Blockchain Based Auditable Access Control for Distributed Business Processes.

Ahmed Akhtar, Basit Shafiq, Jaideep Vaidya, Ayesha Afzal, Shafay Shamail, Omer Rana
{"title":"Blockchain Based Auditable Access Control for Distributed Business Processes.","authors":"Ahmed Akhtar,&nbsp;Basit Shafiq,&nbsp;Jaideep Vaidya,&nbsp;Ayesha Afzal,&nbsp;Shafay Shamail,&nbsp;Omer Rana","doi":"10.1109/ICDCS47774.2020.00015","DOIUrl":null,"url":null,"abstract":"<p><p>The use of blockchain technology has been proposed to provide auditable access control for individual resources. However, when all resources are owned by a single organization, such expensive solutions may not be needed. In this work we focus on distributed applications such as business processes and distributed workflows. These applications are often composed of multiple resources/services that are subject to the security and access control policies of different organizational domains. Here, blockchains can provide an attractive decentralized solution to provide auditability. However, the underlying access control policies may be overlapping in terms of the component conditions/rules, and simply using existing solutions would result in repeated evaluation of user's authorization separately for each resource, leading to significant overhead in terms of cost and computation time over the blockchain. To address this challenge, we propose an approach that formulates a constraint optimization problem to generate an optimal composite access control policy. This policy is in compliance with all the local access control policies and minimizes the policy evaluation cost over the blockchain. The developed smart contract(s) can then be deployed to the blockchain, and used for access control enforcement. We also discuss how the access control enforcement can be audited using a game-theoretic approach to minimize cost. We have implemented the initial prototype of our approach using Ethereum as the underlying blockchain and experimentally validated the effectiveness and efficiency of our approach.</p>","PeriodicalId":74571,"journal":{"name":"Proceedings. International Conference on Distributed Computing Systems","volume":"2020 ","pages":"12-22"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1109/ICDCS47774.2020.00015","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. International Conference on Distributed Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS47774.2020.00015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2021/2/23 0:00:00","PubModel":"Epub","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

The use of blockchain technology has been proposed to provide auditable access control for individual resources. However, when all resources are owned by a single organization, such expensive solutions may not be needed. In this work we focus on distributed applications such as business processes and distributed workflows. These applications are often composed of multiple resources/services that are subject to the security and access control policies of different organizational domains. Here, blockchains can provide an attractive decentralized solution to provide auditability. However, the underlying access control policies may be overlapping in terms of the component conditions/rules, and simply using existing solutions would result in repeated evaluation of user's authorization separately for each resource, leading to significant overhead in terms of cost and computation time over the blockchain. To address this challenge, we propose an approach that formulates a constraint optimization problem to generate an optimal composite access control policy. This policy is in compliance with all the local access control policies and minimizes the policy evaluation cost over the blockchain. The developed smart contract(s) can then be deployed to the blockchain, and used for access control enforcement. We also discuss how the access control enforcement can be audited using a game-theoretic approach to minimize cost. We have implemented the initial prototype of our approach using Ethereum as the underlying blockchain and experimentally validated the effectiveness and efficiency of our approach.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于区块链的分布式业务流程可审计访问控制。
已经提出使用区块链技术为单个资源提供可审计的访问控制。然而,当所有资源都由一个组织拥有时,可能就不需要这种昂贵的解决方案了。在这项工作中,我们将重点关注分布式应用程序,如业务流程和分布式工作流。这些应用程序通常由多个资源/服务组成,这些资源/服务受不同组织域的安全和访问控制策略的约束。在这里,区块链可以提供一个有吸引力的去中心化解决方案来提供可审计性。然而,底层的访问控制策略在组件条件/规则方面可能是重叠的,并且简单地使用现有的解决方案将导致对每个资源分别重复评估用户的授权,从而导致在区块链上的成本和计算时间方面的显着开销。为了解决这一挑战,我们提出了一种制定约束优化问题以生成最优组合访问控制策略的方法。该策略符合所有本地访问控制策略,并且最小化了区块链上的策略评估成本。然后,开发的智能合约可以部署到区块链上,并用于访问控制实施。我们还讨论了如何使用博弈论方法来审计访问控制的实施以最小化成本。我们已经使用以太坊作为底层区块链实现了我们方法的初始原型,并通过实验验证了我们方法的有效性和效率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
3.80
自引率
0.00%
发文量
0
期刊最新文献
BP-DEBUG: A Fault Debugging and Resolution Tool for Business Processes. Blockchain Based Auditable Access Control for Distributed Business Processes. Threshold-Based Widespread Event Detection. Achieving Strong Privacy in Online Survey.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1