Traditional and Hybrid Access Control Models: A Detailed Survey

Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Chiniot-Faisalabad Campus, Chiniot 35400, Pakistan Network and Data Security Key Laboratory of Sichuan Province, University of Electronic Science and Technology of China, Chengdu, China School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China Department of Computer Science, NFC Institute of Engineering and Fertilizer Research, Faisalabad, Pakistan


Introduction
Information is the most important asset of any organization that must be secure. e security of information can be ensured with the help of confidentiality, integrity, and availability [1,2]. Furthermore, an organization's information can be secured with different approaches or technologies such as intrusion detection, steganography, cryptography, and access control [3][4][5]. ese approaches are used according to the goal and objective of the information and organization.
Access control (AC) is one of the best approaches that is used to secure the information from inside and outside attacks of the organization and decisions of granting and revoking access to any user [6]. e access control gives access to those who are authorized to organizations, i.e., persons, processes, and systems. e access control models define its mechanisms and security policies first, and then, these models are implemented in organizations according to goals and objectives [7]. ere are several traditional and hybrid access control models that have various pros and cons. e traditional access control models are discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), and attribute-based access control (ABAC). In the DAC model, the owner of the object has the authority to give and deny access to others without a system administrator mechanism [5]. e DAC model is divided into two types: strict DAC and liberal DAC.
In the strict DAC model, only the owner has the authority to permit and deny access to created resources, but in the liberal DAC model, the authority of the owner can be transferred to another individual who will be able to permit and deny the access. In the MAC model, the centralized mechanism is used to permit and deny the access of resources to users [8]. e MAC model is more secure, flexible, and efficient for commercial and military use due to its centralized behaviour. e RBAC model is prominent due to the least privilege and tight security that makes it more powerful than all other models [9]. e ABAC model has dynamic behaviour that is the most suitable model for changing environments [10]. ere are some disadvantages of both RBAC and ABAC models. So, researchers proposed some hybrid models as an extension of RBAC and ABAC. e existing surveys on access control provide a review of basic access control models, i.e., MAC, DAC, RBAC, and ABAC, or focus on access control trends, i.e., IoT, cloud, and fog computing, but there is no comprehensive survey that explains advanced access control models with their framework and applications along with pros and cons. So, this study presents access control models and advanced hybrid access control models with their framework and applications in a comprehensive manner. e access control models are used in small and large organizations according to the pros and cons of the model and the requirements of the organization. is survey encourages the researchers to propose new hybrid access control models according to the problem. ere are some existing survey studies on access control models that tried to explain access control policies with few models in specific contexts, i.e., IoT, cloud, and fog computing. Bertin et al. [11] conduct a survey paper that explains the basic access control model in detail, but this study does not include advanced hybrid access control models. e studies [12,13] conduct surveys that focus on IoT security and challenges, and they proposed solutions based on a trust-based access control model. Zhang et al. [14] present a survey paper that explains some access control models and trusted system computing in the IoT domain. e author proposed a novel method for IoT that includes access control, network attack, and trusted computing, but this study does not explain the applications, limitations, pros, and cons of each model. e rest of the study is organized as follows and also described in Figure 1. e second section describes the access control and its traditional and hybrid models. e third section makes comparisons of the access control models, and the fourth section concludes the study.

Access Control
e access control (AC) mechanism is used to permit or deny the access of resources within the organization to secure the data [6]. e AC permits the access of resources only to authorized personnel of the organization and denies the access of resources to unauthorized and other users. e access control is normally consisting of identification, authentication, and authorization. e access control grants access to authorized users according to user privilege level after authentication [15]. e access control is classified into traditional and hybrid models as shown in Figure 2. e traditional access control is further divided into four types: MAC, DAC, RBAC, and ABAC. e hybrid access control has also several types. Each traditional and hybrid access control model has its pros and cons. So, organizations use access control models according to their objectives and goals.

