nach oben

World Wide Web

Erschienen in:

23.03.2021

Distributed attribute-based access control system using permissioned blockchain

verfasst von: Sara Rouhani, Rafael Belchior, Rui S. Cruz, Ralph Deters

Erschienen in: World Wide Web | Ausgabe 5/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Auditing provides essential security control in computer systems by keeping track of all access attempts, including both legitimate and illegal access attempts. This phase can be useful in the context of audits, where eventual misbehaving parties can be held accountable. Blockchain technology can provide the trusted auditability required for access control systems. In this paper, we propose a distributed Attribute-Based Access Control (ABAC) system based on blockchain to provide trusted auditing of access attempts. Besides auditability, our system presents a level of transparency that both access requesters and resource owners can benefit from it. We present a system architecture with an implementation based on Hyperledger Fabric, achieving high efficiency and low computational overhead. The proposed solution is validated through a use case of independent digital libraries. Detailed performance analysis of our implementation is presented, taking into account different consensus mechanisms and databases. The experimental evaluation shows that our presented system can effectively handle a transaction throughput of 270 transactions per second, with an average latency of 0.54 seconds per transaction.

Vorheriger Artikel Towards an attestation architecture for blockchain networks

Nächster Artikel Decentralized collaborative business process execution using blockchain

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

https://www.hyperledger.org/projects/fabric

https://www.hyperledger.org/projects/caliper

https://1ty.me/

www.ethereum.org

https://zookeeper.apache.org/

https://nodejs.org/en/

Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A content-based authorization model for digital libraries. IEEE Trans Know Data Eng 14(2), 296–315 (2002)CrossRef

Alansari, S., Paci, F., Sassone, V.: A distributed access control system for cloud federations. In: Distributed Computing Systems (ICDCS), 2017 IEEE 37th International Conference On, pp 2131–2136. IEEE (2017)

Anderson, A., Parducci, B., Carlisle Adams, E.: Oasis extensible access control markup language (xacml). Presentation to XML Community of Practice Architecture and Infrastructure Committee of the CIO Council (2006)

Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., Caro, A.D., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y., et al.: Hyperledger fabric: A distributed operating system for permissioned blockchains. In: Proceedings of the thirteenth EuroSys conference, pp 1–15 (2018)

Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: Using blockchain for medical data access and permission management. In: Proceedings - 2016 2nd International Conference on Open and Big Data OBD 2016, pp 25–30 (2016). https://doi.org/10.1109/OBD.2016.11

Belchior, R., Correia, M., Vasconcelos, A.: Justicechain: Using blockchain to protect justice logs. In: OTM Confederated International Conferences on the Move to Meaningful Internet Systems, pp 318–325. Springer (2019)

Belchior, R., Putz, B., Pernul, G., Correia, M., Vasconcelos, A., Guerreiro, S.: SSIBAC: Self-Sovereign identity based access control. In: The 3rd International Workshop on Blockchain Systems and Applications. IEEE (2020)

Belchior, R., Vasconcelos, A., Correia, M.: Towards secure, decentralized, and automatic audits with blockchain. In: European Conference on Information Systems (2020)

Belchior, R., Vasconcelos, A., Guerreiro, S., Correia, M.: A survey on blockchain interoperability: Past, present, and future trends. arXiv 1(1), 58 (2020). arXiv:2005.14282

10.

Bell, E.D., La Padula, J.L.: Secure computer system: Unified exposition and multics interpretation (1976)

11.

Bertino, E., Weigand, H.: An approach to authorization modeling in object-oriented database systems. Data Knowl Eng 12(1), 1–29 (1994)CrossRef

12.

Biba, K.: Integrity considerations for secure computer systems. Tech. rep., Bedford MA: Mitre Corporation (1977)

13.

Dagher, G.G., Mohler, J., Milojkovic, M., Marella, P.B.: Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Cities Soc 39(February), 283–297 (2018). https://doi.org/10.1016/j.scs.2018.02.014CrossRef

14.

Ding, S., Cao, J., Li, C., Fan, K., Li, H.: A novel attribute-based access control scheme using blockchain for iot. IEEE Access 7, 38431–38441 (2019)CrossRef

15.

Dukkipati, C., Zhang, Y., Cheng, L.C.: Decentralized, blockchain based access control framework for the heterogeneous internet of things. In: Proceedings of the Third ACM Workshop on Attribute-Based Access Control, pp 61–69. ACM (2018)

16.

Es-Samaali, H., Outchakoucht, A., Leroy, J.P.: A blockchain-based access control for big data. Int J Comput Netw Commun Secur 5(7), 137 (2017)

17.

Ferdous, M.S., Margheri, A., Paci, F., Yang, M., Sassone, V.: Decentralised runtime monitoring for access control systems in cloud federations. In: Distributed Computing Systems (ICDCS), 2017 IEEE 37th International Conference On, pp 2632–2633. IEEE (2017)

18.

Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: A proposed standard for Role-Based access control. ACM Trans. Inform. Syst. Secur. 4(3) (2001)

19.

Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7, 1–32 (1994)MathSciNetCrossRef

20.

Guo, H., Li, W., Nejad, M., Shen, C.C.: Access control for electronic health records with hybrid blockchain-edge architecture. arXiv:1906.01188(2019)

21.

Guo, H., Meamari, E., Shen, C.C.: Multi-authority attribute-based access control with smart contract. In: Proceedings of the 2019 International Conference on Blockchain Technology, pp 6–11. ACM (2019)

22.

Houtan, B., Hafid, A.S., Makrakis, D.: A survey on Blockchain-Based Self-Sovereign patient identity in healthcare. IEEE Access 8, 90478–90494 (2020)CrossRef

23.

Hu, S., Hou, L., Chen, G., Weng, J., Li, J.: Reputation-based distributed knowledge sharing system in blockchain. In: Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp 476–481. ACM (2018)

24.

Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K., et al.: Guide to attribute based access control (abac) definition and considerations (draft). NIST Spec. Publ. 800(162) (2013)

25.

Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Access control for emerging distributed systems. Computer 51(10), 100–103 (2018). https://doi.org/10.1109/MC.2018.3971347CrossRef

26.

Jemel, M., Serhrouchni, A.: Decentralized access control mechanism with temporal dimension based on blockchain. In: 2017 IEEE 14th International Conference on E-Business Engineering (ICEBE), pp 177–182. IEEE (2017)

27.

Khan, M.A., Salah, K.: Iot security: Review, blockchain solutions, and open challenges. Futur. Gener. Comput. Syst. 82, 395–411 (2018). https://doi.org/10.1016/j.future.2017.11.022CrossRef

28.

Kondova, G., Erbguth, J.: Self-sovereign identity on public blockchains and the gdpr 342–345 (2020)

29.

Kuo, T.T., Kim, H.E., Ohno-Machado, L.: Blockchain distributed ledger technologies for biomedical and health care applications. J. Am. Med. Inform. Assoc. 24(6), 1211–1220 (2017)CrossRef

30.

Lee, Y., Lee, K.M.: Blockchain-based rbac for user authentication with anonymity. In: Proceedings of the Conference on Research in Adaptive and Convergent Systems, pp 289–294. ACM (2019)

31.

López-Pintado, O., García-bañuelos, L., Dumas, M., Weber, I.: Caterpillar: A blockchain-based business process management system. In: Proceedings of the BPM Demo Track and BPM Dissertation Award co-located with 15th International Conference on Business Process Modeling (BPM 2017), Barcelona, Spain (2017)

32.

Lyu, Q., Qi, Y., Zhang, X., Liu, H., Wang, Q., Zheng, N.: Sbac: a secure blockchain-based access control framework for information-centric networking. J. Netw. Comput. Appl. 149, 102444 (2020)CrossRef

33.

Ma, M., Shi, G., Li, F.: Privacy-oriented blockchain-based distributed key management architecture for hierarchical access control in the iot scenario. IEEE Access 7, 34045–34059 (2019)CrossRef

34.

Maesa, D.D.F., Mori, P., Ricci, L.: Blockchain based access control. In: IFIP International Conference on Distributed Applications and Interoperable Systems, pp 206–220. Springer (2017)

35.

Maesa, D.D.F., Mori, P., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019)CrossRef

36.

Maryline, L., Nesrine, K., Christian, L.: A blockchain based access control scheme. In: Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, pp 168–176 (2018)

37.

Novo, O.: Blockchain meets iot: An architecture for scalable access management in IoT. IEEE Int. Things J. 5(2), 1184–1195 (2018). https://doi.org/10.1109/JIOT.2018.2812239CrossRef

38.

Novo, O.: Blockchain meets iot: an architecture for scalable access management in iot. IEEE Int. Things J. 5(2), 1184–1195 (2018)CrossRef

39.

Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: Fairaccess: A new blockchain-based access control framework for the internet of things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)CrossRef

40.

Outchakoucht, A., Hamza, E., Leroy, J.P.: Dynamic access control policy based on blockchain and machine learning for the internet of things. Int. J. Adv. Comput. Sci. Appl 8(7), 417–424 (2017)

41.

Paillisse, J., Subira, J., Lopez, A., Rodriguez-Natal, A., Ermagan, V., Maino, F., Cabellos, A.: Distributed access control with blockchain. arXiv:1901.03568 (2019)

42.

Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Annual International Cryptology Conference, pp 129–140. Springer (1991)

43.

Pinno, O.J.A., Grégio, A.R.A., De Bona, L.C.: Controlchain: a new stage on the iot access control authorization. Concur. Comput. Pract. Exper. e5238 (2019)

44.

Pourheidari, V., Rouhani, S., Deters, R.: A case study of execution of untrusted business process on permissioned blockchain. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (September), pp 1129–1136 (2018). https://doi.org/10.1109/Cybermatics

45.

Rajput, A.R., Li, Q., Ahvanooey, M.T., Masood, I.: Eacms: emergency access control management system for personal health record based on blockchain. IEEE Access 7, 84304–84317 (2019)CrossRef

46.

