What is called the type of access control where there are pairs of elements that have the least upper bound of
values and greatest lower bound of values?

A.
Mandatory model

B.
Discretionary model

C.
Lattice model

D.
Rule model

Explanation:
A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the
lattice model is “a structure consisting of a finite partially ordered set together with least upper and greatest
lower bound operators on the set.”
Two methods are commonly used for applying mandatory access control:
Rule-based (or label-based) access control: This type of control further defines specific conditions for
access to a requested object. A Mandatory Access Control system implements a simple form of rule-based
access control to determine whether access should be granted or denied by matching:
– An object’s sensitivity label
– A subject’s sensitivity label
Lattice-based access control: These can be used for complex access control decisions involving multiple
objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and
least upper-bound values for a pair of elements, such as a subject and an object.
Incorrect Answers:
A: The model described in the question is a type of mandatory access control. However, the Lattice Model is
specifically described in the question.
B: A discretionary model is not what is described in the question.
D: A rule model is not what is described in the question.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 381
https://en.wikipedia.org/wiki/Computer_access_control