Authorization Strategies and Classification of Access Control Models
Sprache des Vortragstitels:
Englisch
Original Tagungtitel:
The 8th International Conference on Future Data and Security Engineering
Sprache des Tagungstitel:
Englisch
Original Kurzfassung:
Access control enforces authorization policies in order to prohibit
unauthorized users from performing actions that could trigger a
security violation. There exist numerous access control models and even
more have recently evolved to conform with the challenging requirements
of resource protection. That makes it hard to classify the models and
choose an appropriate one satisfying security needs. This paper provides
an overview of authorization strategies and proposes a rough classification
of access control models providing examples for each category. In
comparison with other comparative studies, we discuss more access control
models including the conventional state-of-the-art models and novel
ones. We also summarize each of the literature works after selecting the
relevant ones focusing on database systems domain or providing a survey,
a taxonomy/classification, or evaluation criteria of access control
models. Additionally, the introduced categories of models are analyzed
with respect to various criteria that are partly selected from the standard
access control system evaluation metrics by the National Institute
of Standards and Technology (NIST). Further studies for extending the
list of access control models as well as analysis criteria are planned.