Authorization Strategies and Classification of Access Control Models

Access control enforces authorization policies in order to prohibit unauthorized users from performing actions that could trigger a security violation. There exist numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and choose an appropriate one satisfying security needs. This paper provides an overview of authorization strategies and proposes a rough classification of access control models providing examples for each category. In comparison with other comparative studies, we discuss more access control models including the conventional state-of-the-art models and novel ones. We also summarize each of the literature works after selecting the relevant ones focusing on database systems domain or providing a survey, a taxonomy/classification, or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology (NIST). Further studies for extending the list of access control models as well as analysis criteria are planned.