Lattice-based access control

From Wikipedia, the free encyclopedia

When dealing with computer and information system security, the use of access controls limit system or user access based on a specified set of criteria.

Lattice-Based Access Control (LBAC) is a complex method for limiting information access based on any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations).

In this type of control model, a lattice is used to define the levels of security that an object may have, and that a subject may have access to. That is, we define a partial order on the security levels, in such a way that any two security levels always have a greatest lower bound (meet) and least upper bound (join). If two objects A and B are combined to form another object C, that object is assigned a security level formed by the join of the levels of A and B, and if two subjects need to jointly access some secure data, their access level is defined to be the meet of the subject's levels. A subject is allowed to access an object only if the security level of the subject is greater than or equal to that of the object, in the partial order defining the lattice.

LBAC is known as a more specific set of access control restrictions and is based on the lesser complex model known as Role-Based Access Control (RBAC).

Lattice based access control models were first formally defined by Denning (1976); see also Sandhu (1993).

How can you say that lattice-based access control is based on role-based access control? The idea of lattice-based access control came in 1970s, while the role-based access control is formalized and accepted in 1990s, although you can even assume that there are RBAC implementations in 1970s.

Soft Eng logo This computer language-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org../../../l/a/t/Lattice-based_access_control.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.