Traditional Access Control Models.
ere are different traditional models of access control, i.e., MAC, DAC, RBAC, and ABAC. Each model has its pros and cons. e traditional access control models are classified into two categories: DAC and non-DAC. e non-DAC is further divided into MAC, RBAC, and ABAC [16]. e traditional access control models are also compared with each other based on criteria; the principle of least privilege, dynamic behaviour, safety of models, separation of duties, capability delegation, configuration flexibility, and auditing as shown in Table 1.

Discretionary Access Control (DAC).
e DAC is a model that allows owner-based access where the owner is the creator of a resource or object. e owner of the object decides the access granting or revoking policy for the subjects or users as shown in Figure 3. In this manner, there is no need for the administrator to provide its services regarding access rights. DAC is divided into two different types: liberal and strict DAC. According to the liberal DAC, the owner can transfer the access rights or ownership to other individuals so that they can also work as an owner of the resource. On the contrary, the access rights are limited to the owner of the resource, and ownership is restricted for that individual, in the strict DAC [17,18]. It can be assumed that the DAC model works according to the choice or discretion of the owner. e enforcement of access control policies is made on three different categories: resource  ownership, user identities, and permission delegation. DAC is not an appropriate model for commercial and government organizations due to the deficiencies or limitations because it allows the users to set or deploy the access rights that might lead it towards Trojan horse attacks [19]. Moreover, DAC is popular due to its integration quality with different types of computer systems. (MAC). MAC works on the basis of security labels that can be either taken as a hierarchy model. It controls the access rights of users or processes against the resources of the system. e users are assigned to various security levels, while the objects are assigned to security labels as shown in Figure 4. e user access is affiliated with the security levels of resources that are equal or lower than their hierarchy [20]. e access control rights are strictly controlled by the administrator, who can also set the permissions in the access control. MAC is effectively used for military and commercial systems due to its high-level security [21,22]. ere are some limitations of MAC such as difficult to manage the MAC systems because the system puts all burden on the administrator to set permissions, manage configurations, and future maintenance. is complexity may increase as the size of the system increases [23]. Furthermore, the MAC operating systems are costly to set up and hard to operate due to the dependence on the trusted parts [24].

Role-Based Access Control (RBAC).
e RBAC model made a revolutionary change in the field of access control due to its strictness and tight security. is model is based on five different entities: objects, actions, permissions, roles, and users, as shown in Figure 5. Objects are considered as the resources such as directories, files, or folders. In addition, actions are the tasks or operations that can be performed on the objects. e examples of the actions are write, edit, and delete. e permissions are the combined form of an object and action; such one permission can be considered as "Edit (action) and File.doc (object)." Any change in the action or object will be considered as new permission. e intermediate and one of the key entity of RBAC is the role that connects users and permissions. e

