EditWYSIWYGAttach PDF Raw View►More Actions▼More Actions


Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
703 Oct 2013 - 15:27norqu036? 
620 Jun 2013 - 11:49NicLewis 
519 Jun 2013 - 15:04ThomasMisa 
406 Jun 2013 - 11:59NicLewis 
305 Jun 2013 - 09:39NicLewis 
204 Jun 2013 - 22:29NicLewis 
104 Jun 2013 - 13:45NicLewis 

Render style:     Context:


 History: r7 < r6 < r5 < r4 < r3
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Publications>PubDenningLattice (revision 4)

Denning Lattice Model

 

First published in 1976, Dorothy Denning's "A Lattice Model of Secure Information Flow" was a mandatory access control model that established a mathematical basis for enforcing information security on a computer system.(1) The Denning Lattice model applied a system of security labels to subjects, the computer users, and to objects, the data on the system. These labels determined the clearance level of the subject, and the clearance level required to access an object. When a subject attempted to access an object, the access control policy determined what security label resulted from the combination of the subject and object labels. The subject would be allowed to access the object only if the individual security labels of the subject and object met with the security requirements of the combined security label. The security labels of the subject and object, and the requirements of the combined security labels, did not change over time in this policy. This allowed the objects themselves to be added or deleted, because the security labels themselves remained fixed. The Denning Lattice model extended its proposed secure information flow via the enforcement of security labels to the concept of a certification mechanism. The author argued that the incorporation of the lattice model's security label enforcement into a program compiler would result in an automatic certification mechanism for compiled programs.(2)(3)(4)

Notes

1 : lock Dorothy E. Denning, "A Lattice Model of Secure Information Flow," 236-238, in Communications of the ACM 19, no. 5 (May 1976), 236-243. (Login required)

2 : Trent Jaeger, Operating Systems Security, San Rafael, CA: Morgan & Claypool, 2008, 60-61.

3 : lock Ravi S. Sandhu, "Lattice-Based Access Control Models," Computer 26, Issue 11 (November, 1993), 9-19. (Login required)

4 : lock Dorothy E. Denning, "A Lattice Model of Secure Information Flow," 240, in Communications of the ACM 19, no. 5 (May 1976), 236-243. (Login required)


Edit | WYSIWYG | Attach |  PDF |  History: r7 < r6 < r5 < r4 < r3 |  Backlinks |  Raw View | More topic actions...
Topic revision: r4 - 06 Jun 2013 - 11:59:53 - NicLewis
 
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback