DigitalCommons@University of Nebraska - Lincoln
- < Previous Article
- Next Article >
Home > Libraries > Library Philosophy and Practice - Electronic Journal > 4197
Libraries at University of Nebraska-Lincoln
Library Philosophy and Practice (e-journal)
A literature review of management control system in university libraries.
Wisdom Okereke Anyim , Rhema University, Aba, Nigeria Follow
Document Type
Abdullah, H. (2009). Major Challenges to the Effective Management of Human Resource Traiing and Development Activities. The Journal of International Social Research, 2 (8), 1-5.
Adeniji, A. A. (2012). Auditing and Assurance Services . Lagos, Nigeria: Value Analysis Consult.
Act of 27 August 2009 on public finance (PFA), Poland: Journal of Laws. (2009), vol. 157, item 1240, with amendments , art. 56-62.
Aguolu, O. (2008). Fundamentals of Auditing (3 rd ed).Enugu, Nigeria: Institute for development Studies.
Ainslie, K. (2016). Internal control for public libraries. Retrieved From: http://www.in.gov/library/files/Handout_Slides_with_Notes_as_Transcript_Internal_Controls.pdf .
American Institute of Certified Public Accountants (2009). Manual.
Anufulu, J. O. (2011). The Impact of Leadership on Employee Performance: A Case Study of PHCN. Unpublished MBA thesis in the Department of Business Administration, University of Nigeria, Enugu Campus.
Asogwa, M. O. (2014). Performance Management of Civil Servicein Enugu State, Nigeria, 1999 -2011 (Doctoral dissertation). Department of Public Administration and Local Government, University of Nigeria, Nsukka.
AuditNet(2016). Audit-library: Auditnet-internal-controls-primer. Retrieved from https://www.auditnet.org/audit-library/auditnet-internal-controls-primer . on 6th Feb.2017
Barnabas, A. S. & Iheonkhan, I. S. (2012). Re-engineering of Internal Audit in Public Sector: An Emperical Study of Institutions in Niger State. Journal of Finance and Accounting Research, 4 (1),116-127
Ben, O. (2008, January 23). Nigeria’s Education Crisis and Imperatives of Reform. The This Day, 13, (4659), p. 80.
Cabała, P. (2002). System kontroli w zarz ą dzaniu przedsi ę biorstwem, Pomocnicze materia ł y dydaktyczne . Wyd. AE. Cracow.
Chowdhury, S. (2006). The management of academic libraries: A comparative study of the
University of the Western Cape Library and Dhaka University Library (Doctoral
Dissertatation), University of the Western Cape (UWC).
Chukwu, L. C. (2010). Auditing and Investigations: A Nigerian Approach . Owerri, Nigeria: Ben- Son printers & Publishers
Duru, H. Z. (2010). Managing Day-To-Day Employee Performance (A Case Study of Nigerian Television Authority Enugu). (Master’s thesis). Department of Management, University of Nigeria, Nsukka
Dusza, E. B. (2011). Essence and Significance of Management Control In Public Sector In Poland. Contemporary Issues in Business, Management and Education. doi: 10.3846/cibme.2011.04
Dutse, L. I. (2011). Management of University Libraries in the North Central Zone of Nigeria( Unpublished Master’s Thesis ). Department of Library and Information Science, University of Nigeria, Nsukka.
Ekene, M. E. (2010). Effective internal control in enhancing foundation for safe and sound operation in an organisation (A case study of Colleges of Education in Enugu). ( Master’s thesis ) Department of Accountancy, University of Nigeria.
Griffin, R.W. (2010). Management. Ohio, USA: Cengage Learning
Gupta, K. (2002). Contemporary Auditing . London: McGraw-Hill
Hitt, M. A, Black, J. S. & Lyman, W. P. (2008). Management . New York: Pearson Custom Publishing http://www.sandiegouniontribune.com/news/watchdog/sdut-library-audit- 2015dec07- htmlstory.html. Retrieved from http://www.unllib.unl.edu/LPP/ on June 11, 2017
Ifidon, S. E & Ifidon, E.I. (2007). New Direction in African Library Management. Ibadan, Nigeria: Spectrum Books Ltd
Jänkälä, S. (2007). Management Control Systems in the Small Business Context . Faculty of Economics and Business Administration, Department of Accounting and Finance, University of Oulu, Finland. Retrieved from http://herkules.oulu.fi/issn14552647 / on 27 July, 2017
John, A. O. & Ngoasong, L. N. (2008). Budgetary and Management Control Process in a Manufacturing: Case of Guinness Nigerian Plc . (Master thesis). School of Sustainable Development of Society and Technology, Mälardalen University.
Kowalczyk, E. (2010). Kontrola zarządcza w jednostce sektora finansów publicznych. Wzory instrukcji i procedur, Wrocław: Presscom.
Kruis, A. M. (2008). Management control system design and effectiveness. Nyenrode Research Group (NRG). Retrieved from www.nyenrode.nl/nrg on 29th July, 2017.
Kuc, B. R. (2007). Kontrola wewnętrzna w sektorze publicznym. Kierunki zmian Warsaw: PWN
Locke, E. A. & Latham, G. P. (1990). A theory of Goal Setting and task performance . Englewood Ciffs, N. J: Prentice Hall.
Messier, M. F., Glover, S. M. & Douglas F. P. (2008). Audit and Assurance Services: A Systematic Approach (6 th ed.). New York, USA: McGraw-Hill/Irwin
Missouri State University (2016). Internal Controls and Risk management-Policy Library.From:https://www.missouristate.edu/policy/Op3_12_14_InternalControlsRiskmanagement.htm Retrieved: 06/06/2017 mitigating Corporate Conflicts
Mazurek, A. & Knedler, K. (2010). Kontrola zarządcza-ujęcie praktyczne. Warsaw: Handikap
Mohammed, A.Y. (2018). Leadership Style in Academic Libraries in developing Countries. Kano: Usman Press.
Mogan, G. (2015). Auditor: Library needs internal controls, pronto. Retrieve from http:www.missouristate.edu/policy/Op3_12_14_InternalControlsRiskmanagement.htm
Moon, J., Gond J. P., Grubnic, S. & Herzig, C. (2011). Management control for sustainability strategy. Chartered Institute of Management Accountants, 7 (1), 1-4.
Ndibe, N. & Okoye, E. (1998). Auditing and Investigation. Awka, Nigeria: Futuretech Publishers.
Ngalla, R. M. (2007). Management Problems of University Libraries in Cameroon (Master ’s Thesis ). Department of Library and Information Science, University of Nigeria, Nsukka.
Obinna. A. S. (2010). Impact of motivation on employee performance in organizations: A Case Study of Anambra motor manufacturing company Ltd, Enugu (2000-2008) unpublished Master’s Thesis submitted to Public Administration, University of Nigeria.
Olioku, C. J. (2010) . Assessment of Compliance with Internal Control Mechanism by Microfinance Banks in the North Central States Of Nigeria (Master ’s Thesis). Department of Vocational TeacherEducation, Business Education Unit, University Of Nigeria, Nsukka.
Ozor, D. C. (2015). Effect of Internal Control System on Management of Organisational Resources of Manufacturing Firms in Nigeria ( Master’s Thesis ), Department of Accountancy, University of Nigeria, Enugu Campus.
Puchacz, K. 2010. Nowe standardy kontroli zarządczej w jednostkach sektora finansów publicznych. Warsaw: ODDK.
Raseroka, K. H. (2010). The Role of university Libraries . A paper presented at the Association of African universities Workshop, Botswana.
Rosenberg, D. (1997). University Libraries in Africa: A Review of their Current state and Future Potential . London, England: International African Institute.
Sławińska-Tomtała, E. (2010). Kontrola zarządcza w sektorze publicznym. Warsaw: CH Beck.
Speklé, R. F. (2001). Explaining management control structure variety: a transaction cost economics perspective. Accounting, Organizations and Society , 26 (1), 419-441.
University of Oregon (2016). Internal Control. Retrieved fromaudits/internal-controls on 06/06/2017
Uzomba, E. C., Oyebola, O. & Izuchukwu, A. C. (2015). The Use and Application of Open Source Integrated Library System in Academic Libraries in Nigeria: Koha Example
William, H. (2013). Performance management arrangements for the Senior Civil Service 2013/13/14. Human Resource Practitioners Guide April 2013. content/uploads/ 2011/07/performance management- Arrangement-for-scs-2013-14-HR-Practitioners-Guide.
Wittington, O. R & Pany, K. (2008). Principles of Auditing and other Assurance services ( 16 th ed.). New York, USA: McGraw-Hill Ivwin.
Zimmerman, J. L. (2000). Accounting for Decision Making and Control (3 rd ed.). Singapore: MacGraw-Hill Companies, Inc.
This paper is based on literature review of management control system in university libraries. The purpose of this paper is to discuss the place of management control system in university library, challenges associated with management control system and the enhancement strategies. This paper is important as it provides insight in which university libraries could improve staff performance leading to achievement of educational goal of the university by rendering effective information services to the students, faculty and the university community. Literature revealed that management control system maintains a formulated policy with regards to the conduct and performance of the staff; material resources and financial records. The paper discovered that there are challenges associated with utilizing management control system in university libraries, these include: inadequate staff training and development, poor communication system, inadequate infrastructure, inadequate funding, staff collusion, management overriding established control, abuse of authority, staff incompetence and alteration in the system. It was identified in the reviewed literature the strategies that could be used to mitigate challenges to effective management control system which include: adequate development and training; adequate finance, effective segregation of duties and supervisory control and clear definition of objective. Based on the findings, adequate management control system was recommended to university libraries which will produce a reasonable assurance efffect on service delivery.
Since September 04, 2020
Advanced Search
Search Help
- Notify me via email or RSS
- Library Philosophy and Practice - Electronic Journal Website
- Copyright Statement
- Instructions for Authors
- Advice for Contributors
- Collections
- Disciplines
Author Corner
- Submission Guidelines
- Guide to Submitting
- Submit your paper or article
- Libraries Website
- Library Philosophy and Practice Editorial Board
Home | About | FAQ | My Account | Accessibility Statement
Privacy Copyright
A systematic literature review for authorization and access control: definitions, strategies and models
International Journal of Web Information Systems
ISSN : 1744-0084
Article publication date: 15 August 2022
Issue publication date: 25 October 2022
Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.
Design/methodology/approach
This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.
The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.
Originality/value
Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.
- Authorization
- Access control
- Authorization strategy
- Access control model
- Classification
Mohamed, A.K.Y.S. , Auer, D. , Hofer, D. and Küng, J. (2022), "A systematic literature review for authorization and access control: definitions, strategies and models", International Journal of Web Information Systems , Vol. 18 No. 2/3, pp. 156-180. https://doi.org/10.1108/IJWIS-04-2022-0077
Emerald Publishing Limited
Copyright © 2022, Aya Khaled Youssef Sayed Mohamed, Dagmar Auer, Daniel Hofer and Josef Küng.
Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
Access control ensures data security by protecting assets and private information against unauthorized access by defined subjects. It helps to avoid information leaks or improper modification by potentially malicious parties. Besides traditional well-known access control models, there are many others that recently evolved to match advanced security requirements. Because of the increase of access control models, it seems promising to classify the models to enhance the selection of an appropriate model to fulfill the requirements of the overall system. Thus, it is necessary to clarify the core concepts of authorization and access control (e.g. definitions, strategies and models) along with the commonly used, partly ambiguous, synonyms.
definition of authorization and access control along with their related terms;
distinction between authorization strategies and access control models;
rough classification schema for access control models;
illustration of classification schema by providing state of the art as well as not commonly discussed models for each class of access control models;
review of a selected list of comparative studies on access control that are in the context of databases, include a survey of models, provide evaluation criteria and/or introduce a taxonomy of models; and
analysis of the classification schema based on selected criteria of access control models.
Concerning the methodology, we conduct a systematic literature review (SLR) which is a formal repeatable method to identify, analyze and interpret the existing research related to a particular topic of interest. According to the SLR definition in Kuhrmann et al. (2017) , we started our research with an extensive literature study on access control models. We selected a specific range of publications according to our filter criteria and studied them in detail. Because of the differences in the definition of authorization and access control along with their related terms, we discuss the various views for each concept and state which of them we follow. Then, we identified authorization strategies and derived categories for classifying all these models. Finally, we analyzed the resulting selections in addition to the main features of each category.
The remainder of this paper is organized as follows. Section 2 defines the related terms we use throughout this work. Section 3 explains authorization strategy and illustrates existing discretionary, mandatory and hybrid strategies. We introduce a classification of access control models along with examples in Section 4. We provide a summary of survey works comparing the included access control models in Section 5. In Section 6, we analyze the proposed categories with respect to selected criteria before concluding our paper in Section 7.
2. Related terms
Although authorization and access control have already been important in theory and practice for several decades, there are still differences concerning the understanding of basic terms in this domain. Therefore, we discuss the most important ones for our research.
Starting with authorization and access control, we see the following common differences. While Kane and Browne (2006) , some publications by the National Institute of Standards and Technology (NIST) such as Hu et al. (2014) and sources from IBM ( IBM-Corporation, 2015 ) use them as synonyms, Bertino et al. (2011) , Ferrari (2009) , Josang (2017) , Kizza (2020) and other NIST publications ( Ross et al. , 2021 ) clearly differentiate between them.
We follow ( Bertino et al. , 2011 ; Ferrari, 2009 ; Josang, 2017 ; Ross et al. , 2021 ; Kizza, 2020 ) to clearly distinguish between these two terms and discuss our view including associated concepts in the following. A brief overview is given in Figure 1 , which also shows how we assign the terms according to the two dimensions:
authorization and access control; and
strategy, model and instance level.
2.1 Authorization
While authorization not only refers to the result (authorizations, authorization policy), but also to the process of specifying access policies ( Josang, 2017 ; Kizza, 2020 ), most sources including ( Bertino et al. , 2011 ; Ferrari, 2009 ; Kane and Browne, 2006 ; Ross et al. , 2021 ; Hu et al. , 2014 ; Ahmad and Whitworth, 2011 ) focus on the result only.
We are aware that authorizations are usually developed in an iterative process of requirements analysis, definition and authorization specification at different levels of granularity and with respect to the access control model.
Definition 1 (Authorization). Is about the specification of access rights and combines authorization strategy as well as authorization model and authorization policy including their components (i.e. subject, object and action). It also considers the process of defining the authorization policy with respect to the selected model framed by its strategy.
In the following discussion and definitions, we focus on the artifacts in their final level of details. We start from the strategic level down to the instance level.
2.1.1 Authorization strategy.
Bertino (2016) uses the term access control technique to summarize discretionary (DAC) and mandatory access control (MAC) as the” fundamental building blocks”. Kizza (2020) uses the term authorization mechanism accordingly. In contrast, Eckert (2014) considers them as access control strategies, among which she includes role-based access control (RBAC). From our perspective, these fundamental viewpoints are strategic and not a matter of technique or mechanism. Therefore, we follow Eckert (2014) concerning the term strategy. However, as it is about specifying access rights, we follow Kizza (2020) and use the term authorization rather than access control like Eckert (2014) and Bertino (2016) . Furthermore, we do not consider RBAC a strategy, but an access control model (Section 4). Authorization strategies are discussed in Section 3 in more detail and further used in the analysis of the access control models along with their underlying authorization models in Section 6.
Definition 2 (Authorization Strategy). Defines the overall perspective of how to specify authorizations, i.e. owner-centric, administration-centric or hybrid and thus sets the frame for the authorization models.
2.1.2 Authorization model.
Subject is the active entity (e.g. user, group, organizational role, process, application program) to which access rights are granted. With a focus rather on the implementation, the term principal is also used as a synonym.
Object is the passive entity of the system, which needs to be protected, e.g. a file, a database table or record, an object in an object-oriented system, a node in a graph database. Different levels of granularity as well as sensitivity can be considered. Alternative terms for object are resource or asset.
Action states what the subject can perform on the object. There are several alternative terms for action such as privilege, (access) right, type of operations or activity, access mode and property. Privilege is the preferred term not only in the context of databases where privileges are granted to users ( Bertino et al. , 2011 ), but also in the context of basic discussions such as Ferrari (2009) and Josang (2017) . However, privileges are often used with slightly differing semantics ( Center, Computer Security Resource, 2022 ), which may lead to misconceptions. Atlam et al. (2020) even explicitly distinguish between action and privilege. While actions represent the types of activities subjects can perform on objects, the privileges are the permissions granted to a subject to be able to perform particular activities on certain objects. Thus, privileges are considered as synonyms to authorizations ( Josang, 2017 ).
