[CCCure CISSP] confused:rule-based access control belongs to MAC or RBAC
Ahsan Khan
ahsankamal251 at gmail.com
Mon Feb 15 05:20:47 EST 2010
When i went through the Ali's reply i said lolzz but i totally agree with
him that sometimes when i question is really jumbled up then the best way is
to tick the wrong one out which eventually leave the correct one.
However the description which you gave in your initial mail i think is
self-explanatory.
Regards,
Mavkhan
On Sun, Feb 14, 2010 at 12:28 PM, Ali Jawad <alijawad1 at gmail.com> wrote:
> Well Some Questions are better answered by elimination..
>
> Rule based is surely not mandatory and sure not discretionary and it
> is not based on Lattice ..so that would leave non-discretionary. I
> hate to put it this way, but sometimes you have to use what you know
> to conclude what you do NOT know.
>
> Regards
>
> On Sun, Feb 14, 2010 at 9:56 AM, Lu Yaling <yaling.lu at 163.com> wrote:
> > Hi all,
> >
> >
> >
> > I see a question from cccure.org
> >
> >
> >
> > The rule-based access control where access is determined by rules is a
> type
> > of:
> >
> > A Discretionary Access Control
> >
> > B Mandatory Access control
> >
> > C Non-Discretionary Access Control
> >
> > D Lattice-based Access control
> >
> >
> >
> > Answer is C Non-discretionary access control, and the explain is:
> >
> > Rule-based access control is a type of non-discretionary access control
> > because this access is determined by rules and the subject does not
> decide
> > what those rules will be, the rules are uniformly applied to ALL of the
> > users or subjects.
> >
> > NOTE FROM CLEMENT:
> >
> > Lot of people tend to confuse MAC and Rule Based Access Control.
> >
> > Mandatory Access Control must make use of LABELS as well. If there is
> only
> > rules and no label, it cannot be Mandatory Access Control. This is why
> they
> > use they call it Non Discretionary Access control. In MAC subjects must
> > have clearance to access sensitive objects. Objects have labels that
> > contain the classification to indicate the sensitivity of the object and
> the
> > label also has categories to enforce the need to know.
> >
> > Today the best example of rule based access control would be a firewall.
> > All rules are imposed globally to any user attempting to connect through
> the
> > device. This is NOT the case with MAC.
> >
> >
> >
> > I am really confused about the answer, from the AIO book v4 page 218:
> > Rule-based access allows a developer to define specific and detailed
> > situations in which a subject can or cannot access an object, and what
> that
> > subject can do once access is granted. Traditionally, rule-based access
> > control has been used in MAC systems as an enforcement mechanism of the
> > complex rules of access that MAC systems provide. Today, rule-based
> access
> > is used in other types of systems and applications as well.
> >
> >
> >
> > Appreciate someone could clarify it?
> >
> >
> >
> > Regards
> >
> > Yaling Lu
> >
> > _______________________________________________
> > CISSPstudy mailing list
> > CISSPstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100215/8115db9a/attachment.html>
More information about the CISSPstudy
mailing list