Skip to main content
Log in

Distributed attribute-based access control system using permissioned blockchain

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

Auditing provides essential security control in computer systems by keeping track of all access attempts, including both legitimate and illegal access attempts. This phase can be useful in the context of audits, where eventual misbehaving parties can be held accountable. Blockchain technology can provide the trusted auditability required for access control systems. In this paper, we propose a distributed Attribute-Based Access Control (ABAC) system based on blockchain to provide trusted auditing of access attempts. Besides auditability, our system presents a level of transparency that both access requesters and resource owners can benefit from it. We present a system architecture with an implementation based on Hyperledger Fabric, achieving high efficiency and low computational overhead. The proposed solution is validated through a use case of independent digital libraries. Detailed performance analysis of our implementation is presented, taking into account different consensus mechanisms and databases. The experimental evaluation shows that our presented system can effectively handle a transaction throughput of 270 transactions per second, with an average latency of 0.54 seconds per transaction.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Notes

  1. https://www.hyperledger.org/projects/fabric

  2. https://www.hyperledger.org/projects/caliper

  3. https://1ty.me/

  4. www.ethereum.org

  5. https://zookeeper.apache.org/

  6. https://nodejs.org/en/

References

  1. Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A content-based authorization model for digital libraries. IEEE Trans Know Data Eng 14(2), 296–315 (2002)

    Article  Google Scholar 

  2. Alansari, S., Paci, F., Sassone, V.: A distributed access control system for cloud federations. In: Distributed Computing Systems (ICDCS), 2017 IEEE 37th International Conference On, pp 2131–2136. IEEE (2017)

  3. Anderson, A., Parducci, B., Carlisle Adams, E.: Oasis extensible access control markup language (xacml). Presentation to XML Community of Practice Architecture and Infrastructure Committee of the CIO Council (2006)

  4. Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., Caro, A.D., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y., et al.: Hyperledger fabric: A distributed operating system for permissioned blockchains. In: Proceedings of the thirteenth EuroSys conference, pp 1–15 (2018)

  5. Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: Using blockchain for medical data access and permission management. In: Proceedings - 2016 2nd International Conference on Open and Big Data OBD 2016, pp 25–30 (2016). https://doi.org/10.1109/OBD.2016.11

  6. Belchior, R., Correia, M., Vasconcelos, A.: Justicechain: Using blockchain to protect justice logs. In: OTM Confederated International Conferences on the Move to Meaningful Internet Systems, pp 318–325. Springer (2019)

  7. Belchior, R., Putz, B., Pernul, G., Correia, M., Vasconcelos, A., Guerreiro, S.: SSIBAC: Self-Sovereign identity based access control. In: The 3rd International Workshop on Blockchain Systems and Applications. IEEE (2020)

  8. Belchior, R., Vasconcelos, A., Correia, M.: Towards secure, decentralized, and automatic audits with blockchain. In: European Conference on Information Systems (2020)

  9. Belchior, R., Vasconcelos, A., Guerreiro, S., Correia, M.: A survey on blockchain interoperability: Past, present, and future trends. arXiv 1(1), 58 (2020). arXiv:2005.14282

    Google Scholar 

  10. Bell, E.D., La Padula, J.L.: Secure computer system: Unified exposition and multics interpretation (1976)

  11. Bertino, E., Weigand, H.: An approach to authorization modeling in object-oriented database systems. Data Knowl Eng 12(1), 1–29 (1994)

    Article  Google Scholar 

  12. Biba, K.: Integrity considerations for secure computer systems. Tech. rep., Bedford MA: Mitre Corporation (1977)

  13. Dagher, G.G., Mohler, J., Milojkovic, M., Marella, P.B.: Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Cities Soc 39(February), 283–297 (2018). https://doi.org/10.1016/j.scs.2018.02.014

    Article  Google Scholar 

  14. Ding, S., Cao, J., Li, C., Fan, K., Li, H.: A novel attribute-based access control scheme using blockchain for iot. IEEE Access 7, 38431–38441 (2019)

    Article  Google Scholar 

  15. Dukkipati, C., Zhang, Y., Cheng, L.C.: Decentralized, blockchain based access control framework for the heterogeneous internet of things. In: Proceedings of the Third ACM Workshop on Attribute-Based Access Control, pp 61–69. ACM (2018)

  16. Es-Samaali, H., Outchakoucht, A., Leroy, J.P.: A blockchain-based access control for big data. Int J Comput Netw Commun Secur 5(7), 137 (2017)

    Google Scholar 

  17. Ferdous, M.S., Margheri, A., Paci, F., Yang, M., Sassone, V.: Decentralised runtime monitoring for access control systems in cloud federations. In: Distributed Computing Systems (ICDCS), 2017 IEEE 37th International Conference On, pp 2632–2633. IEEE (2017)

  18. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: A proposed standard for Role-Based access control. ACM Trans. Inform. Syst. Secur. 4(3) (2001)

  19. Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7, 1–32 (1994)

    Article  MathSciNet  Google Scholar 

  20. Guo, H., Li, W., Nejad, M., Shen, C.C.: Access control for electronic health records with hybrid blockchain-edge architecture. arXiv:1906.01188(2019)

  21. Guo, H., Meamari, E., Shen, C.C.: Multi-authority attribute-based access control with smart contract. In: Proceedings of the 2019 International Conference on Blockchain Technology, pp 6–11. ACM (2019)

  22. Houtan, B., Hafid, A.S., Makrakis, D.: A survey on Blockchain-Based Self-Sovereign patient identity in healthcare. IEEE Access 8, 90478–90494 (2020)

    Article  Google Scholar 

  23. Hu, S., Hou, L., Chen, G., Weng, J., Li, J.: Reputation-based distributed knowledge sharing system in blockchain. In: Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp 476–481. ACM (2018)

  24. Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K., et al.: Guide to attribute based access control (abac) definition and considerations (draft). NIST Spec. Publ. 800(162) (2013)

  25. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Access control for emerging distributed systems. Computer 51(10), 100–103 (2018). https://doi.org/10.1109/MC.2018.3971347

    Article  Google Scholar 

  26. Jemel, M., Serhrouchni, A.: Decentralized access control mechanism with temporal dimension based on blockchain. In: 2017 IEEE 14th International Conference on E-Business Engineering (ICEBE), pp 177–182. IEEE (2017)

  27. Khan, M.A., Salah, K.: Iot security: Review, blockchain solutions, and open challenges. Futur. Gener. Comput. Syst. 82, 395–411 (2018). https://doi.org/10.1016/j.future.2017.11.022

    Article  Google Scholar 

  28. Kondova, G., Erbguth, J.: Self-sovereign identity on public blockchains and the gdpr 342–345 (2020)

  29. Kuo, T.T., Kim, H.E., Ohno-Machado, L.: Blockchain distributed ledger technologies for biomedical and health care applications. J. Am. Med. Inform. Assoc. 24(6), 1211–1220 (2017)

    Article  Google Scholar 

  30. Lee, Y., Lee, K.M.: Blockchain-based rbac for user authentication with anonymity. In: Proceedings of the Conference on Research in Adaptive and Convergent Systems, pp 289–294. ACM (2019)

  31. López-Pintado, O., García-bañuelos, L., Dumas, M., Weber, I.: Caterpillar: A blockchain-based business process management system. In: Proceedings of the BPM Demo Track and BPM Dissertation Award co-located with 15th International Conference on Business Process Modeling (BPM 2017), Barcelona, Spain (2017)

  32. Lyu, Q., Qi, Y., Zhang, X., Liu, H., Wang, Q., Zheng, N.: Sbac: a secure blockchain-based access control framework for information-centric networking. J. Netw. Comput. Appl. 149, 102444 (2020)

