Context-Based Access Control (CBAC)
What are the types of Context-based access control?
The following are the types of CBAC:
- Access control list.
- Discretionary access control (DAC)
- Attribute-based access control (ABAC)
- Lattice-based access control (LBAC)
- Role-based access control (RBAC)
- Graph-based access control (GBAC)
- Organization-based access control (OBAC)
- Mandatory access control (MAC)
How does Context-based access control work?
Context-based access controls (CBAC) provide packet filtering and protection to the transport layer. This wasn’t possible with the basic access lists (ACLs) because they only filtered the traffic to the network layer.
Usually, context-based access control considers user access decisions and enforcement based on a dynamic risk assessment or confidence level of a transaction. This method uses contextual and behavioral data analytics techniques to determine risk levels.
In addition to ACLs, CBAC maintains a state table to store the session in memory. So, when a device initiates a session, a dynamic entry is placed in the state table, allowing outbound traffic to pass through the router.
What are the benefits of Context-based access control?
The benefits of context-based access are:
- Enhances security during authorization and authentication of business transactions
- Determines risk based on analytical, static, and contextual attributes
- Computes a risk score by weighting multiple attributes
- CBAC permits less traffic than one would need to achieve similar functionality with access control lists.
- It can identify the typical ways of protocol abuses and implement steps to prevent them.
- The router of CBAC maintains logs of information about connections, the number of bytes sent, and IP addresses.
What is example of Context-based access control?
Suppose a user attempts to access a protected file during off-business hours. In this scenario, a CBAC policy can be enforced to deny access or force the user to verify using a secondary challenge.
Secondly, another example is that of an application that requires access to personal data in order to initialize and perform. With CBAC in place, the privileges of data access to the application can be granted or revoked according to the user’s specific context.
What are some of the typical conditions for implementing Context-based Access Control?
Context-Based access control allows an organization to restrict user control based on certain conditions. Some of the common conditions used by companies to customize their access security are as follows:
- The geographic location of the user
- Role of user
- Time of login
- Time of the last login
- The device of the user
So, for example, if a user tries to gain access to organization resources and if he/she doesn’t meet the context parameters set by the company, the access would be declined.