In contemporary IT landscapes, trust in entities, whether internal or external, within organizations has become obsolete. Establishing and enforcing strict access controls, alongside continuous verification, is imperative to safeguard organizational resources from potential insider and outsider threats. The emergence of zero trust architecture (ZTA) addresses this need by advocating for a paradigm shift in security. This research proposes a comprehensive access control model aligned with the fundamental ZTA security principles, namely least privilege, conditional access, and continuous monitoring. The model integrates well-established access control paradigms, including role-based access control (RBAC) to uphold the least privilege principle, attribute-based access control (ABAC) to support conditional access, and trust-based access control (TBAC) to enable continuous monitoring. To determine the trust level of a user requesting access, an analysis of the user's log activities is conducted using the Nmedian outlier detection (NMOD) technique. This analysis aids in evaluating the trustworthiness of the user seeking access to resources. Furthermore, this research assesses the efficiency and efficacy of the proposed integrated access control model in comparison to existing access control models, primarily focusing on their respective functionalities.

Attribute-based access control; Continuous monitoring; Principle of least privilege; Role-based access control; Trust-based access control; Zero trust architecture