Achieving security scalability and flexibility using Fog-Based Context-Aware Access Control

Abstract In the cyberspace environment, access control is one of the foremost fundamental safeguards used to prevent unauthorized access and to minimize the impact from security breaches. Fog computing preserves many benefits for the integration of both internet of things (IoT) and cloud computing platforms. Security in Fog computing environment remains a significant concern among practitioners from academia and industry. The current existing access control models, like the traditional Context-Aware Access Control (CAAC), are limited to access data from centralized sources, and not robust due to lack of semantics and cloud-based service. This major concern has not been addressed in the literature, also literature still lacks a practical solution to control fog data view from multiple sources. This paper critically reviews and investigates the limitations of current fog-based access control. It considers the trade-off between latency and processing overheads which has not been thoroughly studied before. In this paper, a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework is proposed to enable flexible access control data from multiple sources. To fill the gap in the literature this paper introduces (i) a general data model and its associated mapping model to collate data from multiple sources. (ii) a data view model to provide an integrated result to the users, dealing with the privacy requirements of the associated stakeholders, (iii) a unified set of CAAC policies with an access controller to reduce both administrative and processing overheads, and (iv) a data ontology to represent the common classes in the relevant data sets. The applicability of FB-CAAC proposal is demonstrated via a walkthrough of the entire mechanism along with several case studies and a prototype testing. The results show the efficiency, flexibility, effectiveness, and practicality of FB-CAAC for data access control in fog computing environment.

[1]  Dongxi Liu,et al.  Privacy Preserving Location-Aware Personalized Web Service Recommendations , 2018, IEEE Transactions on Services Computing.

[2]  Jos de Bruijn,et al.  OWL DL vs. OWL flight: conceptual modeling and reasoning for the semantic Web , 2005, WWW '05.

[3]  Mark Strembeck,et al.  Modelling context-aware RBAC models for mobile business processes , 2013, Int. J. Wirel. Mob. Comput..

[4]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[5]  Elisa Bertino,et al.  Privacy-Preserving User Profile Matching in Social Networks , 2020, IEEE Transactions on Knowledge and Data Engineering.

[6]  J. Wenny Rahayu,et al.  A Policy Model and Framework for Context-Aware Access Control to Information Resources , 2017, ArXiv.

[7]  Hongwei Liu,et al.  An efficient access control scheme with outsourcing capability and attribute update for fog computing , 2018, Future Gener. Comput. Syst..

[8]  Elisa Bertino,et al.  PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets. , 2019, WWW.

[9]  Jorge Lobo,et al.  Privacy-aware role-based access control , 2010 .

[10]  Ian T. Foster,et al.  Safe Collections and Stewardship on Cloud Kotta , 2017, 2017 IEEE 13th International Conference on e-Science (e-Science).

[11]  Jun Han,et al.  An ontological framework for situation-aware access control of software services , 2015, Inf. Syst..

[12]  Man Ho Au,et al.  Towards leakage-resilient fine-grained access control in fog computing , 2018, Future Gener. Comput. Syst..

[13]  Hella Kaffel Ben Ayed,et al.  Generic Access Control System for Ad Hoc MCC and Fog Computing , 2016, CANS.

[14]  Jorge Lobo,et al.  An obligation model bridging access control policies and privacy policies , 2008, SACMAT '08.

[15]  Dimitris Gritzalis,et al.  Access Control Issues in Utilizing Fog Computing for Transport Infrastructure , 2015, CRITIS.

[16]  Jun Han,et al.  OntCAAC: An Ontology-Based Approach to Context-Aware Access Control for Software Services , 2015, Comput. J..

[17]  Elena Ferrari,et al.  Fine-Grained Access Control Within NoSQL Document-Oriented Datastores , 2016, Data Science and Engineering.

[18]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[19]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[20]  J. Wenny Rahayu,et al.  Accessing Data from Multiple Sources Through Context-Aware Access Control , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[21]  Ruben Mayer,et al.  Demo Abstract: Fog Computing for Improving User Application Interaction and Context Awareness , 2017, 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI).

[22]  Cui Tao,et al.  Automatically Extracting Ontologically Specified Data from HTML Tables of Unknown Structure , 2002, ER.

[23]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[24]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[25]  Chris Clifton,et al.  On syntactic anonymity and differential privacy , 2013, 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW).

[26]  Bernhard Mitschang,et al.  A Schema-Based Approach to Enable Data Integration on the Fly , 2017, Int. J. Cooperative Inf. Syst..

[27]  Erhard Rahm,et al.  Schema Matching and Mapping , 2013, Schema Matching and Mapping.

[28]  Ivan Stojmenovic,et al.  An overview of Fog computing and its security issues , 2016, Concurr. Comput. Pract. Exp..

[29]  A. S. M. Kayes,et al.  ISDI: A New Window-Based Framework for Integrating IoT Streaming Data from Multiple Sources , 2019, AINA.

[30]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[31]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..