PrepAway - Latest Free Exam Questions & Answers

How is this type of access control concept applied?

Another type of access control is lattice-based access control. In this type of control a lattice model is applied.How is this type of access control concept applied?

PrepAway - Latest Free Exam Questions & Answers

A.
The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the
upper bound of the object being accessed.

B.
The pair of elements is the subject and object, and the subject has an upper bound lower then the upper
bound of the object being accessed.

C.
The pair of elements is the subject and object, and the subject has no special upper or lower bound needed
within the lattice.

D.
The pair of elements is the subject and object, and the subject has no access rights in relation to an object.

Explanation:
A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the
lattice model is “a structure consisting of a finite partially ordered set together with least upper and greatest
lower bound operators on the set.”
Two methods are commonly used for applying mandatory access control:
Rule-based (or label-based) access control: This type of control further defines specific conditions for
access to a requested object. A Mandatory Access Control system implements a simple form of rule-based
access control to determine whether access should be granted or denied by matching:
– An object’s sensitivity label
– A subject’s sensitivity label
Lattice-based access control: These can be used for complex access control decisions involving multiple
objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and
least upper-bound values for a pair of elements, such as a subject and an object.
Incorrect Answers:
B: The subject’s upper bound must be equal or higher, not lower than the upper bound of the object being
accessed.
C: The subject must have an upper bound.
D: The subject must have access rights determined by an upper bound.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 381
https://en.wikipedia.org/wiki/Computer_access_control
http://en.wikipedia.org/wiki/Lattice-based_access_control


Leave a Reply