Dynamic Role-Based Access Control for Decentralized Applications

The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

The Network Access Control (NAC) management is a critical task, especially in current networks that are composed of many heterogeneous things (Internet of Things) connected to share data, resources and Internet access. The Software-Defined Networking (SDN) simplifies the network design and operation, and offers new opportunities (programmability, flexibility, dy-namicity, and standardization) to manage the network. Despite this, the access control management remains a challenge, once managing security policies involves dealing with a large set of access control rules, detecting conflicting policies, defining priorities, delegating rights, and reacting against network state changes and events. This work presents the HACFlow, a novel, autonomic, and policy-based framework for access control management in OpenFlow networks. HACFlow aims to simplify and automate the network management allowing network operators to govern rights of network entities by defining dynamic, fine-grained, and high-level access control policies. We analyzed the performance of HACFlow and compared it against related approaches.

The increasing popularity of peer to peer groups and the decentralized nature evolve the groups towards dynamism and self-organization. Dynamic groups like Wikipedia, F/OSS and other business communities motivate the need for dynamic multilevel access control. These self-organizing groups have special security requirements out of which Access Control mechanism is one of the essential security factors. Policy based access control mechanism is helpful in providing dynamism to the overall access control. The dynamic nature of peers joining and leaving and changing environment, increases the possibility of presence of malicious peers. To enable a group to survive one needs to tackle impact of malicious peers on the group performance. Paper includes a brief work on dynamic policy based access control and dynamic control on malicious peers. Simulation of the work is done in Peersim integrated with Prolog to test the framework in presence of static and dynamic access control.

Attribute-Based Access Control Using Smart Contracts for the Internet of Things

The integration between blockchains, Internet-of-Thing (IoT), and smart contracts is an emerging and promising technology. The advantages of this technology have raised the importance of Industrial Internet-of-Thing (IIoT) and have paved the pathway for “Industry 4.0.” Surprisingly, access control has received less attention in IIoTs. Though there are some solutions coming forward to use blockchains for IIoT to enable secure and resilient access control management, the challenge is to satisfy the low-latency requirements of IIoTs for validating and adding the blocks to the chain. Besides, role-based and rule-based access controls in the existing systems can be forged without organizational access controls and compliance. Therefore, we address these problems in this article. In the present work, we propose <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">DHACS</i> , a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Decentralized Hybrid Access Control for Smart contract</i> , for IIoTs. DHACS aims to provide transparency, reliability, and robustness to the existing access control mechanism in IIoTs. The framework is based on blockchain feasibilities that contribute to an interconnected hybrid access control through smart contract provision. It is a novel idea in the domain of IIoTs. We use three access control strategies, role-based, rule-based, and organization-based, to develop a hybrid approach for smart contract in DHACS. The operational transactions along with their access controls are accounted and blocks are made by the transaction pooler and block creator. We use a private blockchain environment; however, it can be extended to a public blockchain or consortium blockchain for geographical distributed dependency. We compare DHACS with three existing approaches in recent time. We measure the performance in terms of computational costs, storage complexity, and energy consumption. DHACS outperforms the others approaches and is considered to be efficient for IIoT applications with more than 30% better efficiency in access control management. To the best of our knowledge, DHACS is the first attempt to use decentralized blockchains with smart contract for hybrid access control in IIoTs.

Cross-organisation data sharing is challenging because all the involved organisations must agree on ’how’ and ’why’ the data is processed. Due to a lack of transparency, the organisations need to trust that others comply with the agreements and regulations. We propose to exploit blockchain and smart contracts technologies to define an Attribute-Based Access Control System for cross-organisation medical records sharing, coined SmartAccess. SmartAccess offers joint agreement over access policies and dynamic access control besides blockchain transparency and auditability. We leverage the Attribute-Based Access Control model to implement smart contracts.We deploy and test them on a private and permissioned blockchain, transforming the access control process into a distributed smart contract execution. This paper proposes the SmartAccess system and its application in two healthcare use cases. We introduce the threat model and perform a security analysis of the system. To demonstrate the feasibility of our proposal, we implement a proof-of-concept of the smart contracts, written in Solidity language, with a size-efficient policy representation, and analyse the complexity and scalability of the contracts’ functions. Furthermore, we present performance results, measuring the latency and throughput of the transactions to execute the access control functions with different blockchain network consensus setups. We also compare the performance of the SmartAccess system against two open-source Solidity implementations of smart contract-based access control, Role-based Access Control and Access Control List. Finally, we discuss the strengths and drawbacks of our proposal. SmartAccess requires the overhead of a decentralised system, but the trade-off is transparency, regulation compliance and auditability for complex cross-organisation data sharing.

Dynamic collaborative peer groups generally have constantly changing application requirements and varied security requirements, and require a secure and reliable group communication. Self-organizing groups like f/oss motivate the need for dynamic multi-level access control. Currently there are some integrated solutions for secure group communication, but very few allow dynamic multi-level access control based on trust. We propose a framework for collaborative groups which integrates authentication, admission control, policy based access control, adaptive trust and key management. Our model permits peers to regulate their own behavior by deploying access control policies dynamically based on the behavior and trust level of peers in the group and the current group composition. Peers can collaboratively modify policies governing their level. Our trust metric is a tunable metric based on context specific attributes. Functionality of members in a group is also dynamic and the group can dynamically prioritise requests for join. We tested the behavior of groups under different application scenario by implementing our framework in overlay simulator peersim integrated with Prolog. Our experiments show that dynamic polices based on the adaptive trust and changing group composition lead to better group efficiency as compared to static access control policies.

