Access Control in Fog Computing: Challenges and Research Agenda

Fog computing is an intermediate computing layer that has emerged to address the latency issues of cloud-based Internet of things (IoT) environments. As a result, new forms of security and privacy threats are emerging. These threats are mainly due to the huge number of sensors, as well as the enormous amount of data generated in IoT environments that needs to be processed in real time. These sensors send data to the cloud through the fog computing layer, creating an additional layer of vulnerabilities. In addition, the cloud by nature is vulnerable because cloud services can be located in different geographical locations and provided by multiple service providers. Moreover, cloud services can be hybrid and public, which exposes them to risks due to their infinite number of anonymous users. Access control (AC) is one of the essential prevention measures to protect data and services in computing environments. Many AC models have been implemented by researchers from academia and industry to address the problems associated with data breaches in pervasive computing environments. However, the question of which AC model(s) should be used to prevent unauthorized access to data remains. The selection of AC models for cloud-based IoT environments is highly dependent on the application requirements and how the AC models can impact the computation overhead. In this paper, we survey the features and challenges of AC models in the fog computing environment. We also discuss the diversity of different AC models. This survey provides the reader with state-of-the-art practices in the field of fog computing AC and helps to identify the existing gaps within the field.