[CCCure CISSP] confused:rule-based access control belongs to MAC or RBAC

Ali Jawad alijawad1 at gmail.com
Sun Feb 14 02:28:20 EST 2010 

Well Some Questions are better answered by elimination..

Rule based is surely not mandatory and sure not discretionary and it
is not based on Lattice ..so that would leave non-discretionary. I
hate to put it this way, but sometimes you have to use what you know
to conclude what you do NOT know.

Regards

On Sun, Feb 14, 2010 at 9:56 AM, Lu Yaling <yaling.lu at 163.com> wrote:
> Hi all,
>
>
>
> I see a question from cccure.org
>
>
>
> The rule-based access control where access is determined by rules is a type
> of:
>
> A        Discretionary Access Control
>
> B        Mandatory Access control
>
> C        Non-Discretionary Access Control
>
> D        Lattice-based Access control
>
>
>
> Answer is C Non-discretionary access control, and the explain is:
>
> Rule-based access control is a type of non-discretionary access control
> because this access is determined by rules and the subject does not decide
> what those rules will be, the rules are uniformly applied to ALL of the
> users or subjects.
>
> NOTE FROM CLEMENT:
>
> Lot of people tend to confuse MAC and Rule Based Access Control.
>
> Mandatory Access Control must make use of LABELS as well.  If there is only
> rules and no label, it cannot be Mandatory Access Control.  This is why they
> use they call it Non Discretionary Access control.  In MAC subjects must
> have clearance to access sensitive objects.  Objects have labels that
> contain the classification to indicate the sensitivity of the object and the
> label also has categories to enforce the need to know.
>
> Today the best example of rule based access control would be a firewall.
> All rules are imposed globally to any user attempting to connect through the
> device.  This is NOT the case with MAC.
>
>
>
> I am really confused about the answer, from the AIO book v4 page 218:
> Rule-based access allows a developer to define specific and detailed
> situations in which a subject can or cannot access an object, and what that
> subject can do once access is granted. Traditionally, rule-based access
> control has been used in MAC systems as an enforcement mechanism of the
> complex rules of access that MAC systems provide. Today, rule-based access
> is used in other types of systems and applications as well.
>
>
>
> Appreciate someone could clarify it?
>
>
>
> Regards
>
> Yaling Lu
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>

More information about the CISSPstudy mailing list