Context-aware access control with imprecise context characterization for cloud-based data resources

Abstract

Computing technologies are increasingly dynamic and ubiquitous in everyday life nowadays. Context information plays a crucial role in such dynamically changing environments and the different types of contextual conditions bring new challenges to context-sensitive access control. This information mostly can be derived from the crisp sets. For example, we can utilize a crisp set to derive a patient and nurse are co-located in the general ward of the hospital or not. Some of the context information characterizations cannot be made using crisp sets, however, they are equally important in order to make access control decisions. Towards this end, this article proposes an approach to Context-Aware Access Control using Fuzzy logic (FCAAC) for data and information resources. We introduce a formal context model to represent the fuzzy and other contextual conditions. We also introduce a formal policy model to specify the policies by utilizing these conditions. Using our formal approach, we combine the fuzzy model with an ontology-based approach that captures such contextual conditions and incorporates them into the policies, utilizing the ontology languages and the fuzzy logic-based reasoning. We introduce a unified data ontology and its associated mapping ontology in terms of facilitating access control to cloud-based data resources. We justify the feasibility of our approach by demonstrating the practicality through a prototype implementation, several healthcare case studies and a usability study. Finally, we demonstrate an experimental evaluation in terms of query response time. The experiment results demonstrate the satisfactory performance of our proposed FCAAC approach.