially complete. The object's sensitivity label must dominate the subject's sensitivity label so it could be greater than or equal to that of the subject.
Multi-Level Security Policy Question (CISSP Related) - Ars Technica OpenForum
If I encountered this question on the exam, I'd use my exam-taking techniques to get answer A. I'll explain my thought process: (A) says that the subject must be LESS than the object. (B) says the subject must be MORE than the object. (C) says that the subject must be MORE than the object. (D) says the subject must be EQUAL to the object. (B) and (C) are the same value, so in a multiple-choice-pick-one question format, they must both be incorrect. That leaves (A) and (D), and (D) doesn't make sense in the context of the question, which just leaves (A).
Regardless of the above, I think the question is incorrectly worded
That is why its no longer on the test.
That's a very good point! I will bear that method in mind on the big day. Thanks.
You should just go take the test! From what I've seen, I think you passed the "overprepared" mark a while ago, haha.
In order to answer your question, we have to know if you are referring to reading or writing to an object.
For Bell LaPadula, the subject's security level must be greater than or equal to the object's security level in order to read it. (Subject with security level SECRET can read objects labeled SENSITIVE or SECRET, but not TOP SECRET). This is the Simple Security Property under Bell LaPadula (aka No Read Up)
But if you are asking about write privilege, then the subject cannot write to an object that has a lower security level (Subject with security level SECRET can't write to an object with security level SENSITIVE, but it can write to objects that are SECRET or TOP SECRET). This is the "*"(Star) Property under Bell La Padula (aka no write down)
I agree this question is very poorly worded. But based on the answer explanation, it sounds to me like the author intended this question to test confidentiality. More specifically, he was trying to test your knowledge of the Bell LaPadula * Property. I could be wrong about this, I'm speculating - but when I read the author's explanation for why B was wrong, it says B violates the No Write Down rule. Which means the author was referring to Bell LaPadula not Biba/Clark & Wilson.
In any case, the question is bad. Even if he specifically mentioned Bell LaPadula, I'd have been stuck between A & D. I don't think he reason for ruling out D is valid.
What I liked about the question though, was that it reminded me that even when dealing with Bell LaPadula, make sure you note if the question is asking about read or write privilege because different restrictions apply.
If it was about integrity (Biba) it wouldn't mention "no write down" policy in explanation, cause for integrity model it is "no read down" and * rule is to "no write up".
B and C aren't actually the same, they use different terminology to describe the same situation and the catch here could be to use correct terminology which, I think, should be "domination" for sensitivity labels...
I'd say the question is dubious. The author clearly messed up Bell-LaPadula and Biba.
...this topics are more than a book.. i think the above lines in book mentions for READ access and the question on studiscope WRITE access.And they are right.
Definately a good and tough question like security through obscurity..seem like need to learn CISSP through books is obscurity
Cyber Defense: Multi-Level Security Policy
Cyber Defense: Electronic Vaulting
Cyber Defense: Virtualization - Patching