On Lattices in Access Control Models

  • Sergei Obiedkov
  • Derrick G. Kourie
  • J. H. P. Eloff
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4068)


Lattices have been extensively used for implementing mandatory access control policies. Typically, only a small sublattice of the subset lattice of a certain alphabet is used in applications. We argue that attribute exploration from formal concept analysis is an appropriate tool for generating this sublattice in a semiautomatic fashion. We discuss how two access control models addressing different (in a sense, opposite) requirements can be incorporated within one model. In this regard, we propose two operations that combine contexts of the form (G, M, I) and (N, G, J). The resulting concept lattices provide most of the required structure.


Security Level Concept Lattice Access Control Policy Formal Context Formal Concept Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sandhu, R.: Lattice-based access control models. IEEE Computer 26, 9–19 (1993)Google Scholar
  2. 2.
    Denning, D.: A lattice model of secure information flow. Comm. ACM 19, 236–243 (1976)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Biba, K.: Integrity considerations for secure computer systems. Report TR-3153, Mitre Corporation, Bedford, Mass. (1977)Google Scholar
  4. 4.
    Gollmann, D.: Computer Security. John Wiley & Sons Ltd, Chichester (1999)Google Scholar
  5. 5.
    Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations and model. Report M74-244, Mitre Corporation, Bedford, Mass. (1975)Google Scholar
  6. 6.
    Ganter, B., Wille, R.: Formal Concept Analysis: Mathematical Foundations. Springer, Berlin (1999)MATHGoogle Scholar
  7. 7.
    Lipner, S.: Nondiscretionary controls for commercial applications. In: Proc. IEEE Symp. Security and Privacy, pp. 2–10. IEEE CS Press, Los Alamitos (1982)Google Scholar
  8. 8.
    Smith, G.: The Modeling and Representation of Security Semantics for Database Applications. PhD thesis, George Mason Univ. Fairfax, Va. (1990)Google Scholar
  9. 9.
    Birkhoff, G.: Lattice Theory. Amer. Math. Soc. Coll. Publ. Providence, R.I. (1973)Google Scholar
  10. 10.
    Guigues, J.L., Duquenne, V.: Familles minimales d’implications informatives resultant d’un tableau de données binaires. Math. Sci. Humaines 95, 5–18 (1986)MathSciNetGoogle Scholar
  11. 11.
    Ganter, B.: Attribute exploration with background knowledge. Theoretical Computer Science 217, 215–233 (1999)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Ganter, B., Krausse, R.: Pseudo models and propositional horn inference. Technical Report MATH-AL-15-1999, Technische Universität Dresden, Germany (1999)Google Scholar
  13. 13.
    Ganter, B.: Two basic algorithms in concept analysis. Preprint Nr. 831, Technische Hochschule Darmstadt (1984)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sergei Obiedkov
    • 1
  • Derrick G. Kourie
    • 1
  • J. H. P. Eloff
    • 1
  1. 1.Department of Computer ScienceUniversity of PretoriaPretoriaSouth Africa

Personalised recommendations