Mohsin Ur Rahman

Mohsin Ur Rahman

Role-based access control (RBAC) policies represent the rights of subjects in terms of roles to access resources. This research proposes a scalable, flexible and auditable RBAC system using the EOS blockchain platform to meet the security requirements of organizations. The EOS blockchain platform for developing smart contract and decentralized applications (DAPPs) aims to address the scalability problem found in existing blockchain platforms. This smart contract platform aims to eliminate transaction fees while conducting millions of transactions per second. In our proposed approach, the EOS blockchain transparently stores RBAC policies. Administrative roles control access to resources at a higher level according to the way organisations perform operations. An organisation creates roles, role hierarchies and constraints to regulate user actions. Therefore, once an RBAC framework is established, the administrative user (issuer) only needs to grant and revoke roles to support changes in the organisational structure. Our proposed blockchain-based RBAC supports delegation capabilities using gaseless transactions which makes it adoptable and appealing in a large number of application scenarios. Our proposed solution is application-agnostic and well-suited for diverse use cases. Existing state-of-the art security frameworks are not suitable due to the difficulty of scale, higher cost and single point of failure. Consequently, organisations demand a scalable, cost-effective and lightweight access control solution which can better protect their privacy as well. A proof of concept implementation is developed based on the EOS blockchain. Our experimental results and analysis clearly show that our EOS blockchain-based RBAC outperforms existing blockchain platforms in terms of cost, latency, block generation time, contract execution time and throughput.

Mohsin Ur Rahman, Fabrizio Baiardi, Barbara Guidi et al.

Decentralized Online Social Networks (DOSNs) have been proposed as an alternative solution to the current centralized Online Social Networks (OSNs). Online Social Networks are based on centralized architecture (e.g., Facebook, Twitter, or Google+), while DOSNs do not have a service provider that acts as central authority and users have more control over their information. Several DOSNs have been proposed during the last years. However, the decentralization of the OSN requires efficient solutions for protecting the privacy of users, and to evaluate the trust between users. Blockchain represents a disruptive technology which has been applied to several fields, among these also to Social Networks. In this paper, we propose a manageable, user-driven and auditable access control framework for DOSNs using blockchain technology. In the proposed approach, the blockchain is used as a support for the definition of privacy policies. The resource owner uses the public key of the subject to define flexible role-based access control policies, while the private key associated with the subject's Ethereum account is used to decrypt the private data once access permission is validated on the blockchain. We evaluate our solution by exploiting the Rinkeby Ethereum testnet to deploy the smart contract, and to evaluate its performance. Experimental results show the feasibility of the proposed scheme in achieving auditable and user-driven access control via smart contract deployed on the Blockchain.