Security and Communication Networks
roles are the containers that have various permissions. For example, a role named "deputy manager" contains all necessary permissions to fulfil or perform the tasks of the deputy manager. Furthermore, the roles are assigned to users according to their designated positions. After assigning the roles, the permissions inside every role are automatically assigned to users [25]. RBAC provides the least privilege with the usage of roles that is the central entity between users and permissions. In this way, RBAC is not allowing users to deal with the permissions directly and it eradicates the ownership rights. So, it behaves significantly better as compared to DAC because the ownership rights of a resource owner may lead to a Trojan horse attack [26]. RBAC implements the least privileges using the concept of roles because a user can only access those permissions that are assigned to the role, not more than that. is is one of the reasons that makes it popular. On the contrary, RBAC puts a lot of burden on the administrator by managing all the tasks related to permission creation, permission and user assignment to roles, role designing, etc. As the size of the organization increases, the workload of the administrator will also increase [27]. RBAC also violates the rules of separation of duties provided in the NIST standard [25]. e violations are discussed in detail by some researchers [9,26,28].
e RBAC model is most suitable for healthcare centers and especially for the hospital to make sure the security features of all the records and information details of a patient [29]. Interestingly, RBAC is implemented in the dialysis department for kidney disease due to flexibility and security. e sessions are used to connect users. A user may have more than one session at one time. e RBAC model is classified into three components or modules: core RBAC, hierarchical RBAC, and constrained RBAC. e constrained component of the RBAC model is further divided into two parts: dynamic separation of duty (DSD) and static separation of duty (SSD). e main reason behind this tight security is the implementation of dynamic and static separation of duty [25].
e core RBAC is an essential and fundamental component of the RBAC model that is implemented first in any organization, and then, advanced components of the RBAC model are considered to implement [30]. A user is described as a person, and the role of user denotes functionality and authority. e permission represents a permit to do any operation on more than one object. e permission can be read and write. e object is anything that is holding some information or receiving information. e object can be a row, table, directory, view, or file. Also, the object might be CPU cycles, printer, or disk storage space. e main concern of the core RBAC model is to assign users and permissions to roles in many-to-many fashions. It is possible to assign one role to one or more users and vice versa. It is also possible to assign permission to one or more roles and vice versa. ere is a lack of research on permission, roles, and their relation. Some authors proposed the symmetric RBAC model that applies constraints on permissions using role hierarchies and separation of duty (SOD) [25].
e hierarchical RBAC is the second component of the RBAC model that is constructed on the basis of core RBAC component [30]. e roles are implemented using the role hierarchy (RH) concept that is based on the firm's authoritative structure [31]. In RBAC, the roles faced some common standard permission again and again, which is not a better choice. e RH is used to link the same permission so that the security admin can face the same permission in few roles. Hence, every role will contribute common permissions and will lie in RH [32].
ere are some roles that standalone separately with the RH approach. In role inheritance (RI), all permissions of juniors can be assigned to senior roles and junior roles cannot have permission as having senior roles. e system cannot manage the situation when junior needs to access the permissions of senior role. e security admin has to permit and deny the same permissions again and again without RI that is a very hard job. is thing needs to be a hierarchy feature in the form of a tree with respect to different categories such as a senior, junior, junior-most, and senior-most. e role inheritance is the best choice for such type of situation; from one side, a role may inherit some permission, and on the other side, another role can inherit some permission [33].
e constrained RBAC has some specific constraints along separation of duty (SOD) to implement. ese constraints can be either location-based or time-based. e main theme of these types of constraints is to grant access based on specific time slots and locations. e RBAC constraints enable RBAC with the implementation of information security, which protects the whole system from both external and internal threats. Same as RBAC, the safety conditions are confirmed for access control models [34].

Attribute-Based Access Control (ABAC)
. ABAC is a model that is capable to provide fine-grained access control, flexibility, and dynamicity. e main story revolves around The Roles with permissions Users A permission that consists of objects and actions the attributes allocated by the attribute authorities. e Boolean formula is used to define an access control policy using the set of attributes so that an authorized and valid access can happen. ere is no need to create and assign numerous roles. Moreover, there is no need to make or design access control lists for everyone in the organization [35,36]. e attributes provide the facility to automatically perform access control decisions. Examples of attributes are citizenship, IP address, identity, location, and username. ABAC works on the evaluation rules of the attributed entities such as objects and subjects, environment related to a request, and operations. If the attributes, as well as attribute values, match, then the access is granted to a user; otherwise, access is denied [37,38]. e benefit of this facility is the dynamic behaviour as shown in Figure 6. In this manner, any change in the attribute values or user identities will be dynamically detected and the decision has been made. Previously, the RBAC model was unable to deal with this issue. On the other hand, the ABAC model has complexity issues. If the number of the attributes increases, then the complexity of the system will also increase [27,28]. Figure 6 shows that each subject and object has its own attribute.
e attribute-based access control allows the subject to access objects by checking attributes. In Figure 6, desig, locat, categ, and AR stand for designation, location, category, and access rules, respectively. e user of system will define as subject by the administrator to access the file management system. e characteristics of user will capture as subject attributes. e attributes of subject can be name, designation, organizational affiliation, gender, age, nationality, or security clearance. e identity information of subject is maintained by administrator or authorities in file management system. e proper management and assignment of subject attributes on a regular basis are required as member leave or joins the organization on a regular term [39]. e required functionality of ABAC is based on device policy, documents, or procedural rules on which a business operates. e object may have a policy or rule on which it allows access to the subject. For example, only physician is permitted to access the patient record or information for treatment and prescription in a medical emergency setup. e nonmedical person is not allowed to access the information recorded in the file of a patient. is case also defines access privileges for a specific subject [40].
e ABAC protects the objects as object, subject, attributes, and policies are defined. e access control method gathers information related to the subject, object, and policy to render the logical decision for the execution of the requested operation. Access control mechanism (ACM) must be smart enough to recognize information, policy, attributes, and their chronology and source along with necessary computations for decision-making [41]. e policies related to ABAC depend upon the richness of computational languages and the degree to which attributes are available. e system is flexible when subjects can access more objects. A subject can have maximum access to maximum objects and can perform a number of operations on the object under the established policies or rules. It is not required to create a new additional role in the system with new members because a new member shares the same attributes that are already defined. For example, a nurse wants to access patient information in medical emergency, and there is no need to set a new rule set or policy as it shares the same attributes defined earlier.
e four basic access control models are compared with each other on the basis of parameters, i.e., least privilege, dynamic behaviour, safety, separation of duties, capability delegation, configuration flexibility, and auditing as shown in Table 1. e principle of least privilege means that the user should have access to only the necessary resources when needed to do a specific operation or task. e dynamic behaviour means that the operations and tasks should be performed automatically using different access rules rather than manual instructions. e safety of models means preventing permission leakage of access control models from unauthorized users. e separation of duties means permitting the access of resources only to authorize users and denying the access request of unauthorized users. e capability delegation means the ability of a user to revoke their own features to other users that have already been granted. Configuration flexibility means providing an easy way to users for installation and uninstallation like the wizard menu. Auditing means monitoring the access control model by recording requests from users.

Hybrid Access Control Models.
In this section, we explained various hybrid models that are extensions of traditional AC models.

Temporal Role-Based Access Control (TRBAC).
e TRBAC [42] is an advanced form of the RBAC model that eliminates non-permanent limitations on the on/off switching of roles. e TRBAC braces up seasonal role enabling and disenabling and transitive dependencies on those types of activities. ose forms of dependencies that are stated using role triggers can also be utilized to limit the series of roles that a specific user can make operative at a particular period. e release of a trigger can lead to the switching on or off of a role that can happen instantly or after a specified period of time. e enabling and disabling activities can be assigned for resolving disputes, for instance, the constant switching on and off of a role. In this case, the activity that has the highest assigned priority will always be performed [43].
To enhance the capacity of the security officer (SO) to react in emergency circumstances, the authors give the access to manipulate the state of role and the series of users that have the control to perform that specific role by giving run time requests [44]. e run time requests are those requests that are not attached with other events or the validation of stated conditions. For example, a run time request can be used to temporarily delay the user from making a role operative. is is useful, especially when a user Security and Communication Networks utilizes a specific role to execute an activity that could be detrimental to the system. In this situation, the SO can react by releasing a run time request that will cause a temporary denial for the user and prevent him from executing the role. Just like triggers, run time requests can be performed immediately or after a specified period of time.

