Dynamic Role-Based Access Control for Decentralized Applications

2019

Access Control systems are a key resource in computer security to properly manage the access to digital resources. Blockchain technology, instead, is a novel technology to decentralise the control and management of a shared state, representing anything from a data repository to a distributed virtual machine. We propose to integrate traditional Access Control systems with blockchain technology to allow the combined system to inherit the desirable properties blockchain technology provides, mainly transparency and, consequently, auditability. Depending on the application scenario considered, for some systems it may not be desirable to employ a fully decentralised approach. As such, in this paper we outline how our proposal can be adapted to allow for the minimal possible integration of blockchain technology in a traditional Access Control system. In particular, we consider the scenario where Attribute Managers only may be managed on chain through smart contracts. We provide a proof of ...

Wireless Networks, 2019

In distributed environment, a digital transaction or operation requires transparency and trust among multiple stakeholders. Several approches address such issues however, among these blockchain provides a viable solution which has received wide acceptance in the recent past. Permissioned blockchain solutions adopt more efficient consensus algorithms and smart contracts. There are many smart-contract solutions exists (such as, etherium, IBM blockchain, hyperledger fabric), however, much of them mainly follow traditional access control models. A role-based access control model provides controlled access of resources to members. This research work presents an extended usage control model known as DistU (Distributed Usage Control). DistU is proposed to capture all possible access control models required by a business for permissioned blockchain frameworks. DistU can monitor a resource continuously during the operation and update the attributes accordingly, performing different actions, such as denying or revoking permissions. We believe that the proposed DistU usage control model can provide a fine-grained control for blockchain resource management. The paper also contributes to provide a protoype implementation of fine-grained permission model on Hyperledger Fabric. The reason of selecting Fabric for this research is that, it is the first execute-order achitecture blockchain that provides a platform to develop general business applciations. Secondly, it is an opensource operating system of permissioned blockchain with huge industry support.

2010

This paper proposes a trusted decentralized access control (TDAC) framework for the client/server architecture. As the fundamental principle, TDAC enforces access control policies at the client side and protects sensitive objects at the server side by leveraging trusted computing technologies. Compared with the previous work of Sandhu and Zhang (2005), TDAC uses fewer requirements for trusted components. To implement TDAC, we design a private trusted reference monitor that runs at the client side, evaluates an access control request, and signs a temporary access control credential for a client application trustworthily; we also design a master reference monitor that runs at the server side, evaluates the request from the client application only according to the temporary access control credential. As a typical application, TDAC can protect client's private context data in subject-context aware access control.

International Journal of Computing Techniques, 2025

This paper presents a blockchain-based security system designed for secure identity management and access control, integrating smart contracts and decentralized file storage. Traditional identity systems rely heavily on centralized architectures, which are prone to data breaches, tampering, and unauthorized access [1], [2]. To address these limitations, the proposed system leverages Ethereum smart contracts to enforce role-based access control and utilizes the InterPlanetary File System (IPFS) to store files with verifiable integrity through content addressing [3], [4]. A Flask-based backend interfaces with both blockchain and IPFS layers, while a responsive frontend built with HTML and Bootstrap provides intuitive interaction for users and administrators. Unlike conventional blockchain solutions that require browser extensions or wallet setup, this system internally manages wallet creation and blockchain transactions, enabling seamless registration, authorization, and file submission. Users are assigned roles that determine access privileges, and all actions-such as file uploads and role changes-are immutably logged on the blockchain. The system is fully deployable on local infrastructure using Ganache and IPFS Desktop, making it ideal for academic environments, secure intranet applications, and proof-of-concept deployments. The results demonstrate that blockchain and IPFS can be combined effectively to deliver a secure, auditable, and decentralized identity management system with minimal deployment complexity.

IACR Cryptology ePrint Archive, 2020

Access Control or authorization is referred to as the confinement of specific actions of an entity to perform an action. Blockchain driven access control mechanisms have gained considerable attention since applications for blockchain were found beyond the premises of cryptocurrencies. However, there are no systematic efforts to analyze existing empirical evidence. To this end, we aim to synthesize literature to understand the state-of-the-art in blockchain driven access control mechanisms with respect to underlying platforms, utilized blockchain properties, nature of the models and associated testbeds & tools. We conducted the review in a systematic way. Meta Analysis and thematic synthesis was performed on the findings and results from the relevant primary studies in order to answer the research questions in perspective. We identified 76 relevant primary studies passing the quality assessment. A number of problems like single point of failure, security, privacy etc were targeted by the relevant primary studies. The meta analysis suggests the use of different blockchain platforms, several application domains and different utilized blockchain properties. In this paper, we present a systematic literature review of blockchain driven access con

