scholarly journals PyRos: A State Channel-Based Access Control System for a Public Blockchain Network

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Siwan Noh ◽  
Sang Uk Shin ◽  
Kyung-Hyune Rhee
Keyword(s):  
Control System ◽  
Access Control ◽  
The State ◽  
Security Requirements ◽  
Decentralized System ◽  
Blockchain Technology ◽  
Access Control Policies ◽  
Previous State ◽  
Access Control System

Blockchain is a technology that enables the implementation of a decentralized system by replacing the role of the centralized entity with the consensus of participants in the system to solve the problem of subordination to the centralized entity. Blockchain technology is being considered for application in numerous fields; however, the scalability limitation of a public blockchain has led many researchers to consider private blockchains, which reduce the security of the system while improving scalability. A state channel represents a leading approach among several scalability solutions, intended to address public blockchain scalability challenges while ensuring the security of the blockchain network. Participants in the channel perform the process of updating the state of the channel outside the blockchain. This process can proceed very quickly because it does not require the consensus of the blockchain network, but still, like on-chain, it can guarantee features such as irreversibility. In this paper, we propose the PyRos protocol, an access control system that supports the trading and sharing of data between individuals on a public blockchain based on the state channel. As far as we know, the research using the off-chain state channel for access control has not been proposed yet, so PyRos is a new approach in this field. In PyRos, user-defined access control policies are stored off-chain, and policy updates are always rapid regardless of the performance of the blockchain network. Moreover, PyRos provides means to prevent malicious participants from arbitrarily using the channel’s previous state while resolving constraints due to scalability problems, along with privacy guarantees for the transaction content. To evaluate the efficiency and security of PyRos, we provide qualitative analysis of security requirements and analysis in terms of the performance of public blockchain platforms.

Semantic-Based Access Control for Data Resources in Open Grid Services Architecture

2014 ◽  
Vol 6 (2) ◽  
pp. 1-23 ◽  
Author(s):  
Vineela Muppavarapu ◽  
Soon M. Chung
Keyword(s):  
Control System ◽  
Access Control ◽  
Data Access ◽  
Grid Services ◽  
Control Policies ◽  
Ontology Language ◽  
Access Control Policies ◽  
Access Control System ◽  
Identity Based ◽  
Open Grid Services Architecture

This paper proposes a semantic-based access control system for the data resources in the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used middleware for integrating data resources in Grids. However, the identity-based access control in OGSA-DAI causes substantial overhead for the resource providers in virtual organizations (VOs), because the access control information of individual users has to be maintained by each resource provider. To solve these problems, the authors propose a semantic-based access control system using Shibboleth and ontology. Shibboleth, an attribute authorization service, is used to manage the user attributes, and the Web Ontology Language (OWL) is used to represent the ontology of the data resources and users. By using ontology, VOs can resolve the differences in their terminologies and specify access control policies based on concepts and user roles, instead of individual resources and user identities. As a result, the administration overhead of the resource providers is reduced considerably. In addition, the eXtensible Access Control Markup Language (XACML) is used to specify the access control policies uniformly across multiple VOs. The authors also developed an XACML policy administration tool that allows the administrators to create, update, and manage XACML policies. The performance analysis shows that our proposed system adds only a small overhead to the existing security mechanism of OGSA-DAI.

scholarly journals Model of the state of threats to the Access Control System

2019 ◽  
pp. 30-37
Keyword(s):  
Control System ◽  
Access Control ◽  
The State ◽  
State Model ◽  
External Threats ◽  
Access Control System ◽  
The Impact

This article is devoted to the presentation of the threat state model of access control, which allows calculating the probabilities of the impact of threats on the access control system and the probability of opening this system based on taking into account the generalized algorithm for the implementation of external threats, and determines the need to develop additional components of the access control system designed to identify and classify attacks.

scholarly journals Trusted and Efficient Cross-Domain Access Control System Based on Blockchain

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Shuang Sun ◽  
Shudong Chen ◽  
Rong Du
Keyword(s):  
Control System ◽  
Access Control ◽  
Single Server ◽  
Control Mechanisms ◽  
Blockchain Technology ◽  
Cross Domain ◽  
Role Mapping ◽  
Mapping Technology ◽  
Access Control System ◽  
Access Policies

In a distributed system, cross-domain access control is an important mechanism to realize secure data sharing among multiple domains. Most of the existing cross-domain access control mechanisms are generally based on a single-server architecture, which has limitations in terms of security and reliability (the access decision may be incorrect) and completeness and confidentiality (the access records can be modified). Blockchain technology with decentralization, verifiability, and immutability properties can solve these problems. Motivated by these facts, in this article, we construct a trusted and efficient cross-domain access control system based on blockchain. Consequently, we integrate blockchain and role mapping technology to provide reliable and verifiable cross-domain access process. We use blockchain to record user roles, role mapping rules, access policies, and audit records, realizing user self-validation, and access nonreputation. Considering the low throughput of the blockchain, we design an efficient smart contract to make the access decision based on the access history of users. Finally, a performance evaluation of the system is presented to demonstrate the feasibility of the proposed system.

A Supply-chain System Framework Based on Internet of Things Using Blockchain Technology

2021 ◽  
Vol 21 (1) ◽  
pp. 1-24
Author(s):  
A. Qun Song ◽  
Yuhao Chen ◽  
Yan Zhong ◽  
Kun Lan ◽  
Simon Fong ◽  
...  
Keyword(s):  
Supply Chain ◽  
Control System ◽  
Internet Of Things ◽  
Access Control ◽  
Time Data ◽  
Supply Chain System ◽  
Full Account ◽  
Blockchain Technology ◽  
Access Control System ◽  
Data Isolation

Numerous supply-chain combines with internet of things (IoT) applications have been proposed, and many methods and algorithms enhance the convenience of supply chains. However, new businesses still find it challenging to enter a supply chain, because unauthorised IoT devices of different companies illegally access resources. As security is paramount in a supply chain, IoT management has become very difficult. Public resources allocation and waste management also pose a problem. To solve the above problems, we proposed a new IoT management framework that embraces blockchain technology to help companies to form a supply chain effectively. This framework consists of an access control system, a backup peer mechanism and an internal data isolation and transmission approach. The access control system has a registrar module and an inspection module. The registrar module is mainly responsible for information registration with a registration policy, which has to be followed by all the companies in the supply chain. Besides, it provides a revocation and updating function. The inspection module focuses on judging misbehaviour and monitors the actions of the subjects; when any misoperation occurs, the system will correspondingly penalise violators. So that all related actions and information are verified and stored into blockchain, the IoT access control and safety of IoT admission are enhanced. Furthermore, in a blockchain system, if one single peer in the network breaks down, then the whole system may stop, because consensus cannot be reached. The data of the broken peer may be lost if it does not commit yet. The backup peer mechanism allows the primary peer and the backup peer to connect to an inspecting server for acquiring real-time data. The internal data isolation and transmission modules transmit and stores private data without creating a new subchannel. The proposed method is taken full account of the stability of the network and the fault tolerance to guarantee the robust of the system. To obtain unbiases results, experiments are conducted in two different blockchain environment. The results show our proposed method are promising IoT blockchain system for the supply chain.

Role-Evolution in Role-based Access Control System

2018 ◽  
Vol 6 (7) ◽  
pp. 223
Author(s):  
Suganthy. A ◽  
T. Chithralekha
Keyword(s):  
Control System ◽  
Access Control ◽  
Role Based Access Control ◽  
Digital Information ◽  
Digital World ◽  
Access Control Policies ◽  
Evolutionary Changes ◽  
Access Control System ◽  
Role Based ◽  
The Individual

Security is a major concern in today’s digital world.  Role based access control provides a mechanism for protecting the digital information in an organization by assigning roles to the individual user and giving permissions to the assigned roles for accessing any resources.  This paper describes the importance of roles in an organization and the evolutionary changes that occurs with respect to the organizational roles.  Here the role is defined as an entity and the attributes of the roles have been identified with their related operations.   The evolutionary changes that happens to the roles in an organization is identified and evolutionary algorithms have been proposed to handle these changes which helps in simplifying the formulation of access control policies. 

Semantic-Based Access Control for Data Resources in Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

2018 ◽  
pp. 1701-1725
Author(s):  
Vineela Muppavarapu ◽  
Soon M. Chung
Keyword(s):  
Control System ◽  
Access Control ◽  
Data Access ◽  
Grid Services ◽  
Control Policies ◽  
Ontology Language ◽  
Access Control Policies ◽  
Access Control System ◽  
Identity Based ◽  
Open Grid Services Architecture

This paper proposes a semantic-based access control system for the data resources in the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used middleware for integrating data resources in Grids. However, the identity-based access control in OGSA-DAI causes substantial overhead for the resource providers in virtual organizations (VOs), because the access control information of individual users has to be maintained by each resource provider. To solve these problems, the authors propose a semantic-based access control system using Shibboleth and ontology. Shibboleth, an attribute authorization service, is used to manage the user attributes, and the Web Ontology Language (OWL) is used to represent the ontology of the data resources and users. By using ontology, VOs can resolve the differences in their terminologies and specify access control policies based on concepts and user roles, instead of individual resources and user identities. As a result, the administration overhead of the resource providers is reduced considerably. In addition, the eXtensible Access Control Markup Language (XACML) is used to specify the access control policies uniformly across multiple VOs. The authors also developed an XACML policy administration tool that allows the administrators to create, update, and manage XACML policies. The performance analysis shows that our proposed system adds only a small overhead to the existing security mechanism of OGSA-DAI.

Sign in / Sign up

Export Citation Format

Share Document