A trustworthy access control model for mobile cloud computing based on reputation and mechanism design

Mobile cloud computing (MCC) is an emerging technology that has gained ever-increasing popularity, which makes the generation and large-scale collection of private personal data possible. However, new security issues arise when MCC offers big data analytics and management services. In particular, there is an absence of fine-grained secure access control model to protect privacy information from unauthorized access, especially launched by internal malicious nodes with legal identity and authority. To fill the gap, this paper proposes a reputation and mechanism design based trustworthy access control model (RMTAC) to provide secure and privacy-aware big data access control in MCC. The RMTAC integrates the access control scheme with Vickrey–Clark–Groves (VCG) based adaptive reputation mechanism (VARM), the distributedmulti-level security scheme and the hierarchical keymanagement protocol to provide secure and privacy-aware access control and defend against the internal attacks. Simulation results demonstrate the superior performance of the VARM in terms of utility, effective recommendation rate, and accuracy rate compared to the existing reputation mechanisms. Moreover, the RMTAC shows better performance in terms of success rate of malicious access and successful acceptance rate compared to the role-based encryption access control model (RBE) mechanism, in the presence of collusion attacks, bad mouthing attacks and information disclosure attacks. © 2015 Elsevier B.V. All rights reserved.