New technologies as cloud computing and internet of things (IoT) has expanded the range of multimodal applications. This expansion, in several computing and heterogeneous environments, makes access control an important issue in multimodal applications. Indeed, a variety of access control models have been developed to address different aspects of security problems. The two most popular basic models are: Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). The both models RBAC and ABAC have their specific features and they can complement each other. For that, providing a hybrid model which considers both concepts "roles" as well as "attributes" has become an important research topic. This paper proposes a new access control model based principally on roles, attributes, access modes and the type of resources. An empirical method is applied to compare the new proposed model versus three existing models: RBAC, ABAC, and the hybrid model Attribute Enhanced RBAC (AERBAC). The results of the empirical method demonstrate that the new proposed model acquires the advantages of the two models RBAC and ABAC and avoids their limitations. In fact, the new proposed model reduces the complexity of security policies and allows expressing the fine granularity of systems without any explosion in the number of roles or rules in the security policy.

security policies, access control, hybrid access control model, RBAC, ABAC, comparative method, flexible model, scalable model, fine-grained model