Distributed Attribute-Based Access Control System Using a Permissioned Blockchain
This work addresses the need for secure and transparent auditing in access control systems, particularly for domains like digital libraries, though it is incremental as it applies blockchain to an existing ABAC framework.
The authors tackled the problem of providing trusted auditing for access control systems by proposing a distributed Attribute-Based Access Control (ABAC) system using a permissioned blockchain, achieving a latency of 0.3 seconds while processing 5,000 requests at a rate of 200 per second.
Auditing provides an essential security control in computer systems, by keeping track of all access attempts, including both legitimate and illegal access attempts. This phase can be useful to the context of audits, where eventual misbehaving parties can be held accountable. Blockchain technology can provide trusted auditability required for access control systems. In this paper, we propose a distributed \ac{ABAC} system based on blockchain to provide trusted auditing of access attempts. Besides auditability, our system presents a level of transparency that both access requestors and resource owners can benefit from it. We present a system architecture with an implementation based on Hyperledger Fabric, achieving high efficiency and low computational overhead. The proposed solution is validated through a use case of independent digital libraries. Detailed performance analysis of our implementation is presented, taking into account different consensus mechanisms and databases. The experimental evaluation shows that our presented system can process 5,000 access control requests with the send rate of 200 per second and a latency of 0.3 seconds.