See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/346021492

Access Control Security Review: Concepts and Models

Article in Solid State Technology · November 2020

CITATIONS READS

0 383

5 authors, including:

Safa Sami Sajaa G. Mohammed

University of Baghdad University of Baghdad
13 PUBLICATIONS 9 CITATIONS 14 PUBLICATIONS 19 CITATIONS

SEE PROFILE SEE PROFILE

Shaima Ibrahem
Imam Abdul Rahman bin Faisal University
4 PUBLICATIONS 25 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Recent trends and topics in economics and finance View project

Books, Articles, and Posters for Colleagues View project

All content following this page was uploaded by Sajaa G. Mohammed on 19 November 2020.

The user has requested enhancement of the downloaded file.

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

Access Control Security Review:

Concepts and Models
Hiba S. Saeed1, Safa S. Abdul-Jabbar2, Sajaa G.Mohammed 3,Enas A. Abed4,

Haneen S.Ibrahem5

Email: hiba.s@csw.uobaghdad.edu.iq1 , safa.s@csw.uobaghdad.edu.iq2,

saj85_gh@yahoo.com3
eng.it.enas@gmail.com4 , haneen.s@csw.uobaghdad.edu.iq5

Abstract- Access control refers to that controls objects' ability to connect via the Law on
Authorization. An important requirement of any computer system is to protect its data
and resources against unauthorized disclosure (secrecy) and unauthorized or illegal
alteration (integrity), while at the same time ensuring that it is available to legitimate
users (no denials of service), attempting to limit access to digital resources is one of the
main problems found in Secure Computers. This review presents an overview of access
control general concepts, principles. In addition, the access control functions which
provide protection to the information and resources of the system, and specify access
control models such as traditional models and other models that used in the modern
domains of (Internet, network, Cloud computing, mobile applications and operating
system) to clarify its benefits and disadvantages, if any and Demonstrate how traditional
models are used for access control management in modern models.

I.INTRODUCTION

Access is the ability to use, alter, or display something through a computer resource. Access
controls guarantee all complete access to objects is allowed, by managing data and programs
such as reading, modifying and deleting, Access control protects against malicious attacks to
privacy, authenticity and availability of the system. Computer security and the associated
subjects have been, and continue to be, the biggest issue in the IT (Information technology)
world[1]. Access control has continued to adapt to growing IT-system applications. Access
control was initially developed in multi-user and multi-level protected systems to protect
sensitive data. This is to avoid unauthorized usage by unlawful users of machine resources
and protect legal use the resources of the system[2]. Access control is intended to monitor
technical and technological tools in order to avoid unauthorized (confidential) and improper
disclosure of malicious (integrity) changes, thus preserving access to controlled (availability)
entities[3] Access control is defined as an essential security requirement in the IT sector.
Company has its own information management system that determines a collection of
6609

policies based on circumstances where customers are able to access all or some of the
program’s resources. Achieving these Resources security policies are important[3]. Access

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

control focuses on authentication and potency, password-based securities, potentialities and

access control list (ACLs), multilateral and multi-level securities, preventive control as well
as networks are transformed, advanced disclosure system (IDS) and firewall controversy. In
the side of network security, access control is the ability to restrict and monitor access across
communication links to host systems and applications. To do this, any person that attempts to
obtain access must first be detected, or authenticated, so that access rights can be
personalized to the individual [4].

Objectives of access control:

In general there are many aims of access control to protect objects (resources) of the
computer system[5]:
1. Do not allow unauthorized users to access resources.
2. Prevents legal users from unauthorized access to services.
3. Allow legitimate users to have allowed access to resources.
4. Subjects, objects, freedom of access.
5. Authentication, permission, audits.

Key security features that effect access control system:

An efficient access control system must satisfy key safety features that can be represented in
the illustration in Figure 1[6].

Figure 1: key safety features [6]

Confidentiality

The privacy of users should always be protected so that movement and use profiles are not
generated and protect the identity of its users. Users should encrypt the messages to avoid
outsiders from gathering value-added service information. One confidentiality difficulty is
the presentation and implementation of access management procedures, typically
6610

implemented by a trusted (Third Party), or data owner [8].

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

Integrity

It is important to protect the credibility of all communications to prevent opponents from

altering them; authentication is necessary to prevent the insertion of messages by outsiders
and a reliable source of time is necessary to defend against replay attacks and a secure
location method necessary to avoid spoofing of position [9].

Availability

To meet all needed recipients, who may even be unknown an effective routing protocol for
the sender is needed. A few messages should be saved at a given position for a specified
time[7].

The Functions of Access control system:

A full access control system encompasses three functions, seen in Figure 2

Figure 2: Access control functions

Authentication
6611

The authentication process deals with maintaining a reliable contact. In the case of a single
message, including an alert or alarm signal, the authentication service purpose is to ensure the

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

receiver that the message originates from the source it claims to be created. Two factors are
involved when linking a terminal to a host, first: the service guarantees, at the time of the
implementation of the relation that the two entities are legitimate, that is, that each is the
entity stated to be, second: The service needs to ensure that the communication is not
interfered with in such a way that a third party can, for the purpose of unauthorized
transmission or receipt, masquerade as one of the two legitimate parties[8].

Authorization

After a client is authenticated, it is important to test whether that client is allowed to perform
the requested action. Authorization includes the following stages: establishment of a security
plan (set of rules), selection of an access control model to encompass the specified plan,
implementation of the model and application of access rules. Any phase needs different tools
to be deployed [30].

Accountability

Accountability has been described as the "security objective that generates the demand for an
action person to be connected to the individual in its own special way. It promotes non-
repudiation, deterrence, isolation of errors, detection and prevention of intrusion, and
recuperation and legal recourse following action. This description encourages psychological
studies to discover what makes for an effective deterrent, Research into legal matters to
verify the standard of proof required by the Court of Justice; And specialized inquiries into
evidence collection, security and study[9].

Literature Review

Practical researches:

Khaing Zar et al. [2005] proposed a system aims to protect, the online shopping system,
database attacks are protected using the role-based access control model for permission and
access right mostly on database. This approach enables users to migrate from one service to
another easily, and transparently[10].
Klaus Pl¨oßl et al. [2006] proposed VANETs Security Architecture that aims to meet the
requirements, also identify privacy and security specifications and describe a robust security
framework that allows for a range of applications and meets key needs [8].
J.Lach et al. [2006] introduced a definition of mechanisms which provide access control in
various operating systems, access control list (ACL) method used to provide a safe, protected
6612

operating system environment [20].

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

Gail-Joon Ahn and Hongxin Hu [2007] propose the Model Driven Development (MDD)
approach has been re-centered to tackle a crucial problem for software systems to establish-in
high assurance, this approach is based on High-Level Design Models for device
implementation modules [21].

A.Kayem et al. [2010] introduced the developments in access controls, analyze possible
approaches, Comparison and review of each in turn with the objective. Usually, the
mechanisms for access control are configured for fairly static [22].
Mihaela Ion et al. [2013] designed a content-centered Information-Centric Networking (ICN)
privacy scheme. And improve the ability of ICN to enable confidential data by introducing
attribute-based encryption in to the ICN and attempting to make it unique to the attribute
values and proposed a routing scheme based on attributes which offers confidentiality of
interest[11].
M.Qiu et al. [2015] introduced a new attribute-based access control (ABAC) model to allow
cloud (IaaS) tenants to collaborate, and more broadly. This strategy allows for the assignment
of cross-tenant attributes to provide access to common resources through tenants, also
proposed expanding this model to cover different types of confidence[12].
G.Ahn [2016] proposed collection of protection domains for operating system by using
discretionary Access Control model that contain different methods to satisfy the right access
to ( Linux , Unix) operating systems[6] .
Yaira K. Rivera Sánchez et al. [2017] presented (RBAC) model was applied to the business
layer of phone applications, in particular to the API(s) used by a phone app to manage data. It
also proposed an API-based approach to RBAC to define and enforce permissions to
intercept API service calls to modify the information provided / saved to the application [17].
Michael Aminzade [2018] presented away to Identifying gaps in the infrastructure; and
creating security measures and plans. There are two variants of OCTAVE, with OCTAVE-S,
offering a simpler version targeted at smaller, flat hierarchical organizations. OCTAVE
Allegro, meanwhile, is a more detailed edition intended for broad multi-layered
companies[13].
C.Diekmann et al. [2019] submitted Tools (topoS and fffuu), showed how this collection of
tools assists in both system design and regular activity. The theory underlying both
instruments is formally confirmed and their code is created directly by Isabelle / HOL, which
provides strong guarantees of correctness regarding their performance, also shown how our
tools boost state-of-the-art output and how various tools can communicate with that
abstractions[14].

The table below has been classified according to the type of method (solving applied research
problems using scientific methods or tools) or model (pictorial representation of basic
concepts that illustrates the relationship between different types of variables) or the general
approach to research(This is a plan and procedure composed of steps of broad assumptions
6613

for detailed data collection , analysis and interpretation methods and, therefore, depending on
the nature of the research problem being addressed)to give a comprehensive idea of the

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

applied research on which this research is based in general, with an explanation of the
benefits of using these methods, models, or the general approach in the presented research.

Name of Method approach Advantag

Author Model used
paper used used es
-Provide Safety to
Implementatio database for on-
n of line application
Discretionary system.
(RBACM) (DACM)
Access Control - The
Role based Discretionar
and Role- Khaing Zar consequence of
access y Access /
Based Access et al. this approach
control Control
Control Policy allows users to
model method
in Online migrate from one
Shopping service to the next
System.[10] easily, and
transparently.
-There is at least a
reasonable
protocol for
keeping alerts for
a specified time in
Towards a
(SAV) (MDD) a given area.
security
Security Model -Focus on
architecture for Klaus
/ Architectu- Driven specifically
vehicular ad Ploßl et al.
re for Developme defining a PKI
hoc
VANETs nt approach and establish a
networks.[15]
reliable
geocasting routing
protocol to
Prevents VANET
misconduct.
In Unix-like
operating systems,
(ACL) access control
Access control
J.Lach et Access lists are used, and
in operating / /
al. control list therefore the gaps
systems.[16]
method are likely to close
6614

a bit.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

-This approach
used to reduce the
difference
between models
protection and
system
Towards Model
Gail-Joon NIST/ANSI (RAE) advancement.
realizing a Driven
Ahn and RBAC A - (RAE) method
formal RBAC Developme
Hongxin standard systematic Including
model in real nt (MDD)
Hu model method important features
systems.[17] approach
such as validation
and Roll-Based
Systems Code
Creation.

Introduce the
(ACMs) important of using
A presentation
Access access control
of access A.Kayem
/ control / models in
control et al.
matrixes distributed
methods.[18]
method system.

Protect individual
Toward
privacy by
content-centric
(ABE) encrypting the
privacy in
Attribute- best interest in
ICN: Mihaela
/ based / subscribing while
Attribute- Ion et al.
Encryption still allowing
based
method routers to send
encryption and
encoded data to
routing.[11]
subscribers.
Present the (MT-
(MT- ABAC) model,
ABAC) where
Let's Get
multi-tenant Collaboration
Mobile: Secure
M.Qiu et attribute- shall be permitted
FOTA for / /
al. based by cross-tenant
Automotive
access attribute value
System.[12]
control assignments made
6615

model by the cloud

service provider.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

-Users should
control rights of
access by
themselves.
- The workload of
security managers
is significantly
reduced as
resource users and
(DAS)
(ACL) administrators
Discretionar
Discretionary ,(ACMs) collectively
y Access
Access G.Ahn and / manage the
Control
Control[5]. capability authorization.
model
list methods - It allows
granularity per
user for personal
decisions about
access as well as
some coarse-
grained access for
teams.
- Changing
privileges is fast.
- Role-based
API-Based access control
approach (RBAC) is really
a candidate for the
An protection of
intercepting sensitive data
(RBAC)
api-based Yaira K. from applications.
Role based
access control Rivera - Verified how to
access /
approach for Sánchez et incorporate
control
mobile al. RBAC into an
model
applications.[1 interceptor (API)
9] that wraps the
actual mobile app
API to handle the
data displayed in
a mobile app.
Confidentiality The OCTAVE
Michael OCTAVE
6616

, integrity and / / model is used to

Aminzade
availability – identify levels of

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

finding a risk and to protect

balanced IT against cyber-
framework.[13 attacks.
]
Used in
Agile Network
development,
Access Control
C.Diekman topoS and management, and
in the / /
n et al. fffuu network level
Container
access control
Age[14]
operations.

Review and Survey Researches:

Lazouski et al. [2010] presented a novel and truly competitive to access control approach
called Usage control used in computer environments that are open, distributed,
heterogeneous, and networked. It encompasses and improves traditional models of access
control, trust management (TM) and digital rights management (DRM), and its main
novelties are attribute mutability and continuity of access decision assessment, this approach
created the development of computing systems for new safety requirements[20].
Dieter and Nanyang [2016] Presented user authentication modes and how they are deployed,
web authentication protocols, and how new usage cases have resulted in a shift from
authentication to authorization protocols, and authentication properties formalization. As
regards transparency, the emphasis is on maintaining and preserving audit reports, these
Privacy rules can place limits on documented events, and the existence of recorded events
can minimize privacy in ways not expected[9].
Ouaddah et al. [2017] proposed Mechanisms (OM-AM) method to provide an analysis of
data privacy and security criteria is performed for the most prevalent (IoT) internet of things
application areas, including personal & home, government and services, and business and
industry. This discusses the benefits and drawbacks of conventional, as well as recent models
and protocols of access control from an (IoT) point of view, the proposed Mechanisms
Implemented the privacy-controlled access control system in order to formulate an ad-equate
( IoT) access control system[6].
N.mehra et al. [2018] presented Cloud computing's main security issues and problems are
explained. Specified the need for multiple changes in existing technologies as well as more
advanced and newer technologies to ensure that the advantages of cloud computing are fully
appreciated as its acceptance accelerates[21].
C.Tan et al. [2018] presented modern Proof of Retrievability (PoR) and consequently to
identify the problems of using PoR on cloud storage and propose solutions, but cloud storage
also required special concern about the quality of the outsourced data. To this end,
6617

researchers have proposed many data integrity schemes, particularly PoR schemes, to ensure
data availability & data integrity[22].