Rouhani, S., Butterworth, L., Simmons, A.D., Humphery, D.G., Deters, R., Medichain, TM: A secure decentralized medical data asset management system. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (September), pp 1129–1136 (2018). https://doi.org/10.1109/Cybermatics

47.

Rouhani, S., Deters, R.: Blockchain based access control systems: State of the art and challenges. In: IEEE/WIC/ACM International Conference on Web Intelligence, WI ’19, pp 423–428. ACM, New York (2019). https://doi.org/10.1145/3350546.3352561

48.

Rouhani, S., Deters, R.: Security, performance, and applications of smart contracts: A systematic survey. IEEE Access 7, 50759–50779 (2019). https://doi.org/10.1109/ACCESS.2019.2911031CrossRef

49.

Rouhani, S., Pourheidari, V., Deters, R.: Physical access control management system based on permissioned blockchain. In: 2018 IEEE International Conference on Internet of Things (Ithings) and IEEE Green Computing and Communications (Greencom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (Smartdata) (2019)

50.

Sandhu, R.S., Samarati, P.: Access control: Principle and practice. IEEE Commun. 32(9), 40–48 (1994)CrossRef

51.

Sporny, M., Longley, D., Chadwick, D.: Verifiable credentials data model 1.0. https://www.w3.org/TR/vc-data-model/ (2020)

52.

TO Group: ArchiMate®;3.0 Specification. Van Haren Publishing, Netherlands (2016)

53.

W3C: Decentralized identifiers (DIDs) v1.0. https://w3c.github.io/did-core/ (2020)

54.

Wang, F., De Filippi, P.: Self-Sovereign Identity in a globalized world: Credentials-Based identity systems as a driver for economic inclusion. Front. Blockchain 2, 28 (2020)CrossRef

55.

Wang, S., Zhang, Y., Zhang, Y.: A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access 6, 38437–38450 (2018). https://doi.org/10.1109/ACCESS.2018.2851611CrossRef

56.

Wang, S., Zhang, Y., Zhang, Y.: A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access 6, 38437–38450 (2018)CrossRef

57.

Weber, I., Xu, X., Riveret, R., Governatori, G., Ponomarev, A., Mendling, J.: Untrusted business process monitoring and execution using blockchain. In: International Conference on Business Process Management, pp 329–347. Springer (2016)

58.

Xia, Q., Sifah, E.B., Asamoah, K.O., Gao, J., Du, X., Guizani, M.: Medshare: Trust-less medical data sharing among cloud service providers via blockchain. IEEE Access 5, 14757–14767 (2017)CrossRef

59.

Xu, R., Chen, Y., Blasch, E., Chen, G.: Exploration of blockchain-enabled decentralized capability-based access control strategy for space situation awareness. Opt. Eng. 58(4), 041609 (2019)

60.

Yuan, E., Tong, J.: Attributed based access control (Abac) for Web services. In: IEEE International Conference on Web Services (ICWS’05). IEEE (2005)

61.

Zhang, X., Poslad, S.: Blockchain support for flexible queries with granular access control to electronic medical records (Emr). In: 2018 IEEE International Conference on Communications (ICC), pp 1–6. IEEE (2018)

62.

63.

Zhang, Y., Kasahara, S., Shen, Y., Jiang, X.: Jianxiongwan: Smart contract-based access control for the internet of things. IEEE Int. Things J. 6(2), 1594–1605 (2019)CrossRef

64.

Zhu, Y., Qin, Y., Gan, G., Shuai, Y., Chu, W., Cheng, C.: TBAC: Transaction-Based access control on blockchain for resource sharing with cryptographically decentralized authorization. Proc. Int. Comput. Softw. Appl. Conf. 1, 535–544 (2018). https://doi.org/10.1109/COMPSAC.2018.00083

65.

Zhu, Y., Qin, Y., Gan, G., Shuai, Y., Chu, W.C.C.: Tbac: Transaction-based access control on blockchain for resource sharing with cryptographically decentralized authorization. In: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp 535–544. IEEE (2018)

66.

Zyskind, G., Nathan, O., Pentland, A.S.: Decentralizing privacy: Using blockchain to protect personal data. In: IEEE Security and Privacy Workshops, pp 180–184 (2015)

Titel: Distributed attribute-based access control system using permissioned blockchain
verfasst von: Sara Rouhani
Rafael Belchior
Rui S. Cruz
Ralph Deters
Publikationsdatum: 23.03.2021
Verlag: Springer US
Erschienen in: World Wide Web / Ausgabe 5/2021
Print ISSN: 1386-145X
Elektronische ISSN: 1573-1413
DOI: https://doi.org/10.1007/s11280-021-00874-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 5/2021

A block-based generative model for attributed network embedding

Decentralized collaborative business process execution using blockchain

Path-enhanced explainable recommendation with knowledge graphs

Efficient continual cohesive subgraph search in large temporal graphs

XChange: A Universal Mechanism for Asset Exchange between Permissioned Blockchains

Editor’s Note

Premium Partner