Top Qs
Timeline
Chat
Perspective
Lattice-based access control
From Wikipedia, the free encyclopedia
Remove ads
In computer security, lattice-based access control (LBAC) is an access control model defined to control data transfers between objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations). Subjects and objects will be collectively called 'the entities' and the model is valid even if there is not a distinction between subjects and objects.
 | This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. (July 2024) |
Entities are given unique labels, on which a dominance relation ≤ is defined. Data can move among entities according to the dominance relation between their labels. For example, one can define Public ≤ Confidential and so if database A is labeled Public and database B is labeled Confidential, data from A can move to B. Further, this theory postulates that the set of permissible labels must form a lattice, i.e., a partially ordered set where for each two labels there are a unique label that dominates them both (their join) and a unique label that both of them dominate (their meet).
Lattice based access control models were first formally defined by Denning (1976); see also Sandhu (1993).
More recent research has shown that the condition that the partial order of labels must form a lattice unnecessarily limits the power of the model. If this condition is removed, the model becomes simpler and more general. It can be proved that this more general model can define the same data flows as other security models, such as Access Control Lists, Discretionary Access Control, Role-based Access Control, Attribute-based Access Control. This model can also be implemented in network routing, by establishing a correspondence between labels and network addresses. However, this second, more general, access control model can no longer be called Lattice-based Access Control and so it appears that this model has become obsolete. Note that it is possible to complete any partial order of entities to make it a lattice, however this is unnecessary.
A short ArXiv paper discussing the history of this concept is Logrippo (2025). It contains references to several journal and conference papers.
Remove ads
See also
- Access control list
- Attribute-based access control (ABAC)
- Bell–LaPadula model
- Biba Model
- Capability-based security
- Computer security model
- Context-based access control (CBAC)
- Discretionary access control (DAC)
- Graph-based access control (GBAC)
- Lattice (order)
- Mandatory access control (MAC)
- Organisation-based access control (OrBAC)
- Risk-based authentication
- Role-based access control (RBAC)
- Rule-set-based access control (RSBAC)
Remove ads
References
Wikiwand - on
Seamless Wikipedia browsing. On steroids.
Remove ads