Trust and risk issue in distributed environments represent today an important research topic. Access Control Systems are mainly used in security to control access to resources. Access control policies are used to express the rights of users to access resources. In this paper, the Blockchain is used as a tool for location-aware Role-based access control system to provide dynamic and auditable access control policies. In the proposed approach, user-role relationships are publicly visible on the Blockchain. On the other hand, the resource owners send transactions to the Blockchain to manage the relationship between roles and permissions. The location server is associated with an Ethereum account which monitors the location information of the users and dynamically changes the active role of the user by sending transaction to the LRBAC smart contract. The proposed approach achieves auditability, preventing the data provider or third parties from falsely denying the access rights granted by RBAC policies. We deployed the RBAC smart contract on the Ethereum Rinkeby testnet and the experimental results show that the proposed approach is feasible.
Context-Aware and Dynamic Role-Based Access Control Using Blockchain
Guidi B.;Baiardi F.;Ricci L.
2020-01-01
Abstract
Trust and risk issue in distributed environments represent today an important research topic. Access Control Systems are mainly used in security to control access to resources. Access control policies are used to express the rights of users to access resources. In this paper, the Blockchain is used as a tool for location-aware Role-based access control system to provide dynamic and auditable access control policies. In the proposed approach, user-role relationships are publicly visible on the Blockchain. On the other hand, the resource owners send transactions to the Blockchain to manage the relationship between roles and permissions. The location server is associated with an Ethereum account which monitors the location information of the users and dynamically changes the active role of the user by sending transaction to the LRBAC smart contract. The proposed approach achieves auditability, preventing the data provider or third parties from falsely denying the access rights granted by RBAC policies. We deployed the RBAC smart contract on the Ethereum Rinkeby testnet and the experimental results show that the proposed approach is feasible.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
