A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues

Over the last few decades, the proliferation of the Internet of Things (IoT) has produced an overwhelming flow of data and services, which has shifted the access control paradigm from a fixed desktop environment to dynamic cloud environments. Fog computing is associated with a new access control paradigm to reduce the overhead costs by moving the execution of application logic from the centre of the cloud data sources to the periphery of the IoT-oriented sensor networks. Indeed, accessing information and data resources from a variety of IoT sources has been plagued with inherent problems such as data heterogeneity, privacy, security and computational overheads. This paper presents an extensive survey of security, privacy and access control research, while highlighting several specific concerns in a wide range of contextual conditions (e.g., spatial, temporal and environmental contexts) which are gaining a lot of momentum in the area of industrial sensor and cloud networks. We present different taxonomies, such as contextual conditions and authorization models, based on the key issues in this area and discuss the existing context-sensitive access control approaches to tackle the aforementioned issues. With the aim of reducing administrative and computational overheads in the IoT sensor networks, we propose a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework, combining the benefits of the cloud, IoT and context-aware computing; and ensuring proper access control and security at the edge of the end-devices. Our goal is not only to control context-sensitive access to data resources in the cloud, but also to move the execution of an application logic from the cloud-level to an intermediary-level where necessary, through adding computational nodes at the edge of the IoT sensor network. A discussion of some open research issues pertaining to context-sensitive access control to data resources is provided, including several real-world case studies. We conclude the paper with an in-depth analysis of the research challenges that have not been adequately addressed in the literature and highlight directions for future work that has not been well aligned with currently available research.

[1]  Butler W. Lampson,et al.  Protection , 2021, OPSR.

[2]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[3]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[4]  Mark Weiser,et al.  Some computer science issues in ubiquitous computing , 1993, CACM.

[5]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Vivek Sarkar,et al.  Baring It All to Software: Raw Machines , 1997, Computer.

[8]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[9]  Silvana Castano,et al.  Global Viewing of Heterogeneous Data Sources , 2001, IEEE Trans. Knowl. Data Eng..

[10]  TRBAC: A temporal role-based access control model , 2001, ACM Trans. Inf. Syst. Secur..

[11]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[12]  Gregory D. Abowd,et al.  A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications , 2001, Hum. Comput. Interact..

[13]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[14]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[15]  Sandeep K. S. Gupta,et al.  Reconfigurable Context-Sensitive Middleware for Pervasive Computing , 2002, IEEE Pervasive Comput..

[16]  Ravi S. Sandhu,et al.  A model for attribute-based user-role assignment , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[17]  P. Nikander,et al.  A new Name Space for End-Points : Implementing secure Mobility and Multi-homing across the two versions of IP , 2003 .

[18]  Osmar R. Zaïane,et al.  Privacy Preserving Clustering by Data Transformation , 2010, J. Inf. Data Manag..

[19]  Tharam S. Dillon,et al.  Using Fuzzy Linguistic Representations to Provide Explanatory Semantics for Data Warehouses , 2003, IEEE Trans. Knowl. Data Eng..

[20]  Rossouw von Solms,et al.  A framework for the governance of information security , 2004, Comput. Secur..

[21]  Antonio Corradi,et al.  Context-based access control for ubiquitous service provisioning , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[22]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[23]  David W. Roberts,et al.  Ordination on the basis of fuzzy set theory , 1986, Vegetatio.

[24]  Tao Gu,et al.  Ontology based context modeling and reasoning using OWL , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[25]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[26]  Axel Kern,et al.  Rule support for role-based access control , 2005, SACMAT '05.

[27]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[28]  Andrés Marín López,et al.  TrustAC: Trust-Based Access Control for Pervasive Devices , 2005, SPC.

[29]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[30]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[31]  Divesh Srivastava,et al.  Record linkage: similarity measures and algorithms , 2006, SIGMOD Conference.

[32]  Yeping He,et al.  Spatial Context in Role-Based Access Control , 2006, ICISC.

[33]  E. Chang,et al.  Trust and Reputation for Service-Oriented Environments: Technologies For Building Business Intelligence And Consumer Confidence , 2006 .

[34]  Stephen S. Yau,et al.  A Situation-aware Access Control based Privacy-Preserving Service Matchmaking Approach for Service-Oriented Architecture , 2007, IEEE International Conference on Web Services (ICWS 2007).

