A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues

A S M Kayes,Iqbal H Sarker,Shahriar Badsha,Indika Kumara,Md Saiful Islam,Rudri Kalaria,Paul A Watters,Alex Ng,Mohammad Hammoudeh

doi:10.3390/s20092464

Abstract

Over the last few decades, the proliferation of the Internet of Things (IoT) has produced an overwhelming flow of data and services, which has shifted the access control paradigm from a fixed desktop environment to dynamic cloud environments. Fog computing is associated with a new access control paradigm to reduce the overhead costs by moving the execution of application logic from the centre of the cloud data sources to the periphery of the IoT-oriented sensor networks. Indeed, accessing information and data resources from a variety of IoT sources has been plagued with inherent problems such as data heterogeneity, privacy, security and computational overheads. This paper presents an extensive survey of security, privacy and access control research, while highlighting several specific concerns in a wide range of contextual conditions (e.g., spatial, temporal and environmental contexts) which are gaining a lot of momentum in the area of industrial sensor and cloud networks. We present different taxonomies, such as contextual conditions and authorization models, based on the key issues in this area and discuss the existing context-sensitive access control approaches to tackle the aforementioned issues. With the aim of reducing administrative and computational overheads in the IoT sensor networks, we propose a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework, combining the benefits of the cloud, IoT and context-aware computing; and ensuring proper access control and security at the edge of the end-devices. Our goal is not only to control context-sensitive access to data resources in the cloud, but also to move the execution of an application logic from the cloud-level to an intermediary-level where necessary, through adding computational nodes at the edge of the IoT sensor network. A discussion of some open research issues pertaining to context-sensitive access control to data resources is provided, including several real-world case studies. We conclude the paper with an in-depth analysis of the research challenges that have not been adequately addressed in the literature and highlight directions for future work that has not been well aligned with currently available research.

Highlights

Computer security is a very complex phenomenon in today’s environments, like the cloud-basedInternet of things (IoTs) [1], where different users interact with each other, and the infection of one creates risk for another
We have introduced a family of Context-Aware role-based Access Control (CAAC) approaches [6,7,8,10] to facilitate access control to data resources based on the wide range of contextual conditions
Due to the latency and processing overheads involved in managing and accessing such big data from distributed cloud data centres, currently, the organizations have been seeking appropriate access control solutions. They want to make the best use of such data, while on the other hand, they want to meet the privacy and security requirements of the different stakeholders. The result of this is the appearance of a clear gap between the existing context-aware access control (CAAC) mechanisms and the capacity of such traditional Context-Aware Access Control (CAAC) solutions to manage and control information and data resources in the cloud

Summary

Introduction

Computer security is a very complex phenomenon in today’s environments, like the cloud-basedInternet of things (IoTs) [1], where different users interact with each other, and the infection of one creates risk for another. Access control [2] is a fundamental aspect of computer security that is directly contributing to the traditional privacy and security principles of confidentiality, integrity and availability (CIA) [3] These CIA security characteristics are very restricted in such dynamic environments. Users involved in the IoT-based scenarios often need to access data and information resources beyond that which may normally be associated with their given roles. This has created the need for a new approach to context-aware access control and the concomitant triggering of relevant contexts [6–

Objectives

Discussion

Conclusion