Additional components are often demanded by specific access control models such as roles and sessions for RBAC, environmental attributes for ABAC or conflict of interest classes for the Chinese Wall model.
Definition 3 (Authorization Model). Defines the model for the specification of the access rights, i.e. the components needed and their interactions with respect to the core authorization strategy.
2.1.3 Authorization policy.
We have also seen differences with the term policy in terms of authorization and access control. Often authorization policy, access policy and access control policy are used synonymously. Authorization policies are considered on different levels of detail. For example, Hu (2016) describes access control policies as the “high-level requirements that specify how access is managed and who may access information under what circumstances”. Also Ferrari (2009) and Bertino et al. (2011) consider access control policies as the (high-level) rules to which access control must occur or authorizations are granted. The OASIS eXtensible Access Control Markup Language (XACML) technical committee provides an example with the OASIS standard ( OASIS, 2013 ), which shows an access control policy in plain text and the respective XACML policy in the XACML policy language. Thus, in this case it only differs in the level of granularity and language.
We follow the OASIS view in our definition of authorization policy considering the focus and the openness with regard to nearly any granularity of the specification. The authorization model defines all components and their required dependencies to specify the authorization policy. Thus, Figure 1 contains not only an edge from the authorization model to the set of components, but also from the authorization policy.
Definition 4 (Authorization Policy). Is an instance-level artifact, which specifies the access rights for a system according to the selected authorization model, on nearly any level of granularity, i.e. from simple text up to a policy definition language.
2.2 Access control
While authorization is about specifying the access rights, access control is about their enforcement ( Josang, 2017 ). Kizza (2020) describes this as “… a process to determine who does what to what based on a policy”. We follow these sources and consider access control as the process of enforcing access rights defined in an authorization policy.
2.2.1 Access control model.
The enforcement of access rights, which are defined according to some specific authorization model, is defined in the access control model. It states what needs to be done to determine the decision whether allow or deny access. Ferrari (2009) proposes the term authorization verification as a synonym to access control model. This view contrasts other sources such as Hu et al. (2017a ), who rely on a different definition of policy and further do not distinguish between authorization and access control model. They, for example, consider the access control model to “bridge the gap in abstraction between policy and mechanism” as their policies rather define the organizational frame for the access rights and not the access rights themselves.
Definition 5 (Access Control Model). Defines the enforcement of the authorization model, i.e. what needs to be checked to determine whether to allow or deny access for a subject to a protected resource.
2.2.2 Access control mechanism.
Is an instance-level artifact, i.e. a piece of software implementing a certain access control model ( Bertino et al. , 2011 ; Ferrari, 2009 ). When receiving a request (i.e. a subject requesting a specific kind of access on an object), the mechanism determines whether it can be allowed or must be denied ( Bertino et al. , 2011 ; Ferrari, 2009 ; Hu et al. , 2014 ). As it typically works as a reference monitor intercepting all requests to the system, thus, this term is also used as a synonym ( Bertino et al. , 2011 ; Ferrari, 2009 ; Samarati and De Capitani di Vimercati, 2001 ).
Definition 6 (Access Control Mechanism). Is an implementation of an access control model and thus, an instance-level artifact. It enforces an authorization policy which fits to the access control model of the mechanism. The mechanism determines if an access request evaluation is allowing or restricting the access.
Although there are numerous other technical terms with divergent definitions, the selection presented in this paper forms the basis for our further work.
3. Authorization strategies
An authorization strategy (Definition 2) defines the view point of describing authorization policies, i.e. owner-centric, administration-centric or hybrid. Different terms are used as alternatives to authorization strategy. Eckert (2014) refers to it as access control strategy, Samarati and De Capitani di Vimercati (2001) as well as Benantar (2005) called it access control policies class while others regard it as an access control model ( Bertino and Sandhu, 2005 ). Even though we use the term authorization strategy, we keep the well-established DAC (i.e. Discretionary Access Control) and MAC (i.e. Mandatory Access Control) abbreviations.
3.1 Discretionary strategy
The discretionary strategy (DAC) is owner-centric, i.e. ownership of each resource is assigned to one or more entities. The subject, who is allowed to access a resource, is either the object creator (i.e. the default owner) or a principal with delegated ownership rights. The resource can be only destroyed by the owner and its ownership may optionally be shared with other subjects as well ( Benantar, 2005 ).
DAC systems provide more flexibility to the user, but less administration control. Moreover, they do not scale well and are hard to manage in large environments. Because the propagation and usage of information cannot be controlled after giving access to the legitimate subjects, they are insecure and vulnerable to Trojan Horse attacks. A trojan horse program executes more actions, unknown to users, than it seems and should do ( Bertino et al. , 2011 ; Harris, 2012 ).
3.2 Mandatory strategy
The mandatory strategy (MAC) is non-discretionary because access decisions are not made at the discretion of the user. A MAC policy is obligatory as the access rights are regulated by a central authority. The owner and subject users can neither control the defined access nor override the policy. This strategy often is based on the security label concept where the subjects are associated to security clearance and objects to sensitivity classifications ( Hu et al. , 2017b ; Benantar, 2005 ).
Although MAC systems provide stronger security than the DAC ones and overcome the trojan horse problem, they are vulnerable to covert channels (i.e. tunnels created for transferring information in an unauthorized manner). Furthermore, the required administrative overhead makes it more costly.
3.3 Hybrid strategy
The advanced access control models are typically based on a middle ground strategy mixing DAC and MAC because the pure mandatory and discretionary strategies are often no longer sufficient. For instance, the originator-controlled strategy (ORCON or ORGCON) ( Abrams, 1995 ; Park and Sandhu, 2002 ) combines DAC and MAC such that only the originator (i.e. original owner) can alter the privileges on a subject/object basis ( Matt, 2018 ) (cp. DAC). On the other hand, access restrictions on original resources are automatically copied to derived objects without owner control (cp. MAC).
4. Access control models
An access control model defines the enforcement of the authorization model to decide whether to allow or deny access for a subject to a protected resource. We grouped the access control models into five main classes based on their characteristics. In the following subsections, we explain these categories and provide an overview of a selected subset of the access control models including some recent models that are not previously discussed in other surveys (Section 5).
4.1 Access control by explicit Object-Subject assignment
The oldest and simplest access control model is the access matrix (ACM) proposed by Lampson in 1971. It is built upon the strategy of DAC (i.e. identity-based) where the subjects’ privileges are described over the objects in a matrix data structure. A single entry in the matrix A[s,o] represents the access rights (i.e. actions) a subject s can take upon an object o ( Benantar, 2005 ). The access rights representation is straightforward and was commonly used in practice, but typically the matrix becomes sparse and oversized because of lots of empty cells. In the following, we give an overview of available access matrix model variants.
4.1.1 Authorization table.
Typically used in database management systems. The non-empty matrix authorization entries are stored as tuples in a table with three columns for the subject, object and action ( Petkovic and Jonker, 2007 ).
4.1.2 Access control list (ACL).
The most common and basic form of access control for limiting access to data on shared systems. It represents the access matrix in a column perspective (i.e. resource view) where the objects to be accessed are associated with a list of subjects along with the operations allowed to be executed on these objects ( Petkovic and Jonker, 2007 ).
4.1.3 Capability list.
The conceptual approach is similar to ACL, but with the access matrix stored by row (i.e. subject view). Each subject holds a list of capability certificates containing the access rights to be performed by this principal over a set of resources ( Petkovic and Jonker, 2007 ).
4.2 Access control by model-specific rules
Traditionally, this class of models has been used in MAC systems enforcing the concept of rules. A set of predefined rules must be met to grant/deny the subject access to a particular resource. The models in this category have fixed rules that apply all the time for all users regardless of their identity. The rules are an implicit part of the access control model specifying detailed situations, i.e. whether a given subject can or cannot access an object and what that subject can do once access is granted. For example, the subject’s security level determines the classes of objects to be accessed in the Bell-LaPadula (BLP) and Biba models. Administrators can only manage the basic parameters (e.g. security level) whereas users have no control at all on the rules. In the following, we give an overview of some model-specific rule examples.
4.2.1 Bell-LaPadula (BLP).
Simple security : also known as the no-read-up (i.e. read-down) property such that a subject is not allowed to read objects with higher sensitivity. The subject security clearance must dominate the object security classification.
Star property : also known as the no-write-down (i.e. write-up) policy where it is not possible for a subject with some security level to write any object with lower sensitivity. To avoid the leakage of confidential information, the object security classification has to dominate the subject security clearance.
Strong star property (optional) : read and write operations are performed at a single security level such that the subject and object sensitivity are equal.
4.2.2 Biba.
Simple integrity : read-up rule controls a subject’s access from reading lower integrity level data, so that bad information will not flow upwards from lower clearance levels.
Star integrity : also known as write-down such that subjects are not allowed to write data or pass information to higher classified levels than theirs.
Invocation property : a service can only be invoked by subjects at a lower integrity level.
4.2.3 Lipner.
Based on the BLP: subjects and objects are assigned to one of the two confidentiality levels. In this case, five defined compartments are responsible for integrity and access control.
Full Model: is a hybrid combination of the BLP and Biba integrity models. Three integrity levels and two categories are added to Lipner’s first mechanism, after collapsing some confidentiality compartments, to be assigned to subjects and objects. This is to prevent low-integrity data or programs from impacting those with higher integrity. The purpose of integrity levels is to avoid unauthorized modification of system programs whereas the categories are used to separate domains according to functional areas.
4.2.4 Clark–Wilson.
Subject : (ER3): is an authenticated user who attempts to initiate a transformation procedure (TP). (ER4): Only the certifier of a TP can change the list of entities associated with that TP to prevent violating the integrity constraints by changing the qualifications of a TP.
Object : is either classified as a constrained data item (CDI) with high protection level or unconstrained data item (UDI) representing untrusted information entered to the system. (ER2): The system must associate a user with each TP and set of CDIs. (CR1): The validity of CDIs is ensured by integrity verification procedures (IVPs).
Transformation procedure (TP) : a set of operations performed on data items. (CR2): It transforms CDIs in the system from one valid state to another. (CR5): The TP can also take an UDI as input and either produce a CDI or reject the UDI. (ER1): Only TPs certified to run on a CDI can manipulate it so that the certified relations are maintained. (CR3): The relations allowed by the system must enforce the separation of duty principle. (CR4): Transactions are logged using a CDI and the TP only appends to it.
4.2.5 Chinese-Wall (CW).
Simple security : the object can be accessed by a specific subject if it belongs to either the same company dataset of the previously accessed objects or a different conflict of interest class.
Star property : for the write access, the simple security rule must be satisfied besides the permission to read the objects which are sanitized (i.e. filtered from sensitive data) and belong to the same company dataset as the one for which write access is requested.
4.2.6 Multi-level security (MLS) database.
The MLS database model ( Keefe et al. , 1993 ) follows the MAC authorization strategy and extends the concept of the BLP model to apply fine-grained access control to database systems at the level of relations (i.e. tables), attributes (i.e. columns), tuples (i.e. rows) and elements (i.e. cells). This is done by regulating access to data resources by subjects according to their predefined classification in the system. The classification is based on a partially ordered set of access classes (i.e. labels) such that an access class c i dominates an access class c j if and only if the security level of c i is greater than or equal to that of c j ( Bertino and Sandhu, 2005 ). Having a classification associated to a value represents the sensitivity of that attribute value for a particular entity not the value itself. For example, a classification (e.g. Secret ) associated to a salary value is not for this absolute value, but rather the salary of the given employee. There are three MLS architectures: kernalized architecture , distributed architecture and trusted subject architecture . They are classified according to whether access control is enforced by the database management system (DBMS) or delegated to a trusted operating system ( Rjaibi, 2004 ).
However, the MLS database introduces complications in real-world cases because of polyinstantiation . This problem arises when there are multiple instances of the same entity with different access classes in the system. Possible options are either notify the subject or accept the change replacing the existing value. The first solution compromises secrecy because of revealing protected information causing a covert channel while the overwriting approach compromises integrity because high classified data would be lost. Because both solutions are not viable, the only applicable option is to have the original and the new tuples coexist and manage their presence. Thus, polyinstantiated tuples result and the database loses its semantics after executing few operations. Accordingly, current DBMSs do not support element-level classification, but rather on the tuple level (e.g. Trusted Oracle, DB2 for z/OS and SYBASE Secure SQL Server) ( Samarati and De Capitani di Vimercati, 2001 ).
4.3 Access control by roles
Flat RBAC : applies basic RBAC, but considers many-to-many relations between users and roles such that a user can have many roles and vice versa. The same applies to the permission-role assignment.
Hierarchical RBAC : organizational and administrative roles are defined in a general or limited hierarchy (i.e. tree) for structuring authorities and responsibilities within the organization. The hierarchies are reflexive and transitive, but anti-symmetric.
Constrained RBAC : adds constraints associated with the user-role assignment relations and/or role activation within user sessions to the hierarchical RBAC. The separation of duty (SoD) concept is applied to prevent the users from being over-authorized and enforce conflict of interest policies. The SoD can be static (SSoD) or dynamic (DSoD). In SSoD, the user cannot be a member of roles having shared principles. However, this is allowed in the DSoD without activating these exclusive roles at the same time even across multiple simultaneous sessions initiated by the same subject.
Besides the standard RBAC, advanced models are proposed to structure the RBAC model and manage its policies. Moreover, several works extended the capabilities of RBAC to deal with contextual information.
4.3.1 Administration role-based access control.
This model uses roles as a central concept, but dedicated to the management of policies in RBAC. Sandhu et al. (1999) proposed the first RBAC administration model called ARBAC97 . Administrative roles and permissions are independent of the regular ones. ARBAC97 is decentralized, but without compromising the broad policy objectives. It has three components to deal with different RBAC administration aspects: URA97 for user-role assignment, PRA97 for permission-role assignment and RRA97 for role-role assignment. URA97 and PRA97 are based on a ternary relation (i.e. can_assign ) with prerequisite conditions. For instance, an administration role member can assign a user to a regular role in URA97 only if this user satisfies the prerequisite role(s) condition. URA97 and PRA97 control user-role and permission-role weak and strong revocation by means of a relation called can_revoke without involving prerequisite conditions. Weak revocation applies only to explicit membership in a single role whereas strong revocation cascades upwards in the role hierarchy, however, both apply downward cascading. Last but not least, the role hierarchy is constructed in the RRA97 sub-model.
Additionally, two extensions (i.e. ARBAC99 and ARBAC02 ) have been proposed by the same research group to address the shortcomings in ARBAC97. The objective of ARBAC99 is to manage mobile and immobile users (e.g. visitor or consultant) and permissions. ARBAC02 focuses on resolving the multi-step user assignment, duplicated permission-role assignment (PA) information and restricted composition of permission pools. This is done by creating an organization structure as a user and permission pools independent of the role hierarchy in addition to introducing a bottom-up permission–role administration unlike the top-down approach in the ARBAC97 model. On the other hand, scoped administration of role-based access control (SARBAC) is proposed by Crampton and Loizon (2002) as an extension of RRA97 and an alternative to ARBAC97 ( Cuppens and Miège, 2003 ). It relies on administrative scope which dynamically changes upon changing the role hierarchy. This improves rule consistency when deleting roles. Finally, administrative roles are not separated from the regular ones anymore.
4.3.2 Organization-based access control (OrBAC).
The OrBAC model has evolved because of the need to structure a given organization into sub-organizations and specify their different authorization policies within one framework. It is based on the concept of organization as an organized group of subjects such that each of them plays some role in the organization. In OrBAC, policies associated with different organizations can be handled simultaneously ( Kalam et al. , 2003 ).
Permissions are typically applied directly to subjects, actions and objects while in OrBAC, subject, action and object are respectively abstracted into role, activity and view. The subject in this context is either an active entity (i.e. user) or an organization. A role acts as the link between subjects and organizations in a ternary relationship called Employ . A view corresponds to a set of objects satisfying a common property whereas an activity joins actions that partake of the same principles ( Kalam et al. , 2003 ). As organizations can define views differently, the object, view and organization entities are related to each other via the Use ternary relationship. The same applies to the action, activity and organization using another ternary relationship, i.e. Consider .
