Which access control model provides upper and lower bounds of access capabilities for a subject?

A.
Role-based access control

B.
Lattice-based access control

C.
Biba access control

D.
Content-dependent access control

Explanation:
Lattice-based access control is a mathematical model that allows a system to easily represent the differentsecurity levels and control access attempts based on those levels. Every pair of elements has a highest lower
bound and a lowest upper bound of access rights.
Incorrect Answers:
A: Role-based access control (RBAC) provides access to resources according to the role the user holds within
the company or the tasks that the user has been assigned.
C: Biba is a security model, rather than an access control model. It centers on preventing information from
flowing from a low integrity level to a high integrity level
D: Content-dependent access control is when the access decisions depend upon the value of an attribute of the
object itself.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 224, 377, G-9
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.41.5365