In order to better mine the value of data, the author proposes a research on the automatic access control of big data open resources multimedia based on blockchain and introduces big data access control BBAC-BD (blockchain-based access control mechanism for big data environment). The author designed a strategy management contract based on the Bloom filter, as a probabilistic data structure with extremely high space utilization efficiency and proposed the strategic management contract (PAP CONTRACT) and the strategic decision contract (PDP CONTRACT). In this way, the nontampering, auditability, and verifiability of the access control information are guaranteed; then, the access control method based on smart contracts is adopted to realize the user-driven, whole-process transparent, and dynamic and automatic access control of big data resources. The simulation results show that the greater the ratio of n/k, the better the optimization effect, and the greater the ratio, the lower the corresponding misjudgment rate, but it will also take up more space costs. At the same time, the true value of the false positive rate is generally less than the theoretical value of the false positive rate. When the performance of Hash (strategy to retrieve) is better, the result of Hash distribution is more uniform. Under the condition of m = 3, the misjudgment rate acceptable for the expected use can be achieved, and the increase in the number of Hashes will not bring a significant increase in revenue. Freed from the traditional model of providing access control services based on third parties, solve the problem of transparency of authority judgments; at the same time, through smart contracts, based on the strategy published by the resource owner on the blockchain, realize automatic access control to big data resources; and make the judicial process more flexible and the judgment result more credible. The BBAC-BD mechanism realizes a safe, reliable, and transparent new access control architecture, and it can effectively promote the safe circulation and sharing of big data.

Industry 4.0 enacts ad-hoc cooperation between machines, humans, and organizations in supply and production chains. The cooperation goes beyond rigid hierarchical process structures and increases the levels of efficiency, customization, and individualisation of end-products. Efficient processing and cooperation requires exploiting various sensorand process data and sharing them across various entities including computer systems, machines, mobile devices, humans, and organisations. Access control is a common security mechanism to control data sharing between involved parties. However, access control to virtual resources is not sufficient in presence of Industry 4.0 because physical access has a considerable effect on the protection of information and systems. In addition, access control mechanisms have to become capable of handling dynamically changing situations arising from ad-hoc horizontal cooperation or changes in the environment of Industry 4.0 systems. Established access control mechanisms do not consider dynamic changes and the combination with physical access control yet. Approaches trying to address these shortcomings exist but often do not consider how to get information such as the sensitivity of exchanged information. This chapter proposes a novel approach to control physical and virtual access tied to the dynamics of custom product engineering, hence, establishing confidentiality in ad-hoc horizontal processes. The approach combines static design-time analyses to discover data properties with a dynamic runtime access control approach that evaluates policies protecting virtual and physical assets. The runtime part uses data properties derived from the static design-time analysis, as well as the environment or system status to decide about access.

A dynamic data access control scheme for hierarchical structures in big data

Smart contract token-based privacy-preserving access control system for industrial Internet of Things

Currently, access control is facing many issues for information protection in the ubiquitous sensor network (USN) environment. In particular, dynamic access control is a central problem where context always changes because of volatile ubiquitous sensors. The use of context is important in USN. In this paper, we focus on the context-driven privacy protection model. In context-based access control research, the access permission technique that uses context is being intensely investigated because of the ease with which various dynamic access permissions can be assigned in accordance with the various changes in context. A key feature of this approach is dynamic access control. Therefore, we propose a model for privacy preservation that is context-based dynamic access control that uses intuitive 5W1H for USN. According to this model, the access control strategy can be determined dynamically based on context elements and subject attributes, in addition to objects and operations, using access control entities; therefore, it is relatively easy to infer the dynamic access control of context expressivity both accurately and efficiently.

With the advancement of technology and economy, the scale of the smart home industry has exploded. While improving people’s lives, smart home systems are facing threats to privacy leaks, malicious attacks, and structural security. Effective security mechanisms are very important for protecting valuable data in smart home systems. Access control helps information systems prevent malicious access, thereby reducing the risk of privacy leakage. Blockchain can provide security support for the Internet of Things system due to its advantages of decentralization and immutability. Therefore, in this paper, a smart home access control scheme based on blockchain is proposed. The scheme uses Hyperledger Fabric and implements access control strategies through smart contracts. By designing a hybrid access control model based on dynamic attribute-based access control and static access control matrix, the remote access control initiated by the user through the Internet and the access control between local devices are well guaranteed at the same time. Through safety analysis and performance evaluation, the feasibility of the proposed scheme is demonstrated.

While providing access control in a hierarchical access structure, a partially ordered set of security classes can be used to depict an access hierarchy. Data accessible to descendants of a particular security class should also be accessible to the users of that security class. Towards this, an access control scheme is proposed for providing dynamic hierarchical access control. In the proposed solution, the storage at the users is constant. The public key storage is equal to the size of the hierarchy. Also, deriving the decryption key of a descendant class involves constant cost at the users in the security class.

Efficient migration access control for mobile agents