22:
351:
121:
is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object.
392:
129:
set) where each object and subject have a greatest lower bound (meet) and least upper bound (join) of access rights. For example, if two subjects
51:
385:
411:
248:
73:
313:
44:
426:
378:
198:
230:
224:
236:
366:
291:
259:
254:
214:
173:
34:
242:
114:
38:
30:
421:
416:
219:
204:
55:
283:
125:
Mathematically, the security level access may also be expressed in terms of the lattice (a
8:
193:
279:
180:
358:
137:
need access to an object, the security level is defined as the meet of the levels of
87:
330:
300:
118:
362:
99:
405:
321:
126:
157:, which is assigned the security level formed by the join of the levels of
304:
209:
334:
179:
Lattice based access control models were first formally defined by
350:
265:
102:
model based on the interaction between any combination of
168:
LBAC is also known as a label-based access control (or
106:(such as resources, computers, and applications) and
278:
110:(such as individuals, groups or organizations).
403:
43:but its sources remain unclear because it lacks
311:
386:
284:"A lattice model of secure information flow"
393:
379:
74:Learn how and when to remove this message
153:are combined, they form another object
404:
145:. In another example, if two objects
314:"Lattice-based access control models"
266:Rule-set-based access control (RSBAC)
345:
15:
13:
14:
438:
249:Organisation-based access control
349:
183:(1976); see also Sandhu (1993).
20:
199:Attribute-based access control
1:
272:
365:. You can help Knowledge by
231:Discretionary access control
225:Context-based access control
172:) restriction as opposed to
113:In this type of label-based
92:lattice-based access control
7:
186:
10:
443:
344:
237:Graph-based access control
292:Communications of the ACM
260:Role-based access control
255:Risk-based authentication
215:Capability-based security
174:role-based access control
170:rule-based access control
412:Computer security models
312:Sandhu, Ravi S. (1993).
243:Mandatory access control
115:mandatory access control
29:This article includes a
427:Computer security stubs
220:Computer security model
58:more precise citations.
305:10.1145/360051.360056
280:Denning, Dorothy E.
205:Bell–LaPadula model
194:Access control list
31:list of references
374:
373:
359:computer security
88:computer security
84:
83:
76:
434:
395:
388:
381:
353:
346:
338:
335:10.1109/2.241422
318:
308:
288:
79:
72:
68:
65:
59:
54:this article by
45:inline citations
24:
23:
16:
442:
441:
437:
436:
435:
433:
432:
431:
402:
401:
400:
399:
342:
316:
286:
275:
270:
189:
98:) is a complex
80:
69:
63:
60:
49:
35:related reading
25:
21:
12:
11:
5:
440:
430:
429:
424:
422:Access control
419:
417:Lattice theory
414:
398:
397:
390:
383:
375:
372:
371:
354:
340:
339:
309:
299:(5): 236–243.
274:
271:
269:
268:
263:
257:
252:
246:
240:
234:
228:
222:
217:
212:
207:
202:
196:
190:
188:
185:
100:access control
82:
81:
39:external links
28:
26:
19:
9:
6:
4:
3:
2:
439:
428:
425:
423:
420:
418:
415:
413:
410:
409:
407:
396:
391:
389:
384:
382:
377:
376:
370:
368:
364:
361:article is a
360:
355:
352:
348:
347:
343:
336:
332:
328:
324:
323:
322:IEEE Computer
315:
310:
306:
302:
298:
294:
293:
285:
281:
277:
276:
267:
264:
261:
258:
256:
253:
250:
247:
244:
241:
238:
235:
232:
229:
226:
223:
221:
218:
216:
213:
211:
208:
206:
203:
200:
197:
195:
192:
191:
184:
182:
177:
175:
171:
166:
164:
160:
156:
152:
148:
144:
140:
136:
132:
128:
127:partial order
123:
120:
116:
111:
109:
105:
101:
97:
93:
89:
78:
75:
67:
57:
53:
47:
46:
40:
36:
32:
27:
18:
17:
367:expanding it
356:
341:
329:(11): 9–19.
326:
320:
296:
290:
178:
169:
167:
162:
158:
154:
150:
146:
142:
138:
134:
130:
124:
112:
107:
103:
95:
91:
85:
70:
61:
50:Please help
42:
56:introducing
406:Categories
273:References
210:Biba Model
117:model, a
64:July 2024
282:(1976).
187:See also
176:(RBAC).
108:subjects
251:(OrBAC)
181:Denning
119:lattice
104:objects
52:improve
262:(RBAC)
239:(GBAC)
227:(CBAC)
201:(ABAC)
357:This
317:(PDF)
287:(PDF)
245:(MAC)
233:(DAC)
37:, or
363:stub
161:and
149:and
141:and
133:and
96:LBAC
331:doi
301:doi
165:.
86:In
408::
327:26
325:.
319:.
297:19
295:.
289:.
90:,
41:,
33:,
394:e
387:t
380:v
369:.
337:.
333::
307:.
303::
163:Y
159:X
155:Z
151:Y
147:X
143:B
139:A
135:B
131:A
94:(
77:)
71:(
66:)
62:(
48:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.