=Paper=
{{Paper
|id=Vol-2343/paper8
|storemode=property
|title=Trustless Blockchain-based Access Control in Dynamic Collaboration
|pdfUrl=https://ceur-ws.org/Vol-2343/paper8.pdf
|volume=Vol-2343
|authors=Mouhamad Almakhour,Layth Sliman,Abed Ellatif Samhat,Walid Gaaloul
|dblpUrl=https://dblp.org/rec/conf/bdcsintell/AlmakhourSSG18
}}
==Trustless Blockchain-based Access Control in Dynamic Collaboration==
https://ceur-ws.org/Vol-2343/paper8.pdf
Trustless Blockchain-based Access Control in
Dynamic Collaboration
Mouhamad Almakhour Layth Sliman Abed Ellatif Samhat Walid Gaaloul
Lebanese University, Faculty of EFREI Engineering Lebanese University, Faculty of Telecom SudParis
Engineering-CRSI, Univ. Campus, School-Paris Engineering-CRSI, Univ.Campus, Evry, France
Hadath, Lebanon Villejuif, France Hadath, Lebanon walid.gaaloul@mines-telecom.fr
mohammadmakhour@gmail.com layth.sliman@efrei.fr samhat@ul.edu.lb
Abstract—AC (Access Control) is the process of ensuring this authorization process via smart contracts. To validate our
that an authenticated user accesses only what he or she is proposal, we implement cross-organizations authorization
authorized to do with respect to certain models and security process as a smart contract, which is deployed on the Testnet
policies. In business collaboration systems, services are BlockChain of Ethereum.
designed to conduct actions requested by a customer, using
service provider’s infrastructure. In such context, the The rest of the paper is organized as follows: in section II,
agreement on a conventional access management system is we present the related works, mainly the different identity
difficult because it will depend on different infrastructures and management models as well as the existent model of access
security policies implemented by each involved party. In this management. In section III, we discuss the proposed solution
paper, we investigate the authorization process that manages and the motivation of the adopted models. The
permissions and rights of access to shared services in a implementation of the proposed solution is presented in
federation of enterprises and we propose a solution based on section IV where different scenarios are given also. Section
the Ethereum Blockchain platform and the Attribute Based V concludes this paper.
Access Control Model (ABAC) to define this authorization
process.
II. RELATED WORKS
Keywords— Access Control, collaboration, Trust, The concept of virtual team or virtual company was born
BlockChain, ABAC in the 1990s to describe the new forms of management and
digital exchanges between teams or between companies. The
I. INTRODUCTION virtual organization is defined as "a temporary alliance of
independent, connected, geographically dispersed
Trust is a major factor in business collaboration.
organizations, institutions, industries, enterprises, etc.,
Managing trust involves complex and costly processes and
including a high level of trust, who collaborate and share
brings its own risks to companies’ information systems
their resources and skills in order to respond to customer
because relying on trust often involves the presence of a
requests "[2]. The difficulty lies in the differences in
“trusted” third party and may compromise the security.
infrastructure and security policies implemented by each
However, the lack of trust may lead to major business
partner. Each of them must interconnect with others and
opportunities lose, for instance in “on the fly” collaboration.
share resources while maintaining the security of their own
In such scenarios companies collaborate by conducting
organization. All must provide a means of communication
actions on each other’s’ system in order to achieve the
that ensures the integrity and confidentiality of the data.
common objective. One of the most interesting technologies
Similarly, they must have a way to verify the identity of the
that may resolve this dilemma is Blockchain. The
people and systems involved in the collaboration. Then
Blockchain provides trust without a trusted third party.
Access management should guarantee to each and all people
Blockchain is a technology that provides a decentralized
involved in the organization's projects, at all times, all the
“database” on a network that is scalable, secure, tamper-
means necessary to carry out the mission entrusted to them,
proof, and accessible by each peer on the network. Thus,
with respect to the permissions and security policies of the
using Blockchain allows coping with both trust and data
different involved organizations. That these means be at
integrity issues. However, managing identity and access
every moment limited to the just necessary. Below, we
control in Blockchain based collaboration brings its own
briefly describe the different identity management models as
issues. Conventional methods to manage access control reach
well as the different access management models.
their limitations in such a context taking into consideration
the constraints related to the Blockchain infrastructure on
one side and the heterogeneous access control policies A. Identity Management Models
implemented by each involved party, on the other side.
1) Isolated identity
In this paper, we consider the authorization process that
manages permissions and rights of access to shared services In this model, each service provider uses its own identity
in a federation of enterprises. To do so, we propose a domain, that is, its own identity provider. A user must use a
solution based on the Ethereum Blockchain platform and the different ID and credential to authenticate with each domain.
Attribute Based Access Control Model (ABAC) to define From the point of view of each identity provider, identity
27
�management is simpler. In addition, in case of identity computer markets, with Microsoft Windows for example,
corruption in an identity domain, the other service providers and servers with UNIX and Linux systems. This model is
are not impacted. This model also allows to define a different based on a matrix composed of a finite set of entities, target
level of security for credentials (length of the password, resources and rules. It leads to the establishment of a
number of credentials to be presented, etc. . .) Indeed, the comprehensive list of access rights i.e. Access Control List
latter must repeat the steps of authentication and (ACL). This implies that any unauthorized access is
identification with each of the identity domains attached to prohibited. Thus, the rights are assigned directly to the user
the service providers. Therefore, he must manage and accounts (each right is assigned by name). One of the
remember as many identifiers and information useful for implementations of the IBAC model is Discretionary Access
authentication as services he must access. This increases the Control (DAC) [4], which is based on the concept of the
risk of forgetting or losing this information, especially for owner of the resource. The latter has total control over the
services that are rarely accessed. In addition, this situation resource he or she has created and for which he or she is
can be a source of weak adherence to the organization's responsible. It determines which entity has permission to
security policy, which will be deemed too restrictive. conduct what type of action on its resource. The complexity
of ACLs increases according to the number of identities and
2) Federated identity
the number of resources since it is necessary to list the
Identity federation is defined as a set of agreements, authorizations for each Identity-Resource combination. In
standards, and technologies that allow a group of service fact, when a new resource is available or when a new user
providers to recognize credentials from other service arrives, the list of authorizations must be updated.
providers that belong to the federation [1][3]. The federation 2 Mandatory Access Control (MAC)
gives users the illusion of using only one unique identifier
while continuing to present a different one to each service In the case where the owner of an information system
provider. In federated identity architecture, each service should not be responsible for managing the underlying
provider uses its own identity provider, but is able to accept security, MAC-type models can limit access based on the
identities from other providers. Access to a service provider sensitivity of the data. For this purpose, the target entities are
can then be through an identity of an identity provider other hierarchized in different levels of security called labels. Bell
than his own. and Level [1] developed a model where a minimum level of
security is required to access the resource. This level defines
3) Centralized identity the level of privilege of the user. Similarly, a security level is
In this model, only an identifier and a credential are used assigned to the resource. This level determines the level of
by the service providers. Three examples of implementation classification of the resource. The user then has access to the
of this type of identity management [3]: resource only if his level of authorization is greater than or
equal to the classification level of the resource. In addition,
3.1 Common Identity for an application, an execution level, called the current
In this model, a single entity acts as the identity provider level, is also defined. The current level of an application is
for all service providers. The mode of operation is halfway always less than or equal to the privilege level of the user
between the isolated identity model and the federated responsible for running the application. The "no read up"
identity model. With this type of implementation the single condition implies that an application can read access to
identity provider is a central and sensitive point for all information only if the current level of the application is
service providers. Indeed, in the event of a failure or greater than or equal to the classification level of the
modification at the level of the identity domain, all the resource that manages the data. Similarly, the "no write
dependent entities are impacted. down" condition assumes that an application can transmit
information to a resource only if its current level is less than
3.2 Meta identity or equal to the classification level of the target resource. This
The implementation of a meta-identity domain allows access control model is also called Rule Based Access
service providers to share information about identities. Control (RuBAC) because access is governed by rules.
