Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] Re: Q: Subject/Object sensitive label in Multi-level security

from [Doug Landoll] Network Security [Permanent Link]
Subject: [CISSP-D] Re: Q: Subject/Object sensitive label in Multi-level security
Date: Sun, 21 Nov 2004 02:50:32 -0000 



Answer D is correct. You may be misunderstanding the concepts here.

1) The question refers to a confidentiality MAC policy. This policy 
(as implemented in BLP) states "no read down" - i.e., a top secret 
user cannot read a secret file. and "no write up" a secret user 
process may not write to a top secret file.

2) Domination. The short hand way of talking about these security 
policies are "no read up" and "no write down" but to be more 
specific you must understand the concept of domination. It basically 
means that the for label A to dominate label B, label A must have a 
equal to or greater than security level than label B (e.g., "Top 
Secret" vs. "Secret") and must have all the categories of B 
(e.g. "Top Secret - AZUL" vs. "Secret - AZUL"). (see any CISSP book 
for an explanation).

3) Answer A can be interpretted to mean "Write Down"
   Answer B is nonsense and uses nonstandard terms
   Answer C is nonsense and uses nonstandard terms 
   Answer D can be interpretted to mean "Write Up"

"Write Down" is prohibited whereas "Write Up" is allowed therefore 
answer D and not A is correct.







--- In CISSP-Discuss@yahoogroups.com, Weifeng Bao <go2sailing@y...> 
wrote:



Here is the question from cccure.org quiz:

Q: what is necessary for a subject to have write
access to an object in a Multi-level security policy?

A. The subject's sensitivity label must dominate the
object's sensitivity label.
B. The subject's sensitivity label subordinates the
object's sensitivity label.
C. The subject's sensitivity label is subordinated by
the object's senstivity label.
D. The subject's sensitivity label is dominated by the
object's sensitivity label.

The given answer D.  However, I think the answer
should be A.  Do I misunderstand the keywords or
concept here?

Thanks.

--Weifeng 



              
__________________________________ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com









------------------------ Yahoo! Groups Sponsor --------------------~--> 
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [CISSP-D] Fw: Two questions about Security Models and Architecture in All-In-One, Doug Landoll
Next by Date:  RE: [CISSP-D] Q: Subject/Object sensitive label in Multi-level security, Bill Royds
Previous by Thread:  [CISSP-D] Q: Subject/Object sensitive label in Multi-level security, Weifeng Bao
Next by Thread:  RE: [CISSP-D] Q: Subject/Object sensitive label in Multi-level security, Bill Royds
Indexes:  [Date] [Thread] [Top] [All Lists]