This work proposes to exploit blockchain technology to define Access Control systems that guarantee the auditability of access control policies evaluation. The key idea of our proposal is to codify attribute-based Access Control policies as smart contracts and deploy them on a blockchain, hence transforming the policy evaluation process into a completely distributed smart contract execution. Not only the policies, but also the attributes required for their evaluation are managed by smart contracts deployed on the blockchain. The auditability property derives from the immutability and transparency properties of blockchain technology. This paper not only presents the proposed Access Control system in general, but also its application to the innovative reference scenario where the resources to be protected are themselves smart contracts. To prove the feasibility of our approach, we present a reference implementation exploiting XACML policies and Solidity written smart contracts deployed on the Ethereum blockchain. Finally, we evaluate the system performances through a set of experimental results, and we discuss the advantages and drawbacks of our proposal.
A blockchain based approach for the definition of auditable Access Control systems
Di Francesco Maesa D.;Mori P.;Ricci L.
2019-01-01
Abstract
This work proposes to exploit blockchain technology to define Access Control systems that guarantee the auditability of access control policies evaluation. The key idea of our proposal is to codify attribute-based Access Control policies as smart contracts and deploy them on a blockchain, hence transforming the policy evaluation process into a completely distributed smart contract execution. Not only the policies, but also the attributes required for their evaluation are managed by smart contracts deployed on the blockchain. The auditability property derives from the immutability and transparency properties of blockchain technology. This paper not only presents the proposed Access Control system in general, but also its application to the innovative reference scenario where the resources to be protected are themselves smart contracts. To prove the feasibility of our approach, we present a reference implementation exploiting XACML policies and Solidity written smart contracts deployed on the Ethereum blockchain. Finally, we evaluate the system performances through a set of experimental results, and we discuss the advantages and drawbacks of our proposal.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.