[Cisspstudy] strong star property rule

TEC twayde86 at hotmail.com
Mon Sep 14 10:08:48 EDT 2009 

Shon Harris 4th edition states
"The third rule, the strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level, nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal."

The answer to the below question is "Simple Security Property and Polyinstantiation" saying that Strong *-Property and Polyinstantiation is Half-right. The strong *-property limits a subject of a given clearance to writing only to objects with a matching classification. APFEL's attempt to insert an unclassified record was consistent with this property, but that has nothing to do with preventing APFEL from reading top secret information.

However if Shon is correct the strong star property rule addresses would prevent the subject from reading the top secret information?

Tec

For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos. 

An unscrupulous fruit shipper, the "Association of Private Fuit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP. 

What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? 

  a..  *-Property and Polymorphism 
  b..   
  Strong *-Property and Polyinstantiation

  c..  Simple Security Property and Polymorphism 
  d.. > 
  Simple Security Property and Polyinstantiation 

You did not provide any answer to this question. Please review details below.

      Details Submit a comment on this question 


The correct answer is: 

Simple Security Property and Polyinstantiation

The Simple Security Property states that a subject at a given clearance may not read an object at a higher classification, so unclassified APFEL could not read FIGCO's top secret cargo information. 

Polyinstantiation permits a database to have two records that are identical except for their classifications (i.e., the primary key includes the classification). Thus, APFEL's new unclassified record did not collide with the real, top secret record, so APFEL was not able to learn about FIGs pineapples. 

The following answers are incorrect:

*-Property and Polymorphism

The *-property states that a subject at a given clearance must not write to any object at a lower classification, which is irrelevant here because APFEL was trying to read data with a higher classification. 

Polymorphism is a term that can refer to, among other things, viruses that can change their code to better hide from anti-virus programs or to objects of different types in an object-oriented program that are related by a common superclass and can, therefore, respond to a common set of methods in different ways. That's also irrelevant to this question.

Strong *-Property and Polyinstantiation

Half-right. The strong *-property limits a subject of a given clearance to writing only to objects with a matching classification. APFEL's attempt to insert an unclassified record was consistent with this property, but that has nothing to do with preventing APFEL from reading top secret information.

Simple Security Property and Polymorphism

Also half-right. See above for why Polymorphism is wrong.


The following reference(s) were/was used to create this question:

HARRIS, Shon, CISSP All-in-one Exam Guide, Third Edition, McGraw-Hill/Osborne, 2005

    Chapter 5: Security Models and Architecture (page 280)
    Chapter 11: Application and System Development (page 828)

Question contributed by: Mark Heckman
Email or CCCure Nickname of question author:mrheckman
Question reviewed by: Clement Dupuis
Question comment submited by:
Comment: 
You could see wordy scenario questions like this on the CISSP exam. They require reasoning, application of general security concepts to a specific situation, and the ability to filter out extraneous information. The keys to this question are as follows:

1) That Bell-LaPadula is the access control model and that a low-clearance subject could not read a high-classification object. That leaves only Simple Security Property as an option. 

2) That an insertion of a low-classification record in a database did not conflict with a record at a high classification. The only concept that describes this situation is Polyinstantiation.


Sarchasm -: The gulf between the author of sarcastic wit and the person who doesn't get it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090914/1f141e0e/attachment.html>

More information about the cisspstudy mailing list