An Overview on Access Control Models

An Overview on Access Control Models

Mouad Mammass (Ibn Zohr University, Agadir, Morocco) and Fattehallah Ghadi (Ibn Zohr University, Agadir, Morocco)
Copyright: © 2015 |Pages: 11
DOI: 10.4018/IJAEC.2015100103
OnDemand PDF Download:
No Current Special Offers


Research in the field of information security systems and access control were initiated in the early seventies by United States Department of Defense, following the emergence of new technical, scientific and social challenges. Since, many models of security have been set up to answer to some specific needs with more or less accuracy in term of security. This manuscript gives a survey on the current security models with a specific classification in term of their use: Access Control, Flow Control and Administration. This manuscript is the subject of an assessment of advantages and drawbacks of access control models cited in literature and also the efficiency of their security policies. Finally, a presentation of the contributions of Flow Control and Administration models that allow the reinforcement of the security.
Article Preview

1. Introduction

IT security has evolved following the rapid technological progress and at the same time because of the modern social contexts. Due to that, various security models have been successfully developed and implemented within companies or computer system. May be mentioned the models: DAC (R.J. Feiertag 1980), MAC (C.E. Landwehr, C.L. Heitmeyer & J. McLean 1984), I-BAC (B. Lampson 1971), R-BAC (J. Barkley 1995; S. Gavrila & J. Barkley 1998; R. E. Brooks), T-BAC (N. Dimmock, J. Bacon, D. Ingram & K. Moody 2005), V-BAC (R. Lentzner 2004), T-MAC (R.K. Thomas 1997) or Or-BAC (A. Abou El Kalam,, R. ElBaida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miège, C. Saurel et G. Trouessin 2003). New models generally appear to respond to military problems that require a high degree of confidentiality, while the problems of civil order are more interested in ensuring the integrity.

Access control models are often declined following the main security policies: Discretionary (discretionary access control DAC), Mandatory (mandatory access control MAC), Role-based (role based access control R-BAC) or based on the organization (organization-based access control Or-BAC).

There are also a number of combinations of these models such as T-MAC (team-based access control) and T-BAC (task-based access control), to refine and to adapt the logical access control depending on the environment in which it is implemented and which are more or less adapted to the security policy of the company.

In this paper, we are interested in a more specific classification of security models, which are: Access Control (B.W. Lampson 1974), Flow Control (D.E. Bell & L.J. Lapadula 1975) and Administration.

In section 2, we present generalities about access control and a survey on different access control models pointing their advantages and limitations. Section 3 is devoted to models of flow control and at the end, section 4 presents the administration part.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 13: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 12: 4 Issues (2021)
Volume 11: 4 Issues (2020)
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing