Professional Documents
Culture Documents
Abstract—Access control technology is an important information data in these applications will be exposed to the public's vision,
security mechanism. At present, most of the database systems and and the application of the blockchain system to these scenarios
enterprise information systems are role-based access control will face enormous challenges. Each participating node can
technologies, this rights management system has been running analyze the transaction records, obtain the user's transaction data
stably. However, due to the simple role access control, its flexibility and private data, which will bring serious privacy leakage risks.
and control granularity sometimes can’t meet the requirements of Therefore, it is necessary to control the access in the blockchain.
actual access control. This paper proposes a secure access control This paper implements the encrypted storage of sensitive
model ARBACV1 based on RBACV1 combined with ABAC model,
information, at the same time, we introduce the access control
which is more flexible than RBACV1 and can perform fine-
model ARBACV1 into the blockchain to realize the rights
grained access control. The open transparency of data in the
blockchain has caused people's high attention to data privacy
management mechanism and combine the blocks. The
protection issues[1]. A complete access control mechanism has not characteristics of the data in the chain are difficult to tamper, and
been provided in the Ethereum blockchain. To this end, according the rights management log is recorded in the blockchain for
to the blockchain architecture, the proposed access control model review and forensics. The paper contributions are listed as
ARBACV1 is applied to the blockchain through smart contracts, follows.
and the access of the blockchain users is controlled securely, and 1. A security access control model ARBACV1 based on
the code is written in Solidity language in Ethereum[2].
RBAV1 combined with ABAC model is proposed. The model
ARBACV1-based access control is implemented in blockchain.
can first dynamically add access rights according to the needs of
Keywords-component; role access control, attribute access special users, Secondly, it can filter the role permissions
control, ARBACV1, blockchain, smart contract according to attribute information, which provides more
flexibility and more granular access control for the system.
Among them, the improvement of the RBAC model is
I. INTRODUCTION implemented and combined with the ABAC model, fine-grained
In the 1990s, the role-based access control model has been control of permissions to the assignment of roles based on the
studied continuously, since 1996, after Sandhu et al. proposed RBAC model.
the RBAC model[1], scholars proposed a series of improved
2. Through the smart contract as a bridge, the proposed
models based on this model, which makes the management users
access control model (ARBACV1) is integrated into the
have more convenient permissions, reduce the complexity of
Ethereum blockchain[3], and the smart contract is designed to
system rights management. More than 20 years later, the role-
implement functions such as role addition, role removal, role
based access control model still occupies more than half of the
judgment, role authorization, role revocation, and attribute
access control system.
control. This section can be used as an access control for any
With the continuous development of big data and cloud smart contract that integrates into the specific application using
computing, early role-based access control systems are the public part of Ethereum blockchain.
becoming larger and larger, and the amount of data increases,
and the maintenance cost of access control systems increases II. RELATED WORK
rapidly. When the user puts forward new permission
requirements, the original role-based access control system is In 1996, Sandhu et al. proposed a role-based access control
difficult to maintain, and the simple role access control, its model, the basic idea of the model is to bind permissions to roles
flexibility and control fine grain can’t meet the actual needs. and then assign roles to users. Once proposed, RBAC has been
With the deepening of the application of blockchain, although widely adopted because it facilitates the management of rights,
the blockchain can solve some security problems in the also has been a research hotspot of secure access control.
traditional system, all transaction data are transparent in all However, with the rise of Web services, role-based access
nodes. If the blockchain is applied to the management of medical control does not have fine-grained control permissions. In 2005,
data[2], credit data, personal identity and other data, the privacy Eric et al. proposed an attribute-based access control model for
Web services[4]. Based on the topic, object and environment
164
introducing Attributes-based access control(ABAC) to an entity, four major entity attributes to filter the corresponding
After the entity's( subject, object, resources, environment) permissions.
attributes are formalized, the user can filter the unsafe operation
rights according to their attributes, their status, and security level. IV. APPLICATION OF ARBACV1 IN ETHEREUM
The specific definition of the ABAC[11][12][13] model is given BLOCKCHAIN
below:
With the increasing popularity of blockchain applications,
privacy data is exposed to the public's view due to its open and
transparent nature. In this section, it is necessary to introduce
access control technology into the blockchain system. This
chapter will be simple. Introduce the basic concept of blockchain,
and then explain in detail the process of introducing the new
access control model ARBACV1 proposed in the previous
chapter into the blockchain.
A. Blockchain
A blockchain is a special structure consisting of blocks and
chains (data structures linked by hash pointers). Each of these
blocks has a hash pointer to the previous block. This hash pointer
is generated by hashing all relevant data in the previous block. If
A set of attributes that represent subjects, objects, and any value in the blockchain is as small as one bit change, the
environments. In general, whether a subject s can access an hash value of the block and the hash pointer of the subsequent
object in a specific environment is determined by a Boolean block will change. Therefore, this chain structure can achieve the
function of the subject, the object, and the environment attribute. purpose of data tampering and traceability.
Figure 4. Blockchain
165
in the blockchain by the administrator. The application ˄3˅ The Resource User initiates a request to access the shared
architecture is shown in Figure 5. In this application architecture, data to the blockchain through the smart contract
there are the following types of entities. (carrying the relevant role and attribute information).
