Rule-Based Access Control (RB-RBAC)

This section explains the basic of the rule-based access control (RB-RBAC) model. As you read you will understand why this model is called rule-based as this model is based on meeting a set of rules versus being identity-based as in the other models discussed. What is an example of a rule-based access control on a system?

  • Rule-based access control uses specific rules that indicate what can and cannot happen between a subject and an object.
  • A subject should meet a set of predefined rules before it can access an object.
  • It is not necessarily an identity based i.e. it can be applicable to all the users or subjects irrespective of their identities.
  • E.g.: Routers and firewall use rules to filter incoming and outgoing packets

Source: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems#Rule-Based_Access_Control
Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Last modified: Thursday, April 15, 2021, 3:59 PM