An authorization policy is specified as a set of facts, i.e. in an organization, a given role is permitted to perform a given activity on a given view in a given context (e.g. working hours, night and urgency) ( Cuppens and Miège, 2003 ). In addition to permissions, obligations and prohibitions can be specified using OrBAC. It is assumed that any organization is a subject ( Org ⊆ S ), any subject is an object ( S ⊆ O ) and entity attributes are represented as functions, e.g. the name of a subject s is represented as name(s) . Furthermore, an administration model for OrBAC (AdOr-BAC) is proposed by Cuppens and Miège (2003) . The AdOr-BAC model includes the URA and PRA components as in the ARBAC model, but has an additional component called UPA (i.e. user-permission administration). The two variations of the UPA component are UPA1 and UPA2 for enabling a user to delegate a permission to perform an action on an object and an activity on a view respectively.
4.3.3 Role-based access control extensions.
Several RBAC models are proposed to consider context information for access control decisions. For instance, temporal RBAC (T-RBAC) model extends RBAC such that users are limited to only use the role permissions in specific temporal periods. Depending on the specified time interval(s), the roles are either in an active or inactive state. Furthermore, role triggers are supported for controlling the time of action execution. The priority resolves the conflicts between triggers and periodic activation/deactivation ( Bertino et al. , 2011 ). The language is formally defined and checked for inconsistencies or ambiguities in ( Bertino et al. , 2000 ).
Another extension is GEO-RBAC ( Damiani et al. , 2007 ) that evolved because of the increasing need for securing mobile applications and location-based services. Spatial capabilities are added to the conventional RBAC model to support location-specific constraints in which a given role can be accessed by a user. The location can be physically or logically expressed in terms of absolute coordinates or relative to spatial objects respectively. In this model, the role is only enabled if the user is located within the spatial boundary of that role ( Bertino et al. , 2011 ).
Tie-RBAC ( Tapiador et al. , 2012 ) extends RBAC to be applied in social networks. It gives full control to the resource owner by allowing users to define their social circle (i.e. contacts) and establish in-between relations to grant access. Thus, the users control which requestor has access to their resources. The access control policies for all users are stored and enforced by a central server.
new elements to model historical as well as deleted information;
analyzing functions; and
historical constraints such as historical separation of duty (HSD) to deny undesired requests according to the previous and current information.
To sum up, the models in the role-based access control category have many forms and extensions, but all of them are based on the concept of roles which are associated to access permissions and assigned to users.
4.4 Access control by content
This category applies the concept of comprehensive data protection where access control decisions are based on data content (e.g. attribute values) ( Zeng et al. , 2014 ). Besides the flexible policy definition, authorizations are dynamically granted and revoked ( Bertino et al. , 2011 ). In content-based models, the policies are only applicable to the users satisfying specific criteria according to the rules defined by users or administrators. On the other hand, the model-specific rules category has static rules that can neither be modified nor controlled by administrators. Selected content-based models are explained in the rest of this section.
4.4.1 Attribute-based access control.
The ABAC model overcomes the limitations of other models concerning long-term maintenance as well as representing complex access control requirements. In ABAC, a given subject can have access to a wide range of objects without specifying individual relationships to each resource. Authorization policies are specified in terms of the subject, resource and environment condition (e.g. time and location) attributes. The access decision is determined by evaluating the attribute values of the applicable policy (or policies). The ACL and RBAC models are even considered as a special case of ABAC using an attribute for the identity and role respectively ( Hu et al. , 2014 ).
Although there are several proposed ABAC policy models, the eXtensible access control markup language (XACML) ( OASIS, 2013 ) has become the defacto standard not only in specifying ABAC policies, but also enforcing them in a multi-step authorization process using XACML’s reference architecture ( Hu et al. , 2017b ; Ferraiolo et al. , 2016 ). The second commonly used approach is based on next generation access control (NGAC) ( Council , Information Technology Industry, 2018, 2016 ) and its functional architecture.
4.4.2 View-based access control (VBAC).
This model is specific to databases. Theoretically, a view is a static typed language construct while from the technical perspective, it is a virtual table having rows and columns defined by a query based on the database tables, but without physical storage. The access control policy is based on a set of predefined interfaces (i.e. views).
the user is not permitted to access the view; or
the operation to be performed on the object is explicitly denied within one of the views to which the principal or the relevant role is associated ( Bertino et al. , 2011 ; Sahafizadeh and Parsa, 2010 ).
New data that satisfy a given policy will be automatically included in the view result. However, new views are created upon modifications to access control policies and their number further increase because users have different permissions. The Oracle VPD mechanism ( Browder and Davidson, 2002 ) addresses some of these problems where the queries are initially written against the base tables and then, automatically rewritten by the system against the view available to the subject user.
4.4.3 Relation-based access control.
The ReBAC model ( Fong, 2011 ; Gates, 2007 ) addresses the limitations of ABAC to deal with the interpersonal relationships between users in expressing authorization policies. The access control decision is based on the type, depth and trust level of the relationship between the owner and access requester of the resource. This model has been typically applied in social networks focusing on the privacy of end users ( Hu et al. , 2012 ). A policy language based on modal logic and an access control model formulated as a state transition system are introduced in ( Fong, 2011 ) for specifying and enforcing complex relations (e.g. friends-of-friends). However, ReBAC supports neither fine-grained access control at attribute level nor entities other than subjects and objects.
4.4.4 Entity-based access control (EBAC).
This model takes into account both attributes and relationships in policy evaluation using the concept of entities. The EBAC model addresses the expressiveness limitations of ABAC and ReBAC such that the relationships between entities can be navigated reasoning about these entities along paths of arbitrary length by comparing their corresponding properties. In EBAC, an entity-relationship (ER) model and logical expressions, including logical operators (e.g. or and, not ) and quantifiers (i.e. ∀ and ∃), are introduced into the policy expressions as a generalization to ABAC. The ER-model describes the entities along with their properties and relationships for a particular application which is then represented in an entity graph. This is a directed multi-labelled graph mapping the entities and relationship types to vertices and edges respectively. Authorization policies are specified in terms of the entity model which is then instantiated for evaluating attribute values of the relevant entities (i.e. subject, object, action and environment). An authorization system called Auctoritas provides a policy language and an evaluation engine for EBAC ( Bogaerts et al. , 2015 ). However, this model is neither popular nor commonly used like the other conventional access control models.
4.5 Access control by context
The access decision is not only relying on the policy in terms of subject and resource, but also contextual parameters, such as the sequence of events preceding the access attempt (i.e. history), location, time and sequence of responses, are taken into account. The permission to access resources is dependent on these contextual information, unlike the content-based access control, which makes access decisions according to the data values. The final decision is based on the result of reviewing the situation ( Harris, 2012 ). The models in this class, as in the following, are often used as a complement to conventional access control models.
4.5.1 Emotion-based access control.
A system could be in danger when an angry user is granted access despite being an authorized subject. The opposite scenario is also valid as there could be unauthorized individuals who need access urgently to save the system from risky incidents. Hence, this model introduces the concept of sensibility to access control systems instead of relying on the authorization component only.
The emotion factor (i.e. feelings of the person trying to access the protected resources) can be used as a complement to the existing access control mechanisms. Firstly, the spontaneous brain signals are recorded from the scalp of the requesting user in the sensing layer. This is primarily a hardware component called Emotiv EPOC headset which collects the EEG signals and transmits them to a listener module. The received data is then analyzed in a signal processing module where the emotions are classified into positive or negative. According to the emotion level, the decision maker determines whether to allow access to the requested resource or not ( Almehmadi and El-Khatib, 2013 ). Although the emotion detection technology is a novel method in access control, it is still an ongoing research and not commonly used in practice.
4.5.2 Risk-based access control.
This model, also referred to as risk-adaptive access control (RAdAC ) , originated from the need of the enterprise to real-time assessment of the current situation and possible risks even when the subjects lack proper permissions. A possible strategy is to deny the access in this case, however, emergency data access is crucial in some domains (e.g. healthcare and military). Hence, this model introduces risk levels into the process of access decision such that the access is determined by computing the security risk and operational need (e.g. subject trustworthiness, information sensitivity and history events) instead of only using the rigid policies which provide the same decision in different circumstances. After the risky access event, the system will take some mitigating actions for minimizing possible information disclosure in the future. Several methods for estimating access risks are proposed by various works including machine learning ( Molloy et al. , 2012 ), probability theory ( Rajbhandari and Snekkenes, 2010 ) and fuzzy logic ( Cheng et al. , 2007 and Ni et al. , 2010 ). The work of Atlam et al. (2020) provides a survey of the state-of-the-art risk-based access control model along with the existing risk estimation techniques (Section 5).
4.5.3 Sequence-based access control (SeqBAC).
The SeqBAC model is used as a complement to existing access control models to restrict the order of actions performed on databases by legitimate users, e.g. read or write data. It is based on the fact that actions are not totally independent. In some cases, they are used to collect values for the subsequent ones. Thus, it is crucial to audit the sequences in which actions are executed to avoid bypassing the dependency logic between actions. Although this can be handled in the application or even using stored procedures, they are hard to manage and prone to implementation mistakes that can compromise the system correctness. Furthermore, the model allows more flexibility in terms of reusing and branching the sequences of actions which can be validated automatically in real-time. SeqBAC is based on a CRUD expression driven access control model where the policy defines a set of authorized users and a set of actions along with their input parameters and directed transition relations between them (i.e. action flowchart). The model concept and formal definition are proposed in Regateiro et al. (2018) , however, it is still in the research phase, i.e. no actual implementation is provided.
4.5.4 History-based access control (HBAC).
This model aims to maintain a selective history of the access requests initiated by individual subjects and use this history to identify potentially malicious requests. It protects software execution environments (e.g. operating systems and mobile code platforms) against potential damages caused by codes with inappropriate behavior. For example, a previously killed malicious program can be denied from execution on a specific machine by specifying a HBAC policy that keeps track of aborted programs identity along with their past termination events ( Edjlali et al. , 1998 ).
History information is a sequence of events which are an abstraction of security-relevant activities (e.g. opening a socket connection and reading/writing a file) ( Bartoletti et al. , 2005 ). Based on the sequence of requests, each program is dynamically classified to one of the defined equivalence classes and only access the allowed resources associated to the programs of that class. Authorization decisions depend on the real-time evaluation of access history of the inquiring party, e.g. behavior, time between requests, and content of requests. Execution monitors are the typical run-time mechanisms for enforcing history-based policies. They are responsible for observing computations and terminating them upon violating the defined authorization policy. HBAC has been the focus of many researches on the conceptual ( Banerjee and Naumann, 2004 ; Fong, 2004 ) and implementation ( Abadi and Fournet, 2003 ; Edjlali et al. , 1998 ) levels.
5. Comparative Studies
In this section, we review a selected list of access control model literature studies. The related works are sorted ascendingly by their publishing year. The older surveys focus on data security whereas the newer ones deal with access control in specific domains, e.g. cloud computing, social networks and internet of things (IoT). In the following, we summarize each of the survey works and map the presented access control models into our classification categories.
Access control: principle and practice ( Sandhu and Samarati, 1994 ) . This work is one of the earliest works in the area of access control. It provided a concrete explanation for authentication, administration (i.e. centralized, hierarchical, cooperative, ownership and decentralized), access control and auditing in addition to how they are related to each other. The difference between policy and mechanism is also illustrated. The DAC and MAC strategies are explained along with the access matrix including its implementation approaches (i.e. ACL, capabilities and authorization relations). They had a different perspective regarding RBAC because of being relatively recent at the time of publishing this work. They considered the role-based approach as an alternative to traditional DAC and MAC policies with several advantages, e.g. authorization management, hierarchical roles, least privilege, separation of duties and object classes.
Data security ( Bertino, 1998 ). In this paper, Bertino surveyed the state of the art in access control for database systems and outlined the main research issues. The System R ( Astrahan et al. , 1976 ) access control is discussed as the basic DAC model for protecting tables and views with specific access modes (i.e. select, insert, update and delete) in addition to the existing extensions for supporting negative authorizations ( Bertino et al. , 1997 ), non-cascading revoke and temporal duration of authorizations ( Bertino et al. , 1996a , 1996b ). Moreover, RBAC as an extension to access control models is described as well as how MAC strategy is applied in databases enforcing the BLP principles and multilevel relational model using views. Finally, the research directions of access control for database systems are addressed with respect to data protection against intrusions (e.g. trojan horses and covert channels) besides developing authorization and access control models for advanced data management systems.
Access control: policies, models and mechanisms ( Samarati and De Capitani di Vimercati, 2001 ). One of the earliest literature reviews providing definitions for security policy, model and mechanism. They clarified the basic concepts and explained the access control models along with the current implementations in the context of MAC, DAC and RBAC categories. Some models belong to only one category while others are hybrid. For instance, the Access Matrix is a DAC model whereas the Chinese Wall combines DAC with MAC policies. We partly relied on this classification, especially for the DAC and MAC strategies and the basic state-of-the-art access control models.
Database security – concepts, approaches and challenges ( Bertino and Sandhu, 2005 ). In 2005, Bertino and Sandhu discussed database security with focus on confidentiality and integrity. They gave an overview of the System R model along with its extensions in the context of DAC, BLP principles as well as the MLS database model for applying MAC policies, RBAC models and content-based access control using views to enforce fine-grained authorization policies. Further, requirements and features for XML and object-based database systems are presented.
support for fine/coarse grained specification;
evaluation using conditions;
least privilege;
support for single/multiple policy types;
information used for making authorization decisions;
use of application-specific information only while processing the client request;
enterprise-wide consistent access control policy enforcement; and
support for changes.
Microsoft’s SQL Server 2008 DBMS with its base authorization model and access control administration features;
the Oracle Virtual Private Database (VPD) technology ( Browder and Davidson, 2002 ) for controlling database access at the level of columns and rows; and
Oracle Label security mechanism implementing the strategy of MAC.
Last but not least, they gave an overview of access control models for object databases, XML data, Geographical data and digital libraries.
Database security and access control models: a brief overview ( Kriti, 2013 ). The work of Kriti discussed the access control models in the context of databases presenting security threats and policy requirements as a motivation. An overview of the security models basic terms (i.e. subjects, objects, access modes, policies, authorizations, administrative rights and axioms) as well as the access control principles of administration (i.e. centralized vs decentralized), system (i.e. open vs closed) and privilege (i.e. minimum vs maximum) are provided. The DAC, MAC and RBAC are explained in addition to how they are applied in databases along with their vulnerabilities. For instance, the DAC authorization is applied in databases using System R model and its extensions, but vulnerable to trojan horse attacks.
Taxonomy and classification of access control models for cloud environments ( Majumder et al ., 2014 ). The authors classified various existing access control models according to a proposed taxonomy of access control schemes for cloud environments. They discussed the access control challenges in cloud computing regarding cost, granularity, data loss, taking the data sensitivity into account, data theft by malicious users and accessing data from an outside server. Furthermore, they explained 11 models ( Table 1 ) and analyzed them based on:
identity vs nonidentity in terms of whether the model is tree-structured or not; and
centralized (i.e. per user, group users and all users) vs collaborative.
Different access control mechanisms ( Sifou et al ., 2017 ). This work analyzed and compared different access control models in the context of cloud computing. Based on the National Institute of Standards and Technology’s (NIST) view in ( Mell et al. , 2011 ), the authors illustrated the main features of cloud computing service and deployment models. They demonstrated DAC, MAC, RBAC, ABAC and OrBAC along with the advantages and disadvantages of each access control model. According to the current cloud computing requirements, they defined nine criteria to evaluate the current access control models: dynamicity, flexibility, reliability, ease of administration, security policy implementation, global management, support scalability, computational costs and fine-grained access.
Survey on access control mechanisms in cloud computing ( Karatas and Akbulut, 2018 ). The work of Karatas and Abkulut provided a survey of access control approaches and works related to cloud computing. They reviewed 109 research papers in that domain throughout the past decade. They provided not only a comparative explanation for the existing access control models, but also a unique evaluation using NIST access control metrics ( Hu and Scarfone, 2012 ). For each access control model, an overview followed by an analysis with respect to the applicable criteria is given. The models are reviewed according to the satisfaction degree for each metric (i.e. low, medium, high, optional, not applicable and not mentioned). Additionally, their study is compared versus seven other survey works in terms of the presented approaches, graphical definitions, advantages/disadvantages, the use of NIST metrics, number of reviewed articles and queried databases (e.g. IEEE, ACM, Springer, etc).
A Survey on access control in the age of internet of things ( Qiu et al ., 2020 ). The article presented a survey on the access control characteristics, technologies, a taxonomy of access control models requirements and future development direction in the IoT research field. In the IoT environment, the data are dynamic, massive, need strong privacy and continuously exchanged between different cooperation organizations. This work is compared with other literature reviews with similar focus in terms of access control policy description method, combination, conflict resolution and authoring (i.e. attribute discovery mechanism, policy mining and authorization model) explaining each requirement in detail. They described the authorization by categories based on the following: ABAC, RBAC, capability-based access control (CapBAC), usage control-based access model (UCON), OrBAC, blockchain and open authorization (OAuth).
the aim of access control;
the difference between authentication, authorization and access control;
the five core elements of access control models (i.e. subjects, objects, actions, privileges and access policies); and
the access control process flow.
Furthermore, they compared the static and dynamic access control models with respect to features, decision, pros/cons, examples and applications. For the traditional access control approaches, they just mentioned ACL, DAC, MAC and RBAC with a basic description. Then, an overview of the risk-based access control model and its elements is provided. Finally, they addressed the research methodology phases and analyzed the results providing answers to the research questions through comparing all the selected works.
In summary, Table 1 presents the models addressed in the previously discussed surveys with respect to our classification. We indicate whether all the models (✓) listed for each category in Section 4, some of them (O) or none (✗) are addressed in a given citation. For the roles category, all the works discuss the standard RBAC in different levels of details, however, only three of them addressed the OrBAC model while the ARBAC model is not mentioned at all.
We also include the models that are not stated in our work under the column Other . Only one access control model related to databases, i.e. System R ( Griffiths and Wade, 1976 ), is not mentioned. The rest belong to cloud computing and IoT domains, e.g. gateway-based access control (GBAC) ( Wu et al. , 2012 ), novel data access control (NDAC) ( Gao et al. , 2013 ), usage control-based access model (UCON) ( Danwei et al. , 2009 ), purpose-based usage access control (PBAC) ( Sun and Wang, 2010 ), toward temporal-based access control (TTAC) ( Zhu et al. , 2012 ), fine-grained access control (FGAC) ( Li et al. , 2010 ), capability-based access control (CapBAC) ( Hota et al. , 2011 ), hierarchical attribute-based access control (HABE) ( Xie et al. , 2015 ), attribute-based encryption fine-grained access control (ABE-FGAC) ( Tamizharasi et al. , 2016 ) and privacy-preserving ABAC (P-ABAC) ( Xu et al. , 2018 ).
6. Analysis
Authorization strategy : whether MAC, DAC or hybrid (recall Section 3);
Dynamic authorization : represents the dynamic definition of access rights in terms of rules and policies evaluating their attributes in real-time;
Granularity of control : indicates the objects’ levels of granularity, i.e. fine and/or coarse grained;
Least privilege principle support : the minimum access rights required for performing a task;
Separation of duty : ensures that access is only granted to subjects that are duty-related to the objects to limit power and avoid conflict of interests;
Vulnerable to attacks : is for ensuring the safety of the model to avoid the leakage of permissions to an unauthorized principal, e.g. trojan horse and covert channel attacks;
Bypass : is about whether policy rules are allowed to be bypassed for critical access decisions in emergency situations or not and how tolerant the risk is;
Conflict resolution or prevention : deals with preventing or resolving deadlocks and conflicting rules from the same or different policies;
Operational/situational awareness : considers operational/situational factors (e.g. some environment variables) in access rules specification and enforcement (i.e. decision-making);
Privileges/capabilities discovery : is the discovery of capabilities/objects (or object groups) of a given subject (or subject group) and vice versa.
After defining the selected criteria, we summarize them against our access control models categories in Table 2 . For each criterion, we indicate whether it is satisfied by all the models within a given classification group (✓), partially supported either with further considerations (i.e. based on access control requirements and model implementation) or by specific access control models within that category (O) or not at all (✗). If applicable, the level of satisfaction is indicated, i.e. low (L), medium (M) or high (H).
7. Conclusion
Access control mitigates the risks of unauthorized access attempts to data, resources and systems. The definition of authorization and access control in addition to their related concepts (i.e. strategy, model, policy and mechanism) are inconsistent in the literature. Besides, there are a lot of existing access control models; some of them are commonly known and used in practice while others have evolved recently and are not yet popular like the conventional models. The already available access control survey works are either including the state-of-the-art models at the publishing time or focusing on the taxonomy and classification of models for a particular domain.
In this paper, we first discussed authorization and access control along with the terms related to our research on the level of strategy, model and instance. We then explained authorization strategies and proposed a general classification for access control models without being restricted to a specific field (e.g. cloud computing and IoT). Moreover, we provided some examples of access control models along with the current implementations and extensions for the five categories, i.e. explicit object-subject assignment, model-specific rules, roles, content and context. We selected a list of comparative studies about survey, taxonomy and evaluation of access control models. Then, we summarized each work and compared the included models according to our classification. Finally, we analyzed the proposed classes of models with respect to several criteria; some of them are selected from the NIST standard access control system evaluation metrics, according to the level of support and considerations (if any).
The comparison result ( Table 1 ) shows that we discussed more models than other works for all the categories. We did not include advanced domain-specific models as we focus on general access control models with a view to databases.
Authorization and access control
Models included for each category in the survey works list
| Citation | OSA | MsR | Roles | Content | Context | Other |
| | ✓ | O | O | ✗ | ✗ | |
| | ✗ | O | O | O | ✗ | System R |
| | ✓ | ✓ | O | ✗ | ✗ | |
| | ✗ | O | O | O | ✗ | |
| | ✗ | O | O | O | ✗ | |
| (2011) | ✓ | O | O | O | ✗ | System R |
| | ✗ | O | O | ✗ | ✗ | System R |
| . (2014) | O | ✗ | ✓ | O | ✗ | CapBAC, PBAC, TTAC, GBAC, NDAC, UCON |
| . (2017) | ✗ | ✗ | ✓ | O | ✗ | |
| | ✗ | ✗ | O | O | ✗ | FGAC, HABE, ABE-FGAC |
| . (2020) | ✗ | O | ✓ | O | ✗ | CapBAC, UCON, P-ABAC |
| . (2020) | O | ✗ | O | ✗ | O | |
Notes: ACL; BLP; Biba; Except Lipner; MLS; Clark–Wilson; Except ARBAC; VBAC; ABAC; ReBAC; RAdAC | Criteria | OSA | MsR | Roles | Content | Context |
| Authorization strategy | DAC | MAC | Hybrid | Hybrid | Hybrid |
| Granularity of control | L | L | M | H | H |
| Least privilege principal support | L | M | M | H | O |
| Dynamic authorization | ✗ | ✗ | ✓ | ✓ | ✓ |
| Separation of duty | ✗ | O | ✓ | ✓ | ✓ |
| Vulnerable to attacks | ✓ | ✓ | ✗ | ✗ | ✗ |
| Bypass | ✗ | ✗ | ✗ | ✗ | ✓ |
| Conflict resolution or prevention | ✗ | ✗ | ✗ | O | O |
| Operational/situational awareness | ✗ | ✗ | ✓ | ✓ | ✓ |
| Privileges/capabilities discovery | ✓ | ✗ | ✓ | O | ✗ |
a Except the MLS database model;
Depends on the underlying access control model;
Supported by the Chinese-Wall model;
Supported by ABAC and EBAC models; and
Supported by the VBAC model
Abadi , M. and Fournet , C. ( 2003 ), “ Access control based on execution history ”, NDSS , Vol. 3 , pp. 107 - 121 .
Abrams , M.D. ( 1995 ), “ Renewed understanding of access control policies ”, in Proceedings of the 16th National Computer Security Conference-Information System Security: User Choices , pp. 87 - 96 .
Ahmad , A. and Whitworth , B. ( 2011 ), “ Access control taxonomy for social networks ”, in 2011 7th International Conference on Information Assurance and Security . (Ed.) by Ieee Corporate Author . IEEE , pp. 256 - 261 , ISBN: 978-1-4577-2155-7 , doi: 10.1109/ISIAS.2011.6122829 .
Almehmadi , A. and El-Khatib , K. ( 2013 ), “ Authorized! access denied, unauthorized! access granted ”, in Proceedings of the 6th International Conference on Security of Information and Networks , pp. 363 - 367 .
Astrahan , M.M. , Blasgen , M.W. , Chamberlin , D.D. , Eswaran , K.P. , Gray , J.N. , Griffiths , P.P. , King , W.F. , Lorie , R.A. , McJones , P.R. , Mehl , J.W. , Putzolu , G.R. , Traiger , I.L. , Wade , B.W. and Watson , V. ( 1976 ), “ System R: relational approach to database management ”, ACM Transactions on Database Systems (TODS) , Vol. 1 No. 2 , pp. 97 - 137 .
Atlam , H.F. , Azad , M.A. , Alassafi , M.O. , Alshdadi , A.A. and Alenezi , A. ( 2020 ), “ Risk-based access control model: a systematic literature review ”, Future Internet , Vol. 12 No. 6 , p. 103 , doi: 10.3390/fi12060103 .
Banerjee , A. and Naumann , D.A. ( 2004 ), “ History-based access control and secure information flow ”, In International Workshop on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices . Springer , pp. 27 - 48 .
Bartoletti , M. , Degano , P. and Ferrari , G.L. ( 2005 ), “ Historybased access control with local policies ”, in Sassone , V. (Ed.), Foundations of Software Science and Computational Structures , Springer Berlin Heidelberg , Berlin, Heidelberg , pp. 316 - 332 . ISBN: 978-3-540-31982-5 .
Bell , D.E. and La Padula , L.J. ( 1976 ), Secure computer system: unified exposition and multics interpretation , Tech. rep. Mitre Corp Bedford MA .
Benantar , M. ( 2005 ), Access Control Systems: security, Identity Management and Trust Models , Springer Science and Business Media .
Bertino , E. , Bettini , C. , Ferrari , E. and Samarati , P. ( 1996a ), “ A temporal access control mechanism for database systems ”, IEEE Transactions on Knowledge and Data Engineering , Vol. 8 No. 1 , pp. 67 - 80 .
Bertino , E. , Bettini , C. , Ferrari , E. and Samarati , P. ( 1996b ), “ Supporting periodic authorizations and temporal reasoning in database access control ”, VLDB , Citeseer , pp. 472 - 483 .
Bertino , E. , Samarati , P. and Jajodia , S. ( 1997 ), “ An extended authorization model for relational databases ”, IEEE Transactions on Knowledge and Data Engineering , Vol. 9 No. 1 , pp. 85 - 101 .
Bertino , E. , Bonatti , P.A. and Ferrari , E. ( 2000 ), “ TRBAC: a temporal role-based access control model ”, in Proceedings of the 5th ACM Workshop on Role-Based Access Control , pp. 21 - 30 .
Bertino , E. and Sandhu , R. ( 2005 ), “ Database security – concepts, approaches, and challenges ”, IEEE Transactions on Dependable and Secure Computing , Vol. 2 No. 1 , pp. 2 - 19 .
Bertino , E. , Ghinita , G. and Kamra , A. ( 2011 ), “ Access control for databases: concepts and systems ”, Foundations and Trends in Databases , Vol. 3 Nos 1/2 , pp. 1 - 148 , doi: 10.1561/1900000014 , ISSN: 1931-7883 .
Bertino , E. ( 2016 ), “ Data security and privacy: concepts, approaches, and research directions ”, in 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC) , IEEE , pp. 400 - 407 , ISBN: 978-1-4673-8845-0 , doi: 10.1109/COMPSAC.2016.89 .
Bertino , E. ( 1998 ), “ Data security ”, Data and Knowledge Engineering , Vol. 25 Nos 1/2 , pp. 199 - 216 .
Bogaerts , J. , Decat , M. , Lagaisse , B. and Joosen , W. ( 2015 ), “ Entity-based access control: supporting more expressive access control policies ”, In Proceedings of the 31st Annual Computer Security Applications Conference , pp. 291 - 300 .
Brewer , D.F. and Nash , M.J. ( 1989 ), “ The Chinese wall security policy ”, in IEEE symposium on security and privacy , Oakland ,Vol. 1989 , p. 206 .
Browder , K. and Davidson , M.A. ( 2002 ), “ The virtual private database in oracle9ir2 ”, In: Oracle Technical White Paper, Oracle Corporation 500.280 .
Center, Computer Security Resource ( 2022 ), “ Glossary ”, available at: https://csrc.nist.gov/glossary (accessed 14 April 2022 ).
Cheng , P.-C. , Rohatgi , P. , Keser , C. , Karger , P.A. , Wagner , G.M. and Reninger , A.S. ( 2007 ), “ Fuzzy multi-level security: an experiment on quantified risk-adaptive access control ”, in 2007 IEEE Symposium on Security and Privacy (SP’07) , IEEE , pp. 222 - 230 .
Clark , D.D. and Wilson , D.R. ( 1987 ), “ A comparison of commercial and military computer security policies ”, in 1987 IEEE Symposium on Security and Privacy , IEEE , pp. 184 - 184 .
Council, Information Technology Industry ( 2016 ), “ Information technology: next generation access control - generic operations and data structures (NGAC GOADS) ”, in American National Standard for Information Technology INCITS, 526-2016 .
Council, Information Technology Industry ( 2018 ), “ Information technology: next generation access control - functional architecture (NGAC-FA) ”, in American National Standard for Information Technology INCITS, 499-2018 .
Crampton , J. and Loizon , G. ( 2002 ), SARBAC: a new model for role-based administration . Tech. rep. Technical Report BBKCS-02-09 , Birkbeck College, University of London .
Cuppens , F. and Miège , A. ( 2003 ), “ Administration model for or-BAC ”, in Meersman , R. and Tari , Z. (Eds), On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops , Springer Berlin Heidelberg , Berlin, Heidelberg , pp. 754 - 768 , ISBN: 978-3-540-39962-9 .
Damiani , M.L. , Bertino , E. , Catania , B. and Perlasca , P. ( 2007 ), “ GEO-RBAC: a spatially aware RBAC ”, ACM Transactions on Information and System Security (TISSEC) , Vol. 10 No. 1 , p. 2–es .
Danwei , C. , Xiuli , H. and Xunyi , R. ( 2009 ), “ Access control of cloud service based on ucon ”, in IEEE International Conference on Cloud Computing , Springer , pp. 559 - 564 .
Eckert , C. ( 2014 ), IT-Sicherheit , 9th ed ., De Gruyter Oldenbourg , ISBN: 978-3-486-85916-4 .
Edjlali , G. , Acharya , A. and Chaudhary , V. ( 1998 ), “ History-based access control for mobile code ”, in Proceedings of the 5th ACM Conference on Computer and Communications Security , pp. 38 - 48 .
Ferraiolo , D.F. and Kuhn , D.R. ( 1992 ), “ Role-based access controls ”, in Proceedings of the 15th NIST-NSA National Computer Security Conference , pp. 554 - 563 .
Ferraiolo , D. , Cugini , J. and Kuhn , D.R. ( 1995 ), “ Role-based access control (RBAC): features and motivations ”, in Proceedings of the 11th annual computer security application conference , pp. 241 - 248 .
Ferraiolo , D. , Chandramouli , R. , Kuhn , R. and Hu , V. ( 2016 ), “ Extensible access control markup language (XACML) and next generation access control (NGAC) ”, in Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control , pp. 13 - 24 .
Ferrari , E. ( 2009 ), “ Access control ”, in Tamer Ozsu , M. and Ling , L. (Eds), Encyclopedia of Database Systems , Springer , New York, NY , pp. 7 - 11 , doi: 10.1007/978-0-387-39940-9_6 , isbn: 978-0-387-35544-3 .
