Comparative Evaluation of Access Control Models


Author/Creator ORCID




Hood College Computer Science and Information Technology


Computer Science

Citation of Original Publication


Attribution-NoDerivs 3.0 United States



In cybersecurity, access control models dictate what actions a person can perform, which programs they have permission to execute and overall, the level and type of access of information technology resources. This work compares a number of the most widely used access control models and analyzes their suitability of deployment in different contexts. To perform the analysis, several key background access control mechanisms are described and analyzed. The first result from this analysis is the realization that there is no dominant model that can be suitable across all environments. It is therefore important for access control models to be selected that match the needs of a particular environment. The more in depth analysis focuses on the direct comparison of specific access control models, Bell-Lapdula, Biba, Clark and Wilson and Lampson’s Access Matrix. The result from this analysis is that the Biba model is the most robust and most secure integrity model, especially due to its perfect connection with the Bell Lapadula confidentiality model. These findings are significant as comparing the expressive power of access control models is a fundamental problem in information security.