Rule-Based Access Control (RuBAC)
Rule-based access control is a nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.
- allows access according to a set of rules defined by the system administrator
- If the rule is matched, access to the resource will be granted or denied accordingly
- RBAC, ABAC, MAC are rule-based (nondiscretionary) access control models
- E.g.,
- ACL used by a router
- traffic from source A to source B on port C is allowed, all else denied
- conditional access
- system monitors account or device behavior throughout a session
- If certain conditions are met,
- it may suspend the account or may require the user to reauthenticate
- User Account Control (UAC) and sudo restrictions
- example of conditional access
- user is prompted for confirmation or authentication when making requests that require elevated privileges
- Role-based rights management and ABAC systems can apply a number of criteria to conditional access,
- including location-based policies
- ACL used by a router