˄4˅ After receiving the request, the smart contract
automatically executes the ARBACV1 access control
smart contract (execution role judgment, attribute
decision, etc.).
˄5˅ The result of the ARBACV1 smart contract script
execution returns information to the Resource User.
˄6˅ The Resource User receives the data returned and parses
the returned data. The data is parsed, if it is allowed, the
data is decrypted according to the returned key and the
access log event is stored in the blockchain. Otherwise,
the access is denied.
166
School.sol access control smart contracts provide users with [2] MEI Ying . “Block chain method research for secure storage of medical
authentication, authorization and auditing capabilities. First, records,[J]” Journal of Jiangxi Normal University(Natural
Science),2017,41(5):484-490.
addTeacherRoles and addStudentRoles function are provided to
[3] Ethereum White Paper. “A next-generation smart con- tract and
assign users for the role of teacher or student and can only be decentralized application platform [Online],” available:
added by the administrator (fine-grained attribute access control). https://github.com/ethereum/wiki/wiki/White- Paper, November 12, 2015
Secondly, tuition and scoring are provided by payFees, [4] Yuan E, Tong J. “Attributed Based Access Control (ABAC) for Web
gradeStudent function, by role judgment, payFees only Can be Services,” In: IEEE International Conference on Web Services. IEEE,
called by the student and the tuition fee must be equal to 8000 2005. [doi:10.1109/ICWS.2005.25]
eth (fine-grained attribute access control), gradeStudent can only [5] Bo Yu, XianQing Tai, ZhiJie Ma. “Research on RBAC Model Based on
be called by the teacher. Finally, using the blockchain design, Attribute and Trust in Cloud Computing Environment [J],” Computer
Engineering and Applications | Comput Eng Appl,2019:1901-0361
each transaction in the smart contract is permanently stored in
the blockchain, which is convenient for people to trace. [6] Mayssa Jemel, Ahmed Serhrouchni, “Decentralized Access Control
Mechanism with Temporal Dimension Based on Blockchain,” in 14th
International Conference on e-Business Engineering. IEEE, 2017, pp.177-
V. SUMMARY 182.
[7] Yan Zhu1∗, Yao Qin1, Zhiyuan Zhou1, Xiaoxu Song1, Guowei Liu2,
In this paper, an ARBACV1 access control model is William Cheng-Chung Chu3, “Digital Asset Management with
proposed and applied in the blockchain to solve the existing data Distributed Permission over Blockchain and Attribute-based Access
security problems in the open blockchain environment. By Control,” in Services Computing, International Conference on. IEEE,
improving the existing role access control model to achieve the 2018,pp.193-200.
assignment of role permissions and the allocation of special user [8] Ferraiolo DF, Kuhn DR. “Role-Based Access Controls,” Computer, 1992,
rights, combined with the widely used ABAC model, the access 4(3):554-563. [doi: 10.1007/978-1-4419-5906-5_829]
control operation is more flexible and finer. Finally, through the [9] Moyer M J, Abamad M. “Generalized Role-based Access Control,” In:
Proceedings 21st International Conference on Distributed Computing
unique smart contract script in the blockchain, it is more flexible Systems. IEEE, 2001: 391-398.[doi:10.1109/ICDSC.2001.918969]
and better to integrate the proposed access control framework [10] Bertino E, Bonatti P A, Ferrari E. “TRBAC: A Temporal Role-based
into the blockchain. The value of this work can be used as a Access Control Model,” ACM Transactions on Information and System
general access control scheme in the blockchain system, Security (TISSEC), New York, ACM, 2001, 4(3): 191-
developers do not need to pay attention to access control 233.[doi:10.1145/501978.501979]
framework, they only pay attention to the development of [11] Hemdi M, Deters R. “Using REST Based Protocol to enable ABAC within
business requirements. IoT Systems,” In: Information Technology, Electronics and Mobile
Communication Conference. IEEE, 2016. 1-7.
[doi:10.1109/IEMCON.2016.7746297]
ACKNOWLEDGMENT [12] Han Q, Li J. “An Authorization Management Approach in the Internet of
Things,” Journal of Information & Computational Science, 2012,
The work is supported by the Special Fund of Shanghai 9(6):1705-1713.
Municipal Commission of Economy and Informatization (Grant [13] Wu J, Dong M, Ota K, Pei B. “A Fine-Grained Cross-Domain Access
No.201801027), Shanghai Science and Technology Innovation Control Mechanism for Social Internet of Things,” In: Ubiquitous
Action Plan(Grant No.16JC1400803), Shanghai Informatization Intelligence and Computing, IEEE, 2014. 666-671. [doi:10.1109/UIC-
Development Fund Project(Grant No.XX-XXFZ-05-16-0139). ATC-ScalCom.2014.140]
[14] Sambit Nayak,Nanjangud C Narendra,Anshu .Saranyu: “Using Smart
Contracts and Blockchain for Cloud Tenant Management[C],” 2018 IEEE
REFERENCES 11th International Conference on Cloud Computing. IEEE,2018,pp,857-
[1] Sandhu RS, Coyne EJ, Feinstein HL,Youman CE. “Role-Based Access 861
Control Models,” Computer, 1996, 29(2):38-47. [doi: 10.1109/2.485845]
167