Authors: Nirosha K. Fernando
Abstract: The increasing digitization of critical infrastructure systems has magnified the urgency of implementing robust access control mechanisms to prevent cyber intrusions, data breaches, and operational disruptions. Critical infrastructures spanning energy grids, transportation systems, healthcare networks, financial institutions, and defense installations are foundational to national security and economic stability. As cyber threats evolve in sophistication, traditional access control mechanisms such as Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) are proving inadequate in addressing the dynamic and complex threat landscape. This review explores how advanced access control models such as Attribute-Based Access Control (ABAC), Risk-Adaptive Access Control (RAdAC), Policy-Based Access Control (PBAC), and Zero Trust Architecture (ZTA) enhance the security posture of critical infrastructures. These models employ fine-grained, context-aware, and adaptive mechanisms that respond to real-time risk assessments and user behavior analytics. The paper synthesizes existing literature, government frameworks, and industry case studies to evaluate the effectiveness of these models in mitigating unauthorized access, insider threats, and lateral movement within critical systems. It also examines the integration of artificial intelligence and behavioral analytics in access control for predictive risk mitigation. Finally, the review identifies ongoing challenges, including interoperability, policy complexity, and compliance barriers, while suggesting future directions such as AI-driven automation, blockchain-based identity systems, and quantum-resistant access frameworks. The study concludes that advanced access control models represent an essential evolution toward proactive, adaptive, and resilient cybersecurity architectures for safeguarding critical infrastructures.
DOI: http://doi.org/10.5281/zenodo.17882494
