Revision as of 18:21, 8 October 2006 edit Malkulm~enwiki (talk \| contribs) 3 edits No edit summary ← Previous edit		Revision as of 02:01, 22 October 2006 edit undo David Eppstein (talk \| contribs) Autopatrolled, Administrators 235,664 edits Expand and supply references. Could probably still use an example, so I'm leaving the stub marker; see Sandhu for some. Next edit →
Line 1: When dealing with computer and information system security, the use of [[access controls]] limit system or user access based on a specified set of criteria. '''Lattice-Based Access Control''' (LBAC) is a complex method for limiting information access based on any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations). In this type of control model, a [[lattice (order)\|lattice]] is used to define the levels of security that an object may have, and that a subject may have access to. That is, we define a [[partial order]] on the security levels, in such a way that any two security levels always have a greatest lower bound (meet) and least upper bound (join). If two objects ''A'' and ''B'' are combined to form another object ''C'', that object is assigned a security level formed by the join of the levels of ''A'' and ''B'', and if two subjects need to jointly access some secure data, their access level is defined to be the meet of the subject's levels. A subject is allowed to access an object only if the security level of the subject is greater than or equal to that of the object, in the partial order defining the lattice. In this type of control, a lattice model is applied. In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. To apply this concept to access control, the pair of elements is the subject and object, and the subject has the greatest lower bound and the least upper bound of access rights to an object. LBAC is known as a more specific set of [[access control]] restrictions and is based on the lesser complex model known as [[Role-Based Access Control]] (RBAC). Lattice based access control models were first formally defined by [[Dorothy E. Denning\|Denning]] (1976); see also Sandhu (1993). == References == {{cite journal \| author = Denning, Dorothy E. \| authorlink = Dorothy E. Denning \| title = A lattice model of secure information flow \| journal = [[Communications of the ACM]] \| volume = 19 \| issue = 5 \| year = 1976 \| pages = 236–243 \| doi = 10.1145/360051.360056}} {{cite journal \| author = Sandhu, Ravi S. \| title = Lattice-based access control models \| journal = [[IEEE Computer]] \| year = 1993 \| volume = 26 \| issue = 11 \| pages = 9–19 \| doi = 10.1109/2.241422 \| url = http://ite.gmu.edu/list/journals/computer/i93lbacm.ps}} == See also ==

Lattice-based access control: Difference between revisions