[35]  Jongin Lim,et al.  Dynamic Activation of Role on RBAC for Ubiquitous Applications , 2007, 2007 International Conference on Convergence Information Technology (ICCIT 2007).

[36]  Morteza Amini,et al.  Trust-Based User-Role Assignment in Role-Based Access Control , 2007, 2007 IEEE/ACS International Conference on Computer Systems and Applications.

[37]  Michel Gagnon,et al.  Ontology-based integration of data sources , 2007, 2007 10th International Conference on Information Fusion.

[38]  M. Damiani,et al.  GEO-RBAC , 2007, ACM Trans. Inf. Syst. Secur..

[39]  Shi Zhi-guo,et al.  A formal model for access control with supporting spatial context , 2007 .

[40]  Yücel Saygin,et al.  Distributed privacy preserving k-means clustering with additive secret sharing , 2008, PAIS '08.

[41]  Tharam S. Dillon,et al.  Web of Things as a Framework for Ubiquitous Intelligence and Computing , 2009, UIC.

[42]  Jadwiga Indulska,et al.  A survey of context modelling and reasoning techniques , 2010, Pervasive Mob. Comput..

[43]  Alasdair J. G. Gray,et al.  Enabling Ontology-Based Access to Streaming Data Sources , 2010, SEMWEB.

[44]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.

[45]  Fausto Giunchiglia,et al.  Relation-Based Access Control: An Access Control Model for Context-Aware Computing Environment , 2010, Wirel. Pers. Commun..

[46]  Divesh Srivastava,et al.  Record linkage with uniqueness constraints and erroneous values , 2010, Proc. VLDB Endow..

[47]  Klaus Wehrle,et al.  Modular context-aware access control for medical sensor networks , 2010, SACMAT '10.

[48]  Jun Zheng,et al.  Dynamic Role-Based Access Control Model , 2011, J. Softw..

[49]  Beng Chin Ooi,et al.  Online data fusion , 2011, Proc. VLDB Endow..

[50]  Rashaad E. T. Jones,et al.  Using fuzzy cognitive mapping techniques to model situation awareness for army infantry platoon leaders , 2011, Comput. Math. Organ. Theory.

[51]  Philip W. L. Fong,et al.  Relationship-based access control policies and their policy languages , 2011, SACMAT '11.

[52]  Claudio Bettini,et al.  OWL 2 modeling and reasoning with complex human activities , 2011, Pervasive Mob. Comput..

[53]  Guillermo Navarro-Arribas,et al.  Fuzzy Role-Based Access Control , 2011, Inf. Process. Lett..

[54]  Tharam S. Dillon,et al.  Web‐of‐things framework for cyber–physical systems , 2011, Concurr. Comput. Pract. Exp..

[55]  Tao Zhang,et al.  Vehicle Safety Communications - Protocols, Security, and Privacy , 2012, Wiley series on information and communication technology.

[56]  Ashwin Machanavajjhala,et al.  Entity Resolution: Theory, Practice & Open Challenges , 2012, Proc. VLDB Endow..

[57]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[58]  Jun Han,et al.  ICAF: A Context-Aware Framework for Access Control , 2012, ACISP.

[59]  Zekeriya Erkin,et al.  Privacy-preserving distributed clustering , 2013, EURASIP J. Inf. Secur..

[60]  Lifa Wu,et al.  Context-Aware Access Control Model for Cloud Computing , 2013 .

[61]  Mark Strembeck,et al.  Modelling context-aware RBAC models for mobile business processes , 2013, Int. J. Wirel. Mob. Comput..

[62]  Bernhard Mitschang,et al.  Policy4TOSCA: A Policy-Aware Cloud Service Provisioning Approach to Enable Secure Cloud Computing , 2013, OTM Conferences.

[63]  Jun Han,et al.  An Ontology-Based Approach to Context-Aware Access Control for Software Services , 2013, WISE.

[64]  Stephen S. Yau,et al.  Development of Situation-Aware Applications in Services and Cloud Computing Environments , 2013, Int. J. Softw. Informatics.

[65]  Lukas Malina,et al.  Efficient security solution for privacy-preserving cloud services , 2013, 2013 36th International Conference on Telecommunications and Signal Processing (TSP).

