IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v12y2020i6p103-d370285.html
   My bibliography  Save this article

Risk-Based Access Control Model: A Systematic Literature Review

Author

Listed:
  • Hany F. Atlam

    (Electronic and Computer Science Department, University of Southampton, Southampton SO17 1BJ, UK
    Computer Science and Engineering Department, Faculty of Electronic Engineering, Menoufia University, Menouf 32952, Egypt)

  • Muhammad Ajmal Azad

    (Department of Engineering and Technology, University of Derby, Derby DE22 1GB, UK)

  • Madini O. Alassafi

    (Department of Information Technology, Faculty of Computing and IT, King Abdulaziz University, Jeddah 21589, Saudi Arabia)

  • Abdulrahman A. Alshdadi

    (Department of Information Systems and Technology, College of Computer Science and Engineering, University of Jeddah, Jeddah 23218, Saudi Arabia)

  • Ahmed Alenezi

    (Electronic and Computer Science Department, University of Southampton, Southampton SO17 1BJ, UK
    Computer Science Department, Faculty of Computing and Information Technology, Northern Border University, Arar 9280, Saudi Arabia)

Abstract

Most current access control models are rigid, as they are designed using static policies that always give the same outcome in different circumstances. In addition, they cannot adapt to environmental changes and unpredicted situations. With dynamic systems such as the Internet of Things (IoT) with billions of things that are distributed everywhere, these access control models are obsolete. Hence, dynamic access control models are required. These models utilize not only access policies but also contextual and real-time information to determine the access decision. One of these dynamic models is the risk-based access control model. This model estimates the security risk value related to the access request dynamically to determine the access decision. Recently, the risk-based access control model has attracted the attention of several organizations and researchers to provide more flexibility in accessing system resources. Therefore, this paper provides a systematic review and examination of the state-of-the-art of the risk-based access control model to provide a detailed understanding of the topic. Based on the selected search strategy, 44 articles (of 1044 articles) were chosen for a closer examination. Out of these articles, the contributions of the selected articles were summarized. In addition, the risk factors used to build the risk-based access control model were extracted and analyzed. Besides, the risk estimation techniques used to evaluate the risks of access control operations were identified.

Suggested Citation

  • Hany F. Atlam & Muhammad Ajmal Azad & Madini O. Alassafi & Abdulrahman A. Alshdadi & Ahmed Alenezi, 2020. "Risk-Based Access Control Model: A Systematic Literature Review," Future Internet, MDPI, vol. 12(6), pages 1-24, June.
    • Handle: RePEc:gam:jftint:v:12:y:2020:i:6:p:103-:d:370285
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/12/6/103/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/12/6/103/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:12:y:2020:i:6:p:103-:d:370285. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.