Which access control model provides upper and lower bounds of access capabilities for a subject?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
In the lattice model, users are assigned security clearences and the data is classified.Access decisions are made based on the clearence of the user and the classification of the object.Lattice-based access control is an essential ingredient of formal security models such as Bell-LaPadula, Biba, Chinese Wall, etc.
The bounds concept comes from the formal definition of a lattice as a "partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound."To see the application, consider a file classified as "SECRET" and a user Joe with a security clearence of "TOP SECRET."Under Bell- LaPadula, Joe's "least upper bound" access to the file is "READ" and his least lower bound is "NO WRITE" (star property)
Role-based access control is incorrect.Under RBAC, the access is controlled by the permissions assigned to a role and the specific role assigned to the user.
Biba access control is incorrect.The Biba integrity model is based on a lattice structure but the context of the question disqualiifes it as the best answer.
Content-dependent access control is incorrect.In content dependent access control, the actual content of the information determines access as enforced by the arbiter.
References: CBK, pp.
324-325
AIO3, pp.
291-293.See aprticularly Figure 5-19 on p.
293 for an illustration of bounds in action.
The access control model that provides upper and lower bounds of access capabilities for a subject is the lattice-based access control model.
In this model, access control decisions are based on a mathematical lattice structure, where the lattice represents a partial order of the security levels or classifications of the objects being protected. Each subject and object is assigned a security level or classification, and access control decisions are based on the subject's clearance level and the object's classification level.
The lattice structure allows for the specification of both upper and lower bounds of access capabilities for a subject. The upper bound represents the highest security level that the subject is authorized to access, while the lower bound represents the lowest security level that the subject is authorized to access.
For example, if a subject has a clearance level of "Secret" and an object has a classification level of "Top Secret", the subject's upper bound is "Secret" and the object's lower bound is "Top Secret". Therefore, the subject can access the object because the subject's clearance level is within the object's lower bound. However, if the subject's clearance level was "Confidential", the subject would not be authorized to access the object because the subject's clearance level is not within the object's lower bound.
In contrast, role-based access control (A) is based on the roles that subjects are assigned, and access decisions are based on whether a subject's role has been granted access to an object. Biba access control (C) is based on integrity levels, and access control decisions are based on the integrity level of the subject and the integrity level of the object. Content-dependent access control (D) is a more flexible model that takes into account contextual information, such as the content of the information being accessed, in addition to the traditional factors of subject and object.