Fong , P.W. ( 2004 ), “ Access control by tracking shallow execution history ”, IEEE Symposium on Security and Privacy , IEEE , pp. 43 - 55 .
Fong , P.W. ( 2011 ), “ Relationship-based access control: protection model and policy language ”, in Proceedings of the first ACM conference on Data and application security and privacy , pp. 191 - 202 .
Gao , X. , Jiang , Z.M. and Jiang , R. ( 2013 ), “ A novel data access scheme in cloud computing ”, Advanced Materials Research , Vols 756/759 , pp. 2649 - 2654 .
Gates , C. ( 2007 ), “ Access control requirements for web 2.0 security and privacy ”, in IEEE Web 2.0 , pp. 12 - 15 .
Griffiths , P.P. and Wade , B.W. ( 1976 ), “ An authorization mechanism for a relational database system ”, ACM Transactions on Database Systems (TODS) , Vol. 1 No. 3 , pp. 242 - 255 .
Harris , S. ( 2012 ), CISSP All-in-One Exam Guide , 6th ed ., McGraw-Hill , New York, NY, Chicago, San Francisco, Lisbon, London, Madrid, Mexico City, Milan, New Delhi, San Juan, Seoul, Singapore, Sydney, Toronto , ISBN: 978-0-07-178173-2 .
Hosseini , A. and Azgomi , M.A. ( 2010 ), “ HRBAC: historical role-based access control ”.
Hota , C. , Sanka , S. , Rajarajan , M. and Nair , S.K. ( 2011 ), “ Capability-based cryptographic data access control in cloud computing ”, International Journal of Advanced Networking and Applications , Vol. 3 No. 3 , pp. 1152 - 1161 .
Hu , H. , Ahn , G.-J. and Jorgensen , J. ( 2012 ), “ Multiparty access control for online social networks: model and mechanisms ”, IEEE Transactions on Knowledge and Data Engineering , Vol. 25 No. 7 , pp. 1614 - 1627 .
Hu , V.C. , Ferraiolo , D. , Kuhn , R. , Schnitzer , A. , Sandlin , K. , Miller , R. and Scarfone , K. ( 2014 ), “ Guide to attribute based access control (ABAC) definition and considerations ”, NIST Special Publication , Vol. 800 , p. 162 , doi: 10.6028/NIST.SP.800-162 , available at: https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-162.pdf
Hu , V.C. , Ferraiolo , D.F. , Chandramouli , R. and Kuhn , D.R. ( 2017b ), Attribute-Based Access Control , Artech House .
Hu , V.C. and Scarfone , K. ( 2012 ), Guidelines for Access Control System Evaluation Metrics , National Institute of Standards and Technology , Gaithersburg, MD , doi: 10.6028/NIST.IR.7874 .
Hu , V.C. , Kuhn , R. and Yaga , D. ( 2017a ), “ Verification and test methods for access control policies/models ”, NIST Special Publication , Vol. 800 , p. 192 .
Hu , V. ( 2016 ), “ Access control policy and implementation guides ”, available at: https://csrc.nist.gov/Projects/Access-Control-Policy-and-Implementation-Guides (accessed 14 April 2022 ).
IBM-Corporation ( 2015 ), “ Authentication versus access control ”, available at: www.ibm.com/docs/en/wca/3.5.0?topic=security-authentication-versus-access-control (accessed 14 April 2022 ).
Josang , A. ( 2017 ), “ A consistent definition of authorization ”, in Livraga , G. and Mitchell , C. (Eds), Security and Trust Management , Lecture Notes in Computer Science , Springer International Publishing , Cham , Vol. 10547 , pp. 134 - 144 , isbn: 978-3-319-68062-0 , doi: 10.1007/978-3-319-68063-7_9 .
Kalam , A.A.E. , Baida , R.E. , Balbiani , P. , Benferhat , S. , Cuppens , F. , Deswarte , Y. , Miége , A. , Saurel , C. and Trouessin , G. ( 2003 ), “ Organization based access control ”, in Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks , IEEE , pp. 120 - 131 .
Kane , K. and Browne , J.C. ( 2006 ), “ On classifying access control implementations for distributed systems ”, in Ferraiolo D. and Ray I. (Eds), Proceedings of the eleventh ACM symposium on Access control models and technologies , ACM Digital Library, ACM , New York, NY , p. 29 , isbn: 1595933530 , doi: 10.1145/1133058.1133064 .
Karatas , G. and Akbulut , A. ( 2018 ), “ Survey on access control mechanisms in cloud computing ”, Journal of Cyber Security and Mobility , doi: 10.13052/2245-1439.731 , ISSN: 2245-1439 .
Keefe , T.F. , Tsai , W.-T. and Srivastava , J. ( 1993 ), “ Database concurrency control in multilevel secure database management systems ”, IEEE Transactions on Knowledge and Data Engineering , Vol. 5 No. 6 , pp. 1039 - 1055 .
Kizza , J.M. ( 2020 ), “ Access control and authorization ”, Kizza , J.M. (Ed), Guide to Computer Network Security Texts in Computer Science , Springer International Publishing , Cham , pp. 187 - 206 , isbn: 978-3-030-38140-0 , doi: 10.1007/978-3-030-38141-7_9 .
Kriti , I.K. ( 2013 ), “ Database security and access control models: a brief overview ”, International Journal of Engineering Research and Technology (IJERT) , Vol. 2 No. 5 .
Kuhrmann , M. , Fernández , D.M. and Daneva , M. ( 2017 ), “ On the pragmatic design of literature studies in software engineering: an experiencebased guideline ”, Empirical Software Engineering , Vol. 22 No. 6 , pp. 2852 - 2891 .
Li , J. , Zhao , G. , Chen , X. , Xie , D. , Rong , C. , Li , W. , Tang , L. and Tang , Y. ( 2010 ), “ Fine-grained data access control systems with user accountability in cloud computing ”, In 2010 IEEE Second International Conference on Cloud Computing Technology and Science , IEEE , pp. 89 - 96 .
Majumder , A. , Namasudra , S. and Nath , S. ( 2014 ), “ Taxonomy and classification of access control models for cloud environments ”, in Zaigham , M. (Ed), Continued Rise of the Cloud, Computer Communications and Networks , Springer London , London , pp. 23 - 53 , isbn: 978-1-4471-6451-7 , doi: 10.1007/978-1-4471-6452-4_2 .
Matt , B. ( 2018 ), Computer Security: art and Science , Addison-Wesley Professional , isbn: 978-0-13-409714-5 .
Mell , P. and Grance , T , ( 2011 ), “ The NIST definition of cloud computing ”, National Institute of Science and Technology, Special Publication .
Molloy , I. , Dickens , L. , Morisset , C. , Cheng , P.-C. , Lobo , J. and Russo , A. ( 2012 ), “ Risk-based security decisions under uncertainty ”, in Proceedings of the 2nd ACM conference on Data and Application Security and Privacy , pp. 157 - 168 .
Ni , Q. , Bertino , E. and Lobo , J. ( 2010 ), “ Risk-based access control systems built on fuzzy inferences ”, in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security , pp. 250 - 260 .
OASIS ( 2013 ), “ Extensible access control markup language (XACML) version 3.0 ”, OASIS Open , available at: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html (accessed 14 April 2022 ).
Park , J. and Sandhu , R. ( 2002 ), “ Originator control in usage control ”, in Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks , IEEE , pp. 60 - 66 .
Petkovic , M. and Jonker , W. ( 2007 ), Security, Privacy, and Trust in Modern Data Management , Springer .
Qiu , J. , Tian , Z. , Du , C. , Zuo , Q. , Su , S. and Fang , B. ( 2020 ), “ A survey on access control in the age of internet of things ”, IEEE Internet of Things Journal , Vol. 7 No. 6 , pp. 4682 - 4696 , issn: 2327-4662 , doi: 10.1109/JIOT.2020.2969326 .
Rajbhandari , L. and Snekkenes , E.A. ( 2010 ), “ Using game theory to analyze risk to privacy: an initial insight ”, in IFIP PrimeLife International Summer School on Privacy and Identity Management for Life , Springer , pp. 41 - 51 .
Regateiro , D. , Pereira , Ó. and Aguiar , R. ( 2018 ), “ SeqBAC: a sequence based access control model ”, In Proceedings of the 30th International Conference on Software Engineering and Knowledge Engineering (SEKE 2018) , pp. 276 - 319 , doi: 10.18293/SEKE2018-099 .
Rjaibi , W. ( 2004 ), “ An introduction to multilevel secure relational database management systems ”, in Proceedings of the 2004 Conference of the Centre for Advanced Studies on Collaborative Research , pp. 232 - 241 .
Ross , R. , Pillitteri , V. , Graubart , R. , Bodeau , D. and Mcquaid , R. ( 2021 ), “ Developing cyber-resilient systems ”, Gaithersburg, MD , doi: 10.6028/NIST.SP.800-160v2r1 , available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf (accessed 14 April 2022 ).
Sahafizadeh , E. and Parsa , S. ( 2010 ), “ Survey on access control models ”, in 2010 2nd International Conference on Future Computer and Communication , IEEE , Vol. 1 .
Samarati , P. and De Capitani di Vimercati , S. et al. ( 2001 ), “ Access control: policies, models, and mechanisms ”, in Goos , G. (Ed), Foundations of Security Analysis and Design , Lecture Notes in Computer Science , Springer Berlin Heidelberg , Berlin, Heidelberg , Vol. 2171 , pp. 137 - 196 , isbn: 978-3-540-42896-1 , doi: 10.1007/3-540-45608-2_3 .
Sandhu , R. , Coyne , E.J. , Youman , C.E. and Feinstein , H.L. ( 1996 ), “ Role-based access control models ”, Computer , Vol. 29 No. 2 , pp. 38 - 47 , doi: 10.1109/2.485845 .
Sandhu , R.S. and Samarati , P. ( 1994 ), “ Access control: principle and practice ”, IEEE Communications Magazine , Vol. 32 No. 9 , pp. 40 - 48 , ISSN: 0163-6804 , available at https://ieeexplore.ieee.org/document/312842 (accessed 14 April 2022 ).
Sandhu , R. , Bhamidipati , V. and Munawer , Q. ( 1999 ), “ The ARBAC97 model for role-based administration of roles ”, ACM Transactions on Information and System Security , Vol. 2 No. 1 , pp. 105 - 135 , doi: 10.1145/300830.300839 , issn: 1094-9224 .
Sifou , F. , Kartit , A. and Hammouch , A. ( 2017 ), “ Different access control mechanisms for data security in cloud computing ”, in Proceedings of the 2017 International Conference on Cloud and Big Data Computing , ACM , New York, NY , pp. 40 - 44 , isbn: 9781450353434 , doi: 10.1145/3141128.3141133 , available at: https://dl.acm.org/doi/pdf/10.1145/3141128.3141133 (accessed 14 April 2022 ).
Sun , L. and Wang , H. ( 2010 ), “ A purpose based usage access control model ”, International Journal of Computer and Information Engineering , Vol. 4 No. 1 , pp. 44 - 51 .
Tamizharasi , G.S. , Balamurugan , B. and Manjula , R. ( 2016 ), “ Attribute based encryption with fine-grained access provision in cloud computing ”, in Proceedings of the International Conference on Informatics and Analytics , pp. 1 - 4 .
Tapiador , A , Carrera , D. and Salvachúa , J. ( 2012 ), “ Tie-RBAC: an application of RBAC to social networks ”, CoRR abs/1205.5720 , arXiv: 1205.5720 , available at http://arxiv.org/abs/1205.5720
Wu , Y. , Suhendra , V. and Guo , H. ( 2012 ), “ A gateway-based access control scheme for collaborative clouds ”, in Proceedings of the 7th International Conference on Internet Monitoring and Protection , pp. 54 - 60 .
Xie , U. , Wen , H. , Wu , B. , Jiang , Y. and Meng , J. ( 2015 ), “ A modified hierarchical attribute-based encryption access control method for mobile cloud computing ”, IEEE Transactions on Cloud Computing , Vol. 7.2 , pp. 383 - 391 .
Xu , Y. , Zeng , Q. , Wang , G. , Zhang , C. , Ren , J. and Zhang , Y. ( 2018 ), “ A privacy-preserving attribute-based access control scheme ”, in International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage , Springer , pp. 361 - 370 .
Zeng , W. , Yang , Y. and Luo , B. ( 2014 ), “ Content-based access control: use data content to assist access control for large-scale content-centric databases ”, in 2014 IEEE International Conference on Big Data , IEEE , pp. 701 - 710 .
Zhu , Y. , Hu , H. , Ahn , G.-J. , Huang , D. and Wang , S. ( 2012 ), “ Towards temporal access control in cloud computing ”, in 2012 Proceedings IEEE Infocom , IEEE , pp. 2576 - 2580 .
Acknowledgements
The research reported in this paper has been partly supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria. The work was also funded within the FFG BRIDGE project KnoP-2D (grant no. 871299).
Corresponding author
Related articles, all feedback is valuable.
Please share your general feedback
Report an issue or find answers to frequently asked questions
Contact Customer Support
Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.
- View all journals
- Explore content
- About the journal
- Publish with us
- Sign up for alerts
- Data Descriptor
- Open access
- Published: 07 September 2024
Evidence library of meta-analytical literature assessing the sustainability of agriculture – a dataset
- Andrea Schievano 1 ,
- Marta Pérez-Soba 1 ,
- Simona Bosco 1 ,
- Ana Montero-Castaño 1 ,
- Rui Catarino 1 ,
- Mathilde Chen 2 ,
- Giovanni Tamburini 3 ,
- Beatrice Landoni ORCID: orcid.org/0000-0002-3815-5011 4 ,
- Otho Mantegazza 4 ,
- Irene Guerrero 1 ,
- Maria Bielza 5 ,
- Michael Assouline 1 ,
- Renate Koeble 6 ,
- Frank Dentener 1 ,
- Marijn Van der Velde ORCID: orcid.org/0000-0002-9103-7081 1 ,
- Carlo Rega 7 ,
- Andrea Furlan 7 ,
- Maria Luisa Paracchini 1 ,
- Franz Weiss 1 ,
- Vincenzo Angileri 1 ,
- Jean-Michel Terres 1 &
- David Makowski ORCID: orcid.org/0000-0001-6385-3703 2
Scientific Data volume 11 , Article number: 979 ( 2024 ) Cite this article
Metrics details
- Agriculture
- Environmental impact
- Research management
In the last two decades, an exponentially growing number of meta-analyses (MAs) synthesize thousands of peer-reviewed studies on the environmental impacts of farming practices (FPs). This paper describes the iMAP-FP evidence library, a comprehensive dataset on the effects of 34 categories of FPs (such as agronomic practices, cropping and livestock systems, land management options and mitigation techniques) on 34 impacts including climate mitigation, soil health, environmental pollution, water use, nutrients cycling, biodiversity, and agricultural productivity. Through systematic screening, 570 MAs published since 2000 were selected and categorized according to the type of FP. We assessed their impacts, the geographic regions covered, and their quality. We extracted 3,811 effects and their statistical significance associated with sustainable FPs (intervention) compared to a control (typically conventional agriculture) across 223 different intervention-control pairs. Our dataset is accompanied with an online free-access library, which includes a catalogue of synthetic reports summarizing the available evidence on each evaluated FP.
Background & Summary
Synthesizing the wealth of scientific evidence on the sustainability of agricultural practices is critical for informed decisions by policy makers, public administrators, and private investors. Producing food entails multiple and interlinked challenges around food-security, regenerating ecosystems, and the need to preserve resources and mitigate greenhouse gas emissions 1 . Decision-makers need robust knowledge on farming practices (hereafter FPs, including agronomic practices, cropping and livestock systems, land management options and impact-mitigation techniques) to drive agricultural systems towards higher climate, environment, and productivity performance.
A general search for sustainable agriculture science-related terms, such as (agric* OR farm*) AND (sustainab* OR environm*) in databases like Web of Science and Scopus retrieves over 260,000 peer-reviewed primary studies. While some of these individual studies may produce convergent or similar results, some others may provide contradictory findings. These disparities can arise from different locations, varied environmental conditions, and other factors, often making it challenging to achieve the statistical robustness necessary for decisive conclusions.
