|
Name | Model introduction | Advantage | Limit |
|
Autonomous access control (DAC) | User centered, allowing users to control file access without specifying rules in advance | It is very flexible and can assign access rights between principals and objects | System maintenance and verification of safety principles are very difficult |
Mandatory access control (MAC) [44] | Users cannot customize permissions, and access control policies are managed in a centralized manner | Limitations of customer service DAC model | Rely on trusted components |
Role-based access control (RBAC) [29] | Assign multiple roles to users and give them permissions and responsibilities as principals | Central management with role members and ACS | Difficult to establish initial role structure and lack of flexibility in IT technology |
Organization-based access control (ORBAC) | A more abstract control strategy. It is designed to address topics, objects, and actions. Policies determine which subjects have some actions to access certain objects | Eliminate conflicts between security rules | Vulnerabilities vulnerable to certain types of attacks |
Task-based access control (TBAC) [31] | Implement different access control policies for different workflows or different tasks that agree to workflows | When a task is introduced, it can be authorized actively and represent the change of task status | Tasks and roles cannot be clearly separated, and passive access control and role hierarchy are not supported |
Attribute-based access control (ABAC) [30] | Approve or reject user requests based on any attributes of the user and selected attributes of objects that may be globally recognized | Subjects can access a wider range of objects and flexibly assign policies and security features | It is difficult to calculate the final permission set of a given user effectively |
Policy-based access control (PBAC) | A method of combining roles and attributes with logic to create flexible dynamic control strategies | Flexibility with fine-grained or coarse-grained | Imperfect conflict detection mechanism |
Use control (UCON) | It contains three basic elements: subject, object, authority, and three other elements related to authorization: authorization rules, conditions, and obligations | Support trust management and digital rights management, add subject and object attributes, and control them in the process of topic access | Delegation without permission description, explicit management description, and temporal description |
|