论文信息 - A blockchain based approach for the definition of auditable Access Control systems

A blockchain based approach for the definition of auditable Access Control systems

Abstract This work proposes to exploit blockchain technology to define Access Control systems that guarantee the auditability of access control policies evaluation. The key idea of our proposal is to codify attribute-based Access Control policies as smart contracts and deploy them on a blockchain, hence transforming the policy evaluation process into a completely distributed smart contract execution. Not only the policies, but also the attributes required for their evaluation are managed by smart contracts deployed on the blockchain. The auditability property derives from the immutability and transparency properties of blockchain technology. This paper not only presents the proposed Access Control system in general, but also its application to the innovative reference scenario where the resources to be protected are themselves smart contracts. To prove the feasibility of our approach, we present a reference implementation exploiting XACML policies and Solidity written smart contracts deployed on the Ethereum blockchain. Finally, we evaluate the system performances through a set of experimental results, and we discuss the advantages and drawbacks of our proposal.

[1] Cesare Pautasso,et al. A Taxonomy of Blockchain-Based Systems for Architecture Design , 2017, 2017 IEEE International Conference on Software Architecture (ICSA).

[2] Fabio Martinelli,et al. Usage Control on Cloud systems , 2016, Future Gener. Comput. Syst..

[3] Nn Van,et al. A Blockchain-based Access Control for Big Data , 2017 .

[4] Simon Duquennoy,et al. Towards Blockchain-based Auditable Storage and Sharing of IoT Data , 2017, CCSW.

[5] Laura Ricci,et al. Blockchain Based Access Control , 2017, DAIS.

[6] Francesco Longo,et al. Blockchain-Based IoT-Cloud Authorization and Delegation , 2018, 2018 IEEE International Conference on Smart Computing (SMARTCOMP).

[7] Craig Gentry,et al. A fully homomorphic encryption scheme , 2009 .

[8] Hajar Mousannif,et al. Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[9] Fabio Martinelli,et al. A Prototype for Enforcing Usage Control Policies Based on XACML , 2012, TrustBus.

[10] Ulrich Lang,et al. OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[11] Adi Shamir,et al. Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[12] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[13] David F. Ferraiolo,et al. Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[14] P. Samarati,et al. Access control: principle and practice , 1994, IEEE Communications Magazine.

[15] Alex Pentland,et al. Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[16] Elaine Shi,et al. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[17] Laura Ricci,et al. Detecting artificial behaviours in the Bitcoin users graph , 2017, Online Soc. Networks Media.

[18] Naoto Yanai,et al. RBAC-SC: Role-Based Access Control Using Smart Contract , 2018, IEEE Access.

[19] Anas Abou El Kalam,et al. FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[20] Eli Ben-Sasson,et al. Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[21] S A R A H M E I K L E J O H N,et al. A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[22] Hong Chen,et al. On the Security of Delegation in Access Control Systems , 2008, ESORICS.

[23] Fergal Reid,et al. An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[24] Danna Zhou,et al. d. , 1934, Microbial pathogenesis.

[25] Genshe Chen,et al. BlendCAC: A BLockchain-Enabled Decentralized Capability-Based Access Control for IoTs , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[26] Arthur Gervais,et al. Do you Need a Blockchain? , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[27] Marko Vukolic,et al. Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[28] Matthew Green,et al. Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[29] Laura Ricci,et al. Distributed Access Control Through Blockchain Technology , 2017, ERCIM News.

[30] Yunpeng Zhang,et al. Decentralized, BlockChain Based Access Control Framework for the Heterogeneous Internet of Things , 2018 .

[31] Craig Gentry,et al. Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[32] Yaling Zhang,et al. A Blockchain-Based Framework for Data Sharing With Fine-Grained Access Control in Decentralized Storage Systems , 2018, IEEE Access.

[33] Andreas Unterweger,et al. Lessons Learned from Implementing a Privacy-Preserving Smart Contract in Ethereum , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[34] Andrew Lippman,et al. MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[35] M. Sethumadhavan,et al. Survey of consensus protocols on blockchain applications , 2017, 2017 4th International Conference on Advanced Computing and Communication Systems (ICACCS).

[36] Praveen Gauravaram,et al. Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[37] Laura Ricci,et al. Blockchain Based Access Control Services , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[38] Bryan Ford,et al. Hidden in Plain Sight: Storing and Managing Secrets on a Public Ledger , 2018, IACR Cryptol. ePrint Arch..

[39] Shin Saito,et al. Study on Integrity and Privacy Requirements of Distributed Ledger Technologies , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[40] Christian Cachin,et al. Architecture of the Hyperledger Blockchain Fabric , 2016 .

[41] P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[42] Ravi Sandhu,et al. A Role-Based Delegation Model and Some Extensions , 2000 .

[43] Satoshi Nakamoto. Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[44] Fabio Martinelli,et al. Enhancing Java Security with History Based Access Control , 2007, FOSAD.

[45] Ruoyu Wu,et al. ACaaS: Access Control as a Service for IaaS Cloud , 2013, 2013 International Conference on Social Computing.

[46] Sergey Zapechnikov,et al. A blockchain-based access control system for cloud storage , 2018, 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).

[47] Xiaohong Jiang,et al. Smart Contract-Based Access Control for the Internet of Things , 2018, IEEE Internet of Things Journal.