[66]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[67]  Jun Han,et al.  A Semantic Policy Framework for Context-Aware Access Control Applications , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[68]  Md. Saiful Islam,et al.  RelBOSS: A Relationship-Aware Access Control Framework for Software Services , 2014, OTM Conferences.

[69]  Jun Han,et al.  PO-SAAC: A Purpose-Oriented Situation-Aware Access Control Framework for Software Services , 2014, CAiSE.

[70]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[71]  Arkady B. Zaslavsky,et al.  Context Aware Computing for The Internet of Things: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[72]  Oliver Kopp,et al.  Policy-Aware Provisioning and Management of Cloud Applications , 2014 .

[73]  Antonio Pescapè,et al.  On the Integration of Cloud Computing and Internet of Things , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[74]  Joonsang Baek,et al.  A Secure Cloud Computing Based Framework for Big Data Information Management of Smart Grid , 2015, IEEE Transactions on Cloud Computing.

[75]  Jun Han,et al.  OntCAAC: An Ontology-Based Approach to Context-Aware Access Control for Software Services , 2015, Comput. J..

[76]  Dimitris Gritzalis,et al.  Access Control Issues in Utilizing Fog Computing for Transport Infrastructure , 2015, CRITIS.

[77]  Qun Li,et al.  Security and Privacy Issues of Fog Computing: A Survey , 2015, WASA.

[78]  Jun Han,et al.  An ontological framework for situation-aware access control of software services , 2015, Inf. Syst..

[79]  Elena Ferrari,et al.  Towards Virtual Private NoSQL datastores , 2016, 2016 IEEE 32nd International Conference on Data Engineering (ICDE).

[80]  Ivan Stojmenovic,et al.  An overview of Fog computing and its security issues , 2016, Concurr. Comput. Pract. Exp..

[81]  Ibrahim Khalil,et al.  A Practical Privacy-Preserving Recommender System , 2016, Data Science and Engineering.

[82]  Thanassis Tiropanis,et al.  PIOTRe: Personal Internet of Things Repository , 2016, International Semantic Web Conference.

[83]  Tomás Cerný,et al.  On security level usage in context-aware role-based access control , 2016, SAC.

[84]  Hella Kaffel Ben Ayed,et al.  Generic Access Control System for Ad Hoc MCC and Fog Computing , 2016, CANS.

[85]  Tao Zhang,et al.  Fog and IoT: An Overview of Research Opportunities , 2016, IEEE Internet of Things Journal.

[86]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[87]  Johan Lilius,et al.  A semantic security framework and context-aware role-based access control ontology for smart spaces , 2016, SBD '16.

[88]  Partha Pratim Ray,et al.  A survey of IoT cloud platforms , 2016 .

[89]  Elena Ferrari,et al.  Fine-Grained Access Control Within NoSQL Document-Oriented Datastores , 2016, Data Science and Engineering.

[90]  Runhua Xu,et al.  An Integrated Privacy Preserving Attribute Based Access Control Framework , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[91]  J. Wenny Rahayu,et al.  Context-Aware Access Control with Imprecise Context Characterization Through a Combined Fuzzy Logic and Ontology-Based Approach , 2017, OTM Conferences.

[92]  Leandros Maglaras,et al.  Security and Privacy in Fog Computing: Challenges , 2017, IEEE Access.

[93]  Ruben Mayer,et al.  Demo Abstract: Fog Computing for Improving User Application Interaction and Context Awareness , 2017, 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI).

[94]  Mike Hobbs,et al.  Schema Matching for Semi-structured and Linked Data , 2017, 2017 IEEE 11th International Conference on Semantic Computing (ICSC).

[95]  Cong Wang,et al.  Dynamic Data Operations with Deduplication in Privacy-Preserving Public Auditing for Secure Cloud Storage , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[96]  Ibrahim Khalil,et al.  Privacy-preserving anomaly detection in cloud with lightweight homomorphic encryption , 2017, J. Comput. Syst. Sci..

[97]  J. Wenny Rahayu,et al.  Accessing Data from Multiple Sources Through Context-Aware Access Control , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[98]  Franco Davoli,et al.  Move with Me: Scalably Keeping Virtual Objects Close to Users on the Move , 2018, 2018 IEEE International Conference on Communications (ICC).

