Security theory for data flow and access control: From partial orders to lattices and back, a half-century trip

Abstract

The multi level Bell La Padula model for secure data access and data flow control, formulated in the 1970s, was based on the theory of partial orders. Since then, another model, based on lattice theory, has prevailed. We present reasons why the partial order model is more appropriate. We also show, by example, how non lattice data flow networks can be easily implemented by using Attribute-based access control (ABAC).

Categories