Indonesian Journal of Electrical Engineering and Computer Science Vol. 38, No. 3, June 2025, pp. 1896~1904 ISSN: 2502-4752, DOI: 10.11591/ijeecs.v38.i3.pp1896-1904  1896 Journal homepage: http://ijeecs.iaescore.com A comprehensive access control model integrating zero trust architecture Pattabhi Mary Jyosthna 1 , Konala Thammi Reddy 2 1 Department of Computer Science and Engineering, B. V. Raju Institute of Technology (BVRIT), Narsapur, India 2 Department of CSE, School of Engineering and Sciences, GD Goenka University, G D Goenka Education City, Sohna, India Article Info ABSTRACT Article history: Received Mar 4, 2024 Revised Dec 6, 2024 Accepted Feb 27, 2025 In contemporary IT landscapes, trust in entities, whether internal or external, within organizations has become obsolete. Establishing and enforcing strict access controls, alongside continuous verification, is imperative to safeguard organizational resources from potential insider and outsider threats. The emergence of zero trust architecture (ZTA) addresses this need by advocating for a paradigm shift in security. This research proposes a comprehensive access control model aligned with the fundamental ZTA security principles, namely least privilege, conditional access, and continuous monitoring. The model integrates well-established access control paradigms, including role-based access control (RBAC) to uphold the least privilege principle, attribute-based access control (ABAC) to support conditional access, and trust-based access control (TBAC) to enable continuous monitoring. To determine the trust level of a user requesting access, an analysis of the user's log activities is conducted using the N- median outlier detection (NMOD) technique. This analysis aids in evaluating the trustworthiness of the user seeking access to resources. Furthermore, this research assesses the efficiency and efficacy of the proposed integrated access control model in comparison to existing access control models, primarily focusing on their respective functionalities. Keywords: Attribute-based access control Continuous monitoring Principle of least privilege Role-based access control Trust-based access control Zero trust architecture This is an open access article under the CC BY-SA license. Corresponding Author: Pattabhi Mary Jyosthna Department of Computer Science and Engineering, B. V. Raju Institute of Technology (BVRIT) Narsapur, India Email: jyosthna.p@bvrit.ac.in 1. INTRODUCTION Nowadays organizations are running under a dynamic and decentralized IT environment where the resources of the organizations are hosted by some trusted third party and those resources can be accessed by the users of the organization remotely. The secure accessing of these resources became a challenging task for the organizations. According to Syed et al. [1], perimeter-based network security is insufficient since, if an attacker breaches the perimeter, they are free to travel laterally. So, the zero-trust architecture (ZTA) has been introduced to secure enterprise assets and subjects. The core principle of zero trust is to never automatically trust any user, device, or network, regardless of whether they are insiders or outsiders to the corporate network. Instead, it enforces strict access controls and continuously verifies and validates user identities and device characteristics before granting access to resources. It should mainly include the security components like least privilege, continuous monitoring, and conditional access. least privilege ensures that users and devices are granted the minimum level of access necessary to perform their duties, reducing the potential impact of a security breach. continuous monitoring of user behaviour and device status is performed to identify the suspicious activities or anomalies. Conditional access ensures access policies are based on