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

S.Singh and P.verma [2018] introduced the general principles of the distributed firewalls, its
Parameters and consequences and the adaptability of these to Common Internet Threats, also
introducing Clarification how distributed firewall provides complete network protection[23].
Zhengtao Liu et al. [2019] introduced an overview of system requirement to allow access
control were mentioned in three aspects: traditional models, access control models in the
internet and access control models in the cloud computing environment, also, for the sake of
adapting to the application development, the traditional model requires ever more
reconstruction and proposed to integrates access control encryption technology & semantic
technology to provide stronger & secure information support[2].
Bhatti et al. [2019] introduced Knowledge of data protection and data security needs for
everyday computer users can also provide users with information on various data encryption
algorithms that are more effective in providing software designers with a helpful platform for
implementing the best encryption algorithms for various applications[4].
K.Kaur and A.Kaur [2019] presented a detailed study of the Virtual Private networks (VPN)
.VPN, the architecture and the protocols used. A VPN protects that private network, using
encryption and some other authentication measures to ensure that the device can only be
accessed by approved users, and data can be collected[24].
Abu Kamruzzaman Alhwaiti et al. [2020] Presented metamodel explanations and descriptions
of the access controls, also create a metamodel that is sufficiently generic to enable all current
access control models and can also allow organizations to switch easily from one access
control model to the other[3].

Research name Research aims No.of The most important conclusion

reviewed
paper
Usage control in -Offer a new basis for -This research Applied the
computer security: A access control Listed as usage control based on the
survey[20] Usage Control design principles of OM-AM
(UCON). and based on conceptual as
-Display the most well as formal models,
important advantages Established the architecture,
and problems of processes of compliance &
30
(UCON). ended with real-world
- discuss how using implementation.
Usage Control in - Highlighted many open
computer security issues in the study of
domain. utilization control which is
very significant in the field of
computer security.
Access control in the -present various (IOT) -This research Specified the
6618

Internet of Things: access control solutions 10 Implementation of IoT access

Big challenges and are offered in the control systems main

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

new opportunities[6]
Objectives, Models, challenges, and testing of
Architecture and Internet protocols that are
Mechanisms (OM-AM) widely used cannot be
manner. extended to restricted
-Analysis of protection environments in any situation.
and privacy criteria for -Addressed the major benefits
the most prevalent (IoT) and disadvantages of
applications. implementing a distributed or
-The advantages and centralized management access
drawbacks of control in IoT.
conventional, as well as
modern access control
models & (IoT)
protocols are
highlighted.
AUTHENTICATION -Present general access Privacy rules can impose limits
, AUTHORISATION control structures and on documented events, and the
& some important existence of recorded events
ACCOUNTABILITY instantiations that have can minimize privacy in ways
( AAA )[9] arisen as IT continues not expected.
to expand into new
areas of operation. 40
-Present survey about
user authentication
modes and how they are
actually implemented
and Web authentication
protocols.
Analyzing cloud -Introduces the Cloud There is an important need for
computing security computing history & multiple changes in current
issues and service model. technologies as well as more
challenges[21] -highlight some security advanced and newer
14
concerns and technologies to ensure that the
challenges. advantages of cloud computing
are fully appreciated as its
growth accelerates.
6619

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

A survey on Proof of -Specify the problems -Cloud storage was introduced

Retrievability for of employing Proof of to reduce inventory Local
cloud data integrity Cloud Storage storage, including
and availability: Retrievability & administration and
Cloud storage state- suggest solutions for maintenance costs, but the
of-the-art, issues, these problems. nature of cloud storage itself
solutions and future -Analyze PoR demanded special
trends[22] structures, and identify consideration more about
challenge and problems security of outsourced data.
resulting from the 60 - Several data integrity
particular use of PoR schemes have been suggested,
and cloud storage in in particular the PoR schemes,
general. to ensure data quality and data
integrity.

