A Privacy Risk Assessment Scheme for Fog Nodes in Access Control System

Abstract

In the fog computing, it is difficult to satisfy the security and privacy requirement for traditional access control system, such as attribute-based access control system. Risk-based access control system can adapt to the dynamic fog environment. However, the existing risk schemes are modeled for users in majority, not for fog nodes, and the context and privacy sensitivity are rarely considered. In this article, we propose a risk assessment scheme for fog nodes in access control system. Firstly, to improve the accuracy of risk score, the risk assessment is modeled with the subject, object, and context for fog nodes; Secondly, we address the risk assessment computing module for every component. Moreover, we depict system model for risk assessment and implement its prototype system risk assessment model. In the end, the reasonability and correctness of computing model are analyzed by proving and simulation. According to the experiments, the accuracy of risk score is higher than that of the work-based access control and dynamic access control for IoT. Therefore, the feasibility and effectiveness of this scheme are proved through the experiments.