Access Control Fundamentals
In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.
13. Access Control Techniques
13.1. Rule-Based Access Control
- Rule-based access control uses specific rules that indicate what can and cannot happen between a subject and an object.
- A subject should meet a set of predefined rules before it can access an object.
- It is not necessarily identity based, i.e. it can be applicable to all the users or subjects irrespective of their identities.
- E.g.: Routers and firewall use rules to filter incoming and outgoing packets