Danubius International Conferences, 15th International Conference on European Integration - Realities and Perspectives
Comparative study of access control methods in enterprise information systems, based on RBAC, ABAC, and TBAC policies
Last modified: 2020-04-11
Abstract
Access control in an enterprise's IT systems is a way of ensuring that users are who they say they are and that they have proper access to company data.
At a high level, controlling access to data and applications of an enterprise is a selective restriction of access to data. It consists of two main components: authentication and authorization.
Authentication is used to confirm that someone is who they are claiming, and that is not enough on their own to ensure data protection. Authorization is an additional level, which determines which user should be allowed access to data or take an action (transaction / transaction). For their implementation, several methods of authentication and authorization have been created, which, within the framework of this study, we address, Role Based Access Control (RBAC), Attribute-based access control (ABAC), Trust based access control (TBAC).
This study makes a comparative analysis of the principles underlying RBAC (Role Based Access Control), ABAC (Attribute-based access control) and TBAC (Trust based access control).
