In recent years, the design of effective authorization mechanisms for IoT and, in particular, for smart home applications has gained increasing attention from researchers and practitioners. However, very little attention is given to the performance evaluation of those authorization mechanisms. To fill this gap, this paper presents a thorough experimental evaluation of cloud- and edge-based access control mechanisms for smart home applications. We discuss the main architectural choices, namely (a) where the access control logic is deployed (in the cloud or the edge) and (b) how the attributes needed for policy evaluation are provided to the policy evaluation point and identify possible deployment models for cloud- and edge-based access control mechanisms. To study the impact of these choices on the performance of smart homes, we realized the identified deployment models within the IoT platforms offered by Amazon Web Services (AWS), namely AWS IoT and Greengrass, and empirically evaluate them using a smart lock system. Based on our experimental evaluation, we provide recommendations to both researchers and practitioners.

近年来，物联网，特别是智能家居应用的有效授权机制的设计越来越受到研究人员和从业人员的关注。然而，很少有人关注这些授权机制的性能评估。为了填补这一空白，本文对基于云和边缘的智能家居应用访问控制机制进行了全面的实验评估。我们讨论了主要的架构选择，即(a)访问控制逻辑的部署位置（在云端或边缘）和(b)如何将策略评估所需的属性提供给策略评估点，并为基于云和边缘的访问控制机制确定可能的部署模型。为了研究这些选择对智能家居性能的影响，我们在 Amazon Web Services (AWS) 提供的 IoT 平台内实现了已识别的部署模型，即 AWS IoT 和 Greengrass，并使用智能锁系统对它们进行了实证评估。根据我们的实验评估，我们向研究人员和从业者提供建议。