ADAPTIVE CONTEXTUAL ACCESS CONTROL MODEL FOR ENHANCING THE RESILIENCE OF CRITICAL INFORMATION SYSTEMS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2025.31.1084

Keywords:

critical information systems, risk assessment, Zero Trust, access control, context-aware access control, adaptive access policies, Device Posture, resilience, cybersecurity

Abstract

This paper proposes an adaptive access control model for critical information systems that integrates three groups of attributes: device posture, user role, and access environment parameters. Based on the analysis of contemporary Zero Trust approaches, the necessity of multifactor risk assessment for each access request is substantiated. The developed model forms an integral risk score using weighted coefficients and contextual parameters, enabling dynamic decision-making in the form of access permission, restricted access, additional authentication, or access denial. The proposed approach improves the accuracy of identifying risky access scenarios and contributes to strengthening the resilience of critical information systems. Future research directions include extending the model with behavioral attributes, utilizing statistical incident data, applying machine learning methods for adaptive adjustment of weighting coefficients and threshold values, as well as conducting experimental validation of the proposed model.

Downloads

Download data is not yet available.

References

Verkhovna Rada of Ukraine. (2021). On Critical Infrastructure: Law of Ukraine No. 1882-IX. https://zakon.rada.gov.ua/laws/show/1882-20

Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust architecture (NIST Special Publication 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207

Sandhu, R., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.

Hu, V. C., Ferraiolo, D. F., Kuhn, D. R., Schnitzer, A., Sandlin, K., Miller, R., & Scarfone, K. (2014). Guide to attribute based access control (ABAC) definitions and considerations (NIST Special Publication 800-162). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-162

Jeong, S., & Yang, H. (2025). A trust score-based access control model for Zero Trust architecture. Applied Sciences, 15(17), 9551. https://doi.org/10.3390/app15179551

Bradatsch, L., Miroshkin, O., Trkulja, N., & Kargl, F. (2023). Zero Trust score-based network-level access control in enterprise networks. Proceedings of the 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 1422–1429. https://doi.org/10.1109/TrustCom60117.2023.00194

Wang, J., Wang, Z., Song, J., Cheng, H., Cao, Y., & Li, Z. (2023). Attribute and user trust score-based Zero Trust access control model in IoV. Electronics, 12(23), 4825. https://doi.org/10.3390/electronics12234825

Lukaseder, T., Halter, M., & Kargl, F. (2020). Context-based access control and trust scores in Zero Trust campus networks. In Sicherheit 2020: Lecture Notes in Informatics (LNI) (pp. 53–66). Gesellschaft für Informatik. https://doi.org/10.18420/sicherheit2020_04

Cybersecurity and Infrastructure Security Agency. (2023). Zero Trust maturity model (Version 2.0). U.S. Department of Homeland Security. https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf

Sydorenko, V. M., & Maksymets, A. V. (2025). Model for ensuring the resilience of critical information systems under the influence of internal and external destabilizing factors. Cybersecurity: Education, Science, Technique, 3(27). https://doi.org/10.28925/2663-4023.2025.27.779

Singh, V. (2025). Context-aware access control in SaaS environments: A metric-driven framework. Journal of Information Systems Engineering & Management, 10(58s), Article 12768. https://doi.org/10.52783/jisem.v10i58s.12768

Herrera, J. L., Chen, H.-Y., Berrocal, J., Murillo, J. M., & Julien, C. (2022). Context-aware privacy-preserving access control for mobile computing. Pervasive and Mobile Computing. https://doi.org/10.1016/j.pmcj.2022.101725

Avtushenko, V., Kozlov, D., & Chernenko, A. (2022). Analysis of information security system modeling methods. Cybersecurity: Education, Science, Technique, 7(2), 33–44. https://csecurity.kubg.edu.ua/index.php/journal/article/view/373

Downloads


Abstract views: 27

Published

2025-12-16

How to Cite

Sydorenko, V., & Kobilnyk, B. (2025). ADAPTIVE CONTEXTUAL ACCESS CONTROL MODEL FOR ENHANCING THE RESILIENCE OF CRITICAL INFORMATION SYSTEMS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(31), 820–832. https://doi.org/10.28925/2663-4023.2025.31.1084

Issue

Vol. 3 No. 31 (2025): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2025 Вікторія Сидоренко, Богдан Кобільник

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Most read articles by the same author(s)