For competitive reasons, the customers of a large shipping company called the “Integrated International Secure
Shipping Containers Corporation” (IISSCC) like to keep private the various cargos that they ship. IISSCC uses
a secure database system based on the Bell-LaPadula access control model to keep this information private.
Different information in this database is classified at different levels. For example, the time and date a ship
departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all
shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other’s
cargos.
An unscrupulous fruit shipper, the “Association of Private Fuit Exporters, Limited” (APFEL) wants to learn
whether or not a competitor, the “Fruit Is Good Corporation” (FIGCO), is shipping pineapples on the ship “S.S.
Cruise Pacific” (S.S. CP). APFEL can’t simply read the top secret contents in the IISSCC database because of
the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the
database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a
FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can’t
be sure whether or not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading FIGCO’s cargo
information? What is a secure database technique that could explain why, when the insertion attempt
succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?

A.
*-Property and Polymorphism

B.
Strong *-Property and Polyinstantiation

C.
Simple Security Property and Polymorphism

D.
Simple Security Property and Polyinstantiation

Explanation:
The Simple Security Property is a Bell-LaPadula security model rule that stipulates that a subject cannot read
data at a higher security level.
Polyinstantiation is the process of allowing a table to have multiple rows with the same primary key. The
different instances can be distinguished by their security levels or classifications.
Incorrect Answers:
A: In programming languages and type theory, polymorphism is the provision of a single interface to entities of
different types. Polymorphism is not used to directly strengthen security.B: Strong * property is a term that is used with some object oriented programming languages. It is not related to
security.
C: In programming languages and type theory, polymorphism is the provision of a single interface to entities of
different types. Polymorphism is not used to directly strengthen security.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
pp. 14, 1218