Recent years have witnessed, especially in Europe, a shift aimed at bringing users back at the center of digital systems. This has driven innovation towards the affirmation of decentralized systems, in line with the Self Sovereign Identity paradigm. User control over the consumption and disclosure of their data is a key topic of such drive. In this paper we show how it is possible to apply this increasingly popular concept to a traditionally centralized and opaque digital process: Access Control systems. To this aim we expand the XACML standard for Attribute Based Access Control systems with the novel concept of private attributes, i.e. attributes whose values should not be disclosed while still contributing to a policy evaluation result after user consent. Basing our proposal on blockchain systems, we show how to leverage smart contracts and zero knowledge proofs to allow for transparent policies evaluation without disclosing the value of such sensible attributes. Beside formalizing our goals, presenting the system architecture, and discussing its advantages and drawbacks with respect to the traditional model, we provide a reference example to show our proposal innovative capabilities and provide a prototype experimental evaluation to prove its feasibility.

Self sovereign and blockchain based access control: Supporting attributes privacy with zero knowledge

Di Francesco Maesa, Damiano;Lisi, Andrea;Ricci, Laura;Boschi, Gianluca
2023-01-01

Abstract

Recent years have witnessed, especially in Europe, a shift aimed at bringing users back at the center of digital systems. This has driven innovation towards the affirmation of decentralized systems, in line with the Self Sovereign Identity paradigm. User control over the consumption and disclosure of their data is a key topic of such drive. In this paper we show how it is possible to apply this increasingly popular concept to a traditionally centralized and opaque digital process: Access Control systems. To this aim we expand the XACML standard for Attribute Based Access Control systems with the novel concept of private attributes, i.e. attributes whose values should not be disclosed while still contributing to a policy evaluation result after user consent. Basing our proposal on blockchain systems, we show how to leverage smart contracts and zero knowledge proofs to allow for transparent policies evaluation without disclosing the value of such sensible attributes. Beside formalizing our goals, presenting the system architecture, and discussing its advantages and drawbacks with respect to the traditional model, we provide a reference example to show our proposal innovative capabilities and provide a prototype experimental evaluation to prove its feasibility.
2023
Di Francesco Maesa, Damiano; Lisi, Andrea; Mori, Paolo; Ricci, Laura; Boschi, Gianluca
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1240408
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 14
  • ???jsp.display-item.citation.isi??? 12
social impact