Revision as of 13:24, 30 May 2009 edit 80.187.100.222 (talk) →References: changed URL to Denning's personal website) ← Previous edit		Revision as of 16:39, 31 May 2009 edit undo Locobot (talk \| contribs) 17,725 edits m Check Wikipedia cleanup (Fixing links equal to linktext) + gen. fixes Next edit →
Line 1: In [[computer security]], '''lattice-based access control''' ('''LBAC''') is a complex [[access control]] based on the interaction between any combination of '''objects''' (such as resources, computers, and applications) and '''subjects''' (such as individuals, groups or organizations). In this type of label-based [[~~mandatory access control\|~~mandatory access control]] model, a [[lattice (order)\|lattice]] is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object. Mathematically, the security level access may also be expressed in terms of the lattice (a [[partial order]] set) where each object and subject have a greatest lower bound (meet) and least upper bound (join) of access rights. For example, if two subjects ''A'' and ''B'' need access to an object, the security level is defined as the meet of the levels of ''A'' and ''B''. In another example, if two objects ''X'' and ''Y'' are combined, they form another object ''Z'', which is assigned the security level formed by the join of the levels of ''X'' and ''Y''. Line 37: [[Biba Model]] [[Computer security model]] [[Category:Computer security models]] [[Category:Lattice theory]] {{Compu-lang-stub}}

Lattice-based access control: Difference between revisions