BFAC-CS: A Blockchain-Based Fine-Grained Access Control Scheme for Complex Scenarios

Abstract

Blockchain technology is becoming increasingly mature and has a great deal of research in a variety of industries. Because of its characteristics such as unalterable, decentralized and unforgeable, it has become a general trend that blockchain technology becomes the infrastructure of various technologies. Therefore, there are many studies on the application of blockchain combined with access control technology. Role-based access control (RBAC), as an important tool of system information management, has become a security solution recognized by many enterprises, but in many complex scenarios, the roles in the system will be more redundant, and the permissions between roles are likely to conflict. In order to solve the problems of RBAC, which is difficult to control the roles in complex scenarios and the role explosion caused by frequent creation and revocation of roles, and to manage the access permissions more finely without losing the comprehensibility of the system, we propose BFAC-CS, a blockchain-based access control scheme combining RBAC and ABAC, using smart contracts as a means to implement its entire framework. We designed three contracts to manage user’s role, attributes and permission. In this scheme, attributes are appended to user's role, so that in some complex scenarios, the creation and deletion of role will not be so frequent. Modifying the corresponding attributes of the role can achieve the purpose of changing the user's access permission, and the management of user’s permission is more detailed. We used Solidity to write these smart contracts and deployed them on test network for testing, and evaluated the cost and security of the whole scheme.