Dear editor, As data are one of the most important factors of today’s intelligent systems but are relatively scarce, people try exchanging data with other organizations or public marketplaces. However, data exchange is now lack of a secure execution mechanism to automatically and fairly protect the rights which are seriously concerned by data owners. For instance, data owners cannot limit the identity of a data transferee who is banned to take the data by any way. Moreover, data transferees are also afraid that their applications for exchange may be unfairly treated. For instance, data owners could dynamically change data price when multiple transferees submit their applications at the same time. A data marketplace can take over the role of a trusted third party during data exchange, but single point failure is always a serious problem in a large-scale distributed system. Furthermore, these marketplaces usually use contracts based on natural languages which may be maliciously misinterpreted and cannot be automatically executed. Numerous researches have been presented to provide digital rights management (DRM) [1]. For instance, Zhu et al. [2] presented a privacypreserving video subscription scheme with the limitation of expire date. However, rights of data owners are more complex than rights of digital content owners. Decentralized and trustworthy enforcement for access control policies is a long-term issue. Han et al. [3] proposed an optimized mechanism which is a trusted and decentralized access control framework for the client/server architecture. These studies still need third party authorities which are used to execute or supervise the rights control, leading to a few trust and security issues. Existing studies [4] on attribute-based access control have been applied to many fields, such as e-commerce and Internet of Things. This article introduces attribute-based access control and proposes a secure framework for data exchange based on smart contracts (DESC) to enable automatic and fair access control. Featuring with decentralized, fair, transparent, immutable and traceable advantages, blockchain 2.0 [5] provides a generalized framework for implementing decentralized compute resources named smart contracts which define rights and policies in mathematical and programming forms. Once the predefined smart contract is triggered by a transaction, it can automatically execute the specific contractual clauses. To find out which data rights are seriously concerned by data owners, we investigate the DRM mechanisms and several data exchange platforms: GBDEX, national engineering lab for big data distribution and exchange technologies. Then,
[1]
Nathan Chenette,et al.
Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions
,
2011,
CRYPTO.
[2]
D. Richard Kuhn,et al.
Attribute-Based Access Control
,
2017,
Computer.
[3]
Zhaofeng Ma,et al.
Digital rights management: Model, technology and application
,
2017,
China Communications.
[4]
Tom Mens,et al.
The Ecology of Software Ecosystems
,
2015,
Computer.
[5]
Liehuang Zhu,et al.
A privacy-preserving video subscription scheme with the limitation of expire date
,
2016,
Science China Information Sciences.
[6]
Min Xu,et al.
A trusted decentralized access control framework for the client/server architecture
,
2010,
J. Netw. Comput. Appl..
[7]
Elaine Shi,et al.
Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts
,
2016,
2016 IEEE Symposium on Security and Privacy (SP).
[8]
Lorie M. Liebrock,et al.
Secure Communication via Shared Knowledge and a Salted Hash in Ad-Hoc Environments
,
2011,
2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.
[9]
Vitalik Buterin.
A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM
,
2015
.