Rule-Based RBAC.
e rule-based RBAC is basically a modification in RBAC. Kahtani and Sandhu [45] proposed a model that works like the traditional RBAC model. ey made a different set of rules for the enterprise to define its access policy. e rules are activated automatically for the assignment of users to roles. e permission creation and assignment of the permissions to roles are working the same as the traditional RBAC model. e modification was done in between user role assignments. e authors made the user role assignment portion dynamic. e system will verify the attributes of the users with attributes of roles. If attributes on both ends match with their attribute values, then the assignment will be done automatically, otherwise not. For example, a user from country of India, with age of 19, can view the adult sites. It means a user should qualify the attributes of age and country, with the values of their attributes; then, he/she can access those particular roles with the same access rule. e working of rule-based RBAC model is very good because it decreased a load of an administrator by automating the concept of user role assignment. e efficiency of the model can be increased by giving the idea of a fully dynamic RBAC model that can make reliability and ease of management [46].

Rule-Based Access Control.
e rule-based access control model is used for Web-based social network (WBSN). It permits access to resources that are located online. In this framework, authorized subjects are expressed based on the relationship form, depth, and degree of trust that exist among the network users with attribute-based RBAC. Access to resources is given based on distinct access rules. In rule-based models, protocols are given by resource owners and they indicate the profile of authorized users by one or more access conditions. e access conditions include limitations on the type, depth, and trust level of their associations with other network users. e access control needs a particular object that can be clearly stated by a series of conditions [47].
For instance, for an object created by v o (node that has a relationship with requester), the series of access conditions applicable to the object is given by an access rule that is determined by v o . is type of concept is usually described as follows: the access rule is always in the form of (oid, cset), where oid represents the identifier of the object and cset represents a series of conditions (cond1..., condn). For instance, assume that Tom is the one who created an object that is associated with the identifier obj1 and he wants users who are his direct pals and whose trust level is up to 0.5 to have access to his object. Also, he wishes to give access to all his direct friends that are his colleagues provided that their trust level is up to 0.5.

Attributed RBAC.
e RBAC model is famous due to its strictness in terms of security, and the ABAC model is famous due to its dynamic behaviour [27,48]. Some studies proposed a hybrid model that used basic entities of RBAC such as actions, objects, permissions, roles, and users. ey introduced the concept of attributes for the creation of permissions, permission assignment to roles, and role assignment to users. is sort of addition makes the RBAC model a dynamic model. Most of the work in the hybrid model is done automatically, which made it different from the existing models and covered some of the deficiencies of the RBAC and ABAC. All the objects of the system have some attributes such as time, IP address, and location. ese attributes of objects are automatically granted to permissions after the creation permissions.
is model also creates permissions automatically with the merger of object containers and action-level containers. So, this kind of merger creates more than one permission at a time and creates it automatically. After that, the permission is assigned to roles by matching their attributes. If the attributes of roles and permissions are matched, the permissions will be added to those roles automatically. In last, the user's attributes are matched with roles and automatic role assignment will be done with the help of attributes. If a user's time, location, and IP address matched with the role's same attributes, then that user can access that particular role. If one of the attributes does not match, then the user cannot access that role. e model idea was good, but it only supports the basic working of RBAC. If the administrator wants to do the whole access control working through this model, then the model is not useful. e reason is that this model does not support conflicts of interest, separation of duty, and role hierarchy concepts [49]. So, these are some limitations of attributed RBAC model. Some authors proposed various models to resolve this issue by extending this work. e proposed techniques are capable to support separation of duty in various ways. Furthermore, the hybrid models proposed different methods to generate permissions [26,28].

Role-Based Integrated Access Control (RBIAC).
Reliability and security are the most important concerns in multi-domain service-based systems, where data are used to flow from one domain to another domain. ere are many access control models. e data provenance methods are developed for service-based systems. On the other hand, there was not a single mechanism that provides an integrated model with data provenance and access control. e rolebased data provenance scheme was developed to track originator's and contributor's roles. Moreover, data reliability can be evaluated using the information of data objects from the roles. e proposed [50] model is better for the applications of multi-domain services with respect to reliability and security. is model provided a new way in the field of integrated or hybrid models. In addition, RBAC is used for the evaluation of data security and reliability. Moreover, the extended version of typical RBAC is used to control data usage and flow of information in multi-domain systems. e developed model is also capable of using information about newly added roles and implementing data quality derivation [51].

