In a lattice-based access control model, what do all objects and subjects have?

In a lattice-based access control model, all objects and subjects are associated with security labels. This labeling system is essential because it defines the security levels that correspond to the sensitivity of information and the clearance of individuals. Each subject (e.g., users or processes) and object (e.g., files or databases) is assigned a security label that typically includes a classification level, such as top secret, secret, confidential, or unclassified.

These security labels determine how information can be shared and accessed within the environment. For example, a subject with a "secret" label can access objects labeled as "confidential" or "unclassified" but not those labeled "top secret." This structure maintains strict control over data access and supports the principle of least privilege by ensuring that individuals only have access to information necessary for their roles.

The lattice model allows for fine-grained access control based on the comparative security labels of subjects and objects, fostering a secure environment where information can be appropriately classified and protected based on its sensitivity and the users' clearance levels.