Comparative Study of Access Control Methods in Enterprise Information Systems, Based on RBAC, ABAC, and TBAC policies

Author:Marcel Danilescu
Position:PhD in progress, 'Danubius' University Galati, Romania
Pages:177-184
ISSN: 2067 9211 Performance and Risks in the European Economy
177
Comparative Study of Access Control Methods in Enterprise Information
Systems, Based on RBAC, ABAC, and TBAC policies
Marcel Danilescu1
Abstract: Controlling access to a company’s IT systems is a way to ensure that users are the ones who
say they are and have proper access to company data and documents. At a high level, con trolling access
to a company’s data and applications is a selective restriction on access to data. It consists of two main
components: authentication and authorization. Authentication is used to confirm that someone is the
claimant, and this is not enough for themselves to ensure data protection. Authorization is additional
levels which determines which user should be allowed access to data or perform an action (operation /
transaction). For their implementation, several authentication and authorization methods have been
created, of which, within this study, we app roach, Role Based Access Control (RBAC), Attribute-based
access control (ABAC) and Trust-b ased access control (TBAC). This study makes a comparative
analysis on the principles underlying RBAC (Ro le Based Access Control), ABAC (Attribute-based
access control) and TBAC (Trust-based access control) and the ways of ap plication and collaboration
between them.
Keywords: Users; operations; actions; objects; roles; trust; attribute
Introduction
The cyber threat nowadays is very high, and organizations (public or private) have to deal
with possible external or sometimes internal attacks. They often have a devastating effect that
can lead to a loss of reputation and potential business partners.
Organizations seeking to regulate the management of access rights in accordance with internal
management policies face complex and time-consuming management for thousands of users,
and difficulties in applying business-level control of access rights, which means management
constraints on IT resources.
To meet these challenges, several methods have been used to design and implement
authentication and authorization policies such as: Role Based Access Control (RBAC),
Attribute-based access control (ABAC), Trust-based access control (TBAC).
1 PhD in progress, “Danubius” University Galati, Romania, Address: 3 Galati Blvd., 800654 Galati, Romania, Corresponding
author: marcel.danilescu@aswic.ro.

To continue reading

Request your trial