Trust-Based Access Control (TBAC).
e threat level is comparatively more when users interact with online social networks (OSN). Several users download and upload data from the OSN that may lead to different data security risks and access control. e trust-based access control was proposed as a solution or strategy for users and their friends for restricting them through a proper trust rule in accessing the data from OSN. e proposed [52] model works on the concept of roles such as the owner, contributor, and stakeholder. ese roles are associated with users to play during the usage of OSN. ere are different security levels introduced with the help of different roles. e concept of a multi-role environment is also introduced. In this way, more than one security parameter can be applied by the users. e user and his friends can make the decision of access grant or revoke for the other users on the OSN. So, policy conflicts do not occur between various users. e model was proposed for the OSN, but it is not suitable for other fields such as wireless sensor networks, IoT, and cloud computing. Moreover, the access decision is placed between users and their friends, but there is no role of the administrator that can make sure security issues. If the administrator wants to delete some unethical photographs or material, then how can an administrator remove it? Even the role of the administrator is not discussed, and this is a question or research gap in this model [53].

Trust-Aware RBAC.
During the communication process, there are certain threats in breaching the security from the malicious users. e reason behind the threat is the absence of some access control mechanism. e trustaware RBAC system (TARAS) [54] model was proposed to solve the security issues in IoT devices communication. e users with similar roles are considered to respond in the same manner so that a trust level can be established between IoT and smart devices, and users. e TARAS is capable of detecting unauthorized and malicious users. Moreover, TARAS performed dynamic trust estimation and increased the integrity of data. e TARAS also increased the availability, detection of accuracy, robustness, and provided better performance under high attack density. e model is specifically designed for IoT, but the model can be implemented only for wireless sensor networks and cloud computing devices. In addition, some researches are proposed regarding the privacy of IoT environments for cloud and blockchain [55,56].

Garbled RBAC.
Data outsourcing originates different security issues in the cloud and IoT environment. Moreover, security threats and privacy risks are leading problems in the fields of military, health care, and intelligent organizations that are associated with the task assignment. As a solution to the problems, the garbled RBAC (GRBAC) [57] model was proposed. e model is a fine-grained security model that adopted a garbled function. e proposed model is specifically designed for those organizations where roles are not disclosed with the servers and for the users. Moreover, the main contributions of the model are that a user cannot activate more than one garbled role set. e data of organization is secret from everyone, but the algorithm is not secret. e model can be implemented in the IoT environment as an extension. On the other hand, the model is not flexible. Moreover, one more disadvantage is restricting the server from the user's roles. In this way, the server is unable to keep the record of roles and the server cannot make the necessary steps for controlling the access control system.

RBAC Using Smart Contract.
e open blockchain platform Ethereum provides flexibility, adaptability, and security. In this model, smart contract is used with the typical RBAC model. e RBAC smart contract (RBAC-SC) [58] model is proposed to verify users' role ownership in small organizations. In this model, RBAC-SC is deployed on Ethereum's testnet blockchain and the design of RBAC-SC is also provided with performance analysis. e proposed model is efficient, secure, and minimizes the costs, but it is only suitable for small organizations. In this way, we cannot consider this model for large organizations. is is the drawback and limitation of the model; that is, it is restricted to small organizations only. Some other authors also proposed a lightweight technique for blockchain-based systems for the authentication process [59].
Security and Communication Networks 7

Feasible Fuzzy-Extended ABAC (FBAC).
e ABAC model is becoming a mature model day by day, and it is famous due to the dynamic authorization technique. e ABAC model can even dynamically perform in complex environments, but it is unable to provide flexible, exceptional approval. e limitation of ABAC model is that it is unable to perform efficiently resource usability and business timeliness. e proposed FBAC [60] model is comparatively efficient and flexible for granting exceptional critical authorization. e FBAC model is better by increasing the utilization of resources and business suitability. e FBAC is also tested for the audit mechanism and the credit system at high-risk requests. Moreover, the proposed model is analysed for risks, usability, and evaluated for its effectiveness by different experiments.
e FBAC model is comparatively better than the traditional ABAC model due to its time efficiency and flexibility. On the other hand, the model is the extended version of ABAC, and it is unable to provide tight security and least privilege.