Cyber Security and Applications, 2023

Access Control is a crucial defense mechanism organizations can deploy to meet modern cybersecurity needs and legal compliance with data privacy. The aim is to prevent unauthorized users and systems from accessing protected resources in a way that exceeds their permissions. The present survey aims to summarize state-of-the-art Access Control techniques, presenting recent research trends in this area. Moreover, as the cyber-attack landscape and zero-trust networking challenges require organizations to consider their Information Security management strategies carefully, in this study, we present a review of contemporary Access Control techniques and technologies being discussed in the literature and the various innovations and evolution of the technology. We also discuss adopting and applying different Access Control techniques and technologies in four upcoming and crucial domains: Cloud Computing, Blockchain, the Internet of Things, and Software-Defined Networking. Finally, we discuss the business adoption strategies for Access Control and how the technology can be integrated into a cybersecurity and network architecture strategy.

Distributed Applications and Interoperable Systems

Access Control systems are used in computer security to regulate the access to critical or valuable resources. The rights of subjects to access such resources are typically expressed through access control policies, which are evaluated at access request time against the current access context. This paper proposes a new approach based on blockchain technology to publish the policies expressing the right to access a resource and to allow the distributed transfer of such right among users. In our proposed protocol the policies and the rights exchanges are publicly visible on the blockchain, consequently any user can know at any time the policy paired with a resource and the subjects who currently have the rights to access the resource. This solution allows distributed auditability, preventing a party from fraudulently denying the rights granted by an enforceable policy. We also show a possible working implementation based on XACML policies, deployed on the Bitcoin blockchain.

2020

As the first step in preserving system security, Authentication and Access Control (AAC) plays a vital role in all businesses. Recently, emerging the blockchain and smart contract technology has attracted significant scientific interest in research areas like authentication and access control processes. In the context of authentication and access control, blockchain can offer greater data and rule confidentiality and integrity, as well as increasing the availability of the system by removing the single point of failure in the procedure. To categorize and find the most important open problems in this research area, having a comprehensive review is crucial. To the best of our knowledge, for the first time in this survey, we aim to describe the current state of the art in deploying blockchain and smart contracts specifically in authentication and access control. Following an introduction to AAC and blockchain technology, we present a brief background of distributed ledger technology, a...

Journal of Internet Services and Applications, 2015

Cloud computing has become the focus of attention in the computing industry. However, security concerns still impede the widespread adoption of this technology. Most enterprises are particularly worried about the lack of control over their outsourced data, since the authentication and authorization systems of Cloud providers are generic and they cannot be easily adapted to the requirements of each individual enterprise. An adaptation process requires the creation of complex protocols, often leading to security problems and "lock-in" conditions. In this paper we present the design of a lightweight access control solution that overcomes these problems. With our solution access control is offered as a service by a third trusted party, the Access Control Provider. Access control as a service enhances end-user privacy, eliminates the need for developing complex adaptation protocols, and offers data owners flexibility to switch among Cloud providers, or to use multiple, different Cloud providers concurrently. As a proof of concept, we have implemented and incorporated our solution in the popular open-source Cloud stack OpenStack. Moreover, we have designed and implemented a Web application that enables the incorporation of our solution into Google Drive.

IEEE Access

The dramatic rise in internet-based service provisioning has highlighted the importance of deploying scalable access control methods, facilitating service authorization for eligible users. Existing centralized methods suffer from single-point-of-failure, low scalability, and high computational overhead. In addition, in these methods, users pay for the service provider as well as the network provider independently for a specific service, imposing extra cost for the user. New business models are needed to resolve such shortcomings. The realization of these models calls for sophisticated access control methods which consider the requirements of all parties who want to: 1) access a service; 2) provide that service; and 3) provide the network connection. Blockchain is an enabling technology that provides unprecedented opportunities to novel distributed access control methods for new business models. We propose an Attribute-based access control solution by leveraging Blockchain to share network providers' and service providers' resources. Our solution offers access flexibility based on the requirements of the parties while fulfilling reliability, accountability, and immutability. Besides, it decreases the overall service cost which is beneficial for each party. Our solution makes it possible for service providers to outsource their access control procedures without requiring a trusted third party. The experiments confirm that our solution can provide a fast, comprehensive, and scalable access control mechanism.