Another type of access control is lattice-based access control.
In this type of control a lattice model is applied.
How is this type of access control concept applied?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
To apply this concept to access control, the pair of elements is the subject and object, and the subject has to have an upper bound equal or higher than the object being accessed.
WIKIPEDIA has a great explanation as well: In computer security, lattice-based access control (LBAC) is a complex access control based on the interaction between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations)
In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object may have and that a subject may have access to.The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object.
Reference(s) used for this question: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34
and http://en.wikipedia.org/wiki/Lattice-based_access_control.
Lattice-based access control (LBAC) is a type of access control model that is based on a mathematical concept called a lattice. A lattice is a partially ordered set of elements that is closed under two binary operations, called meet and join. In LBAC, the elements of the lattice are used to represent the security levels of subjects and objects in the system.
In LBAC, access to an object is granted if the security level of the subject is equal to or higher than the security level of the object. The lattice model allows for more fine-grained access control than other models, such as discretionary access control (DAC) or mandatory access control (MAC), which only consider simple hierarchies of security levels.
To implement LBAC, the lattice model is first defined. The lattice is typically represented as a directed acyclic graph, where the nodes represent security levels and the edges represent the relationships between them. The lattice is then used to define the security levels of the subjects and objects in the system.
When a subject requests access to an object, the LBAC model checks the security level of the subject and the security level of the object in the lattice. If the security level of the subject is equal to or higher than the security level of the object, access is granted. Otherwise, access is denied.
LBAC is particularly useful in systems where there are multiple security levels that are not easily represented in a simple hierarchy. It allows for a more fine-grained and flexible approach to access control, while still maintaining a high level of security. However, LBAC can be complex to implement and manage, and requires careful attention to the design of the lattice model.