Lattice Based Access Control


Lattice Based Access Control or LBAC is a complex Access Control Model based on the interaction between any combination of Digital Subjects and Service Provider Resources (such as Resource Actions, Operating System Attributes, and Application Attributes).

In this type of label-based Mandatory Access Control model, a lattice is used to define the levels of security that an Resource may have and that a Digital Subject may have access to. The Digital Subject is only allowed to access an Resource if the security level of the Digital Subject is greater than or equal to that of the Resource.

Mathematically, the security level access may also be expressed in terms of the lattice (a partial order set) where each Resource and Digital Subject have a greatest lower bound (meet) and least upper bound (join) of access rights.

For example, if two Digital Subject A and B need access to an Resource, the security level is defined as the meet of the levels of A and B. In another example, if two Resource X and Y are combined, they form another Resource Z, which is assigned the security level formed by the join of the levels of X and Y.

More simply stated, each Digital Subject and each Resource are assigned a Access Control Level, (think, Confidential, Secret, Public) and access is granted only if the Digital Subject's Access Control Level is as high or higher than the Access Control Level of the Resource.

Lattice Based Access Control is used to some degree in Trust Tiers as defined in Google's BeyondCorp

More Information#

There might be more information for this subject on one of the following: ----