Abstract
Access Control systems are a key resource in computer security to properly manage the access to digital resources. Blockchain technology, instead, is a novel technology to decentralise the control and management of a shared state, representing anything from a data repository to a distributed virtual machine. We propose to integrate traditional Access Control systems with blockchain technology to allow the combined system to inherit the desirable properties blockchain technology provides, mainly transparency and, consequently, auditability. Depending on the application scenario considered, for some systems it may not be desirable to employ a fully decentralised approach. As such, in this paper we outline how our proposal can be adapted to allow for the minimal possible integration of blockchain technology in a traditional Access Control system. In particular, we consider the scenario where Attribute Managers only may be managed on chain through smart contracts. We provide a proof of concept implementation based on Ethereum, and show its performance through experimental results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (2014)
OASIS: eXtensible Access Control Markup Language (XACML) version 3.0, January 2013
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151, 1–32 (2014)
Miller, A., LaViola Jr., J.J.: Anonymous byzantine consensus from moderately-hard puzzles: a model for bitcoin (2014). http://nakamotoinstitute.org/research/anonymous-byzantine-consensus
Di Francesco Maesa, D., Mori, P., Ricci, L.: Blockchain based access control services. In: IEEE International Symposium on Recent Advances on Blockchain and Its Applications (BlockchainApp), 2018 IEEE International Conference on Blockchain, pp. 1379–1386. IEEE (2018)
Di Francesco Maesa, D., Ricci, L., Mori, P.: Distributed access control through blockchain technology. Blockchain Eng. 31 (2017)
Di Francesco Maesa, D., Mori, P., Ricci, L.: Blockchain based access control. In: Chen, L.Y., Reiser, H.P. (eds.) DAIS 2017. LNCS, vol. 10320, pp. 206–220. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59665-5_15
Di Francesco Maesa, D., Mori, P., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019)
Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5(2), 1184–1195 (2018)
Dukkipati, C., Zhang, Y., Cheng, L.C.: Decentralized, blockchain based access control framework for the heterogeneous internet of things. In: Proceedings of the Third ACM Workshop on Attribute-Based Access Control, pp. 61–69. ACM (2018)
Tapas, N., Merlino, G., Longo, F.: Blockchain-based IoT-cloud authorization and delegation. In: 2018 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 411–416. IEEE (2018)
Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: Fairaccess: a new blockchain-based access control framework for the internet of things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)
Outchakoucht, A., Hamza, E., Leroy, J.P.: Dynamic access control policy based on blockchain and machine learning for the internet of things. Int. J. Adv. Comput. Sci. Appl. 8(7), 417–424 (2017)
Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: MedRec: using blockchain for medical data access and permission management. In: International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)
Dias, J.P., Reis, L., Ferreira, H.S., Martins, Â.: Blockchain for access control in e-health scenarios. arXiv preprint arXiv:1805.12267 (2018)
Dagher, G.G., Mohler, J., Milojkovic, M., Marella, P.B.: Ancile: privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain. Cities Soc. 39, 283–297 (2018)
Svenson, C.: Blockchain: using cryptocurrency with Java. Java Mag. 36–46 (2017)
Rinkeby Ethereum Testnet. https://github.com/ethereum/EIPs/issues/225. Accessed 15 Feb 2019
Infura - Scalable Blockchain Infrastructure. https://infura.io/. Accessed 15 Feb 2019
Carniani, E., D’Arenzo, D., Lazouski, A., Martinelli, F., Mori, P.: Usage control on cloud systems. Future Gen. Comput. Syst. 63(C), 37–55 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Di Francesco Maesa, D., Lunardelli, A., Mori, P., Ricci, L. (2019). Exploiting Blockchain Technology for Attribute Management in Access Control Systems. In: Djemame, K., Altmann, J., Bañares, J., Agmon Ben-Yehuda, O., Naldi, M. (eds) Economics of Grids, Clouds, Systems, and Services. GECON 2019. Lecture Notes in Computer Science(), vol 11819. Springer, Cham. https://doi.org/10.1007/978-3-030-36027-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-36027-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36026-9
Online ISBN: 978-3-030-36027-6
eBook Packages: Computer ScienceComputer Science (R0)