Systematic reviews and meta-analyses (MAs) can help to detect general trends and deal with disparities, as observed by the exponential growth in the number of published MAs and systematic reviews in agri-environmental science, since the year 2000. For example, a search string tailored to agricultural and environmental science as above such as (agric* OR farm*) AND (sustainab* OR environm*) AND (meta-analy* OR “systematic review*”) run in the databases Web of Science and Scopus yields 4,591 and 6,260 peer-reviewed MAs, respectively (search performed in June 2023).
A systematic review entails the systematic compilation, evaluation, and description of all pertinent studies retrieved using a specific query. Employing a comprehensive protocol safeguards against bias and ensures a transparent and reproducible process 2 . MAs, in turn, combine systematic review with statistical analysis, enabling the quantification of specific outcomes across primary studies 3 . This approach has gained traction within agri-environmental sciences, offering distinct advantages over primary studies 4 . These advantages include refining outcomes of the effects, upscaling results of local experiments, scrutinizing the diversity in FP performance under varying bio-geographical, environmental, and farm management contexts, while reconciling seemingly opposite research findings. MAs cover a large range of FPs, such as cover crops, intercropping, agroforestry, organic farming, and conservation agriculture and their impacts on e.g. crop production, water and soil quality, biodiversity, pest- and disease-control, greenhouse gas emissions 5 , 6 , 7 , 8 .
Recently, at an even higher synthesis level, systematic review methods are being used to synthesize the evidence from multiple published MAs to generate robust and reliable conclusions regarding the effects of different FPs 4 , 9 , 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 , 18 , 19 . However, these syntheses of MAs are still scarce and focused on relatively limited groups of FPs and/or of impacts and fail to provide a broad picture of the impacts of a large range of FPs in the context of sustainable agriculture. The iMAP-FP dataset 20 presented here can contribute to fill such gaps.
Overview of the protocol used to build the iMAP-FP dataset
This paper describes one of the most comprehensive datasets to date on the impacts of 34 FPs categories on climate, environment, and agricultural productivity. The dataset was developed within the iMAP project (Integrated Modelling platform for Agro-economic and resource Policy analysis), which aimed to provide robust scientific evidence to support the implementation, monitoring and evaluation of the Common Agricultural Policy, in particular for the environmental and climate change objectives. The project was commissioned by the European Commission's Directorate General of Agriculture and Rural Development to the Joint Research Centre, with a long-term perspective going beyond the specific duration of the project.
Figure 1 provides a schematic overview of the protocol, used to screen and select published MAs. Following a rigorous methodological framework 21 , described in the next section, we systematically selected 13,935 peer-reviewed MAs published since the year 2000, of which, based on a series of criteria (see Section 3 of the dataset 20 ), we further selected 570 and categorized them according to the type of FPs considered, the assessed impact/s, the covered geographical regions, and their quality level. We extracted the statistical significance of the effects associated with sustainable FPs (intervention) compared to a control (typically conventional agricultural practices) across 223 independent intervention-control pairs. We classified outcome metrics into 34 impact categories, including, but not limited to, climate mitigation, soil health, environmental pollution, water use, nutrients cycling, biodiversity, and agricultural productivity. Finally, we also mined the main knowledge gaps reported in the MAs. In addition to the iMAP-FP dataset 20 , we developed an open-access online library, which can be used to generate reports summarizing the available scientific evidence on specific FPs, accessible in the European Commission domain ( iMAP-FP-EvidenceLibrary ).
Schematic overview of the workflow underpinning the iMAP-FP dataset 20 .
This dataset and evidence library are easily accessible by policymakers, scientists, stakeholders and the general public. It is currently used by European Commission officers to support decisions and evaluations of key policies such as the European Union Common Agricultural Policy (CAP), the Farm to Fork strategy, the Biodiversity strategy, the Climate law and the recent Nature Restauration Law. Likewise, we believe it could be a useful tool for other worldwide policy-making contexts. We also propose it to the scientific community as a “living” library, helpful in coordinating efforts and progressively fill current knowledge gaps in the field of agriculture sustainability.
The dataset was developed using a systematic review approach, implemented to retrieve and synthetize published MAs, following the steps described below.
Identification and definition of farming practices categories
We identified 34 categories of FPs based on their relevance to the European Union Common Agricultural Policy (CAP). The European Commission’s Joint Research Centre team, together with external experts and officers from the Directorate-General for Agriculture and Rural Development, selected these FPs categories, based on their relevance for the CAP Strategic Plan (programming period 2023-27). They cover instruments under direct payments (GAEC and Eco-Schemes) as well as Rural Development interventions. The list of FPs includes cropping systems (such as agroforestry, organic farming, conservation agriculture), wide-ranging groups of land management options (such as landscape features or grassland management), specific agronomic or livestock-management practices (such as organic fertilisation, enhanced-efficiency fertilisers, livestock feeding techniques, etc.) and environmental mitigation techniques (such as manure storage techniques). These categories of FPs not only include group-level information (e.g. landscape features), but also specific sub-practices (e.g. field margins). Definitions of FPs derive from various official sources, such as Eurostat, the European Food Safety Agency (EFSA), the Organisation for Economic Co-operation and Development (OECD) or the Food and Agriculture Organization of the United Nations (FAO), as well as ad hoc descriptions found in the scientific literature reviewed.
Systematic identification of potentially relevant meta-analyses
For each FP category, a specific search equation was defined. The first part of the search equations included a combination of keywords targeted to the FP derived from its definition, the scientific literature and the relevant EU policy frameworks (Table 1 ). This FP-specific combination of keywords was reviewed by a “core” team (seven scientists) and iteratively improved after discussions with a wider team of scientists and policy officers. The second and the third parts of the equation were common to all FPs. The second part was optionally used to restrict the search to articles that address topics specifically related to agricultural practices. This second part was not always necessary, but it was useful when the keywords listed in the first part of the search equation selected a large number of irrelevant articles (not related to agricultural activities). The third part of the search equation included specific keywords to focus the search on meta-analyses or systematic reviews only, excluding primary literature and non-systematic narrative reviews. We did not include keywords related to one or several specific environmental/climate/productivity outcomes, because we wanted this review to be as comprehensive as possible, without limiting the potential outcomes.
Searches in the two major electronic databases (Web of Science and Scopus) began for the first set of FPs in July 2020 and ended with the latest FPs in June 2023.
Selection of meta-analyses
The systematic review methodology used in this study was aligned with best practices in the field and was guided by the Preferred Reporting Items for Systematic Reviews and MAs (PRISMA) statement and the Cochrane Handbook for Systematic Reviews of Interventions 22 . After merging the results obtained from the two databases and deleting the duplicates, the selection process included multiple steps to identify relevant MAs. The screening was performed by two researchers for each FP category and then reviewed by a group of seven other reviewers based on explicit exclusion/inclusion criteria (see below). Although our framework was primarily intended to synthetize MAs, we also considered systematic reviews if they included some quantitative results even if formal statistical analysis was lacking. Purely qualitative systematic reviews and non-systematic reviews were excluded. In short, when we use the term “MA”, we also include systematic reviews.
For all FPs, eligible studies were those that: (a) were peer-reviewed MAs of primary literature retrieved through systematic protocols; (b) reported results derived from pairwise comparisons of one or several sustainable FPs with control practices, on either agronomical (production yield, efficiency, etc.), environmental or climatic impacts, and (c) were published in English. Then, specific additional inclusion and exclusion criteria were established for each FP (see Section 3 of the dataset 20 ). Using these criteria, the first screening was based on the title and abstract. Articles retained were then assessed for eligibility, identifying the Population, Intervention, Comparator, Outcome (PICO) after reading the full text. Any discrepancy of opinion among the reviewers was resolved by consensus.
The “PICO” structure is a typical semantic structure used in meta-analysis and evidence-based science 4 . The Intervention-Comparator pair is the basis of experiments used to assess the effect of an intervention (in our case a farming practice), with respect to a benchmark (in our case a comparator practice), by measuring the outcome (in our case an environmental, climatic or productivity impact) using one or more metrics. The “population” describes the object of the intervention and the experimental conditions, using many different variables. In our case, the population is the type of agro-ecosystem, which the intervention (farming practice) is applied to, and it can be described by several variables, such as pedo-climatic conditions, type of soil, ecosystem and landscape structure, type of crops, etc.
Data extraction
Data were extracted from selected MAs, for each FP category, using a standardized data extraction spreadsheet (see Supplementary Table S1 ). For each FP category, at least two reviewers (who were in charge of the identification and selection of MAs) conducted the data extraction. The data extracted were reviewed by the other researchers of the team.
Description of the selected MAs
For each selected MA, we extracted information regarding the scientific background and main objectives, the methods used for the systematic review (i.e., literature search strategy and selection criteria), statistical analysis, the number of original primary studies and experimental trials, the target population (that is, the specific pedo-climatic conditions, geographical areas, the types of crops or land use covered by the primary studies included in the MA), the comparison pairs (the FP used as intervention and the FP used as comparator), the main results, the influential factors, the conclusions drawn by the authors and the main knowledge gaps identified. The information was recorded in spreadsheets (Supplementary Table S1 ) using text strings faithful to the original wording used by the authors of each MA.
Report of effect size types and results of statistical tests
In primary studies, outcomes are measured separately for intervention and comparator using specific metrics (e.g. grain yield, soil organic carbon content, farmland bird’s species abundance, nitrous oxide emission per hectare, etc.). MAs combine results to estimate the mean effect size of the intervention versus the comparator for the outcome considered. Here, we reported the types of effect sizes used in each MA, such as the ratio of the metric in the intervention and the comparator (I/C), or their relative difference ((I-C)/C)), the logarithm of the ratio, the standardized difference, etc.
Each PICO combination was extracted as a new entry row in the spreadsheet (Supplementary Table S1 ). We classified each mean effect size reported into four possible levels: (a) significantly positive effect, (b) significantly negative effect, (c) non-significant effect, (d) results lacking formal statistical analysis. This classification was based on confidence intervals or p -values (or other statistical test outcomes) reported by the authors of the MAs.
Quality assessment of the meta-analyses
The quality of the selected MAs was assessed based on 16 independent quality criteria (Table 2 ), following a standardized quality assessment method 11 . The criteria cover the quality of the systematic review process, the quality of the statistical analysis and the risk of bias, in all the different steps followed when conducting a MA. Several of these criteria can also be found in previous publications 10 , 11 , 23 , 24 .
Classification and harmonization of intervention-comparator pairs and outcome metrics
After the PICO extraction, we classified intervention-comparator pairs (such as agroforestry vs conventional farming) and outcome metrics (such as soil carbon stock, soil sediment loss, birds’ abundance, etc.) into homogenized categories. We classified the intervention-comparator pairs by associating the original FPs definitions of each MA with generic definitions. We classified the metrics into two different types, depending on the experiments: empirical experiments (e.g. pot-, laboratory-, greenhouse-, field- or farm-scale) or numerical experiments based on model simulations (including life-cycle-assessment models). Additionally, we further classified these metrics into different impact categories depending on whether they addressed environmental, climate or productivity targets. Metrics were attributed to impact categories when a direct link could be established, while avoiding proxy-based or indirect cause-consequence associations. For instance, the metrics “nitrogen leaching” or “sediment run-off” were respectively associated to the impact categories “Nutrient leaching and run-off” and “Soil erosion”, while not to “Water quality” or “Soil nutrients”. To each metric, we assigned a direction of change (i.e. either decrease or increase) to be associated with the positive effect towards the impact. For instance, “increase soil carbon content” was associated with “increase carbon sequestration” and “increase soil methane uptake” was associated to “decrease greenhouse gas emission”.
Restrictions
We deliberately limited MA selection and data extraction to outcomes related to environmental, climate and productivity impacts. Therefore, in the current version of the dataset (2023 version) 20 , all outcomes related to economics, food quality, safety, nutritional values, labour and social dimensions were not considered.
To speed up the analysis, when the number of MAs exceeded 10 for a specific combination of FP and impact, we limited the selection process to the 10 most recent MAs, either excluding older MAs or prioritizing MAs carried out on a global scale. The details of such criteria are reported among selection criteria for each FP category.
In the present version of the iMAP-FP dataset (2023 version) 20 , the quantitative numerical estimates of the effect sizes reported by the selected MAs were not extracted.
Data Records
The full iMAP-FP dataset (2023 version) is available at the JRC data catalogue platform 20 . Below we describe the different sections of the dataset 20 . Table 3 supports the reporting of the different sections, specifying the data resulting from each analytical step and the names of the corresponding files, each one being stored in a separate spreadsheet (CSV format). Here we give a brief description of the content.
Section 1 - Farming practices glossary
Section 1 corresponds to the first step of the process, defining the FPs. It includes a glossary of the definitions of the FPs, accompanied with literature references, as well as more detailed explanations regarding the boundaries (what is included or excluded) of these definitions.
Sections 2, 3 and 4 - Systematic screening of MAs
Section 2 reports all search equations run on Web of Science® and Scopus® databases, together with their dates. The number of literature records resulting from all the search equations run in the Web of Science and Scopus databases (including the dates of search) is reported in Fig. 2 , sorted by FP category and publication year and after duplicate removal.
Records retrieved from Web of Science and Scopus databases. Yearly distribution of unique records retrieved by using specific search equations for 34 farming practice categories. Farming practice categories are ordered chronologically according to the search dates, provided after the name. Purple squares are used to visualize the year of search and screening for each farming practice category.
Section 3 reports the detailed list of exclusion/inclusion criteria used for the screening and selection of the relevant MAs for each of the FP categories. Details of the screening process (including references of each record, exclusion/inclusion during abstract or full text reading) are included in Section 4 of the dataset 20 . Figure 3 provides an overview of the systematic selection process, which lasted around 36 months, from July 2020 to June 2023. After elimination of duplicates found in both databases, we identified a total of 13,935 records, potentially valid to meet the selection criteria of each FP category (reported in detail in Section 3 of the dataset 20 ). After screening the titles and abstracts, 4,580 full-text articles were assessed for eligibility, and finally 759 MAs were retained for data extraction. Some of these MAs were selected simultaneously in more than one FP category selection process; therefore, the final number of unique MAs selected across all FPs is 570.
Graphical representation of the selection process leading to the systematic mapping applied to meta-analyses (MAs) published in the field of agriculture sustainability. The number of MAs retrieved from Web of Science and Scopus (after duplicate removal) is reported in the first bar-plot, for each of the 34 farming practice (FP) categories. The number of MAs retained and discarded after title-abstract reading and after full text reading is reported in the following two bar-plots. As some MAs were reporting results on more than one FP category, the final number of unique MAs selected for further data extraction is also reported.
Further details regarding selection process of each FP category (i.e. derived from each single search equation) are reported in the Supplementary Information, using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) statement diagrams 25 .
Section 5 – Selected MAs
Section 5 includes the reference list of 570 unique MAs, selected along the screening process. Of the selected 570 unique MAs, nearly 100 reported results on more than one FP category. On average, 10 MAs were relevant per each FP (Fig. 3 ), with some FPs covered by up to 73 MAs (Leguminous crops), 51 (No tillage and reduced tillage), 41 (Cover and catch crops, mulching), while other FP categories covered by few MAs (e.g. fallowing, with only 4 MAs).
The distribution of the selected MAs per publication year is reported in Fig. 4a . The median number of primary studies in each MA was 53, and ranged from 4 to 678 (Fig. 4b ). The selected MAs were often conducted (397 MAs out of 570) at a global scale (Fig. 4c ), without specific geographical limitations. Fewer MAs were focusing on specific continents (e.g. 65 on China, 27 on Europe, 18 on North America, 21 on Africa/Sub-Saharan-Africa/west-Africa and 13 on Asia/south-Asia), or on countries (e.g. 72 on China, 18 on the USA, 6 on Brazil, 3 on India, 2 on New Zealand and Canada) or on biogeographical zones (e.g. 6 on Mediterranean, 5 on temperate, 3 on tropical, 3 on continental, 2 on artic and 2 on arid).
Distribution of the selected meta-analyses per publication year ( a ), per number of primary literature articles synthetized ( b ) and per geographical coverage ( c ). Dotted lines indicate the starting date of the literature screening process ( a ) and the median of primary studies synthetized per meta-analysis ( b ).
