Skip to main content

LBAC

What is LBAC?

LBAC (Lattice-Based Access Control) is a formal access control model that can be implemented in multiple ways. The implementation shown here demonstrates one approach in Casbin that combines confidentiality and integrity controls.

Model Definition

This example shows an LBAC model implementation in Casbin:

[request_definition]
r = sub, subject_confidentiality, subject_integrity, obj, object_confidentiality, object_integrity, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = (r.act == "read" && r.subject_confidentiality >= r.object_confidentiality && r.subject_integrity >= r.object_integrity) || (r.act == "write" && r.subject_confidentiality <= r.object_confidentiality && r.subject_integrity <= r.object_integrity)

How It Works

This implementation uses the matcher function to enforce access control based on two security dimensions:

  • Confidentiality Control: Protects against unauthorized information disclosure
  • Integrity Control: Protects against unauthorized information modification

Access decisions are made by comparing security levels of subjects and objects across both dimensions.

Example Requests

The following examples demonstrate how this LBAC implementation evaluates requests:

# Normal read operations (ALLOWED)
admin, 5, 5, file_topsecret, 3, 3, read      # admin (conf:5, int:5) reads file_topsecret (conf:3, int:3) - ALLOWED
manager, 4, 4, file_secret, 4, 2, read       # manager (conf:4, int:4) reads file_secret (conf:4, int:2) - ALLOWED
staff, 3, 3, file_internal, 2, 3, read       # staff (conf:3, int:3) reads file_internal (conf:2, int:3) - ALLOWED
guest, 2, 2, file_public, 2, 2, read         # guest (conf:2, int:2) reads file_public (conf:2, int:2) - ALLOWED

# Read operation violations (DENIED)
staff, 3, 3, file_secret, 4, 2, read         # staff (conf:3, int:3) reads file_secret (conf:4, int:2) - DENIED (conf < obj.conf)
manager, 4, 4, file_sensitive, 3, 5, read    # manager (conf:4, int:4) reads file_sensitive (conf:3, int:5) - DENIED (int < obj.int)
guest, 2, 2, file_internal, 3, 1, read       # guest (conf:2, int:2) reads file_internal (conf:3, int:1) - DENIED (conf < obj.conf)
staff, 3, 3, file_protected, 1, 4, read      # staff (conf:3, int:3) reads file_protected (conf:1, int:4) - DENIED (int < obj.int)

# Normal write operations (ALLOWED)
guest, 2, 2, file_public, 2, 2, write        # guest (conf:2, int:2) writes file_public (conf:2, int:2) - ALLOWED
staff, 3, 3, file_internal, 5, 4, write      # staff (conf:3, int:3) writes file_internal (conf:5, int:4) - ALLOWED
manager, 4, 4, file_secret, 4, 5, write      # manager (conf:4, int:4) writes file_secret (conf:4, int:5) - ALLOWED
admin, 5, 5, file_archive, 5, 5, write       # admin (conf:5, int:5) writes file_archive (conf:5, int:5) - ALLOWED

# Write operation violations (DENIED)
manager, 4, 4, file_internal, 3, 5, write    # manager (conf:4, int:4) writes file_internal (conf:3, int:5) - DENIED (conf > obj.conf)
staff, 3, 3, file_public, 2, 2, write        # staff (conf:3, int:3) writes file_public (conf:2, int:2) - DENIED (both > obj)
admin, 5, 5, file_secret, 5, 4, write        # admin (conf:5, int:5) writes file_secret (conf:5, int:4) - DENIED (int > obj.int)
guest, 2, 2, file_private, 1, 3, write       # guest (conf:2, int:2) writes file_private (conf:1, int:3) - DENIED (conf > obj.conf)

Security Levels

In this implementation, both confidentiality and integrity are represented as integers where higher values indicate higher security levels:

Confidentiality Levels

  • Level 1: Public/Unclassified
  • Level 2: Confidential
  • Level 3: Secret
  • Level 4: Top Secret

Integrity Levels

  • Level 1: Low integrity (e.g., public data, user-generated content)
  • Level 2: Medium integrity (e.g., verified data, trusted sources)
  • Level 3: High integrity (e.g., system data, administrative content)
  • Level 4: Critical integrity (e.g., security policies, system configuration)

Applicable Scenarios

This LBAC implementation is well-suited for:

  • Multi-level security environments
  • Applications where both data protection and data accuracy matter

Implementation Notes

  • The model implements mandatory access control (MAC) with dual security properties
  • System administrators assign security levels
  • Access decisions consider both confidentiality and integrity levels
  • The model prevents information leakage and data corruption