Rights statement: This is the author’s version of a work that was accepted for publication in Journal of Network and Computer Applications. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Journal of Network and Computer Applications, 147, 2019 DOI: 10.1016/j.jnca.2019.102440
Accepted author manuscript, 3.05 MB, PDF document
Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - BCON
T2 - Blockchain Based Access CONtrol across Multiple Conflict of Interest Domains
AU - Ali, Gauhar
AU - Ahmad, Naveed
AU - Cao, Yue
AU - Ali, Qazi-Ejaz
AU - Azim, Fazal
AU - Cruickshank, Haitham
N1 - This is the author’s version of a work that was accepted for publication in Journal of Network and Computer Applications. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Journal of Network and Computer Applications, 147, 2019 DOI: 10.1016/j.jnca.2019.102440
PY - 2019/12/1
Y1 - 2019/12/1
N2 - In today's on-demand computing and virtual coalition environment, cross-domain services are acquired and provided. These business domains may belong to either the same or different conflict of interest system. “Transitive access” can cause leakage of information between competitors through some other conflict of interest system's member. Therefore, a secure access control mechanism is required to detect and deny “transitive access” efficiently with minimal trust in externalist. Existing access control mechanisms focused on either single or multiple conflict of interest domains but with no “transitive access”. In addition, these existing mechanisms are centralized with inherited unfair access control and are a single point of failure. Blockchain (BC) is a shared digital ledger encompassing a list of connected blocks stored on a decentralized distributed network that is secured through cryptography. We propose a BC based access control for conflict of interest domains. We have integrated a BC in our architecture to make access control fair, verifiable and decentralized. Users access histories and “transitive accesses” are stored on BC ledger. We propose a novel mechanism called “Transitive Access Checking and Enforcement (TACE)” i.e., “Algorithm.1”. It makes an authorization decision based on BC endorsement that “transitive access” will not occur. “Algorithm.2” verifies and updates users access histories stored at BC before each request approval. Similarly, “Algorithm.3” detects possible future “transitive accesses” and updates Transitive Access Set (TAS) stored at BC after each request approval. The Simple Promela Interpreter (SPIN) model checker is used to verify the proposed mechanisms for “transitive access” detection and prevention. We have identified four conflicting sequences of execution that can cause “transitive access”. Results show that the proposed mechanism is safe against “transitive access” by checking all the four possible conflicting sequences of execution.
AB - In today's on-demand computing and virtual coalition environment, cross-domain services are acquired and provided. These business domains may belong to either the same or different conflict of interest system. “Transitive access” can cause leakage of information between competitors through some other conflict of interest system's member. Therefore, a secure access control mechanism is required to detect and deny “transitive access” efficiently with minimal trust in externalist. Existing access control mechanisms focused on either single or multiple conflict of interest domains but with no “transitive access”. In addition, these existing mechanisms are centralized with inherited unfair access control and are a single point of failure. Blockchain (BC) is a shared digital ledger encompassing a list of connected blocks stored on a decentralized distributed network that is secured through cryptography. We propose a BC based access control for conflict of interest domains. We have integrated a BC in our architecture to make access control fair, verifiable and decentralized. Users access histories and “transitive accesses” are stored on BC ledger. We propose a novel mechanism called “Transitive Access Checking and Enforcement (TACE)” i.e., “Algorithm.1”. It makes an authorization decision based on BC endorsement that “transitive access” will not occur. “Algorithm.2” verifies and updates users access histories stored at BC before each request approval. Similarly, “Algorithm.3” detects possible future “transitive accesses” and updates Transitive Access Set (TAS) stored at BC after each request approval. The Simple Promela Interpreter (SPIN) model checker is used to verify the proposed mechanisms for “transitive access” detection and prevention. We have identified four conflicting sequences of execution that can cause “transitive access”. Results show that the proposed mechanism is safe against “transitive access” by checking all the four possible conflicting sequences of execution.
U2 - 10.1016/j.jnca.2019.102440
DO - 10.1016/j.jnca.2019.102440
M3 - Journal article
VL - 147
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
SN - 1084-8045
M1 - 102440
ER -