Abstract
Blockchain technology with its non-centralized, transparent, trustful, traceable and tamper-resistant features draws more and more attention both in commercial and scientific area. Smart contracts and DApps (Decentralized Applications) are programs naturally running automatically on blockchain. Access control is a principle that regulates the access to critical resources. RBAC (Role based Access Control) is one of access control mechanisms and it involves three parts: user, role and permission, with their relations, corresponding to real business. However, traditional implementation of RBAC relies on centralized server which is in danger of being modified, invaded or a single point of failure. The paper proposes a decentralized and smart contract based RBAC model named SC-RBAC for DApps. It is developed by Ethereum’s Solidity and offers a strong compatibility with different DApps. The features of SC-RBAC associated with flexible interfaces, traceability and security enrich the community of DApps. The results of two experiments are discussed to evaluate the overheads of SC-RBAC model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., et al.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf. Accessed 11 May 2019
Ethereum Blockchain App Platform. https://ethereum.org/. Accessed 27 May 2019
Wood, G.: Ethereum: A secure decentralised generalised transaction ledger, Yellow Paper. https://ethereum.github.io/yellowpaper/paper.pdf. Accessed 27 May 2019
Solidity. https://solidity.readthedocs.io/en/develop/. Accessed 30 May 2019
Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. Computer 4(3), 554–563 (1992)
Moyer, M.J., Abamad, M.: Generalized role-based access control. In: Proceedings 21st International Conference on Distributed Computing Systems, pp. 391–398. IEEE (2001)
Ouaddah, A., Abou Elkalam, A., Ait, O.A.: FairAccess: a new blockchain based access control framework for the internet of things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)
Ramachandran, A., Kantarcioglu, D.: Using Blockchain and Smart Contracts for Secure Data Provenance Management. arXiv preprint arXiv:1709.10000 (2017)
Ouaddah, A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Rocha, Á., et al. (eds.) Europe and Mena Cooperation Advances in Information and Communication Technologies. AISC, vol. 520, pp. 523–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-46568-5_53
Outchakoucht, A., Hamza, E.S.S., Leroy, J.P.: Dynamic access control policy based on blockchain and machine learning for the internet of things. Int. J. Adv. Comput. Sci. Appl. 8(7), 417–424 (2017)
Di Francesco Maesa, D., Mori, P., Ricci, L.: Blockchain based access control. In: Chen, Lydia Y., Reiser, Hans P. (eds.) DAIS 2017. LNCS, vol. 10320, pp. 206–220. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59665-5_15
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things. IEEE Internet Things J. 1–11 (2018)
Ihle, C., Sanchez, O.: Smart contract-based role management on the blockchain. In: Abramowicz, W., Paschke, A. (eds.) BIS 2018. LNBIP, vol. 339, pp. 335–343. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-04849-5_30
Cruz, J.P., Kaji, Y., Yanai, N.: RBAC-SC: role-based access control using smart contract. IEEE Access 6, 12240–12251 (2018)
Ethereum Homestead Documentation. https://ethereum-homestead.readthedocs.io/en/latest/index.html. Accessed 30 May 2019
Go Ethereum. https://geth.ethereum.org/. Accessed 27 May 2019
The Go Programming Language. https://golang.google.cn/. Accessed 30 May 2019
Ethereum (ETH) Blockchain Explorer. https://etherscan.io/. Accessed 30 May 2019
Acknowledgment
This research presented is supported by Research Base Project of Beijing Municipal Social Science Foundation (No. 18JDGLB026), Science and Technique General Program of Beijing Municipal Commission of Education (No. KM201910037003), Project of 2018 “Shipei plan” of Beijing Wuzi University, and Beijing Intelligent Logistics System Collaborative Innovation Center (PXM2018_014214_000009).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ding, Y., Jin, J., Zhang, J., Wu, Z., Hu, K. (2019). SC-RBAC: A Smart Contract based RBAC Model for DApps. In: Milošević, D., Tang, Y., Zu, Q. (eds) Human Centered Computing. HCC 2019. Lecture Notes in Computer Science(), vol 11956. Springer, Cham. https://doi.org/10.1007/978-3-030-37429-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-37429-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37428-0
Online ISBN: 978-3-030-37429-7
eBook Packages: Computer ScienceComputer Science (R0)