Abstract:

Access control is one of the fundamental security mechanisms in information systems, enabling the enforcement of policies that define who can access resources and to what extent. This paper presents the evolution of access control models from classical approaches such as Discretionary Access Control (DAC) and Mandatory Access Control (MAC) to modern approaches like Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). An analysis of the operational principles of each model is provided, along with their strengths and weaknesses, and an assessment of their suitability in the context of modern security requirements, including cloud environments and the Internet of Things (IoT). The results of the analysis indicate that the choice of an access control model is a compromise among security, administrative flexibility, and solution scalability. ABAC, due to its dynamic decision-making based on attributes and context, offers the greatest adaptive potential for complex, distributed next-generation systems.