An Access Control Model and Its Application in Blockchain

Access control technology is an important information security mechanism. At present, most of the database systems and enterprise information systems are role-based access control technologies, this rights management system has been running stably. However, due to the simple role access control, its flexibility and control granularity sometimes can't meet the requirements of actual access control. This paper proposes a secure access control model ARBACV1 based on RBACV1 combined with ABAC model, which is more flexible than RBACV1 and can perform fine-grained access control. The open transparency of data in the blockchain has caused people's high attention to data privacy protection issues[1]. A complete access control mechanism has not been provided in the Ethereum blockchain. To this end, according to the blockchain architecture, the proposed access control model ARBACV1 is applied to the blockchain through smart contracts, and the access of the blockchain users is controlled securely, and the code is written in Solidity language in Ethereum[2]. ARBACV1-based access control is implemented in blockchain.

[1]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[2]  Ralph Deters,et al.  Using REST based protocol to enable ABAC within IoT systems , 2016, 2016 IEEE 7th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON).

[3]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[4]  Jing Li,et al.  An Authorization Management Approach in the Internet of Things , 2012 .

[5]  William C. Chu,et al.  Digital Asset Management with Distributed Permission over Blockchain and Attribute-Based Access Control , 2018, 2018 IEEE International Conference on Services Computing (SCC).

[6]  Ahmed Serhrouchni,et al.  Decentralized Access Control Mechanism with Temporal Dimension Based on Blockchain , 2017, 2017 IEEE 14th International Conference on e-Business Engineering (ICEBE).

[7]  Jianhua Li,et al.  A Fine-Grained Cross-Domain Access Control Mechanism for Social Internet of Things , 2014, 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops.

[8]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[9]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[10]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.