    Article  Google Scholar 

  33. Ma, M., Shi, G., Li, F.: Privacy-oriented blockchain-based distributed key management architecture for hierarchical access control in the iot scenario. IEEE Access 7, 34045–34059 (2019)

    Article  Google Scholar 

  34. Maesa, D.D.F., Mori, P., Ricci, L.: Blockchain based access control. In: IFIP International Conference on Distributed Applications and Interoperable Systems, pp 206–220. Springer (2017)

  35. Maesa, D.D.F., Mori, P., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019)

    Article  Google Scholar 

  36. Maryline, L., Nesrine, K., Christian, L.: A blockchain based access control scheme. In: Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, pp 168–176 (2018)

  37. Novo, O.: Blockchain meets iot: An architecture for scalable access management in IoT. IEEE Int. Things J. 5(2), 1184–1195 (2018). https://doi.org/10.1109/JIOT.2018.2812239

    Article  Google Scholar 

  38. Novo, O.: Blockchain meets iot: an architecture for scalable access management in iot. IEEE Int. Things J. 5(2), 1184–1195 (2018)

    Article  Google Scholar 

  39. Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: Fairaccess: A new blockchain-based access control framework for the internet of things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)

    Article  Google Scholar 

  40. Outchakoucht, A., Hamza, E., Leroy, J.P.: Dynamic access control policy based on blockchain and machine learning for the internet of things. Int. J. Adv. Comput. Sci. Appl 8(7), 417–424 (2017)

    Google Scholar 

  41. Paillisse, J., Subira, J., Lopez, A., Rodriguez-Natal, A., Ermagan, V., Maino, F., Cabellos, A.: Distributed access control with blockchain. arXiv:1901.03568 (2019)

  42. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Annual International Cryptology Conference, pp 129–140. Springer (1991)

  43. Pinno, O.J.A., Grégio, A.R.A., De Bona, L.C.: Controlchain: a new stage on the iot access control authorization. Concur. Comput. Pract. Exper. e5238 (2019)

  44. Pourheidari, V., Rouhani, S., Deters, R.: A case study of execution of untrusted business process on permissioned blockchain. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (September), pp 1129–1136 (2018). https://doi.org/10.1109/Cybermatics

  45. Rajput, A.R., Li, Q., Ahvanooey, M.T., Masood, I.: Eacms: emergency access control management system for personal health record based on blockchain. IEEE Access 7, 84304–84317 (2019)

    Article  Google Scholar 

  46. Rouhani, S., Butterworth, L., Simmons, A.D., Humphery, D.G., Deters, R., Medichain, TM: A secure decentralized medical data asset management system. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (September), pp 1129–1136 (2018). https://doi.org/10.1109/Cybermatics

  47. Rouhani, S., Deters, R.: Blockchain based access control systems: State of the art and challenges. In: IEEE/WIC/ACM International Conference on Web Intelligence, WI ’19, pp 423–428. ACM, New York (2019). https://doi.org/10.1145/3350546.3352561

  48. Rouhani, S., Deters, R.: Security, performance, and applications of smart contracts: A systematic survey. IEEE Access 7, 50759–50779 (2019). https://doi.org/10.1109/ACCESS.2019.2911031

    Article  Google Scholar 

  49. Rouhani, S., Pourheidari, V., Deters, R.: Physical access control management system based on permissioned blockchain. In: 2018 IEEE International Conference on Internet of Things (Ithings) and IEEE Green Computing and Communications (Greencom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (Smartdata) (2019)

  50. Sandhu, R.S., Samarati, P.: Access control: Principle and practice. IEEE Commun. 32(9), 40–48 (1994)

    Article  Google Scholar 

  51. Sporny, M., Longley, D., Chadwick, D.: Verifiable credentials data model 1.0. https://www.w3.org/TR/vc-data-model/ (2020)

