PrepAway - Latest Free Exam Questions & Answers

Which of the following statements relating to the Bell-…

Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong
Star property is not being used)?

PrepAway - Latest Free Exam Questions & Answers

A.
A subject is not allowed to read up.

B.
The *- property restriction can be escaped by temporarily downgrading a high level subject.

C.
A subject is not allowed to read down.

D.
It is restricted to confidentiality.

Explanation:
The statement that a subject is not allowed to read down in the Bell-LaPadula security model is FALSE.
The Bell-LaPadula model was developed to make sure secrets stay secret; thus, it provides and addresses
confidentiality only.
The Bell-LaPadula model is a subject-to-object model. An example would be how you (subject) could read a
data element (object) from a specific database and write data into that database.Three main rules are used and enforced in the Bell-LaPadula model: the simple security rule, the *-property
(star property) rule, and the strong star property rule. The simple security rule states that a subject at a given
security level cannot read data that reside at a higher security level. For example, if Bob is given the security
clearance of secret, this rule states he cannot read data classified as top secret. If the organization wanted Bob
to be able to read top-secret data, it would have given him that clearance in the first place.
The *-property rule (star property rule) states that a subject in a given security level cannot write information to
a lower security level. The simple security rule is referred to as the “no read up” rule, and the *-property rule is
referred to as the “no write down” rule. The third rule, the strong star property rule, states that a subject that
has read and write capabilities can only perform those functions at the same security level; nothing higher and
nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must
be equal.
Incorrect Answers:
A: It is true that a subject is not allowed to read up in the Bell-LaPadula model.
B: It is true that the *- property restriction in the Bell-LaPadula model can be escaped by temporarily
downgrading a high level subject.
D: It is true that the Bell-LaPadula model is restricted to confidentiality.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 369-372


Leave a Reply