Emergency Role-Based Access Control (E-RBAC).
Nazerian [61] proposed the emergency role-based access control (E-RBAC) model to increase the flexibility of RBAC model in emergency situations. Because the RBAC model is failed to achieve better results in emergency situations.
e proposed E-RBAC model is based on break the glass (BTG) policy and separation of duty (SOD) constraint. e BTG policy was proposed to override access control and give maximum responsibility to users, and SOD constraints are used to restrict the users.
e proposed E-RBAC model can achieve better results in normal, emergency, and exception situations. e normal situation is the same as RBAC in which the access of user is known. In the emergency situation, the events are predictable except their time and access are not given to users due to privilege contradicts. In an exceptional situation, the user access is unknown and policies are not predefined.
is model improves the flexibility of RBAC model in normal, emergency, and exception situations.

2.2.12.
Priority-Attribute-Based RBAC (PARBAC). akare [62] proposed a priority-attribute-based RBAC (PARBAC) model for medical based on authentication mechanism to increase the consistency and flexibility of RBAC model. Because the RBAC model is failed to handle large number of requests from user in large organizations that cause overloading on the cloud server, the proposed PARBAC works in seven steps. In the first step, the users get token that consists of individual's details. In the second step, user calls to API. In the third step, the Azure resource manager (ARM) accepts or denies assignments of users based on priority. In the fourth step, ARM advises to user based on role assignment. In the fifth step, ARM verifies the activity and privileges of users. In the sixth step, logging is not allowed to user if he has no role with activity. In the last step, access is blocked if a denial assignment is applied.
is PARBAC model is able to handle problems in large organizations with dynamic scenarios.

Attribute-Based Access Control Model Supporting
Anonymous Access (ABSAC). Zhang [63] proposed attribute-based access control model supporting anonymous access (AB S AC) model that is used to protect user data for Internet of things (IoT) in small cities. e models of attribute-based access control (ABAC) are not protected and efficient to work in large organizations properly. According to researcher, anonymous access is able to protect user data and it is not stored in authentic place. is proposed model is more secure for the transaction of user data in public place with minimum risk factors.

Traceable Attribute-Based Encryption Scheme with Dynamic Access Control (TABE-DAC).
Guo [64] proposed an efficient traceable attribute-based encryption scheme with dynamic access control (TABE-DAC) model to share secret data on cloud servers based on blockchain technology. e confidentiality of secret data can be protected using attribute-based encryption (ABE), but the ABE scheme is not flexible and efficient to fulfil access control policies. e TABE-DAC model can control illegal sharing of secret data on cloud by tracing malicious users using accountability method.
is model provides flexibility to data owners to modify access control policy. e proposed TABE-DAC model is efficient and flexible to share secret data on cloud without illegal sharing.

Time-Based Access Control.
Wang [65] proposed time-based access control (TAC) model to secure user data in Internet of things (IoT). e user data are divided into two directional subspaces that represent attribute and time generation of data. Access control and privacy are achieved by sending encrypted data before transmission. e data owner or data source has authority to give access to anyone using sub-key. e TAC model is able to generate sub-key of data within minimum time and memory space for each subspace. e proposed TAC model is efficient and flexible to share secret data on IoT.

