Lattice-based access control: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 18:21, 8 October 2006 edit Malkulm~enwiki (talk \| contribs) 3 edits No edit summary ← Previous edit		Latest revision as of 12:40, 9 July 2024 edit undo Captain Alarmist (talk \| contribs) 293 edits No edit summary Tag: Visual edit
(52 intermediate revisions by 35 users not shown)
Line 1: {{Inline citations\|date=July 2024}} ~~When dealing with computer and information system security, the use of [[access controls]] limit system or user access based on a specified set of criteria.~~ In [[computer security]], '''~~Lattice~~lattice-~~Based~~based ~~Access~~access ~~Control~~control''' ('''LBAC''') is a complex ~~method~~[[access ~~for~~control]] ~~limiting information access~~model based on the interaction between any combination of '''objects''' (such as resources, computers, and applications) and '''subjects''' (such as individuals, groups or organizations). ▼ In this type of label-based [[mandatory access control]] model, a [[lattice (order)\|lattice]] is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object. ▲'''Lattice-Based Access Control''' (LBAC) is a complex method for limiting information access based on any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations). Mathematically, the security level access may also be expressed in terms of the lattice (a [[partial order]] set) where each object and subject have a greatest lower bound (meet) and least upper bound (join) of access rights. For example, if two subjects ''A'' and ''B'' need access to an object, the security level is defined as the meet of the levels of ''A'' and ''B''. In another example, if two objects ''X'' and ''Y'' are combined, they form another object ''Z'', which is assigned the security level formed by the join of the levels of ''X'' and ''Y''. In this type of control, a lattice model is applied. In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. To apply this concept to access control, the pair of elements is the subject and object, and the subject has the greatest lower bound and the least upper bound of access rights to an object. LBAC is also known as a ~~more specific set~~label-based ~~of [[~~access control]] ~~restrictions and is~~(or ''rule-based onaccess ~~the~~control'') ~~lesser~~restriction ~~complex~~as ~~model~~opposed ~~known as~~to [[~~Role~~role-~~Based~~based ~~Access~~access ~~Control~~control]] (RBAC). Lattice based access control models were first formally defined by [[Dorothy E. Denning\|Denning]] (1976); see also Sandhu (1993). == See also ==▼ ▲== See also == * [[Role-Based Access control]]▼ {{columns-list\|colwidth=30em\| * [[Access control list]] * [[Attribute-based access control]] (ABAC) * [[Bell–LaPadula model]] * [[Biba Model]] * [[Capability-based security]] * [[Computer security model]] * [[Context-based access control]] (CBAC) * [[Discretionary access control]] (DAC) * [[Graph-based access control]] (GBAC) * [[Mandatory access control]] (MAC) * [[Organisation-based access control]] (OrBAC) * [[Risk-based authentication]] * [[Role-based access control]] (RBAC) * [[RSBAC\|Rule-set-based access control (RSBAC)]] }} == References == {{reflist}} {{cite journal \| author = Denning, Dorothy E. \| authorlink = Dorothy E. Denning \| title = A lattice model of secure information flow \| journal = [[Communications of the ACM]] \| volume = 19 \| issue = 5 \| year = 1976 \| pages = 236–243 \| doi = 10.1145/360051.360056 \| url=http://faculty.nps.edu/dedennin/publications/lattice76.pdf}} {{cite journal \| author = Sandhu, Ravi S. \| title = Lattice-based access control models \| journal = [[IEEE Computer]] \| year = 1993 \| volume = 26 \| issue = 11 \| pages = 9–19 \| doi = 10.1109/2.241422 \| url=http://www.winlab.rutgers.edu/~trappe/Courses/AdvSec05/access_control_lattice.pdf}} [[Category:Computer security models]] [[Category:Lattice theory]] ▲* [[~~Role-Based~~Category: Access control]] {{~~Compu~~Computer-~~lang~~security-stub}}