Section 6 – Quality assessment of MAs
Section 6 of the dataset 20 includes the assessment of the quality, transparency and robustness of the selected MAs (16 criteria), as shown in Table 2 . Note that slightly different quality assessment may have been recorded on different FP categories or impact categories reported by the same MA. For instance, in some cases, the statistical analysis was of different quality (e.g. weighted mean, confidence intervals, etc.) for metrics regarding carbon sequestration and others regarding biodiversity, reported by the same MA.
Section 7 – Qualitative synthesis and reporting
Section 7 of the dataset 20 summarizes the selected MAs, using wording as reported originally by the authors of MAs. For each combination of FP and impact categories, the following items are reported: the main characteristics of each MA, including their scientific background, main objectives, main findings, the relevant factors influencing the results, the authors’ conclusions and main knowledge gaps. This structure is a standard used in reporting systematic reviews and meta-analyses, by the Cochrane Handbook for Systematic Reviews of Interventions 26 .
Sections 8 and 9 – Classification of intervention-comparator pairs, outcome metrics and impact categories
Section 8 of the dataset 20 reports the intervention and comparator pairs (e.g. “no tillage” and “conventional tillage”, “cover crop” and “bare soil”, etc.), outcome metrics (e.g. soil organic carbon stock, N 2 O emission, etc.) and type of effect sizes (e.g. logarithm of the ratio, Hedge’s g, etc.). All items are reported using the definitions used by authors in the original text of the MAs.
Section 9 reports a categorized list of 3,811 results, their significance based on statistical tests (i.e. significantly positive or negative, non-significant, lacking statistical tests) for each of the main PICO combinations reported by each MA. In total, we classified 223 different combinations of intervention-comparator pairs (specific FP vs a control FP). The average number of unique intervention-comparator pairs per FP was 6, but ranged from 1 to 21 (Fig. 5 ). The results reported by the selected MAs covered 553 unique outcome metrics. We grouped these metrics into 34 impacts categories (Fig. 6 ). The large majority of such metrics (i.e. 542 metrics, grouped into 25 impact categories) were estimated from experimental (or observational) studies, while few of them (i.e. 17 metrics and 9 impact categories) were based on modelling studies (typically life-cycle cradle-to-farm-gate models) (Fig. 6 ).
Data by farming practice category. Number of results of statistical tests on the effects (i.e. results of statistical models used to test the significance of the effect of a farming practice on the outcome, relative to a comparator practice), unique intervention-comparators pairs and outcome metrics (i.e. metrics used to quantify the outcome of farming practices), identified for each farming practice category.
Data by impact categories. Number of results of statistical tests on the effects (i.e. results of statistical models used to test the significance of the effect of a farming practice on the outcome, relative to a comparator practice), unique intervention-comparators pairs and outcome metrics (i.e. metrics used to quantify the outcome of farming practices) identified for each category of environmental/climate/productivity impact. Impact categories are also divided according to the type (either empirical or modelling) of primary studies.
Technical Validation
Dataset revision and data cleaning.
At the end of the entire process (June 2023), all single spreadsheets (Supplementary Table S1 ), used separately for data extraction for each FP category, were merged together using dedicated scripts (run in R programming language). The whole dataset went through a revision process, aimed at checking the homogenization of the classifications, correcting errors and checking missing data in all sections. Particularly, a group of four reviewers revised all attributions of metrics to impact categories for all FP categories. Discrepancies were resolved through consent within the team.
The majority of corrections are related to Sections 8 and 9 and were especially necessary to homogenize the attribution of metrics to impact categories, in all FP categories. Some other corrections were made to other sections of the dataset, to correct inconsistencies and missing data. Figure 7 summarizes the number of corrections performed for each section of the data set.
Technical validation of the dataset, performed between June and October 2023 by 5 reviewers. Number of corrections (e.g. metric attributions to impact categories, wrong direction of the result, missing entries, etc.) in each section of the dataset and per farming practice category.
The main limitation of the present dataset is the difference in the MA search date between the FPs (from July 2020 to June 2023). For example, the search equations for “agroforestry systems” and “efficiency-enhanced fertilizers” were run in late 2020 and early 2021. Therefore, new MAs published after those dates, during the years 2021-2023, were not included in the current version of the iMAP-FP dataset 20 . An update is foreseen for most relevant FPs as identified by policy makers and/or for fast evolving domain (e.g. feed additives, animal welfare).
Usage Notes
The iMAP-FP dataset 20 , described in this article, can be loaded into any software that supports.csv files. To process the dataset, one can use programming languages such as Python, Java, MATLAB, or R. This dataset holds significant value for scientists and analysts in the agriculture-environmental science-to-policy domain, as it can be used to analyse the effects of farming practices on agriculture sustainability and productivity with robust knowledge, systematically extracted from peered-reviewed scientific literature.
As our dataset provides a detailed description and quality assessment of hundreds of MAs covering a wide diversity of FPs, it can be used to produce scientific syntheses on a wide range of topics related to agricultural sustainability in different regions of the world. More specifically, our dataset can be used to create evidence maps, as recently illustrated by Chen et al . 14 , where a small part of the iMAP-FP dataset 20 was used to assess the benefits of enhanced-efficiency fertilisers for the environment, nutrient use efficiency, soil fertility, and crop production.
The iMAP-FP dataset 20 provides all the elements needed to quickly identify relevant MAs for assessing the impact of a given FP on a particular environmental impact. It thus greatly facilitates the synthesis work of scientists or evaluators wishing to provide robust evidence concerning the sustainability of agricultural practices. Likewise, scientists can quickly identify which MAs can provide relevant primary datasets, in view of data re-analysis and towards incremental evidence integration, in accordance to the principles of the so-called “virtuous cycle of data ecosystems” 27 .
Our dataset can also be used as a basis for selecting relevant studies for vote counting of MAs or second-order meta-analysis, as illustrated in recent publications 9 , 13 , 14 . Instead of analysing the primary data as in standard MA (1 st order), these fast-track methods either count the number of significant mean effect sizes provided by 1 st order MAs (vote counting of MAs) or computes a weighted average of the mean effect sizes produced by the first-order MAs (second-order MAs). These methods are much quicker to apply than standard meta-analyses, and thus enable swift response to requests from policy-makers on the environmental impact of FPs, as shown in recent years by the increasing use of second order MA 28 .
Code availability
The 34 spreadsheets used for data extraction (Supplementary Table S1 ) were merged together and transferred into the dataset sections. Data were cleaned and visualized into figures (Figs. 2 , 3 , 4 , 5 , 6 ), using scripts run in the software R v4.3 29 and the Tidyverse v2.0 30 . The code is publicly available in the JRC data catalogue repository 20 , together with renv lockfile 31 , that records the version and hashes for all packages used.
Hong, C. et al . Global and regional drivers of land-use emissions in 1961–2017. Nature 589 , 554–561 (2021).
Article ADS PubMed Google Scholar
Chalmers, I., Hedges, L. V. & Cooper, H. A Brief History of Research Synthesis. Eval Health Prof 25 , 12–37 (2002).
Article PubMed Google Scholar
Gurevitch, J., Koricheva, J., Nakagawa, S. & Stewart, G. Meta-analysis and the science of research synthesis. Nature 555 , 175–182 (2018).
Makowski, D., Piraux, F. & Brun, F. From Experimental Network to Meta-Analysis Methods and Applications with R for Agronomic and Environmental Sciences . (2019).
Tonitto, C., David, M. B. & Drinkwater, L. E. Replacing bare fallows with cover crops in fertilizer-intensive cropping systems: A meta-analysis of crop yield and N dynamics. Agriculture, Ecosystems and Environment 112 , 58–72 (2006).
Article Google Scholar
Kuyah, S. et al . Agroforestry delivers a win-win solution for ecosystem services in sub-Saharan Africa. A meta-analysis. Agronomy for Sustainable Development 39 , 1–18 (2019).
Tuomisto, H. L., Hodge, I. D., Riordan, P. & Macdonald, D. W. Does organic farming reduce environmental impacts? – A meta-analysis of European research. Journal of Environmental Management 112 , 309–320 (2012).
Jeffery, S., Verheijen, F. G. A., van der Velde, M. & Bastos, A. C. A quantitative review of the effects of biochar application to soils on crop productivity using meta-analysis. Agriculture, Ecosystems & Environment 144 , 175–187 (2011).
Makowski, D. et al . Synthesising results of meta-analyses to inform policy: a comparison of fast-track methods. Environ Evid 12 , 16 (2023).
Philibert, A., Loyce, C. & Makowski, D. Assessment of the quality of meta-analysis in agronomy. Agriculture, Ecosystems and Environment 148 , 72–82 (2012).
Beillouin, D., Ben-ari, T. & Makowski, D. Evidence map of crop diversification strategies at the global scale. Environmental Research Letters https://doi.org/10.1088/1748-9326/ab4449 (2019).
Beillouin, D., Ben-ari, T. & Makoswki, D. Assessing the quality and results of meta-analyses on crop diversification Protocol for systematic review and evidence map. (2018).
Tamburini, G. et al . Agricultural diversification promotes multiple ecosystem services without compromising yield. Science advances 6 , eaba1715 (2020).
Article ADS PubMed PubMed Central Google Scholar
Chen, M. et al . Evidence map of the benefits of enhanced-efficiency fertilisers for the environment, nutrient use efficiency, soil fertility, and crop production. Environ. Res. Lett. 18 , 043005 (2023).
Article ADS Google Scholar
Almaraz, M., Wong, M. Y., Geoghegan, E. K. & Houlton, B. Z. A review of carbon farming impacts on nitrogen cycling, retention, and loss. Annals of the New York Academy of Sciences 1505 , 102–117 (2021).
Rosa-Schleich, J., Loos, J., Mußhoff, O. & Tscharntke, T. Ecological-economic trade-offs of Diversified Farming Systems – A review. Ecological Economics 160 , 251–263 (2019).
Guenet, B. et al . Can N2O emissions offset the benefits from soil organic carbon storage? Global Change Biology 27 , 237–256 (2021).
Takola, E., Bonfanti, J., Seppelt, R. & Beckmann, M. An open-access global database of meta-analyses investigating yield and biodiversity responses to different management practices. Data in Brief 51 , 109696 (2023).
Article PubMed PubMed Central Google Scholar
Fohrafellner, J., Zechmeister-Boltenstern, S., Murugan, R. & Valkama, E. Quality assessment of meta-analyses on soil organic carbon. SOIL 9 , 117–140 (2023).
Schievano, A. et al . iMAP-FP dataset – An evidence library of the effects of Farming Practices on the environment and the climate. https://doi.org/10.2905/4e3c371a-be72-4ea0-aa0b-45f8cdda2064 (2023).
Makowski, D. et al . Systematic review of meta-analyses to assess the impacts of farming practices - A methodological framework. Preprints of Papers- … https://doi.org/10.31219/OSF.IO/BYUW9 (2021).
Page, M. J. et al . The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. BMJ n71 https://doi.org/10.1136/bmj.n71 (2021).
Aromataris, E. et al . Summarizing systematic reviews: methodological development, conduct and reporting of an umbrella review approach. JBI Evidence Implementation 13 , 132 (2015).
Google Scholar
Nakagawa, S., Noble, D. W. A., Senior, A. M. & Lagisz, M. Meta-evaluation of meta-analysis: ten appraisal questions for biologists. BMC Biology 15 , 18 (2017).
Page, M. J. et al . PRISMA 2020 explanation and elaboration: updated guidance and exemplars for reporting systematic reviews. BMJ n160 https://doi.org/10.1136/bmj.n160 (2021).
Cumpston M, Lasserson T, Flemyng E, Page MJ. Chapter III: Reporting the review. in Cochrane Handbook for Systematic Reviews of Interventions (Cochrane, 2023).
Voytek, B. The Virtuous Cycle of a Data Ecosystem. PLOS Computational Biology 12 , e1005037 (2016).
He, X. et al . Agricultural diversification promotes sustainable and resilient global rice production. Nat Food 4 , 788–796 (2023).
R Foundation for Statistical Computing. R: The R Project for Statistical Computing. https://www.r-project.org/ (2024).
Wickham, H. et al . Welcome to the Tidyverse. Journal of Open Source Software 4 , 1686 (2019).
Ushey, K. & Wickham, H. RENV: Project Environments. https://rstudio.github.io/renv/ .
Download references
Acknowledgements
The iMAP-FP dataset 20 described in the present data-paper has been compiled in the frame of an Administrative Arrangement entitled “Integrated modelling platform for agro-economic commodity and policy analysis (IMAP4AGRI)” between DG Agriculture and Rural Development (DG AGRI) and DG Joint Research Centre (DG JRC), providing the funding of the work. David Makowski and Mathilde Chen were also partly funded by the project CLAND (French Research Agency, 16-ANR-0003). Giovanni Tamburini was partly funded by the Italian Agritech National Research Center (PIANO NAZIONALE DI RIPRESA E RESILIENZA (PNRR) – MISSIONE 4 COMPONENTE 2, INVESTIMENTO 1.4 – D.D. 1032 17/06/2022, CN00000022).
Author information
Authors and affiliations.
European Commission, Joint Research Centre (JRC), Ispra, VA, Italy
Andrea Schievano, Marta Pérez-Soba, Simona Bosco, Ana Montero-Castaño, Rui Catarino, Irene Guerrero, Michael Assouline, Frank Dentener, Marijn Van der Velde, Maria Luisa Paracchini, Franz Weiss, Vincenzo Angileri & Jean-Michel Terres
University Paris-Saclay, INRAe, AgroParisTech, Palaiseau, France
Mathilde Chen & David Makowski
Department of Soil, Plant and Food Sciences (DiSSPA – Entomology and Zoology), University of Bari Aldo Moro, Bari, Italy
Giovanni Tamburini
Department of Bioscience, University of Milano, Milano, Italy
Beatrice Landoni & Otho Mantegazza
Seidor Italy, s.r.l., Milano, Italy
Maria Bielza
ARHS Developments, Belvaux, Luxembourg
Renate Koeble
European Commission, Directorate General for Agriculture and Rural Development, Brussels, Belgium
Carlo Rega & Andrea Furlan
You can also search for this author in PubMed Google Scholar
Contributions
Andrea Schievano: JRC-D5, Scientific conceiving, Data extraction, 2nd stage review, data management, paper writing. Marta Pérez-Soba: JRC-D5, Scientific conceiving, Data extraction, 2nd stage review, data management, project management, paper writing. Simona Bosco: JRC-D5, Scientific conceiving, Data extraction, 2nd stage review, data management, project management, paper writing. Ana Montero-Castano: JRC-D5, Scientific conceiving, Data extraction, 2nd stage review, data management, paper writing. Rui Catarino: JRC-D5, Scientific conceiving, 2nd stage review, data management, paper writing. Mathilde Chen: JRC-D5, Scientific conceiving, Data extraction, 2nd stage review, data management, paper writing. Giovanni Tamburini: JRC-D5, Scientific conceiving, Data extraction, 2nd stage review, data management. Beatrice Landoni: JRC-D5, Data extraction, data management. Otho Mantegazza: JRC-D5, Data extraction, data management. Irene Guerrero: JRC-D5, 2nd stage review, data management. Maria Bielza: JRC-D5, 2nd stage review, data management. Michael Assouline: JRC-D5, data management. Renate Koeble: JRC-D5, 2nd stage review, data management. Frank Dentener: JRC-D5, 2nd stage review. Marijn Van der Velde: JRC-D5, 2nd stage review, paper writing. Carlo Rega: JRC-D5, 2nd stage review, project management. Andrea Furlan: JRC-D5, 2nd stage review, project management. Maria Luisa Paracchini: JRC-D5, 2nd stage review. Franz Weiss: JRC-D5, Scientific conceiving, 2nd stage review. Vincenzo Angileri: JRC-D5, 2nd stage review. Jean-Michel Terres: JRC-D5, Scientific conceiving, 2nd stage review, data management, project management, paper writing. David Makowski: JRC-D5, Scientific conceiving, Data extraction, 2nd stage review, data management, paper writing.
Corresponding authors
Correspondence to Andrea Schievano , Marta Pérez-Soba , Jean-Michel Terres or David Makowski .
Ethics declarations
Competing interests.
The authors declare no competing interests.
Additional information
Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Supplementary information
Prisma-statement diagrams, standardized data extraction spreadsheet, rights and permissions.