Comparative Analysis of Traditional and Hybrid Access Control Models
is section contains a summarized comparison and information of traditional and hybrid AC models in tabular form as shown in Table 2.  [45] Dynamicity, less load on administrator, and induced role hierarchy Not consistent for conflicts of interest and policy specification complexity Rule BAC [47] Use certificates for authenticity, good for social networks, and dynamic environment Only useful for WSBNs and difficult to manage Attributed RBAC [49] Dynamic behaviour, tight security, and decrease load of administrator Limited features of RBAC, role explosion, and complexity in designing access policy RBIAC [50] Enhanced data security, trustworthiness, and data provenance for multidomain service applications Execution time overhead due to the addition of various elements of data provenance.
TBAC [52] Automated access control model designed for multi-role implementation Reliability and scalability problems, and not secure because users also decide access rights TARAS [54] Enhanced detection accuracy, robustness, and service availability against malicious users Designed for smart objects and not suitable for military and government organization due to unknown users' run time access

Applications of Traditional and Hybrid Access Control
Models. e access control models are classified into traditional and hybrid models. e basic traditional access control models are DAC, MAC, RBAC, and ABAC. e hybrid access control models are proposed as extension of traditional access control models on the basis of pros and cons. Each traditional and hybrid access control model has its own application as described in Table 3.

Conclusions and Future Directions
e access control (AC) mechanism is used to control the access level of resources among legitimate users. e main purpose of access control mechanism is to ensure the security of data by limiting the access of data to only authorized users. e access control is classified into traditional and hybrid models. Due to several limitations of traditional access control models, hybrid access control models were proposed as an extension of traditional access control models. e hybrid access control models are more efficient, flexible, scalable, and secure. e hybrid access control models are used generally in both small and large organizations according to the objective of the organization.
In the future, the access control models also can be designed using fog computing instead of cloud computing. e fog computing stores data over the fog in the form of chunks. Suppose user wants to update the stored data, then user will download only specific chunk of data for modification instead of downloading whole data. e access control model can be made more secure using fog computing due to data chunk mechanism. Moreover, the access control models also can be designed using artificial intelligence (AI) to achieve some key characteristics such as detecting malicious code in resources, identifying illegal sharing of resources, and distinguishing unauthorized users. AI will also be used to permit and deny the access of resources among users and will limit the users so that they can perform tasks up to the specified role. In short, the access control models can be fully automated with the help of artificial intelligence.

Data Availability
All the data used to support the findings of this study are available in this study.

Conflicts of Interest
e authors declare that there are no conflicts of interest.

Model name
Applications DAC [18] e most appropriate applications of DAC are Web applications and operating systems such as Unix and Linux MAC [24] MAC is used in operating systems and database management systems. Furthermore, it is used in the organizations such as government departments and military RBAC [25] e applications of RBAC are banking and education systems ABAC [37] e application of ABAC is for companies such as telecommunications, insurance, and airlines TRBAC [42] e TRBAC is an extension of the RBAC model to achieve dynamic behaviour for activation and deactivation of role Rule RBAC [45] e rule RBAC model is an extension of the RBAC model to achieve dynamic behaviour of user role assignment Rule BAC [47] e application of rule BAC is Web-based social networks Attributed RBAC [49] e attributed RBAC model is a hybrid model of RBAC and ABAC to achieve strict security and dynamic behaviour RBIAC [50] e RBIA model is extension of the RBAC model to provide integrity of user data TBAC [52] e applications of TBAC are online social networks (OSN) and websites TARAS [54] e application of TARAS is communication of IoT devices GRBAC [57] e application of GRBAC is IoT environment where roles are not disclosed RBAC-SC [58] e application of RBAC-SC is blockchain-based smart contract FBAC [60] e applications of FBAC are auditing, business environment E-RBAC [61] e E-RBAC is an extension of the RBAC model to work in emergency situations PARBAC [62] e application of PARBAC is cloud server-based authentication mechanism for medical domain AB S AC [63] e application of AB S AC is IoT-based user data protection TABE-DAC [64] e application of TABE-DAC is sharing of secret data on cloud servers based on blockchain and also control illegal sharing of secret data TAC [65] e application of TAC is IoT-based user data protection