Lattice-based access control

Lattice-based access control

In computer security, lattice-based access control (LBAC) is a complex access control based on the interaction between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations).

In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object.

Mathematically, the security level access may also be expressed in terms of the lattice (a partial order set) where each object and subject have a greatest lower bound (meet) and least upper bound (join) of access rights. For example, if two subjects "A" and "B" need access to an object, the security level is defined as the meet of the levels of "A" and "B". In another example, if two objects "X" and "Y" are combined, they form another object "Z", which is assigned the security level formed by the join of the levels of "X" and "Y".

LBAC is known as a label-based access control restriction as opposed to role-based access control (RBAC).

Lattice based access control models were first formally defined by Denning (1976); see also Sandhu (1993).

References

*cite journal
author = Denning, Dorothy E.
authorlink = Dorothy E. Denning
title = A lattice model of secure information flow
journal = Communications of the ACM
volume = 19
issue = 5
year = 1976
pages = 236–243
doi = 10.1145/360051.360056

*cite journal
author = Sandhu, Ravi S.
title = Lattice-based access control models
journal = IEEE Computer
year = 1993
volume = 26
issue = 11
pages = 9–19
doi = 10.1109/2.241422
url = http://ite.gmu.edu/list/journals/computer/i93lbacm.ps

See also

*Mandatory access control
*Bell-LaPadula model
*Biba Model
*Computer security model


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Role-based access control — In computer systems security, role based access control (RBAC) [cite conference author = Ferraiolo, D.F. and Kuhn, D.R. title = Role Based Access Control booktitle=15th National Computer Security Conference year = 1992 month = October pages=554… …   Wikipedia

  • Role-Based Access Control — Contrôle d accès à base de rôles Role Based Access Control (RBAC) ou, en français, contrôle d accès à base de rôles est un modèle de contrôle d accès à un système d information dans lequel chaque décision d accès est basée sur le rôle auquel l… …   Wikipédia en Français

  • Rule Set Based Access Control — Contrôle d accès à base de règles RSBAC (Rule Set Based Access Control) est un ensemble de sécurité pour Linux dont la fonction est d offrir un contrôle supplémentaire d accès aux ressources. Il peut utiliser plusieurs modèles de sécurité… …   Wikipédia en Français

  • Access control — is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticketholders should be admitted), logical… …   Wikipedia

  • Mandatory Access Control — (MAC) („zwingend erforderliche Zugangskontrolle“) ist ein Oberbegriff für Konzepte zur Kontrolle und Steuerung von Zugriffsrechten, vor allem auf IT Systemen. Die Entscheidungen über Zugriffsberechtigungen werden nicht nur auf der Basis der… …   Deutsch Wikipedia

  • Mandatory Access Control — Contrôle d accès obligatoire Le Mandatory access control (MAC) ou contrôle d accès obligatoire est une méthode de gestion des droits des utilisateurs pour l usage de systèmes d information. Il existe d autres méthodes telles que : le… …   Wikipédia en Français

  • Mandatory access control — Contrôle d accès obligatoire Le Mandatory access control (MAC) ou contrôle d accès obligatoire est une méthode de gestion des droits des utilisateurs pour l usage de systèmes d information. Il existe d autres méthodes telles que : le… …   Wikipédia en Français

  • Управление доступом на основе ролей — (англ. Role Based Access Control, RBAC) развитие политики избирательного управления доступом, при этом права доступа субъектов системы на объекты группируются с учетом специфики их применения, образуя роли.[1][2] Формирование ролей призвано… …   Википедия

  • Контроль доступа на основе ролей — Содержание 1 Введение 2 История 3 Базовая модель RBAC 4 Возможности и применение …   Википедия

  • Ролевое разграничение доступа — Содержание 1 Введение 2 История 3 Базовая модель RBAC 4 Возможности и применение …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”