Access Control Metamodel for Policy Specification and Enforcement: From Conception to Formalization

With the widespread of data, applications, and devices in today's dynamic computing environments, controlling access to assets from multiple sources is a key challenge, especially with the presence of cybercriminals and cyberattacks. Several access control (AC) models are developed and implemented in different computing environments to control users' access to resources. But, the emergence of ubiquitous computing, especially the concept of industry 4.0 and IoT applications, releases new prospects to traditional information systems by merging new technologies and services for seamless access to information sources at anytime and anywhere. With this fact, it is realized that these AC models no longer meet the increasing demand for privacy and security standards. Hence, several AC metamodels with higher level of abstraction are developed as unifying frameworks for specifying any AC policy. Unfortunately, the proposed AC metamodels have several limitations. One of these limitations is that they are not generic enough to include all features and the heterogeneous AC models. In this paper we propose a solution for this limitation by developing a generic AC metamodel where its features can be upgraded to answer the needs and facts of the new technologies. (C) 2021 The Authors. Published by Elsevier B.V.