# Lattice-Based Access Control (LBAC) One-sentence definition: Access decisions based on dominance relations among labels within a **lattice** (partial order) of security levels/categories. ## Key Facts - Subjects/objects labeled with level and categories (compartments). - Dominance: subject S can read O if label(S) ≥ label(O) (per lattice). - Underpins BLP/Biba; used in MLS systems. - Requires accurate labeling, mandatory policy, and trusted enforcement. - Complex to administer; often implemented in specialized OS/DBs. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Map label/category dominance to read/write decisions. **Mnemonic:** “Higher **dominates** lower.” ## Mini Scenario Q: Subject (Secret; {NATO}) accessing (Confidential; {NATO,NUC})? A: Denied: categories don’t dominate (missing NUC). ## Revision Checklist - Define dominance and compartments. - Tie lattice to BLP/Biba models. - Note admin complexity. ## Related [[Bell-LaPadula (BLP) Model]] · [[Biba Integrity Model]] · [[Noninterference and Information Flow]] · [[Reference Monitor and TCB]] · [[Database Security: Access Models (RBAC, ABAC, RLS)]] · [[Domain 3 - Index]]