[99]  Ibrahim Khalil,et al.  Designing Privacy-Preserving Protocols for Content Sharing and Aggregation in Content Centric Networking , 2018, IEEE Access.

[100]  Oliver Kopp,et al.  Modeling and Automated Execution of Application Deployment Tests , 2018, 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC).

[101]  J. Wenny Rahayu,et al.  An Ontology-Based Approach to Dynamic Contextual Role for Pervasive Access Control , 2018, 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA).

[102]  Robert John Walters,et al.  Fog Computing and the Internet of Things: A Review , 2018, Big Data Cogn. Comput..

[103]  Dongxi Liu,et al.  Privacy Preserving User Based Web Service Recommendations , 2018, IEEE Access.

[104]  Huaqun Wang,et al.  Anonymous Data Sharing Scheme in Public Cloud and Its Application in E-Health Record , 2018, IEEE Access.

[105]  Hongwei Liu,et al.  An efficient access control scheme with outsourcing capability and attribute update for fog computing , 2018, Future Gener. Comput. Syst..

[106]  Man Ho Au,et al.  Towards leakage-resilient fine-grained access control in fog computing , 2018, Future Gener. Comput. Syst..

[107]  J. Wenny Rahayu,et al.  A Policy Model and Framework for Context-Aware Access Control to Information Resources , 2017, ArXiv.

[108]  A. S. M. Kayes,et al.  This would work perfectly if it weren't for all the humans: Two factor authentication in late modern societies , 2019, First Monday.

[109]  Saioa Arrizabalaga,et al.  A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach , 2019, Sensors.

[110]  Iman Vakilinia,et al.  Privacy Preserving Cyber Threat Information Sharing and Learning for Cyber Defense , 2019, 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC).

[111]  Mritunjay Kumar Rai,et al.  Privacy Ensured ${e}$ -Healthcare for Fog-Enhanced IoT Based Applications , 2019, IEEE Access.

[112]  Tharam S. Dillon,et al.  Context-aware access control with imprecise context characterization for cloud-based data resources , 2019, Future Gener. Comput. Syst..

[113]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.

[114]  Romano Fantacci,et al.  False Data Detection for Fog and Internet of Things Networks , 2019, Sensors.

[115]  Frank Leymann,et al.  Deployment of Distributed Applications Across Public and Private Networks , 2019, 2019 IEEE 23rd International Enterprise Distributed Object Computing Conference (EDOC).

[116]  Paola Pierleoni,et al.  Amazon, Google and Microsoft Solutions for IoT: Architectures and a Performance Comparison , 2020, IEEE Access.

[117]  Kaoru Ota,et al.  Adaptive data and verified message disjoint security routing for gathering big data in energy harvesting networks , 2020, J. Parallel Distributed Comput..

[118]  Bo Jiang,et al.  Trust based energy efficient data collection with unmanned aerial vehicle in edge network , 2020, Trans. Emerg. Telecommun. Technol..

[119]  Xun Yi,et al.  Towards secure big data analytic for cloud-enabled applications with fully homomorphic encryption , 2020, J. Parallel Distributed Comput..

[120]  Tharam S. Dillon,et al.  Achieving security scalability and flexibility using Fog-Based Context-Aware Access Control , 2020, Future Gener. Comput. Syst..

[121]  M. Taylor,et al.  Public Interest, Health Research and Data Protection Law: Establishing a Legitimate Trade-Off between Individual Control and Research Access to Health Data , 2020, Laws.

[122]  Athanasios V. Vasilakos,et al.  An effective service-oriented networking management architecture for 5G-enabled internet of things , 2020, Comput. Networks.

[123]  Dongxi Liu,et al.  Privacy Preserving Location-Aware Personalized Web Service Recommendations , 2018, IEEE Transactions on Services Computing.

[124]  F. Leymann,et al.  Deployment Enforcement Rules for TOSCA-based Applications , 2022 .

[125]  F. Leymann,et al.  Protecting Deployment Models in Collaborative Cloud Application Development , 2022 .

[126]  Oliver Kopp,et al.  Secure Collaborative Development of Cloud Application Deployment Models , .

[127]  F. Leymann,et al.  Towards an Approach for Automatically Checking Compliance Rules in Deployment Models , 2022 .