research-article

Lattice-Based Access Control Models

Author:

Ravi S. SandhuAuthors Info & Claims

Computer, Volume 26, Issue 11

Pages 9 - 19

https://doi.org/10.1109/2.241422

Published: 01 November 1993 Publication History

Publisher Site

Abstract

Lattice-based access control models were developed in the early 1970s to deal with the confidentiality of military information. In the late 1970s and early 1980s, researchers applied these models to certain integrity concerns. Later, application of the models to the Chinese Wall policy, a confidentiality policy unique to the commercial sector, was demonstrated. A balanced perspective on lattice-based access control models is provided. Information flow policies, the military lattice, access control models, the Bell-LaPadula model, the Biba model and duality, and the Chinese Wall lattice are reviewed. The limitations of the models are identified.

References

[1]

1. D.E. Denning, "A Lattice Model of Secure Information Flow," Comm. ACM, Vol. 19, No. 5, May 1976, pp. 236-243.

Digital Library

Google Scholar

[2]

2. W.E. Boebert and R.Y. Kain, "A Practical Alternative to Hierarchical Integrity Policies," Proc. Eighth NBS-DOD Nat'l Computer Security Conf., US Govt. Printing Office, Washington, D.C., 1985, pp. 18-27.

Google Scholar

[3]

3. R.S. Sandhu, "The Typed Access Matrix Model," Proc. IEEE Symp. Research in Security and Privacy, IEEE CS Press, Los Alamitos, Calif., Order No. 2825, 1992, pp. 122-136.

Crossref

Google Scholar

[4]

4. G.W. Smith, The Modeling and Representation of Security Semantics for Data-base Applications, PhD thesis, George Mason Univ., Fairfax, Va., 1990.

Crossref

Google Scholar

[5]

5. D.E. Bell and L.J. LaPadula, "Secure Computer Systems: Mathematical Foundations and Model," Mitre Corp. Report No. M74-244, Bedford, Mass., 1975. (Also available through Nat'l Technical Information Service, Springfield, Va., Report No. NTIS AD-771543.)

Google Scholar

[6]

6. B.W. Lampson, "Protection," Fifth Princeton Symp. Information Science and Systems, Princeton Univ., Princeton, N.J., 1971, pp. 437-443. Reprinted in ACM Operating Systems Rev., Vol. 8, No. 1, Jan. 1974, pp. 18-24.

Crossref

Google Scholar

[7]

7. B.W. Lampson, "A Note on the Confinement Problem," Comm. ACM, Vol. 16, No. 10, Oct. 1973, pp. 613-615.

Digital Library

Google Scholar

[8]

8. N.E. Proctor and P.G. Neumann, "Architectural Implications of Covert Channels," Proc. 15th NIST-NCSC Nat'l Computer Security Conf., US Govt. Printing Office, Washington, D.C., 1992, pp. 28-43.

Google Scholar

[9]

9. J.A. Gougen and J. Meseguer, "Security Policies and Security Models," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, Los Alamitos, Calif., Order No. 410 (microfiche only), 1982, pp. 11-20.

Google Scholar

[10]

10. K.J. Biba, "Integrity Considerations for Secure Computer Systems," Mitre Corp. Report TR-3153, Bedford, Mass., 1977. (Also available through Nat'l Technical Information Service, Springfield, Va., Report No. NTIS AD-A039324.)

Google Scholar

[11]

11. S.B. Lipner, "Nondiscretionary Controls for Commercial Applications," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, Los Alamitos, Calif., Order No. 410 (microfiche only), 1982, pp. 2-10.

Google Scholar

[12]

12. D.F.C. Brewer and M.J. Nash, "The Chinese Wall Security Policy," Proc. IEEE Symp. Research in Security and Privacy, IEEE CS Press, Los Alamitos, Calif., Order No. 1939 (microfiche only), 1989, pp. 215-228.

Google Scholar

[13]

13. R.S. Sandhu, "A Lattice Interpretation of the Chinese Wall Policy," Proc. 15th NIST-NCSC Nat'l Computer Security Conf., US Govt. Printing Office, Washington, D.C., 1992, pp. 329-339.

Google Scholar

Cited By

View all

Ameer SPraharaj LSandhu RBhatt SGupta M(2024)ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control ModelACM Transactions on Privacy and Security10.1145/367114727:3(1-36)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3671147
Wan LWang KMahadewa KWang HBai GChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Don't Bite Off More than You Can Chew: Investigating Excessive Permission Requests in Trigger-Action IntegrationsProceedings of the ACM Web Conference 202410.1145/3589334.3645721(3106-3116)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645721
Polinsky IDatta PBates AEnck WChua TNgo CKa-Wei Lee RKumar RLauw H(2024)GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security PoliciesProceedings of the ACM Web Conference 202410.1145/3589334.3645436(1644-1655)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645436
Show More Cited By

Lattice-Based Access Control Models
1. Security and privacy
  1. Security services
  2. Systems security

Recommendations

Role-Based Access Control Models

Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Entity-Based Access Control: supporting more expressive access control policies
ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

Access control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Computer Volume 26, Issue 11

November 1993

80 pages

ISSN:0018-9162

Issue’s Table of Contents

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 November 1993

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

171
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ameer SPraharaj LSandhu RBhatt SGupta M(2024)ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control ModelACM Transactions on Privacy and Security10.1145/367114727:3(1-36)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3671147
Wan LWang KMahadewa KWang HBai GChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Don't Bite Off More than You Can Chew: Investigating Excessive Permission Requests in Trigger-Action IntegrationsProceedings of the ACM Web Conference 202410.1145/3589334.3645721(3106-3116)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645721
Polinsky IDatta PBates AEnck WChua TNgo CKa-Wei Lee RKumar RLauw H(2024)GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security PoliciesProceedings of the ACM Web Conference 202410.1145/3589334.3645436(1644-1655)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645436
Oqaily MKabir MMajumdar SJarraya YZhang MPourzandi MWang LDebbabi M(2024)iCAT+: An Interactive Customizable Anonymization Tool Using Automated Translation Through Deep LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.331780621:4(2799-2817)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3317806
Mangipudi SChuprikov PEugster PViering MSavvides S(2023)Generalized Policy-Based Noninterference for Efficient Confidentiality-PreservationProceedings of the ACM on Programming Languages10.1145/35912317:PLDI(267-291)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591231
Chung MYang YWang LCento GJerath KRaman ALie DChignell M(2023)Implementing Data Exfiltration Defense in Situ: A Survey of Countermeasures and Human InvolvementACM Computing Surveys10.1145/358207755:14s(1-37)Online publication date: 25-Jan-2023
https://dl.acm.org/doi/10.1145/3582077
Yang YHuang XLi JSun J(2023)BubbleMap: Privilege Mapping for Behavior-Based Implicit Authentication SystemsIEEE Transactions on Mobile Computing10.1109/TMC.2022.316645422:8(4548-4562)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1109/TMC.2022.3166454
Bella GGiustolisi RSchürmann CGroß TViganò L(2022)Modelling human threats in security ceremoniesJournal of Computer Security10.3233/JCS-21005930:3(411-433)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.3233/JCS-210059
Liu YLi YLin SArtho CRyu SSmaragdakis Y(2022)Finding permission bugs in smart contracts with role miningProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534372(716-727)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3533767.3534372
Yu DYang GMeng GGong XZhang XXiang XWang XJiang YChen KZou WLee WShi W(2021)SEPAL: Towards a Large-scale Analysis of SEAndroid Policy CustomizationProceedings of the Web Conference 202110.1145/3442381.3450007(2733-2744)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3442381.3450007
Show More Cited By

Abstract

References

Cited By

Recommendations

Role-Based Access Control Models

Configuring role-based access control to enforce mandatory and discretionary access control policies

Entity-Based Access Control: supporting more expressive access control policies

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations