{"title":"联盟区块链中跨域数据安全共享的访问控制模型","authors":"Yang Liu, Weidong Yang, Yanlin Wang, Yang Liu","doi":"10.1049/blc2.12022","DOIUrl":null,"url":null,"abstract":"<p>With the rapid increment of the demand for data sharing among parties, data is considered a cornerstone component to provide value in the big data environment. Concerns regarding sharing data security have impeded the development of cross-domain data interaction. Therefore, an access control model for data security sharing cross-domain is proposed, Fabric-ABAC, that is based on Hyperledger Fabric and Attribute-based Access Control (ABAC). In order to solve the data security challenges caused by a trusted central organization implementation, a distributed environment is constructed that consists of stakeholders among parties. The unified attribute model is designed for multi-environment combined with smart contracts. Fabric-ABAC realizes multi-level, fine-grained, and auditable access control, enabling data security through automatic permission verification. Considering the ledger is visible to all participants in consortium blockchain, it is necessary to protect the confidentiality of sensitive data. Thus, Proxy Re-Encryption (PRE), which is implemented by smart contracts, is adopted in the scheme to realize the ciphertext interaction without the third party. The security of PRE and the access control model used in Fabric-ABAC is discussed to show that a secure environment for data sharing is provided. Moreover, the completeness of the implementation and effectiveness of the system performance in the multi-domain environment is demonstrated in the experimental results.</p>","PeriodicalId":100650,"journal":{"name":"IET Blockchain","volume":"3 1","pages":"18-34"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/blc2.12022","citationCount":"4","resultStr":"{\"title\":\"An access control model for data security sharing cross-domain in consortium blockchain\",\"authors\":\"Yang Liu, Weidong Yang, Yanlin Wang, Yang Liu\",\"doi\":\"10.1049/blc2.12022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>With the rapid increment of the demand for data sharing among parties, data is considered a cornerstone component to provide value in the big data environment. Concerns regarding sharing data security have impeded the development of cross-domain data interaction. Therefore, an access control model for data security sharing cross-domain is proposed, Fabric-ABAC, that is based on Hyperledger Fabric and Attribute-based Access Control (ABAC). In order to solve the data security challenges caused by a trusted central organization implementation, a distributed environment is constructed that consists of stakeholders among parties. The unified attribute model is designed for multi-environment combined with smart contracts. Fabric-ABAC realizes multi-level, fine-grained, and auditable access control, enabling data security through automatic permission verification. Considering the ledger is visible to all participants in consortium blockchain, it is necessary to protect the confidentiality of sensitive data. Thus, Proxy Re-Encryption (PRE), which is implemented by smart contracts, is adopted in the scheme to realize the ciphertext interaction without the third party. The security of PRE and the access control model used in Fabric-ABAC is discussed to show that a secure environment for data sharing is provided. Moreover, the completeness of the implementation and effectiveness of the system performance in the multi-domain environment is demonstrated in the experimental results.</p>\",\"PeriodicalId\":100650,\"journal\":{\"name\":\"IET Blockchain\",\"volume\":\"3 1\",\"pages\":\"18-34\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1049/blc2.12022\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Blockchain\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1049/blc2.12022\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Blockchain","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/blc2.12022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An access control model for data security sharing cross-domain in consortium blockchain
With the rapid increment of the demand for data sharing among parties, data is considered a cornerstone component to provide value in the big data environment. Concerns regarding sharing data security have impeded the development of cross-domain data interaction. Therefore, an access control model for data security sharing cross-domain is proposed, Fabric-ABAC, that is based on Hyperledger Fabric and Attribute-based Access Control (ABAC). In order to solve the data security challenges caused by a trusted central organization implementation, a distributed environment is constructed that consists of stakeholders among parties. The unified attribute model is designed for multi-environment combined with smart contracts. Fabric-ABAC realizes multi-level, fine-grained, and auditable access control, enabling data security through automatic permission verification. Considering the ledger is visible to all participants in consortium blockchain, it is necessary to protect the confidentiality of sensitive data. Thus, Proxy Re-Encryption (PRE), which is implemented by smart contracts, is adopted in the scheme to realize the ciphertext interaction without the third party. The security of PRE and the access control model used in Fabric-ABAC is discussed to show that a secure environment for data sharing is provided. Moreover, the completeness of the implementation and effectiveness of the system performance in the multi-domain environment is demonstrated in the experimental results.