3.3 Single Sign-On (SSO) 3 Role Based Access Control (RBAC)
The Single Sign-On approach is similar to an identity Unlike the IBAC model where entitlements are granted
federation, but no identity match is required because there is directly to the user, in the RBAC model developed by the
only one identity provider. In this architecture, a user needs National Institute of Standards and Technology (NIST),
to authenticate only once (single sign-on) with a service permissions are assigned to roles. The management of
provider. It is then authenticated de facto with other service authorizations is then simplified. In addition, NIST proposes
providers. The Single Sign-On model can be associated with several variants of the RBAC [5], for instance, using the
the identity federation model, allowing single-domain inter- notion of inheritance between roles. In RBAC, the difficulty
domain authentication. lies in the completeness and the granularity of the roles. In
fact, too broad roles admit too many rights and too small
B. Access Management Models roles will increase the difficulty of administration.
For access management, the following model can be found 4 Attribute Based Access Control (ABAC)
in the literature and used in exciting systems. The model ABAC, defined in [6], proposes to have the
1 Identity based access control (IBAC) access rights according to the characteristics of the identities.
Like the IBAC model, the access rights policy can be
The IBAC model [1] is historically the first type of access materialized by a matrix, but not based on identities. As a
control and still used by operating systems in the personal result, access rights to a resource or service are defined for
28
�one or more attributes that identities may have. This that manages the permissions and rights of access to shared
paradigm therefore offers more flexibility. In addition, by services in a business federation and the implementation is
defining an attribute closer to the notion of role, ABAC based on the Ethereum Blockchain platform.
makes it possible to simulate the behavior of an RBAC
model, but generalizes it by not limiting the access rights to A. Ethereum Blockchain technologie
the only users present in the organization. It allows in
Blockchain technology allows a distributed computing
particular to determine access rights with a finer granularity.
architecture where the transactions are publicly announced
In addition, defining a role as a set of attributes makes it
easier to handle conflicts. The management of access rights and the participants agree on a single history of these
is facilitated because it does not require additional transactions (or some kind of ledger) [10] [12]. The
information. However, access security is then based on the transactions are grouped into blocks, given timestamps, and
values assigned to the attributes and thus on the quality and then published. The hash of each block includes the hash of
integrity of the information related to the identities. the previous block to form a chain, making published blocks
difficult to alter. As Bitcoin began attracting attention,
5 Organization Based Access Control (OrBAC) developers have taken advantage of the features of
With the OrBAC model [4], the organization is perceived BlockChain technology as an infrastructure to create their
from an abstract perspective as a set of activities that roles own platforms (aside from the main use of Blockchain in
have permission, prohibition or obligation to achieve through facilitating the transfer of digital currency in Bitcoin). On the
views. Just like in RBAC, it is possible to use the notion of one hand, some platforms use the Bitcoin network as
inheritance for roles. Concretely, authorizations are granted infrastructure for notarization or proof of existence of digital
to subjects for actions on objects through three-dimensional files, crowd funding, dispute mediation, and spam control,
matrices. among others. On the other hand, some platforms have
emerged and took the form of “alt coins'', which are
III. PROPOSED SOLUTION alternative Blockchain-based crypto currencies that aim to
After reviewing the main identity and access improve the capabilities of Bitcoin (or lack thereof) by
management model, we focus on the requirements of our implementing their own features and capabilities. The
authorization process that manages permissions and rights of “improvements'' can come in the form of a different proof-
access to shared services in a federation of enterprises. The of-work algorithm (to shorten the verification time of trans-
requirements include: actions) or different hashing algorithm. There are a lot of alt
coins, but the biggest ones that have attracted a following
- Providing trust between different members of the and attention is Ethereum [7]. In our work and following the
federation who do not know each other. schema illustrated in figure 1, we use Ethereum as it is a
- Denying any illegal access from outside the Federation, public or unlicensed block chain. Anyone with a computer
unauthorized access or no access agreement. and open source software can participate by listening,
trading, or exploring data, which means that all data
- Decentralization of authorization process that prevents
included in a transaction or smart contract is public. We
the risk of loss of access control that allows services to
be stopped. need a database to store users, attributes, permissions and
logs. Each company shares its service in the federation for
Today, one of the most important technologies used in the benefit of users. The transactions can be public or
the security field is the Blockchain. The Blockchain ensures private according to the agreement between the members of
trust without a trusted third party. Confidence is obtained by: the federation and the governance should not be controlled
• Validation of transactions added to blocks by a member of the federation.
