In the cyberspace environment, access control is one of the foremost fundamental safeguards used to prevent unauthorized access and to minimize the impact from security breaches. Fog computing preserves many benefits for the integration of both internet of things (IoT) and cloud computing platforms. Security in Fog computing environment remains a significant concern among practitioners from academia and industry. The current existing access control models, like the traditional Context-Aware Access Control (CAAC), are limited to access data from centralized sources, and not robust due to lack of semantics and cloud-based service. This major concern has not been addressed in the literature, also literature still lacks a practical solution to control fog data view from multiple sources.
This paper critically reviews and investigates the limitations of current fog-based access control. It considers the trade-off between latency and processing overheads which has not been thoroughly studied before. In this paper, a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework is proposed to enable flexible access control data from multiple sources. To fill the gap in the literature this paper introduces (i) a general data model and its associated mapping model to collate data from multiple sources. (ii) a data view model to provide an integrated result to the users, dealing with the privacy requirements of the associated stakeholders, (iii) a unified set of CAAC policies with an access controller to reduce both administrative and processing overheads, and (iv) a data ontology to represent the common classes in the relevant data sets. The applicability of FB-CAAC proposal is demonstrated via a walkthrough of the entire mechanism along with several case studies and a prototype testing. The results show the efficiency, flexibility, effectiveness, and practicality of FB-CAAC for data access control in fog computing environment.