A Privacy Risk Assessment Scheme for Fog Nodes in Access Control System

• Published in: IEEE transactions on reliability Vol. 71; no. 4; pp. 1513 - 1526
• Main Authors: Ke, Changbo, Wu, Jiayu, Xiao, Fu, Huang, Zhiqiu, Meng, Yunfei
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.12.2022; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Access control; Accuracy; Cloud computing; Context; Control systems; Data privacy; Fog computing; Insurance; Nodes; Privacy; privacy risk assessment; Random access memory; reputation score; Risk assessment; Risk management; risk-based access control; Security; Sensitivity; subject security level
• ISSN: 0018-9529; 1558-1721
• DOI: 10.1109/TR.2021.3103906

In the fog computing, it is difficult to satisfy the security and privacy requirement for traditional access control system, such as attribute-based access control system. Risk-based access control system can adapt to the dynamic fog environment. However, the existing risk schemes are modeled for users in majority, not for fog nodes, and the context and privacy sensitivity are rarely considered. In this article, we propose a risk assessment scheme for fog nodes in access control system. Firstly, to improve the accuracy of risk score, the risk assessment is modeled with the subject, object, and context for fog nodes; Secondly, we address the risk assessment computing module for every component. Moreover, we depict system model for risk assessment and implement its prototype system risk assessment model. In the end, the reasonability and correctness of computing model are analyzed by proving and simulation. According to the experiments, the accuracy of risk score is higher than that of the work-based access control and dynamic access control for IoT. Therefore, the feasibility and effectiveness of this scheme are proved through the experiments.