In today’s information technology era, access control is concerned with the way in which users can access resources in a computer system, or informally speaking, with “who can do what”. Access control is arguably the most fundamental security mechanism in use today. Traditional access control models, such as RBAC (Role Based Access Control), are passive access control models. They do not take into account contextual information. Consequently, these models are inadequate for specifying access control needs of many complex real world cases. As context data gets involved, the access decision no longer depends on user credentials only, it also depends on the state of the system’s environment and the system itself. Most research in this area is based on extensions of the RBAC model to support context-sensitive access control. This paper gives overview of the selected contextsensitive access control models applied in different areas.