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/ .
Reprints and permissions
About this article
Cite this article.
Schievano, A., Pérez-Soba, M., Bosco, S. et al. Evidence library of meta-analytical literature assessing the sustainability of agriculture – a dataset. Sci Data 11 , 979 (2024). https://doi.org/10.1038/s41597-024-03682-6
Download citation
Received : 31 January 2024
Accepted : 25 July 2024
Published : 07 September 2024
DOI : https://doi.org/10.1038/s41597-024-03682-6
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
Quick links
- Explore articles by subject
- Guide to authors
- Editorial policies
Sign up for the Nature Briefing: Anthropocene newsletter — what matters in anthropocene research, free to your inbox weekly.
Experimental Investigation of Droop Control for Power Sharing of Parallel DC–DC Converters in Voltage and Current Mode Control
- Published: 03 September 2024
Cite this article
- Rodrigo Affonso Guarinho Silva ORCID: orcid.org/0000-0002-7924-6278 1 &
- Joao Americo Vilela Jr ORCID: orcid.org/0000-0002-6991-5300 1
This article presents an experimental study that evaluated droop control strategies in DC microgrids with parallel-connected converters. In a decentralized control scheme, it is critical to ensure voltage regulation and load sharing in each converter to maintain a stable operation. Two scenarios are considered: the first involves two converters operating in parallel as voltage mode control, a conventional method discussed in the literature. In the second scenario, a less commonly used method is presented, in which one converter operates in voltage mode control and another operates in current mode control. The proposed decentralized control method is experimentally validated in a DC microgrid using parallel-connected lithium-ion batteries and converters. Load sharing results are examined under conditions with equal droop coefficients, demonstrating equivalent outcomes for specific load steps in both scenarios. However, in the case of different droop coefficients, the alternative method proves to be highly satisfactory, particularly for a broader range of load variations. The results confirm the efficacy of the control method in load sharing and voltage regulation among each converter, as well as the equivalence of control between both scenarios.
This is a preview of subscription content, log in via an institution to check access.
Access this article
Subscribe and save.
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Price includes VAT (Russian Federation)
Instant access to the full article PDF.
Rent this article via DeepDyve
Institutional subscriptions
Similar content being viewed by others
Adaptive droop control for high-performance operation in low-voltage DC microgrids
Paralleling Converters in DC Microgrids with Modified Lag I-V Droop Control and Voltage Restoration
Integrated control scheme for dynamic power management with improved voltage regulation in DC microgrid
Anand, S., Fernandes, B. G., & Guerrero, J. M. (2013). Distributed control to ensure proportional load sharing and improve voltage regulation in low-voltage DC microgrids. IEEE Transactions on Power Electronics, 28 (4), 1900–1913. https://doi.org/10.1109/TPEL.2012.2215055
Article Google Scholar
Baros, D., Rigogiannis, N., Papanikolaou, N., & Loupis, M. (2020). Investigation of communication delay impact on DC microgrids with adaptive droop control. In 2020 International symposium on industrial electronics and applications, INDEL 2020 - proceedings (pp. 1–6). IEEE. https://doi.org/10.1109/INDEL50386.2020.9266166
Beerten, J., & Belmans, R. (2013). Analysis of power sharing and voltage deviations in droop-controlled DC grids. IEEE Transactions on Power Systems, 28 (4), 4588–4597. https://doi.org/10.1109/TPWRS.2013.2272494
Benlahbib, B., Bouarroudj, N., Mekhilef, S., et al. (2020). Experimental investigation of power management and control of a pv/wind/fuel cell/battery hybrid energy system microgrid. International Journal of Hydrogen Energy., 45 (53), 29110–29122. https://doi.org/10.1016/j.ijhydene.2020.07.251
Cantarero, M. M. V. (2020). Of renewable energy, energy democracy, and sustainable development: A roadmap to accelerate the energy transition in developing countries. Energy Research and Social Science, 70 (101), 716. https://doi.org/10.1016/j.erss.2020.101716
Gao, F., Gu, Y., Bozhko, S., Asher, G., & Wheeler, P. (2014). Analysis of droop control methods in DC microgrid. In 2014 16th European conference on power electronics and applications, EPE-ECCE Europe 2014 . https://doi.org/10.1109/EPE.2014.6910846
Gao, F., Kang, R., Cao, J., & Yang, T. (2019). Primary and secondary control in DC microgrids: A review . https://doi.org/10.1007/s40565-018-0466-5
Guerrero, J. M., Vasquez, J. C., Matas, J., De Vicuna, L. G., & Castilla, M. (2011). Hierarchical control of droop-controlled AC and DC microgrids: A general approach toward standardization. IEEE Transactions on Industrial Electronics, 58 (1), 158–172. https://doi.org/10.1109/TIE.2010.2066534
Institution of Engineering and Technology (2022) IET: On-Site Guide (BS 7671:2018+A2:2022), 8th edn. Institution of Engineering and Technology, 23 May 2022.
International Electrotechnical Commission (2009) IEC 60364-5-52:2009, 3rd edn. International Standard
Irmak, E., Guler, N., Kabalci, E., Calpbinici, A. (2019). A modified droop control method for PV systems in Island mode DC microgrid. In 8th international conference on renewable energy research and applications, ICRERA 2019 (pp. 1008–1013). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICRERA47325.2019.8997075
Jamerson, C., & Mullet, C. (1994). Paralleling supplies via various droop methods. Ninth International High Frequency Power Conversion (pp. 68–76).
Johnson, B. K., Lasseter, R. H., Alvarado, F. L., & Adapa, R. (1993). Expandable multiterminal DC systems based on voltage droop. IEEE Transactions on Power Delivery, 8 (4), 1926–1932. https://doi.org/10.1109/61.248304
Karlsson, P. (2002). DC distributed power systems—Analysis, design and control for a renewable energy system.
Li, F., Lin, Z., Cao, W., Chen, A., & Wu, J. (2018). A low-pass filter method to suppress the voltage variations caused by introducing droop control in dc microgrids. In 2018 IEEE energy conversion congress and exposition (ECCE) (pp. 1151–1155). https://doi.org/10.1109/ECCE.2018.8557455
Liu, G., Caldognetto, T., Mattavelli, P., et al. (2019). Power-based droop control in DC microgrids enabling seamless disconnection from upstream grids. IEEE Transactions on Power Electronics, 34 (3), 2039–2051. https://doi.org/10.1109/TPEL.2018.2839667
Liu, S., Zheng, J., Li, Z., & Liu, X. (2020). A general piecewise droop design method for DC microgrid. International Journal of Electronics., 108 (5), 758–776. https://doi.org/10.1080/00207217.2020.1818839
Liu, Y., Wang, J., Li, N., et al. (2015). Enhanced load power sharing accuracy in droop-controlled DC microgrids with both mesh and radial configurations. Energies, 8 (5), 3591–3605. https://doi.org/10.3390/en8053591
Lu, X., Guerrero, J. M., Sun, K., et al. (2014). An improved droop control method for dc microgrids based on low bandwidth communication with dc bus voltage restoration and enhanced current sharing accuracy. IEEE Transactions on Power Electronics, 29 (4), 1800–1812. https://doi.org/10.1109/TPEL.2013.2266419
National Electrical Code. (2020). National Electrical Code, 2008th edn. National Fire Protection Association (NFPA) and National Board of Fire Underwriters and National Fire Protection Association. National Electrical Code Committee, 1 Batterymarch Park, Quincy, MA 02169-7471, nFPA 70™
Perez, F., Iovine, A., Damm, G, & Ribeiro, P. (2018). Dc microgrid voltage stability by dynamic feedback linearization. In 2018 IEEE international conference on industrial technology (ICIT) (pp. 129–134). https://doi.org/10.1109/ICIT.2018.8352164
Qin, D., Sun, Q., Wang, R., Ma, D., & Liu, M. (2020). Adaptive bidirectional droop control for electric vehicles parking with vehicle-to-grid service in microgrid. CSEE Journal of Power and Energy Systems, 6 (4), 793–805. https://doi.org/10.17775/CSEEJPES.2020.00310
Rajagopalan, J., Xing, K., Guo, Y., Lee, F. C., & Manners, B. (1996). Modeling and dynamic analysis of paralleled dc/dc converters with master-slave current sharing control. In Conference proceedings - IEEE applied power electronics conference and exposition - APEC, (2, pp. 678–684). https://doi.org/10.1109/apec.1996.500513
Sun, P., Wang, Y., Khalid, M., Blasco-Gimenez, R., & Konstantinou, G. (2023). Steady-state power distribution in VSC-based MTDC systems and dc grids under mixed P/V and I/V droop control. Electric Power Systems Research, 214 ,. https://doi.org/10.1016/j.epsr.2022.108798
Wang, P., Lu, X., Yang, X., Wang, W., & Xu, D. (2016). An improved distributed secondary control method for DC microgrids with enhanced dynamic current sharing performance. IEEE Transactions on Power Electronics, 31 (9), 6658–6673. https://doi.org/10.1109/TPEL.2015.2499310
Download references
This research has been financially supported by the Coordination for the Improvement of Higher Education Personnel (CAPES), which is a Brazilian Federal Agency for Support and Evaluation of Graduate Education within the Ministry of Education of Brazil.
Author information
Authors and affiliations.
Electrical Engineering Department, Universidade Federal do Paraná (UFPR), Centro Politécnico UFPR, Curitiba, PR, 19011, Brazil
Rodrigo Affonso Guarinho Silva & Joao Americo Vilela Jr
You can also search for this author in PubMed Google Scholar
Corresponding author
Correspondence to Rodrigo Affonso Guarinho Silva .
Additional information
Publisher's note.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Reprints and permissions
About this article
Guarinho Silva, R.A., Vilela, J.A. Experimental Investigation of Droop Control for Power Sharing of Parallel DC–DC Converters in Voltage and Current Mode Control. J Control Autom Electr Syst (2024). https://doi.org/10.1007/s40313-024-01101-0
Download citation
Received : 28 May 2023
Revised : 17 March 2024
Accepted : 06 June 2024
Published : 03 September 2024
DOI : https://doi.org/10.1007/s40313-024-01101-0
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Droop control
- Primary control
- DC microgrid
- Energy storage systems
- Find a journal
- Publish with us
- Track your research
IMAGES
VIDEO
COMMENTS
The purpose of this paper is to review analytical conceptualizations of management control systems (MCS) that have been developed in the academic literature. By means of a systematic review (Tranfield et al. in Br. J. Manag. 14: 207-222, 2003), a comprehensive analysis that encompasses both textbook approaches and research papers is provided. As a result, this article presents a landscape of ...
Literature Review on T raffic Control Systems Used . W orldwide. 1 Vaishali Mahavar, 2 Prof. Jayesh Juremalani . 1 P.G, Student, 2 Assistant Professor . 1,2 Ci vil Engineering Department .
Management Control Systems: A review of Literature and a Theoretical Framework for Future Researches. September 2013; European Journal of International Management 5(26):1-13; 5(26):1-13;
Three concepts of MCS consist three different discipline which are, management, control and system. According to Nandan et al. [] the terms management control system accomplish three disciplines and there is a lack for defining these terms.The management represents what managers should do to achieve the organization goals in which they have resources, capital, employee and equipment, and the ...
Through this literature review discussion section, we also discuss the TM challenges noticed in the selected studies that addressed ICSs TM. 3. Related work. To our knowledge, this is the first systematic literature review on threat modeling that focus on ICSs and analyzes the studies from the control systems perspective.
Abstract. This chapter provides a review of the broad field of the literature on control and accountability, which is generally seen as being encompassed within the domain of management control systems (MCS) research. It describes researchers' definitions of the MCS domain, the frameworks and conceptualizations they have used to provide ...
This manuscript is organised as follows. Section 2 presents the materials and methods followed during our study. Section 3 reviews the state of the art of DMSs and control architectures for autonomous and social robots by area of application. Next, Sect. 4 analyses the results of our survey in the last three decades, attempting to study the tendencies thoroughly these systems have experienced ...
a review of literature in management control system (mcs), BUSINESS STRATEGY, AND FIRM'S PERFORMANCE Saeed Awadh Bin-Nashwan* 1,3 , NurFarhana Saliha h Abdullah 2 , Mohammed Mahdi Obaid 1,3
rlier concep. s. Keywords: management control systems, literature review, theoretical framework 1. IntroductionThis article. reviews the earlier works of management control systems (MCS) as well as the recent emerging themes. The earlier works of MCS practices (Anthony, 1965, 1988; Giglioni & Bedeian, 1974; Hofstede, 1980; Lowe, 1971; Macintosh ...
There exists a large literature on well-known Production Control Systems (PCS) such as Kanban, Constant Work-In-Process (CONWIP), Material Requirements Planning (MRP) and Paired Cell Overlapping Loops of Cards with Authorisation (POLCA). However, there are also many new systems that have emerged in the last 20 years.
This paper is based on literature review of management control system in university libraries. The purpose of this paper is to discuss the place of management control system in university library, challenges associated with management control system and the enhancement strategies. This paper is important as it provides insight in which university libraries could improve staff performance ...
A simulation control protocol embedded in PARAMICS software tool capable of conducting area-wide micro simulation is adopted to design the logic frame and function module of the area-wide traffic signal control system. His results shown that mobility improvements are achieved after applying the proposed model along with the genetic algorithm ...
Abstract. A project control system aims to minimize the gap between project planning and project execution in order to achieve project aims, i.e., cost, time, and content. This paper reviews the current literature on project control systems. The first part provides an overview of the nature and importance of project control.
Most of the control systems that are implemented to date with the use of PID control because of its simple structure, ease of implementation, and active research in tuning the PID for a long time. ... This paper attempts to address the literature review of PID control in an era of control system and bio-medical applications. The development of ...
CURRENT KNOWLEDGE ON INTERNAL CONTROL FAR ...
Risk-based access control model: a systematic literature review (Atlam et al., 2020). A systematic review of the risk-based access control model is provided. According to their search strategy, they chose 44 recent studies to summarize their contributions, analyzed the various risk factors and investigated the used risk estimation techniques.
CONTROL: A LITERATURE REVIEW Jean Bédard, Laval University Nadine Glaudemans, Maastricht University ... • Bédard (1986) Internal control evaluation in computerized systems: Experts versus novices. • The 2000 • New audit failures SOX 404. 4. Internal control. Definition. IC— "a . process
A systematic literature review is a type of literature review that applies an explicit algorithm and multistage review strategy to collect and critically appraise a body of research studies (Mulrow, 1994; Siddaway et al., 2019). As suggested by Tranfield et al. , a three-stage process was used to provide replicable and transparent results.
Revised May 26, 2022. Accepted Jun 18, 2022. To assess different approaches t o traffic light control design, a systematic. literature review was conducted, covering publications from 2006 to 2020 ...
Literature reviews establish the foundation of academic inquires. However, in the planning field, we lack rigorous systematic reviews. In this article, through a systematic search on the methodology of literature review, we categorize a typology of literature reviews, discuss steps in conducting a systematic literature review, and provide suggestions on how to enhance rigor in literature ...
To get a comprehensive overview of the recent developments in risk culture research we performed a systematic literature review (Tranfield et al., 2003).The previous discussion on risk culture in Sect. 2 indicates, that risk culture, as an immaterial, organizational and social phenomenon, is difficult to delimit, which complicates the design of a systematic literature review, as many aspects ...
Based on a literature review, we also analyzed the future development direction of access control in the age of IoT. ... Finally, compliance of XACML4G with quality standards for access control ...
In the last two decades, an exponentially growing number of meta-analyses (MAs) synthesize thousands of peer-reviewed studies on the environmental impacts of farming practices (FPs). This paper ...
In order to review scientific contributions in the field of internal control, I apply the methodology of a systematic literature review (SLR). According to Littell et al. (), systematic literature reviews aim 'to comprehensively locate and synthesize research that bears on a particular question, using organized, transparent, and replicable procedures at each step in the process' (p. 1).
This article presents an experimental study that evaluated droop control strategies in DC microgrids with parallel-connected converters. In a decentralized control scheme, it is critical to ensure voltage regulation and load sharing in each converter to maintain a stable operation. Two scenarios are considered: the first involves two converters operating in parallel as voltage mode control, a ...