You are hereAttribute Based Access Control
Attribute Based Access Control
Attribute Based Access Control (ABAC) flexible and dynamic security policies are are enforced by the Security Policy Manager (SPM) mechanism during the operation of the Trusted RUBIX RDBMS.
For detailed information on the Trusted RUBIX SPM, please see the Trusted RUBIX Security Policy Manager Reference Guide and the Trusted RUBIX Security Policy Manager Tutorial.
Security policies are created using the XML based Security Policy Markup Language (SPML). The SPML language allows policy creation and execution using a host of context attributes and functions to manipulate them. The SPML language also allows actions, called obligations, to be executed based upon the outcome of the security policy execution. Policies may be configured to release information across any domain defined by the underlying operating system's Mandatory Access Control policy.
The SPML language is based upon the policy language of the OASIS XACML 2.0 standard.
Access control logic code is organized into rules, policies, and sets of policies and algorithms may be specified to define how they interact with each other. Policies and policy sets may be referenced by name allowing for the elegant, modular design of complex policy logic and the reuse of policy logic without code duplication. Policies are assigned to DBMS objects and may be specified to protect a single object or an entire subtree of objects. Policies may also be configured to automatically protect newly created objects.
To learn more about the Trusted RUBIX Security Policy Manager and Attribute Based Access Control please visit the links at the bottom of this page.