What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
A.
The subject’s sensitivity label must dominate the object’s sensitivity label
B.
The subject’s sensitivity label subordinates the object’s sensitivity label
C.
The subject’s sensitivity label is subordinated by the object’s sensitivity label
D.
The subject’s sensitivity label is dominated by the object’s sensitivity label
Explanation:
The correct answer is: The subject’s sensitivity label must dominate the object’s sensitivity label.
With a Multi-level security policy you have information that has different sensitivity labels. In order
to read an object the subject’s sensitivity label must be equal to or greater than that of the object.
So it would be considered to dominate it, no read up.
The following answers are incorrect:
The subject’s sensitivity label subordinates the object’s sensitivity label. Is incorrect because if the
subject’s sensitivity label subordinates the object’s sensitivity label that would mean it is lower and
the subject should not have read access to the object.
The subject’s sensitivity label is subordinated by the object’s sensitivity label. Is incorrect because
the this would not allow for read access if the sensitivity lables were equal. So the subject’s
sensitivity label is not subordinated by the object’s sensitivity label, the subject’s label must
dominate the object’s label. Remember dominate means equal to or greater than where subordinate
means less than.
The subject’s sensitivity label is dominated by the object’s sensitivity label. Is incorrect because if the
object’s sensitivity label dominates the subject’s sensitivity label then the subject should not have
access, it is the subject that must dominate the object and not the other way around.
Remember dominate means equal to or greater than so this would mean that the object’s sensitivity
label is equal to or greater than the subject.
According to the OIG, Multi-level security is defined as a class of system-containing information with
different sensitivities that simultaneously permits access by users with different security clearances
and need-to-know, but prevents users from obtaining access to information for which they lack
authorization. The Subject’s sensitivity label must be equal to or greater than the object’s sensitivity
label in order for the subject to have read access to it, no read up.