Accessing Data from Multiple Sources Through Context-Aware Access Control
conference contributionposted on 10.11.2020, 03:17 by A S M Kayes, Johanna Rahayu, Tharam Dillon, E Chang
© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
With the proliferation of cloud-based data and services, accessing data from distributed cloud environments and consequently providing integrated results to the users has become a key challenge, often involving large processing overheads and administrative costs. The traditional, spatial, temporal and other context-sensitive access control models have been applied in different environments in order to access such data and information. Recently, fog-based access control models have also been introduced to overcome the latency and processing issues by moving the execution of application logic from the cloud-level to an intermediary-level through adding computational nodes at the edges of the networks. These existing access control models mostly have been used to access data from centralized sources. However, we have been encountering rapid changes in computing technologies over the last few years, and many organizations need to dynamically control context-sensitive access to cloud data resources from distributed environments. In this article, we propose a new generation of fog-based access control approach, combining the benefits of fog computing and context-sensitive access control solutions. We first formally introduce a general data model and its associated policy and mapping models, in order to access data from distributed cloud sources and to provide integrated results to the users. In particular, we present a unified set of fog-based access control policies with the aim of reducing administrative burdens and processing overheads. We then introduce a unified data ontology together with its reasoning capability by realizing our formal approach. We demonstrate the applicability of our proposal through a prototype testing and several case studies. Experiment results demonstrate the good performance of our approach with respect to our earlier context-sensitive access control approach.