I am having a problem trying to solve a question on a past paper asking to design a security lattice. Here is the question:
The AB model (Almost Biba) is a model for expressing integrity policies rather than confidentiality. It has the same setup as Bell-LaPadula, except that $L$ is now a set of integrity levels which express the degree of confidence we have in the integrity of subjects and objects. Subjects and data at higher integrity levels are considered to be more accurate or safe. The set of subjects and objects may also be different, for example, programs are naturally considered as subjects.
Often, the set $L$ is actually a lattice of levels, with two operations: least upper bound $l_1 \vee l_2$ and greatest lower bound $l_1 \wedge l_2$, where $l_1, l_2 \in L$.
i. Design an example integrity lattice for AB, by combining two degrees of data integrity dirty and clean and two means by which a piece of input may be received, website (external user input from a web site form) and dataentry (internal user input by trusted staff).
I have been looking for an explanation on how to build lattices but can't seem to find one on the internet or in textbooks. Can anyone point me in the right direction?
Asked By : sam
Answered By : Dave Clarke
The way to view the lattice is by taking the two pieces one at a time. Firstly, you have the lattice: $$ \begin{array}{c} Clean \\ | \\ Dirty \end{array} $$ to capture that Clean data has higher integrity than Dirty data.
Similarly, $$ \begin{array}{c} DataEntry \\ | \\ Website \end{array} $$ captures that DataEntry data has higher integrity than Website data.
These can be combined (using the product of two lattices) into the following, which captures all combinations and the relationship between them: $$ \begin{array}{ccccc} && (Clean, DataEntry) \\ & / && \backslash~~~~~~~~~~~~~~~~~~~~~~~~~ \\ (Dirty, DataEntry) &&& (Clean,Website) \\ &\backslash &&/~~~~~~~~~~~~~~~~~~~~~~~~~~ \\ && (Dirty,Website) \end{array} $$ The two middle elements are incomparable.
The paper Lattice-based Access Control Models by Ravi Sandhu gives a good overview of the application of lattices in access control models, including the Biba model.
If you want to learn the general theory about lattices, then Introduction to Lattices and Order by B. A. Davey and H. A. Priestley is a very good starting point.
Best Answer from StackOverflow
Question Source : http://cs.stackexchange.com/questions/1288
0 comments:
Post a Comment
Let us know your responses and feedback