  52. TO Group: ArchiMate®;3.0 Specification. Van Haren Publishing, Netherlands (2016)

    Google Scholar 

  53. W3C: Decentralized identifiers (DIDs) v1.0. https://w3c.github.io/did-core/ (2020)

  54. Wang, F., De Filippi, P.: Self-Sovereign Identity in a globalized world: Credentials-Based identity systems as a driver for economic inclusion. Front. Blockchain 2, 28 (2020)

    Article  Google Scholar 

  55. Wang, S., Zhang, Y., Zhang, Y.: A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access 6, 38437–38450 (2018). https://doi.org/10.1109/ACCESS.2018.2851611

    Article  Google Scholar 

  56. Wang, S., Zhang, Y., Zhang, Y.: A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access 6, 38437–38450 (2018)

    Article  Google Scholar 

  57. Weber, I., Xu, X., Riveret, R., Governatori, G., Ponomarev, A., Mendling, J.: Untrusted business process monitoring and execution using blockchain. In: International Conference on Business Process Management, pp 329–347. Springer (2016)

  58. Xia, Q., Sifah, E.B., Asamoah, K.O., Gao, J., Du, X., Guizani, M.: Medshare: Trust-less medical data sharing among cloud service providers via blockchain. IEEE Access 5, 14757–14767 (2017)

    Article  Google Scholar 

  59. Xu, R., Chen, Y., Blasch, E., Chen, G.: Exploration of blockchain-enabled decentralized capability-based access control strategy for space situation awareness. Opt. Eng. 58(4), 041609 (2019)

    Google Scholar 

  60. Yuan, E., Tong, J.: Attributed based access control (Abac) for Web services. In: IEEE International Conference on Web Services (ICWS’05). IEEE (2005)

  61. Zhang, X., Poslad, S.: Blockchain support for flexible queries with granular access control to electronic medical records (Emr). In: 2018 IEEE International Conference on Communications (ICC), pp 1–6. IEEE (2018)

  62. Zhang, X., Poslad, S.: Blockchain support for flexible queries with granular access control to electronic medical records (Emr). In: 2018 IEEE International Conference on Communications (ICC), pp 1–6. IEEE (2018)

  63. Zhang, Y., Kasahara, S., Shen, Y., Jiang, X.: Jianxiongwan: Smart contract-based access control for the internet of things. IEEE Int. Things J. 6(2), 1594–1605 (2019)

    Article  Google Scholar 

  64. Zhu, Y., Qin, Y., Gan, G., Shuai, Y., Chu, W., Cheng, C.: TBAC: Transaction-Based access control on blockchain for resource sharing with cryptographically decentralized authorization. Proc. Int. Comput. Softw. Appl. Conf. 1, 535–544 (2018). https://doi.org/10.1109/COMPSAC.2018.00083

    Google Scholar 

  65. Zhu, Y., Qin, Y., Gan, G., Shuai, Y., Chu, W.C.C.: Tbac: Transaction-based access control on blockchain for resource sharing with cryptographically decentralized authorization. In: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp 535–544. IEEE (2018)

  66. Zyskind, G., Nathan, O., Pentland, A.S.: Decentralizing privacy: Using blockchain to protect personal data. In: IEEE Security and Privacy Workshops, pp 180–184 (2015)

Download references

Acknowledgements

This research is supported by the Linux Foundation in the context of the Hyperledger Fabric Based Access Control Project.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sara Rouhani.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article belongs to the Topical Collection: Special Issue on Emerging Blockchain Applications and Technology

Guest Editors: Rui Zhang, C. Mohan, and Ermyas Abebe

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rouhani, S., Belchior, R., Cruz, R.S. et al. Distributed attribute-based access control system using permissioned blockchain. World Wide Web 24, 1617–1644 (2021). https://doi.org/10.1007/s11280-021-00874-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-021-00874-7

Keywords

Navigation