This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of
computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles
This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of
computers,
computing, and
information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
With the concepts of role hierarchy and constraints, one can control RBAC to create or simulate Lattice-Based Access Control (LBAC). Thus RBAC can be considered a superset of LBAC.
I think the LBAC article not only contradicts the RBAC article, but also contradicts itself. It says LBAC is both more specific and more general -- which is it? I think it should say "less general than RBAC", which would make it both self-consistent and consistent with the RBAC article. I'm trying to get access to the relevant ACM research paper to compare. If anyone has an ACM Library subscription, could you please read
http://portal.acm.org/citation.cfm?id=354876.35487 and then fix the article accordingly?
Remove LBAC
LBAC is NOT a formal access control model. DD's original paper does not describe it as a model, she uses the word model in the title, but that is all. Her paper is a description of how data labeled at one level should only flow in one direction, and since data flows, covert channels must be addressed. She makes a point to say information flows via covert channels are a big security issue. Her statement is further supported by the TCSEC / Orange book, which talks about covert channel analysis at the B level. A lattice is a directed graph; it describes flow from one state to another and never backward. It is not a true model. It does not differ from RBAC, it should not be compared to RBAC.