With regard to access control, is "lattice" the same as "level"? Is "Multi-level access control" just another name of "lattice-based access control"?
Are Biba and Bell-LaPadula Security Models examples of Lattice-based Access Control?
Asked
Active
Viewed 528 times
2 Answers
1
Biba and Bell-LaPadula are generic models. One parameter of those generic models is a multi-level security policy.
A multi-level security policy is a pair (DOMS,≤) where (DOMS,≤) is a partially ordered set and DOMS is a set of security domains (this is what you refer to as level).
A lattice is a quadruple (L,≤,⊓,⊔) where (L,≤) is a partially ordered set, ⊓ is a least-upper-bound operator on (L,≤), and ⊔ is a greatest-lower-bound operator on (L,≤).
Not every multi-level security policy is a lattice, but there exist multi-level security policies that are lattices.
One could instantiate the Biba and Bell-LaPadula models with a multi-level security policy that is a lattice, but one does not need to.
Hacktiker
- 914
- 7
- 14
0
Depends on context. Lattice is the join point of an security label, an object and a subject. At the end of the day, it's all about levels of "who can access what through where". It depends on what meaning you want to extract from the text you are reading, could be the same.
Those models(Biba an Bell-LaPadula) could be examples of Lacttice-based control, however, with different focuses. While Biba cares only with integrity(i cant mess with data that is not on my level of access), Bell-LaPadula cares about access(a given subject can't have access to objects or subjects that have higher label privileges than the one the subject have).