• For a transaction added to BlockChain, you cannot edit
or delete.
Based on such technology, smart contracts are agreements
between parties that are written in executable code on the
Blockchain instead of being written in natural language,. The
execution is then managed automatically by the BlockChain
according to the conditions described in the contract.
We propose a solution based on the smart management
system contracts. The idea behind this solution is to define an
authorization process that manages permissions and access
rights to shared services in a business federation. This
process satisfies the requirements by providing trust between
different members using Blockchain. It also denies any
illegal access from outside the federation. With Blockchain,
the decentralization of authorization process can be also
done. All steps are done automatically from Smart Contracts,
so no needs for a manager on the process.
Our solution is based on ABAC access management
model explained earlier to define an authorization process
Figure 1: Types of Blockchain [10]
29
�Regarding other well-known blockchain technology, we IV. ETHEREUM BASED IMPLEMENTATION
note that Bitcoin [2] is a crypto currency and uses the
technique of the blockchain as a payment network. In A. ETHEREUM
addition, Bitcoin does not support the necessary smart In 2013, Ethereum was proposed by Vitalik Buterin to create
contracts required in our process. As for Hyperledger Fabric a BlockChain-based distributed computing platform with the
[11], it is a private or licensed blockchain protocol designed capability of building and running decentralized applications
for B2B business applications. Most managed blockchain or smart contracts [7] [8]. As a BlockChain-based
protocols allow authentication, authorization and cryptocurrencies, it offers the same features as Bitcoin of
authorization of actions. This makes Hyperledger Fabric easy mobile payments, reliability, full control of one's own
more suitable for companies in various industries (such as money, high availability, fast international payments, zero
supply chain, healthcare, and banks) that want to use or low fees, protected identity, and privacy. Ethereum,
blockchain technology for internal or collaborative purposes however, offers more than enabling online transfer of digital
without operating on public networks. As our need requires money; it enables its users to build and deploy smart
a public blockchain and the type of the Hyperledger fabric is contracts. Ethereum is composed of most of the protocols
private blockchain and which is for internal application that other cryptocurrencies, like Bitcoin, also use. For
without operating on public networks, we decided to use example, Ethereum also includes a peer-to peer protocol for
Ethereum blockchain technology. In the current the Blockchain. And the Blockchain is managed and kept
implementation of Ethereum, consensus is reached by secure by nodes in the network. In addition to these
mining based on proof of work. protocols, the main modification and innovation of
Ethereum is being a programmable Blockchain, i.e., it
B. ABAC Access Management allows its users to create, deploy, and run decentralized
applications on the Blockchain.
In this part we discuss and compare the access
management models mentioned in related work section. B. ETHEREUM VIRTUAL MACHINE
In the IBAC model, access controls are based on an At the center of Ethereum is the Ethereum Virtual Machine
exhaustive list of entitlements for each authorized account. (EVM), which can execute codes of arbitrary algorithmic
The complexity of ACLs increases according to the number complexity. Therefore, applications that are created using
of identities and the number of resources since it is known programming languages, such as JavaScript, can be
necessary to exhaustively list the authorizations for each run on the EVM. To facilitate the execution of codes in the
combination. The federation contains a large number of blockchain and to maintain consensus, the nodes of the
users so this model is not compatible with the federation of network run the EVM and execute the same instructions.
companies. Computations in the EVM are payed in ether (ETH), which
is the currency used in Ethereum.
The RBAC model allows to reduce the list size of the
authorizations. Access controls are performed on the roles C. ETHEREUM ACCOUNTS
assigned to the accounts. Application roles are granted Ethereum’s basic unit is the account. Ethereum uses two
based on the business profile. The difficulty lies in the types of accounts: Externally Owned Account (EOA) and
completeness and the granularity of the roles. In fact, too Contract Account. An EOA is controlled by a corresponding
broad roles admit too many rights and too small roles will private key, has an ether balance, can send transactions
increase the difficulty of administration. In the federation (transfer ether to another account or trigger a contract code),
each user has a different right or permission so we did not and does not have an associated code. Similar to a Bitcoin
use this template because of the granularity of the user roles. address, an EOA is in the form of random numbers and
letters, and therefore looks anonymous and can be shared
In the OrBAC model, permissions or prohibitions are based publicly. A contract account (or simply called contract) has
on contextual expressions defined according to the an ether balance and has an associated code. All actions in
organizational structure of the institution. In our work, the the blockchain are set in motion by the transactions created
federation defines the users that they have the right of access by EOAs. This means that the code in a contract is executed
and we cannot define them in advance. when it receives a transaction from an EOA, where the input
parameters for the code execution are included in the
The MAC model relies on flow control. Constraints are transaction. Therefore, contracts can be considered as
defined on data and resources. The level of entitlement of an autonomous agents inside the EVM that execute a specific
account then determines whether or not he has the right to piece of code when poked by a transaction. Code execution
access the information. In our process, we do not have in a contract can also be triggered by messages from other
constraints to define because the permission is provided contracts (see the next subsection for detailed explanation
according to the user. on transactions and messages). In contrast to Bitcoins script,
a contract performs Turing-complete computations and is
In the ABAC model, access controls check the presence and typically written using some high-level language, such as
value of application attributes defined at the account level. It Solidity, Serpent, and Lisp like Language. A contract's
is then possible to simulate the RBAC behavior by mapping behavior is fully dependent on its code and on the
the attributes on the definition of the roles. This model is the transactions sent to it and therefore offers the possibility for
appropriate one for our process because according to the creating decentralized and trusted systems.
attributes of each user, access rights are given.
30
�D. TRANSACTIONS AND MESSAGES added to the block that came before it. Every block contains
An Ethereum transaction is a signed data package that stores the hash of the previous block, and thus, creating a chain
a message from an EOA to another account on the that connects the first block (genesis block) to the current
blockchain. A transaction contains the Ethereum address of block. The miner who solves a block is rewarded with ether
the recipient, a signature that identifies the sender, the (currently at 5 ETH). The cost of the gas used in the
amount of ether being transferred, an optional data field, and transactions that are mined, and an extra reward of 1/32 per
startGas and gasPrice values. The startGas limits the uncle. Uncles are stale blocks with parents that are ancestors
maximum amount of gas the code execution triggered by the of the including block. Valid uncles are rewarded to increase
message can incur. And the gasPrice is the amount in ether the security of the network by neutralizing the effect of
to be paid for one unit of gas consumed (see the next network lag on the dispersion of mining rewards. The PoW
subsection for detailed explanation on gas). When users algorithm used in Ethereum is called Ethash (a modified
send transactions, they pay a small transaction fee in ether to version of the Dagger-Hashimoto algorithm) and requires a
the network. This fee protects the blockchain from brute force solution i.e. miners scan and test for a nonce to
malicious computational tasks, such as distributed denial-of- find a solution that is below a certain difficulty threshold.
service (DDoS) attacks and infinite loops [9] [12]. A The difficulty is adjusted accordingly so that it takes
message is a virtual object that can only be sent by a approximately 15 seconds to find a valid nonce. The Ethash
contract to another contract. A message contains the identity PoW is a memory hard computational problem, that is, it is
of the sender, the identity of the recipient, the amount of application-specific integrated circuit (ASIC) resistant and
ether being transferred, input data, and a startGas value. allows a more decentralized distribution of security (as
Similar to a transaction, a message leads to the recipient compared to specialized hardware used by many mining
account running its code. Therefore, contracts can have pools that dominate the mining in Bitcoin). The security of
relationships with other contracts in exactly the same way the blockchain relies on this PoW system, which inherently
an EOA can. means that a block cannot be modified without redoing the
work spent on it, including the work spent on blocks
E. ETHER AND GAS chained after it. Therefore, an attacker will be outpaced by
Ether (ETH) is Ethereum's native value token and is the honest miners as long as majority of the overall computation
currency of the network. The sender of a transaction needs power participating in the Ethereum network are controlled
to pay for the code it wants to execute, including by honest miners. In this case, a block recorded in the
computation and data storage. When a code in a contract is blockchain is almost impossible to modify.
executed as a result of being triggered by a message or
G. Scenarios
transaction, every node in the network executes this code.
The cost of this execution is expressed in gas. Gas is At the beginning, a necessary agreement by the entire
purchased for ether from the miners that execute the code federation member defines the rules for access to services
(miners are the nodes in the Ethereum network that receive, and the requirement (attributes) by a user to obtain service
propagate, verify, and execute transactions). Gas and ether access, this agreement is called Primary contract which is
are decoupled because gas is supposed to be constant cost of signed by all businesses.
network utilization, whereas ether, and currencies in First the attributes indicated in the agreement (main
general, is volatile. Therefore, even if the price of ether contract) are pre-loaded in the smart contracts, then each
increases, the gas price in terms of ether of executing a director (Local manager) records the users and their
function in a contract remains constant. Every attributes. An access request is in the form of a Token
computational step that is executed in a contract or request is created automatically after a comparison between
transaction requires gas, and each transaction includes a gas the users attributes to the pre-loaded one. Token represents
limit and a fee that it is willing to pay per gas. The price of the permission and the right of access. The token contains
the gas is decided by the miners, and miners have the choice the user's ID and address, date to expire, Token status, and
of including the transaction and collecting the fee or not delegation option fields. Depending on the attributes, the
(similar to the transaction fee in Bitcoin, wherein miners can Token is created with different values. Different scenarios
decide to get the fee or not). Ethereum clients automatically are given below.
purchase gas for the ether specified by the sender as
maximum expenditure for a transaction, and the excess gas • Scenario 1: Request a Service Access Token
not used by the transaction execution is returned to the A user requests a Token to access a service. The Smart
sender in ether. Therefore, overspending on the gas is not an contract verifies the identity of the user from his ID and his
issue because the user will only be charged for the gas address. The smart contract examines the attributes to give a
consumed by a transaction. Readers can refer to [7] [12] to request for access to the specific service from the pre-loaded
read more about Gas. conditions. If the attributes satisfy the conditions, a Token is
created and returned to the user, otherwise the request is
F. MINING AND PROOF-OF-WORK rejected. After having a Token, each access to the services is
Transactions are grouped together in blocks, which are then checked (verification of the expiration date and status of the
added to the blockchain through the process called mining. Token).
The mining process uses a proof-of-work (PoW) system
wherein miners all around the world use special software to • Scenario 2: Revoke an Access or User
solve mathematical problems. Blocks are connected and This is used to revoke an access of a user left the company
linked together to form a blockchain, where a new block is or who changed status that does not allow preserving the old
31
�permissions. The local manager sends a revocation request
containing "ID user" and Token to Smart contracts which in
turn add the user and their Tokens to the revocation list.
• Scenario 3: Request service access
To obtain a service provided in the Federation, an access
request will be made by the user by presenting their
"TOKEN ID" in the smart contract Verification which in
turn verifies this Token (@user, ID user, expiry date and
status of the Token) and returns access to the user. If the
answer is negative the request is rejected.
• Scenario 4: Service Delegation
If a user gives his Token to another user, when a service
access request is made the Smart Contracts Verification
Service takes the Token and the delegated user address and
checks whether it is Token with delegation. If it is the case,
the access to service is given.
H. Design and implementation
According to the scenarios presented above, we propose the
following design:
Figure 2: Component diagram
• Component Diagram
In our solution for this process, 5 components are proposed.
Figure 2 illustrates the component diagram and relationships • Sequence diagram
between components: We show in Figure 3, the sequence diagram to present how
the implementation functions and the different phases of our
• Service/Local User Manager: Its function is to add and process are working. The process consists of 5 phase:
identify all users of the company (ID, @, Attributes) and to 1. Loading policies phase to set the attributes in order to
manage add-on and revocations. have an access service.
2. The second phase is to create User in order to add users of
• Owner Manager: Several people are authorized by the companies.
company to define the attributes for the creation of a Token 3. The third phase is create Token, which is responsible for
and for the revocation conditions of the Token. giving users access to benefit from the services in the
federation.
• Smart contracts Add User: This Smart contract is pre- 4. Access Service phase is the fourth to verify the token
loaded by the data of all Users (ID, Attributes, address before giving the access.
User). This Contract represents the core of the project 5. Finally the revocations phase in order to revoke a user or
because it includes the main database which allows any user expired token.
to obtain access to the services.
