RuleBAC

mog27mog27 Member Posts: 302
What is RuleBAC? I saw that come up on a practice test and I never came across of it in my studies. I obviously know what MAC, DAC, and RBAC are...
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin

"The internet is a great way to get on the net." --Bob Dole

Comments

  • shednikshednik Member Posts: 2,005
    mog27 wrote:
    What is RuleBAC? I saw that come up on a practice test and I never came across of it in my studies. I obviously know what MAC, DAC, and RBAC are...

    I haven't heard of it thus far in my Security+ studies but I still have a long way to go....I did a google search and found this

    http://www.sharepointsecurity.com/content-132.html

    It looks to be similar to RoleBAC but I'll have to do some more research on it...nothing on wikipedia which is surprising.
  • SchluepSchluep Member Posts: 346
    When they say RuleBAC they are referring to what is also known as Rule Based Access Control, Rule Based Role Based Access Control (RB-RBAC).

    It isn't listed in the Security+ exam objectives, however it is actually covered in the Security+ Access Control Technotes found here if you take a look. I know several of the CISSP resources I used preparing for that exam covered it more extensively.
    Rule-Based Access Control model, which, to confuse matters a bit, is sometimes referred to as Rule-Based Role-Based Access Control (RB-RBAC). It includes mechanisms to dynamically assign roles to subjects based on their attributes and a set of rules defined by a security policy. For example, you are a subject on one network and you want access to objects in another network. The other network is on the other side of a router configured with access lists. The router can assign a certain role to you, based on your network address or protocol, which will determine whether you will be granted access or not.
Sign In or Register to comment.