Data Security in -Introduce core These conventional firewalls

Local Network concepts such as have some problems and some
through Distributed distributed firewalls, more problems contribute to
Firewalls : A their Consequences and the development of the
Review[23] its suitability for 7 Distributed Firewalls. Through
Specific Internet securing sensitive network
Threats. endpoints it secures the
-discuss the existing network, just where hackers
implementations. want to infiltrate.
Review of Access Analyze the most -Access control must develop a
Control Model[2] important better and simplified model to
characteristics and protect information data
problems of the protection.
different access control -Access control should suggest
models such as higher and more modified
(traditional, internet, demands based on the standard
10
cloud computing). model, but according to
specific application
requirements. Therefore, for
the sake of adapting to the
application development, the
6620

conventional model needs

further reconstruction.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

A Review Of - Provide computer -Adding fixed time features

Security Levels of users with knowledge can provide a median that can
Data Encryption of data protection and also handle secret keys,
Algorithms[4] network security needs protocols, frameworks and
in their everyday lives. algorithms should be modified
–Provide users with to aggregate quantities to
knowledge on different combat fast cryptanalysis and
data encryption 9 concerted threats.
algorithms that is more
effective in providing -A symmetric and hash
software designers with functions tend to be more
a helpful forum to efficient encryption algorithms
incorporate the better although they also include
encryption algorithms difficulties in time and cost.
for various applications.
a Survey of Working -Present an exhaustive -VPNs enable users or
on Virtual Private (VPN) study. corporations to link to remote
Networks[24] -Explained the Virtual servers although keeping
Private Network (VPN), secure communications. VPNs
its VPN protocols and are a versatile, cost-effective
its security. and highly secure
-Discuss on various communication tool.
protocols used in VPN Developing this new
7
technology over the next few
years may well establish the
standard for safe Internet-wide
communication.
-This research discussed about
(VPN) and its architecture,
benefits, disadvantages, also
specified how to works VPN.
Advances in - present an access -This research Covered access
Information and control metamodel control metamodels, and
Communication[3] survey. traditional access control
- presented description models such as (DAC, MAC,
and representations for and RBAC).
11
the metamodels. - It offered a brief overview of
how such AC models are used
in different fields, for example.
Databases, IoT, and other
6621

operating systems.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

Access control models:

Access control is a security feature that protects against unauthorized access to shared
resources. The difference between authorized and unauthorized accesses is created according
to models of access control, seen in figure3:

Figure 3: Access control models

Traditional access control models

Traditional access control models are based on several of access controls in the form of
(subject, object, and process) named authorizations, specified by rules. Identify the resources
(object) that can be achieved for each entity (subject) and the activities (process) provided by
the entity allowed to execute on them [29].

Discretionary Access Control (DAC):

Discretionary Access Control (DAC) policy means that every entity has an owner in this form
of access control. The owner (issue) grants access to the resources to other users and/or
groups (objects). The way Matrix access rights used in this context and represented as: the
matrix determines the entire device policy relating to the interests of individual users. There
are two methods of having the matrix applied[10]:

 The system gives the objects or the subjects the rights. That is, either the object stores
the matrix column, or the subject stores the matrix row. The matrix row lists of
access controls are used to store the rights with Object.
6622

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

 Capability matrices are used to store rights Along with subjects, it deals with
biometrics, so that access is available in every operating system the checklists are
used for arbitrary access management.
The (DAC) model helps users to make easy changes to the access strategy. Even,
however, it has some drawbacks, such as Trojan horse security door[2].

Mandatory Access Control (MAC):

Mandatory Access Control (MAC) policy means that the central authority makes access
control policy decisions, not the single owner of an entity, and the owner cannot change the
right of access. It is a mechanism for secure access control at multilevel. It defines a Security
Level Hierarchy. A Security Policy describes rules that control access. The Department uses
the out of defense. The model successfully solves Trojan horse protection problems in the
DAC model[16].

Role Based Access Control (RBAC):

Role Based Access Control requires control over a number of users, a flat selection of
positions for users, a collection of resources and a system of access permits. The idea is
encapsulate access rights subsets within the named roles. Assign a user to the specific role
implies that it has access to the resources that it has they are within the confines of that
role[25]. The RBAC overcomes the problem of fully automated access control allocates the
right of access to subjects. The RBAC model contains: First, the authorization is connected to
the roles and then the user function is established. The User authorization is obtained by user
positions, and services (objects) are obtained[17].

Access control models of the internet era

Internet has highly accessible, heterogeneous and dynamic characteristics, which is

inappropriate use of the conventional MAC, DAC, and RBAC model.

Attribute-based access model (ABAC)

The data is encrypted with a collection of attributes in Attribute-based Access Model

(ABAC) Every Customer is assigned a key generated from client-set attributes. The Client
may use the content if it is able to use its attributes to decrypt the information-access
regulation found either in the decryption key or encrypted text [15].ABAC model addresses
the conventional control model problems with large-scale dynamic user increase and
6623

unnecessary coarse granularity of the concept of access control. It adapts to the Internet's
open and diverse technologies, and displays remarkable expansibility and versatility. Work

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

on ABAC model focuses mainly on solid ABAC attributes, definition and semantic
interoperability of ABAC methods, analysis and conflict offset of ABAC methods, which
formalized ABAC model, interaction between ABAC attribute and strategic protection[12].