• Smart contracts Token: The intelligent contract allows the
creation of Tokens by taking as input the Users ID. This
Smart contract is pre-loaded with attributes (defined by
Owner service).
• Smart contracts Authentication/Service: it takes as input
Token ID, then it checks if this Token exists in the
BlockChain and if it is valid. If yes it provides the service
otherwise the request is rejected.
Figure 3: Sequence Diagram (1/2)
32
� [6] L. Wang, D. Wijesekera, S. Jajodia. “A logic-based framework for
attribute based access control,” ACM workshop on Formal methods in
security engineering, pages 45-55, 2004.
[7] Ethereum. “Blockchain App Platform,” Accessed: Nov. 28, 2017.
www.ethereum.org/
[8] G. Wood. “Ethereum: A Secure Decentralised Generalised
TransactionLedger,” Yellow Paper. Accessed: Nov. 28,
2015.www.ethereum.github.io/yellowpaper/paper.pdf
[9] Jason Paul Cruz, “ RBAC-SC: Role-Based Access Control Using
Smart Contract,” Graduate School of Information Science and
Technology, Osaka University, Suita 565-0871. Japan ,March 7, 2018
[10] V. Gatteschi, F. Lamberti, C. Demartini, C. Pranteda and V.
Santamaría, "To Blockchain or Not to Blockchain: That Is the
Question,"in IT Professional, vol. 20, no 2, pp.62-74, Mar./Apr. 2018.
[11] Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin,
Konstantinos, Christidis Angelo,“Hyperledger Fabric: A Distributed
Operating System for Permissioned Blockchains,”
arXiv:1801.10228v2 [cs.DC] ,IBM, 17 Apr 2018.
[12] Imran Bashir, “Mastering Blockchain Distributed ledgers
decentralization and smart contracts explained“ First edition book
2017, www.packtpub.com.
Figure 4: Sequence Diagram (2/2) [13] Damiano Di Francesco Maesa, Paolo Mori, and Laura Ricci,
”Blockchain Based Access Control”, University of Pisa, Department
of Computer Science, Pisa, Italy.
[14] Jan Mendling et al., Blockchains for Business Process Management-
Challenges and Opportunities, in ACM Transactions on Management
Information Systems, Volume 9 Issue 1, February 2018
V. CONCLUSION
In this paper, we presented a new smart contract-based
authorization management system. It manages permissions
and rights of access to shared services in a federation of
enterprises. We proposed a blockchain-based management
system by adopting the ABAC access model. The
blockchain is a machine used to ensure that the execution of
transactions is carried out in strict accordance with
previously established rules. So it's a kind of digital trust.
According to the effectiveness of the platforms, we choose
Ethereum as a platform for our solution. In the ABAC
model, access control checks the presence and value of
application attributes defined at the account level. In this
solution, the confidence is obtained by:
• Validation of transactions before being added to blocks
• A transaction added to the Blockchain cannot be
modified or deleted.
As future work, we will work to raise the level of
security. More precisely, define other types of tokens and
will come out of the general Token for all the service in a
federation of companies in the specific Token at the same
service level and develop this process to become more
efficient.
REFERENCES
[1] Guillaume HARRY, “IAM - Gestion des identités et des accès :
concepts et états de l’art ,” CC-BY-NC-ND, 2017.www.crns.fr
[2] Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash
System,” October 2008 , www.bitcoin.org/bitcoin.pdf
[3] A. Jøsang, J. Fabre, B. Hay, J. Dalziel, S. Pope. “Trust Requirements
in Identity Management. Australasian Information Security
Workshop,” 2005 volume 44, pages 99-108, 2005.
[4] F. Cuppens, N. Cuppens-Boulahia. “ Les modèles de sécurité. Dans
Sécurité des systèmes d'information,” (Traité IC2, série Réseaux et
télécoms). Hermès, pages 13-48, 2006.
[5] Guillaume HARRY, “Failles de sécurité des applications Web,”
contenu sous licence Creative Commons CC-BY-NC-ND
CNRS,38pages,2012.www.resu.dsi.cnrs.fr/IMG/pdf/failles_de_securit
e_v1-3.pdf
33
