Talk:Lattice-based access control

Computer Security: Computing Low‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Computing

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
???	This article has not yet received a rating on the project's importance scale.

Contradiction with article on RBAC?[edit]

The article on Lattice-based access control currently claims:

LBAC is known as a more specific set of access control restrictions and is more general than Role-Based Access Control.

At the same time, the article on Role-Based Access Control claims:

With the concepts of role hierarchy and constraints, one can control RBAC to create or simulate Lattice-Based Access Control (LBAC). Thus RBAC can be considered a superset of LBAC.

So, which way is it? (Or are RBAC and LBAC equivalent/isomorphic?) — Tobias Bergemann 12:09, 14 June 2007 (UTC)[reply]

I think the LBAC article not only contradicts the RBAC article, but also contradicts itself. It says LBAC is both more specific and more general -- which is it? I think it should say "less general than RBAC", which would make it both self-consistent and consistent with the RBAC article. I'm trying to get access to the relevant ACM research paper to compare. If anyone has an ACM Library subscription, could you please read http://portal.acm.org/citation.cfm?id=354876.35487 and then fix the article accordingly?

Remove LBAC[edit]

LBAC is NOT a formal access control model. DD's original paper does not describe it as a model, she uses the word model in the title, but that is all. Her paper is a description of how data labeled at one level should only flow in one direction, and since data flows, covert channels must be addressed. She makes a point to say information flows via covert channels are a big security issue. Her statement is further supported by the TCSEC / Orange book, which talks about covert channel analysis at the B level. A lattice is a directed graph; it describes flow from one state to another and never backward. It is not a true model. It does not differ from RBAC, it should not be compared to RBAC.

--(ISC)2 CISSP Subject Matter Expert (talk) 20:45, 3 April 2008 (UTC)[reply]