| In fog computing,it is difficult to satisfy the security and privacy requirement for traditional access control model,such as Attribute-based Access Control and Role-based Access Control.Role-based Access Control model can adapt to the dynamic fog environment through updating the access control policies,according to the risk score.Therefore,this paper proposes a risk-based XACML access control model in fog computing.On the basis of this model,a risk assessment method and a privacy policy adaptive method are proposed to ensure the security of privacy data in fog computing.Firstly,an access control method based on risk assessment in fog computing is proposed to quantify the risk score of fog nodes.This method divides the risk score into two parts: subject threat(ST)and subject's threat expectation threat for object(ETO).ST is calculated by subject reputation,subject security uncertainty and subject security level.ETO is calculated by the access matrix,the context-dependent access cost and the probability that the subject damages the object.The result of experiment shows that the accuracy of risk score generated by this method is higher than that of the other two methods.Then,a risk-based privacy policy adaptive method in fog computing is proposed to generate privacy policies for fog nodes.The method determines the personal information collected by the API through the document analysis,and extracts the context information of calling the sensitive API according to the code static analysis,including personal information collector,condition information,information retention and information transmission,and finally generates the privacy policy adaptively for the fog node based on risk.The result of experiment shows that the privacy policy generated by the new method is more correct and more readable than the original one.Finally,this paper establish a risk-based XACML access control prototype system based on the above theories and methods,and realizes the application demonstration of Internet of Vehicles data.The prototype system is designed according to the functional requirements such as risk assessment method,privacy policy adaptive method and XACML node management,the application demonstration is implemented according to the traditional software development process.It verifies the possibility of the method and theory proposed in this paper,and shows the application effect of risk-based XACML access control system in the actual Internet of Vehicles scenario. |
PDF Full Text Request