A Dynamic Access Control Method for Fog Computing Based on Trust Value

doi:10.3969/j.issn.1671-1122.2020.04.008

Abstract

Abstract:

Fog computing is usually applied to industrial control, Internet of vehicles, intelligent medical and other real-time scenarios. These scenarios require dynamic, adaptive and low delay access control methods. Traditional access control methods are not suitable. This paper proposes a dynamic access control method based on trust value. This method extracts device behavior features from log files. And then calculates the trust value of active devices using machine learning models, while the trust value of inactive devices is calculated using grayscale method. The method proposed in this paper can not only realize fast and dynamic access control, but also can be easily migrated to multiple scenarios. The author have implemented the method based on equipment and data set provided by the research group.

Key words: fog computing, trust value, access control, machine learning

CLC Number:

TP309

DU Yifeng, GUO Yuanbo. A Dynamic Access Control Method for Fog Computing Based on Trust Value[J]. Netinfo Security, 2020, 20(4): 65-72.

Figures/Tables 7

References 18

[1]	VARGHESE B, BUYYA R.Next Generation Cloud Computing: New Trends and Research Directions[J]. Future Generation Computer Systems, 2018, 79(3): 849-861.
[2]	BONOMI F, MILITO R, et al.Fog Computing and Its Role in the Internet of Things[C]//SIGCOMM. 1st ACM Mobile Cloud Computing Workshop, August 17, 2012, Helsinki, Finland. New York: ACM, 2012: 13-16.
[3]	ZHANG Peiyun, ZHOU Mengchu, et al.Security and Trust Issues in Fog Computing: A Survey[J]. Future Generation Computer Systems, 2018, 88(5): 16-27.
[4]	PRASANTH A.Cloud Computing Services: A Survey[J]. International Journal of Computer Applications. 2012, 46(3): 25-29.
[5]	ZHAO Kai, GE Lina.A Survey on the Internet of Things Security[C]//IEEE. Ninth International Conference on Computational Intelligence and Security, December 14-15, 2013, E’Mei Mountain, Sichuan, China. Washington: IEEE, 2013: 663-667.
[6]	HOU Xueshi, LI Yong, et al.Vehicular Fog Computing: A Viewpoint of Vehicles as the Infrastructures[J]. IEEE Transactions on Vehicular Technology, 2016, 65(6): 3860-3873.
[7]	CAO Yu, HOU Peng, et al.Distributed Analytics and Edge Intelligence: Pervasive Health Monitoring at The Era of Fog Computing[C]//ACM. The 2015 Workshop on Mobile Big Data, June 21, 2015, Hangzhou, China. New York, USA: ACM, 2015: 43-48.
[8]	OKAY F Y, OZDEMIR S.A Fog Computing Based Smart Grid Model[C]//IEEE. 2016 International Symposium on Networks, Computers and Communications(ISNCC), May 11-13, 2016, Yasmine Hammamet, Tunisia. Washington, DC, USA: IEEE, 2016: 1-6.
[9]	ZHANG Peng, LIU J K, et al.A Survey on Access Control in Fog Computing[J]. IEEE Communications Magazine, 2018, 56(2): 144-149.
[10]	FANG Liang, YIN Lihua, GUO Yunchuan, et al.A Survey of Technologies in Attribute-Based Access Control Scheme[J]. Chinese Journal of Computers, 2017, 40(7): 1680-1698.
	房梁,殷丽华,郭云川,等.基于属性的访问控制关键技术研究综述[J].计算机学报,2017,40(7):1680-1698.
[11]	DSOUZA C, AHN G J, et al.Policy-Driven Security Management for Fog Computing: Preliminary Framework and A Case Study[C]//IEEE. 15th International Conference on Information Reuse and Integration(IEEE IRI 2014), Auguest 13-15, 2014, Redwood City, USA. Washington: IEEE, 2014: 16-23.
[12]	SALONIKIAS S, MAVRIDIS I, et al.Access Control Issues in Utilizing Fog Computing for Transport Infrastructure[C]//EU. The 10th International Conference on Critical Information Infrastructures Security, October 5-7, 2015, Berlin, Germany. Berlin: Springer, 2015: 15-26.
[13]	STOJMENOVIC I, WEN Sheng, et al.An Overview of Fog Computing and Its Security Issues[J]. Concurrency and Computation: Practice and Experience, 2016, 28(10): 2991-3005.
[14]	LI Fei, RAHULAMATHAVAN Y, et al.Robust Access Control Framework for Mobile Cloud Computing Network[J]. Computer Communications, 2015, 68(6): 61-72.
[15]	MOLLAH M B, AZAD M A K, et al. Secure Data Sharing and Searching at the Edge of Cloud-Assisted Internet of Things[J]. IEEE Cloud Computing, 2017, 4(1): 34-42.
[16]	ZAGHDOUDI B, AYED K B, et al.Generic Access Control System for Ad Hoc MCC and Fog Computing[C]//Springer. International Conference on Cryptology and Network Security, November 14-16, 2016, Milan, Italy. Berlin: Springer, 2016: 400-415.
[17]	JIA Weijia, ZHOU Xiaojie.Concepts, Issues, and Applications of Fog Computing[J]. Journal on Communications, 2018, 39(5): 153-165.
	贾维嘉,周小杰. 雾计算的概念,相关研究与应用[J]. 通信学报,2018,39(5):153-165.
[18]	GILMAN E.Zero Trust Networks: Building Systems in Untrusted Networks[M]. California: O’Reilly Media, 2017.

序号	标识	含义
1	BR	坏请求数量
2	BRR	坏请求比例
3	URR	未授权请求比例
4	FRR	禁止请求比例
5	NFRR	请求资源未找到比例
6	MNARR	请求方法不允许比例
7	RNSRR	请求范围不满足比例
8	TR	总请求数
9	DT_tn	t_n时间段内设备信任值
10	ADT_tn	截至t_n时间段设备平均信任值
11	DT_tn_-1	t_n-1时间段内设备信任值
12	ADT_tn_-1	截至t_n-1时间段设备平均信任值

设备平均信任值	设备信任等级	说明
ADT ≥ 80	1	可信设备
60 ≤ ADT<80	2	基本可信设备
0 < ADT < 60	3	低可信设备

	均方差	绝对误差	R方	训练时间/s
决策树回归	308.97	13.41	0.58	0.20
多元线性回归	107.35	8.27	0.86	0.20
SVM回归	109.98	8.38	0.85	0.21
KNN回归	127.66	9.12	0.83	0.20
随机森林回归	161.17	10.27	0.78	0.25
Adaboost回归	118.44	8.86	0.84	0.23
GBRT回归	143.95	9.62	0.81	0.25