Skip to main content
Springer Nature Link
Log in

Decentralized Access Control for Secure Microservices Cooperation with Blockchain

  • Conference paper
  • First Online:
Network and System Security (NSS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13787))

Included in the following conference series:

  • 1394 Accesses

Abstract

The wide-spread cloud-native technologies have accelerated the flourish of large-scale and high-concurrency microservices today. However, due to the flexibility and complexity of cooperation procedure, it is difficult to realize high-efficient security management on these mircoservices. Traditional centralized access control has flaws of relying on a centralized third-party manager and single-point failure while decentralized mechanisms are suffering from the inconsistency of policies defined by different participants. This paper firstly proposes a practical decentralized access control framework and scheme for secure microservices cooperation based on the blockchain. In our scheme, we realize the separate management on the individualized access policy by vendors instead of a central authority. Secondly, we build a permission blockchain to maintain the consistency and integrity of the policies. Through the analysis and experiments, it shows that our solution gracefully eliminates policy differences while the update cost achieves nearly constant.

Supported by the Major Research plan of the National Natural Science Foundation of China (Grant No. 92167203), the National Key R &D Program of China (Grant No. 2018YFE0207600), Natural Science Basis Research Plan in Shaanxi Province of China (Grant No. 2022JM-338).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alohaly, M., Takabi, H., Blanco, E.: A deep learning approach for extracting attributes of ABAC policies. In: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 137–148 (2018)

    Google Scholar 

  2. Baker, S.B., Xiang, W., Atkinson, I.: Internet of things for smart healthcare: technologies, challenges, and opportunities. IEEE Access 5, 26521–26544 (2017)

    Article  Google Scholar 

  3. Gannon, D., Barga, R., Sundaresan, N.: Cloud-native applications. IEEE Cloud Comput. 4(5), 16–21 (2017)

    Article  Google Scholar 

  4. Islam, M.A., Madria, S.: A permissioned blockchain based access control system for IoT. In: 2019 IEEE International Conference on Blockchain (Blockchain), pp. 469–476. IEEE (2019)

    Google Scholar 

  5. Jan, B., Farman, H., Khan, M., Talha, M., Din, I.U.: Designing a smart transportation system: an internet of things and big data approach. IEEE Wirel. Commun. 26(4), 73–79 (2019). https://doi.org/10.1109/MWC.2019.1800512

    Article  Google Scholar 

  6. Keller, A., Ludwig, H.: The WSLA framework: specifying and monitoring service level agreements for web services. J. Netw. Syst. Manage. 11(1), 57–81 (2003)

    Article  Google Scholar 

  7. Li, X., Chen, Y., Lin, Z., Wang, X., Chen, J.H.: Automatic policy generation for \(\{\)Inter-Service\(\}\) access control of microservices. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3971–3988 (2021)

    Google Scholar 

  8. Lu, D., Huang, D., Walenstein, A., Medhi, D.: A secure microservice framework for IoT. In: 2017 IEEE Symposium on Service-Oriented System Engineering (SOSE), pp. 9–18. IEEE (2017)

    Google Scholar 

  9. Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: CHEX: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 229–240 (2012)

    Google Scholar 

  10. Neto, A.L.M., et al.: AoT: authentication and access control for the entire IoT device life-cycle. In: Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM, pp. 1–15 (2016)

    Google Scholar 

  11. Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: FairAccess: a new blockchain-based access control framework for the internet of things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)

    Article  Google Scholar 

  12. Pahl, M.O., Aubet, F.X., Liebald, S.: Graph-based IoT microservice security. In: NOMS 2018–2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–3. IEEE (2018)

    Google Scholar 

  13. Panno, D., Riolo, S.: A new centralized access control scheme for D2D-enabled mmWave networks. IEEE Access 7, 80697–80716 (2019)

    Article  Google Scholar 

  14. Preuveneers, D., Joosen, W.: Access control with delegated authorization policy evaluation for data-driven microservice workflows. Future Internet 9(4), 58 (2017)

    Article  Google Scholar 

  15. Preuveneers, D., Joosen, W.: Towards multi-party policy-based access control in federations of cloud and edge microservices. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 29–38. IEEE (2019)

    Google Scholar 

  16. Saadaoui, A., Scott, L.S.: Web services policy generation based on SLA requirements. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), pp. 146–154. IEEE (2017)

    Google Scholar 

  17. Solaimani, S., Keijzer-Broers, W., Bouwman, H.: What we do - and don’t - know about the smart home: an analysis of the smart home literature. Indoor Built Environ. 24(3), 370–383 (2015)

    Article  Google Scholar 

  18. Thwin, T.T., Vasupongayya, S.: Blockchain-based access control model to preserve privacy for personal health record systems. Secur. Commun. Netw. 2019, 1–15 (2019)

    Article  Google Scholar 

  19. Vince, T., Slavko, O.: Enhanced centralized access control system. In: 2019 IEEE International Conference on Modern Electrical and Energy Systems (MEES), pp. 474–477 (2019)

    Google Scholar 

  20. Vučinić, M., Tourancheau, B., Rousseau, F., Duda, A., Damon, L., Guizzetti, R.: OSCAR: object security architecture for the internet of things. Ad Hoc Netw. 32, 3–16 (2015)

    Article  Google Scholar 

  21. Wang, S., Zhang, Y., Zhang, Y.: A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access 6, 38437–38450 (2018)

    Article  Google Scholar 

  22. Xiang, C., et al.: Towards continuous access control validation and forensics. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 113–129 (2019)

    Google Scholar 

  23. Yu, L., Zhang, T., Luo, X., Xue, L., Chang, H.: Toward automatically generating privacy policy for Android apps. IEEE Trans. Inf. Forensics Secur. 12(4), 865–880 (2016)

    Article  Google Scholar 

  24. Zhang, Q., Wang, Y.: A centralized key management scheme for hierarchical access control, vol. 4, pp. 2067–2071 (2004)

    Google Scholar 

  25. Zhang, Z., Huang, G., Hu, S., Zhang, W., Wu, Y., Qin, Z.: FDO-ABE: a fully decentralized lightweight access control architecture for mobile edge computing. In: 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pp. 193–198. IEEE (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, China

    Ning Xi, Yajie Li & Jin Liu

Authors
  1. Ning Xi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yajie Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jin Liu .

Editor information

Editors and Affiliations

  1. Monash University, Clayton, VIC, Australia

    Xingliang Yuan

  2. The University of Queensland, Queensland, QLD, Australia

    Guangdong Bai

  3. University of Malaga, Málaga, Spain

    Cristina Alcaraz

  4. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xi, N., Li, Y., Liu, J. (2022). Decentralized Access Control for Secure Microservices Cooperation with Blockchain. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds) Network and System Security. NSS 2022. Lecture Notes in Computer Science, vol 13787. Springer, Cham. https://doi.org/10.1007/978-3-031-23020-2_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-23020-2_34

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-23019-6

  • Online ISBN: 978-3-031-23020-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics