Auditing provides essential security control in computer systems by keeping track of all access attempts, including both legitimate and illegal access attempts. This phase can be useful in the context of audits, where eventual misbehaving parties can be held accountable. Blockchain technology can provide the trusted auditability required for access control systems. In this paper, we propose a distributed Attribute-Based Access Control (ABAC) system based on blockchain to provide trusted auditing of access attempts. Besides auditability, our system presents a level of transparency that both access requesters and resource owners can benefit from it. We present a system architecture with an implementation based on Hyperledger Fabric, achieving high efficiency and low computational overhead. The proposed solution is validated through a use case of independent digital libraries. Detailed performance analysis of our implementation is presented, taking into account different consensus mechanisms and databases. The experimental evaluation shows that our presented system can effectively handle a transaction throughput of 270 transactions per second, with an average latency of 0.54 seconds per transaction.

审核通过跟踪所有访问尝试（包括合法和非法访问尝试），在计算机系统中提供了基本的安全控制。在审核过程中，此阶段可能会很有用，因为在审核过程中，行为不当的最终当事人可以被追究责任。区块链技术可以提供访问控制系统所需的受信任的可审计性。在本文中，我们提出了一种基于区块链的分布式基于属性的访问控制（ABAC）系统，以提供对访问尝试的可信审核。除了可审核性之外，我们的系统还具有一定的透明度，访问请求者和资源所有者都可以从中受益。我们提出了一种基于Hyperledger Fabric的实现的系统架构，实现了高效率和低计算开销。所提出的解决方案通过独立数字图书馆的使用案例进行了验证。考虑到不同的共识机制和数据库，将对我们的实施进行详细的性能分析。实验评估表明，我们提出的系统可以有效地处理每秒270个事务的事务吞吐量，每个事务的平均延迟为0.54秒。