Article Preview
Top1. Introduction
IT security has evolved following the rapid technological progress and at the same time because of the modern social contexts. Due to that, various security models have been successfully developed and implemented within companies or computer system. May be mentioned the models: DAC (R.J. Feiertag 1980), MAC (C.E. Landwehr, C.L. Heitmeyer & J. McLean 1984), I-BAC (B. Lampson 1971), R-BAC (J. Barkley 1995; S. Gavrila & J. Barkley 1998; R. E. Brooks), T-BAC (N. Dimmock, J. Bacon, D. Ingram & K. Moody 2005), V-BAC (R. Lentzner 2004), T-MAC (R.K. Thomas 1997) or Or-BAC (A. Abou El Kalam,, R. ElBaida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miège, C. Saurel et G. Trouessin 2003). New models generally appear to respond to military problems that require a high degree of confidentiality, while the problems of civil order are more interested in ensuring the integrity.
Access control models are often declined following the main security policies: Discretionary (discretionary access control DAC), Mandatory (mandatory access control MAC), Role-based (role based access control R-BAC) or based on the organization (organization-based access control Or-BAC).
There are also a number of combinations of these models such as T-MAC (team-based access control) and T-BAC (task-based access control), to refine and to adapt the logical access control depending on the environment in which it is implemented and which are more or less adapted to the security policy of the company.
In this paper, we are interested in a more specific classification of security models, which are: Access Control (B.W. Lampson 1974), Flow Control (D.E. Bell & L.J. Lapadula 1975) and Administration.
In section 2, we present generalities about access control and a survey on different access control models pointing their advantages and limitations. Section 3 is devoted to models of flow control and at the end, section 4 presents the administration part.