Lattice-based access control: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 05:36, 5 March 2007 edit 129.110.241.254 (talk) →References ← Previous edit		Latest revision as of 12:40, 9 July 2024 edit undo Captain Alarmist (talk \| contribs) 293 edits No edit summary Tag: Visual edit
(47 intermediate revisions by 33 users not shown)
Line 1: {{Inline citations\|date=July 2024}} ~~When dealing with computer and information system security, the use of [[access controls]] limit system or user access based on a specified set of criteria.~~ In [[computer security]], '''~~Lattice~~lattice-~~Based~~based ~~Access~~access ~~Control~~control''' ('''LBAC''') is a complex ~~method~~[[access ~~for~~control]] ~~limiting information access~~model based on the interaction between any combination of '''objects''' (such as resources, computers, and applications) and '''subjects''' (such as individuals, groups or organizations). In this type of label-based [[mandatory access control]] model, a [[lattice (order)\|lattice]] is used to define the levels of security that an object may have, and that a subject may have access to. ~~That~~ ~~is,~~The we define a [[partial order]] on the security levels, in such a way that any two security levels always have a greatest lower bound (meet) and least upper bound (join). If two objects ''A'' and ''B'' are combined to form another object ''C'', that objectsubject is assigned a security level formed by the join of the levels of ''A'' and ''B'', and if two subjects need to jointly access some secure data, their access level is defined to be the meet of the subject's levels. A subject isonly allowed to access an object ~~only~~ if the security level of the subject is greater than or equal to that of the object,. in ~~the partial order defining the lattice.~~ Mathematically, the security level access may also be expressed in terms of the lattice (a [[partial order]] set) where each object and subject have a greatest lower bound (meet) and least upper bound (join) of access rights. For example, if two subjects ''A'' and ''B'' need access to an object, the security level is defined as the meet of the levels of ''A'' and ''B''. In another example, if two objects ''X'' and ''Y'' are combined, they form another object ''Z'', which is assigned the security level formed by the join of the levels of ''X'' and ''Y''. ~~LBAC is known as a more specific set of [[access control]] restrictions and is based on the lesser complex model known as [[Role-Based Access Control]] (RBAC).~~ LBAC is also known as a label-based access control (or ''rule-based access control'') restriction as opposed to [[role-based access control]] (RBAC). Lattice based access control models were first formally defined by [[Dorothy E. Denning\|Denning]] (1976); see also Sandhu (1993). == ~~References~~See also == {{columns-list\|colwidth=30em\| How can you say that lattice-based access control is based on role-based access control? The idea of lattice-based access control came in 1970s, while the role-based access control is formalized and accepted in 1990s, although you can even assume that there are RBAC implementations in 1970s. * [[Access control list]] * [[Attribute-based access control]] (ABAC) * [[~~Computer security~~Bell–LaPadula model]]▼ * [[Biba Model]] * [[Capability-based security]] * [[Computer security model]] * [[Context-based access control]] (CBAC) * [[Discretionary access control]] (DAC) * [[Graph-based access control]] (GBAC) * [[Mandatory access control]] (MAC) * [[Organisation-based access control]] (OrBAC) * [[Risk-based authentication]] * [[Role-based access control]] (RBAC) * [[RSBAC\|Rule-set-based access control (RSBAC)]] }} == References == {{reflist}} {{cite journal \| author = Denning, Dorothy E. Line 21 ⟶ 40: \| year = 1976 \| pages = 236–243 \| doi = 10.1145/360051.360056}} \| url=http://faculty.nps.edu/dedennin/publications/lattice76.pdf}} {{cite journal \| author = Sandhu, Ravi S. Line 32 ⟶ 51: \| pages = 9–19 \| doi = 10.1109/2.241422 \| url = http://~~ite~~www.~~gmu~~winlab.rutgers.edu/~~list~~~trappe/~~journals~~Courses/~~computer~~AdvSec05/~~i93lbacm~~access_control_lattice.pspdf}} ~~== See also ==~~ * [[Role-Based Access Control]] ▲* [[Computer security model]] [[Category:Computer security models]] [[Category:Lattice theory]] [[Category: Access control]] {{~~Compu~~Computer-~~lang~~security-stub}}