RuleBAC

mog27

What is RuleBAC? I saw that come up on a practice test and I never came across of it in my studies. I obviously know what MAC, DAC, and RBAC are...

shednik

mog27 wrote:

What is RuleBAC? I saw that come up on a practice test and I never came across of it in my studies. I obviously know what MAC, DAC, and RBAC are...

I haven't heard of it thus far in my Security+ studies but I still have a long way to go....I did a google search and found this

http://www.sharepointsecurity.com/content-132.html

It looks to be similar to RoleBAC but I'll have to do some more research on it...nothing on wikipedia which is surprising.

Schluep

When they say RuleBAC they are referring to what is also known as Rule Based Access Control, Rule Based Role Based Access Control (RB-RBAC).

It isn't listed in the Security+ exam objectives, however it is actually covered in the Security+ Access Control Technotes found here if you take a look. I know several of the CISSP resources I used preparing for that exam covered it more extensively.

Security+ Access Control Technotes, Author: Johan Hiemestra wrote:

Rule-Based Access Control model, which, to confuse matters a bit, is sometimes referred to as Rule-Based Role-Based Access Control (RB-RBAC). It includes mechanisms to dynamically assign roles to subjects based on their attributes and a set of rules defined by a security policy. For example, you are a subject on one network and you want access to objects in another network. The other network is on the other side of a router configured with access lists. The router can assign a certain role to you, based on your network address or protocol, which will determine whether you will be granted access or not.