Usage control (UCON) model

Usage Control is the access control model for ambient computers in open, distributed,
heterogeneous, and linked networks. It covers and strengthens conventional access control,
trust management (TM) and digital rights management (DRM) models and its major novelties
are feature mutability and continuity of access decision analysis. The key advantage of usage
control is its ability to clarify the relation in different circumstances. It can reflect, and go
beyond, the DAC, MAC, RBAC, TM, DRM models. Clearly the transition from access to
usage control is particularly useful for versatile, open environments (e.g. Internet, Grid,
Cloud, etc.)[3].

Access control model in network

A computer network is usually comprised of a series of Computer interconnected devices

which exchange data and Resource sharing. Variety of devices may be used Execute a variety
of various contact and services Memoranda. Every of the different services and
communication; Protocols reveals various vulnerabilities in the network Energy[26]. A
Network Security System Supports protection concept Policies to Control access to the
network, Network-level access control is fundamental to the security process not only in
traditional networks but also in distributed micro-services systems, clouds and architectures.
Unfortunately, the configuration of network-level access controls is still a complex, manual
and often error-prone task [19].

Network Security (NW) is an integral part of IS, too. Different issues must be taken into
account in this domain which are:

The network design

NW Security and Budgetary specifications are defined based on the design of the NW. In
designing NWs, various factors need to be taken into account, such as: Availability, price,
efficiency, user numbers etc. It is critical in security Allow Efficient and secure connections
to other NWs, and provides a useful platform for protecting sensitive NW information, and
recognizing and knowing essential controls of security and the effects of the failure of such
inspections[3].

The network device security

The security concern of NW devices is why routers and switches can be used to boost
6624

protection in the NW. Internet development the existing protocol is known as the
Transmission Control Protocol / Internet Protocol (TCP / IP). It is a suite of applications and

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

services with distinct functions Open System Interconnection (OSI) map. Every device
connected to one NW has two NW addresses: the MAC address and the IP address. There are
however Different configurations measures for the system to be installed (router, Switch ...)
to increase safety. The different steps are: switching the safety practices, ACLs,
administrative practices, Internet Communications Management Protocol (ICMP), signing to
routers[3].

Firewalls
The firewalls are the Internet's first line of protection between the Internal NW and other
unconfident NWs. They play a major role in regulating communication between applications
and other features such as: network address translation (NAT), antivirus, e-mail (spam), IDPS
filtering. A distributed firewall is a network-enforcement mechanism domain security
regulation, using the terminology of government, Policy delivery scheme allowing policy
control via Key point and certificates helping to recognize any member of the policy domain
of a network. Distributed firewalls secure by securing vital network Endpoints, exactly during
which hackers want to get in. Distributed firewalls are depend on three major points: Policy
Language, System management tools and IPsec[23].

Virtual private networks

Virtual Private Network (VPN) extends a private network into a public network, enabling
users to send and receive information on shared or public networks as if their code manuals
were directly linked to VPN-wide cloistered network applications, Protection and
management of the VPN. The two main benefits of VPN are, namely cost saving and
scalability and the disadvantages of VPN are slow of connection because the link goes across
public lines, there is a good awareness of network security issues and necessary precautions
and poor hardware and user end low speed communication[24].

Access control model in the cloud computing environment

Cloud computing is a modern and innovative idea aimed at offering the most effective and
economical way to deliver computing resources. The basic concept behind cloud computing
is to share computing resources across a community of users[27]. Cloud computing is a role
model that enables easy, on-demand network access to configurable shared pool Computing
resources ( e.g. networks , servers , storage, applications and services) to be rapidly
distributed and published with minimal management or operating effort Interference between
providers[28]. Cloud computing is a centralized public infrastructure that is operated by a
cloud service provider (CSP), where pooled resources are available to users, normally pay-as-
you-go. As far as cloud computing is concerned, this can be divided into three types:
Platform as a Service (PaaS), Software as a Service (SaaS), and infrastructure as a Service
(IaaS)[24]. The Access control systems should be fairly versatile to capture criteria for
6625

complex, attribute- or credential-based access: The key SLAs should also be capable of
capturing specific aspects of control models. Service providers in clouds generally don't

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

know their Users in ahead of time, so roles can hardly be assigned directly to users.
Accordingly, to improve the flexibility, qualification or attribute-based policies may be used.
Security Assertion of markup language (SAML), extensible markup language for access
control (XACML), and specifications for Web services can be used to define safe access Rule
of Command. Role-based access is one of several methods proposed. Control (RBAC) was
generally recognized for its simplicity, its versatility in Capturing complex criteria, and
upholding the least privilege and effective privilege management theory[21].

