Wikipedia

Lattice-based access control: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m Reverted edits by 82.205.230.84 (talk) to last version by Robert K S
Munst (talk | contribs)
38 edits
No edit summary
Line 1:
In [[computer security]], '''lattice-based access control''' ('''LBAC''') is a complex [['''access control|method for limiting information access''']] based on any combination of ''objects'' (such as resources, computers, and applications) and '''subjects''' (such as individuals, groups or organizations).
 
In this type of mathematically-based control model, a [[lattice (order)|lattice]] is used to define the levels of security that an object may have, and that a subject may have access to. That is,The we define a [[partial order]] on the security levels, in such a way that any two security levels always have a greatest lower bound (meet) and least upper bound (join). If two objects ''A'' and ''B'' are combined to form another object ''C'', that objectsubject is assigned a security level formed by the join of the levels of ''A'' and ''B'', and if two subjects need to jointly access some secure data, their access level is defined to be the meet of the subjects' levels. A subject isonly allowed to access an object only if the security level of the subject is greater than or equal to that of the object,. in the partial order defining the lattice.
 
Mathematically, the security level access may also be expressed in terms of the lattice [[partial order]] set where each object and subject have a greatest lower bound (meet) and least upper bound (join) of access rights. For example, if two subjects ''A'' and ''B'' need access to an object, the security level is defined as the meet of the levels of ''A'' and ''B''. In another example, if two objects ''X'' and ''Y'' are combined, they form another object ''Z'', which is assigned the security level formed by the join of the levels of ''X'' and ''Y''.
LBAC is known as a more specific set of access control restrictions and is more general than [[role-based access control]] (RBAC).
 
LBAC is known as a more specific set oflabel-based access control restrictions and isrestriction moreas generalopposed thanto [[role-based access control]] (RBAC).
 
Lattice based access control models were first formally defined by [[Dorothy E. Denning|Denning]] (1976); see also Sandhu (1993).
Line 32 ⟶ 34:
 
== See also ==
* [[ComputerMandatory securityaccess modelcontrol]]
*[[Bell-LaPadula model]]
*[[Biba Model]]
*[[Computer security model]]
 
 
[[Category:Computer security models]]
Retrieved from "https://en.wikipedia.org/wiki/Lattice-based_access_control"