Access Control model for Mobile Applications

Often mobile applications contain dynamic data; which includes the data that collected from
a data Source or Warehouse data, both at regular intervals to / from source. Such types of
data transfers can be performed within a mobile application and a server/database by using
the Application programming Interface (API). Access control mechanisms are used to
manage what authorizations to give or denied in respect of the system resources or
application. Role-based access control (RBAC) [21] is among the most common
mechanisms; at RBAC, users are assigned roles, and each job contains various approvals,
which include regulations on which operations and objects can be accessed by a single user.
Notice that every single user is Restricted to one roll allocated per session. The use of RBAC
principles on Mobile device (API) level in support of the proposed method for identifying the
resources by function Users will call the API at which time and what conditions are then
imposed for a User / role combination is invoked for operation[19].

Access control model in operating system

Operating system is the key software that handles tasks and programs between the users and
the operating device resources. Access control for an operating system defines how the
operating system performs access to system resources by following the safety goals of
integrity, availability, and confidentiality. Such a method authorizes subjects (e.g. processes
and users) to perform such operations on OS objects and resources (e.g., files, sockets) (e.g.,
read, write)[29]. The operating system depends on security of the hardware supplied by
Processor and related hardware for memory management which Control to which memory a
particular process or thread is addressed[30].
In the context of the operating system, several methods have been used to control access such
as:

 The User permissions are presented as Access permissions matrix, where columns
contain files / folders, and rows contain Customers. In this side, a file proprietor
defines the permissions granted to others Users that need access to files. Only these
users can however have those permissions (Privileges), read, write and execute on the
register. Use an (ACM) to demonstrate the access privileges of users to a program and
6626

its files. While (ACMs) can be used to enforce security mechanisms, many users do
not scale well [22].

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

 Access control lists (ACL) are beginning to be used widely in Unix-like operating
systems and therefore the holes are likely to close up a bit. Even so additional features
are integrated, and it becomes increasingly difficult to compare operating systems. All
of them have a secure, healthy climate, but they are all different[16].

II.CONCLUSION AND FUTURE WORK

Access controls management is significant subject to all organizations because of the

digitalization and growing into the networking which means an increasing in the risk of
attacks. Access controls can manage and control the access of any organization by allow only
to the authorized people to access and keeping track of people which access any resource
within the organization. In this paper, we present different traditional access control policies
and models were proposed in the literature review and identify the following research
directions for access control models:
1- Improve a location-aware role-based control model and Enforcement Point Policy
2- Improve attribute-driven role-based access control models.
3- develop new application, architectural hardware, and virtualized capabilities
Help to maintain confidentiality and integrity.
Much remains to be done to realize the promise of the development access models which can
be investigated using comparison study because many of these open issues and problems are
intertwined and will require an integrated approach for their resolution.

REFERENCES

[1] P. Samarati and S. De Capitani, “Access Control : Policies , Models , and,” pp. 137–
196, 2001.
[2] Z. Liu, W. Gu, and J. Xia, “Review of Access Control Model,” Comput. Mater.
Contin., vol. 61, no. 3, pp. 43–50, 2019, doi: 10.32604/jcs.2019.06070.
[3] A. K. B, Y. Alhwaiti, A. Leider, and C. C. Tappert, Advances in Information and
Communication, vol. 70, no. January. Springer International Publishing, 2020.
[4] M. Y. Bhatti, A. Samejo, and S. Danwar, “A Review Of Security Levels of Data
Encryption Algorithms,” vol. 3, no. June, pp. 31–35, 2019.
[5] G.-J. Ahn, “Discretionary Access Control,” Encycl. Database Syst., pp. 1–4, 2016, doi:
10.1007/978-1-4899-7993-3_135-2.
[6] A. Ouaddah, H. Mousannif, A. Abou Elkalam, and A. Ait Ouahman, “Access control
in the Internet of Things: Big challenges and new opportunities,” Comput. Networks,
vol. 112, pp. 237–262, 2017, doi: 10.1016/j.comnet.2016.11.007.
[7] Q. Sun and H. Garcia-molina, “Using Ad-hoc Inter-vehicle Networks For Regional
Alerts,” Communication.
6627

[8] D. Boyle and T. Newe, “A survey of authentication mechanisms authentication for ad-
hoc wireless sensor networks,” Proc. 2007 IEEE Sensors Appl. Symp. SAS, no.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

February, pp. 6–8, 2007, doi: 10.1109/SAS.2007.374370.

[9] K. Area, “AUTHENTICATION , AUTHORISATION & ACCOUNTABILITY (
AAA ),” no. 1.
[10] K. Z. Win, K. Mar, and L. Tun, “Implementation of Discretionary Access Control and
Role-Based Access Control Policy in Online Shopping System,” p. 2005.
[11] M. Ion, J. Zhang, and E. M. Schooler, “Toward content-centric privacy in ICN:
Attribute-based encryption and routing,” Comput. Commun. Rev., vol. 43, no. 4, pp.
513–514, 2013, doi: 10.1145/2534169.2491717.
[12] M. Qiu, S. Xu, M. Yung, and H. Zhang, “Let’s Get Mobile: Secure FOTA for
Automotive System,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif.
Intell. Lect. Notes Bioinformatics), vol. 9408, pp. 503–510, 2015, doi: 10.1007/978-3-
319-25645-0.
[13] M. Aminzade, “Confidentiality, integrity and availability – finding a balanced IT
framework,” Netw. Secur., vol. 2018, no. 5, pp. 9–11, 2018, doi: 10.1016/S1353-
4858(18)30043-6.
[14] C. Diekmann, J. Naab, A. Korsten, and G. Carle, “Agile Network Access Control in
the Container Age,” IEEE Trans. Netw. Serv. Manag., vol. 16, no. 1, pp. 41–55, 2019,
doi: 10.1109/TNSM.2018.2889009.
[15] K. Plößl, T. Nowey, and C. Mletzko, “Towards a security architecture for vehicular ad
hoc networks,” Proc. - First Int. Conf. Availability, Reliab. Secur. ARES 2006, vol.
2006, pp. 374–381, 2006, doi: 10.1109/ARES.2006.136.
[16] J. Lach, “Access control in operating systems,” Stud. Inf., vol. 28, no. 1, pp. 5–15,
2006.
[17] G. J. Ahn and H. Hu, “Towards realizing a formal RBAC model in real systems,”
Proc. ACM Symp. Access Control Model. Technol. SACMAT, pp. 215–224, 2007, doi:
10.1145/1266840.1266875.
[18] A. V. D. M. Kayem, S. G. Akl, and P. Martin, “A presentation of access control
methods,” in Adaptive Cryptographic Access Control, Springer, 2010, pp. 11–40.
[19] Y. K. R. Sánchez, S. A. Demurjian, and L. Gnirke, “An intercepting api-based access
control approach for mobile applications,” WEBIST 2017 - Proc. 13th Int. Conf. Web
Inf. Syst. Technol., no. Webist, pp. 137–148, 2017, doi: 10.5220/0006354301370148.
[20] A. Lazouski, F. Martinelli, and P. Mori, “Usage control in computer security: A
survey,” Comput. Sci. Rev., vol. 4, no. 2, pp. 81–99, 2010, doi:
10.1016/j.cosrev.2010.02.002.
[21] N. Mehra, S. Aggarwal, A. Shokeen, and D. Bura, “Analyzing cloud computing
security issues and challenges,” Adv. Intell. Syst. Comput., vol. 710, pp. 193–202,
2018, doi: 10.1007/978-981-10-7871-2_19.
[22] C. B. Tan, M. H. A. Hijazi, Y. Lim, and A. Gani, “A survey on Proof of Retrievability
for cloud data integrity and availability: Cloud storage state-of-the-art, issues, solutions
and future trends,” J. Netw. Comput. Appl., vol. 110, no. August 2017, pp. 75–86,
2018, doi: 10.1016/j.jnca.2018.03.017.
6628

[23] S. Singh and P. R. Verma, “Data Security in Local Network through Distributed
Firewalls : A Review,” pp. 1044–1047, 2018.

Archives Available @ www.solidstatetechnology.us

 Solid State Technology
Volume: 63 Issue: 6
Publication Year: 2020

[24] K. Kaur and A. Kaur, “a Survey of Working on Virtual Private Networks,” pp. 1340–
1343, 2019.
[25] R. A. Control, “Role-Based Access Control,” Access Control Syst., pp. 190–251, 2006,
doi: 10.1007/0-387-27716-1_8.
[26] S. Jose, “( 12 ) United States Patent ( 10 ) Patent No .:,” vol. 2, no. 3, 2016.
[27] S. S. Abdul-Jabbar, A. Aldujaili, S. G. Mohammed, and H. S. Saeed, “西 南 交 通 大
学 学 报 Integrity and Security in Cloud Computing Environment: a Review 云计算环
境中的完整性和安全性：回顾,” J. Southwest Jiaotong Univ., vol. 55, no. 1, pp. 1–
15, 2020, doi: 10.35741/issn.0258-2724.55.1.11.
[28] T. Grance and P. Mell, “The NIST Definition of Cloud Computing version 15,” Natl.
Inst. Stand. Technol. (NIST), Inf. Technol. Lab., 2009.
[29] P. C. van Oorschot, “Operating System Security and Access Control,” Inf. Secur.
Cryptogr., pp. 125–154, 2020, doi: 10.1007/978-3-030-33649-3_5.
[30] R. Dotson, “Access control,” Compr. Handb. Sch. Saf., pp. 17–24, 2016.

6629

Archives Available @ www.solidstatetechnology.us

View publication stats