摘要
大数据环境下,访问控制技术是确保数据安全共享的重要手段之一。针对传统集中式访问控制模型存在的授权粒度较粗、灵活性不足与扩展性差等问题,以区块链技术为基础,结合智能合约与基于属性的访问控制(Attribute-Based Access Control, ABAC)模型提出一种动态、灵活与细粒度的访问控制方案。首先,将用户信息以区块链中的交易为载体进行存储,保证数据的不可篡改、不可伪造与可追溯;其次,采用3种不同类型的智能合约分别对用户属性、访问策略以及信誉进行管理,实现全程透明、动态与细粒度的访问控制;再次,通过将信誉评估机制引入ABAC模型中,为不同的节点分配不同的访问权限,防止未经授权的访问并动态检查恶意节点;最后,通过搭建一个以太坊私有链实现本方案,仿真实验验证了该方案的有效性。
In the big data environment, access control technology is one of the important means to ensure data security sharing. In view of the coarse authorization granularity, insufficient flexibility and poor scalability in the traditional centralized access control model, this paper proposes a dynamic, flexible and fine-grained access control scheme based on blockchain technology by combining smart contracts and attribute-based access control(ABAC). First, the user information is stored with transactions in the blockchain as a carrier to ensure that the data is tamperproof, unforgeable, and traceable. Then, three different types of smart contracts are used to manage user attributes, access policies and reputation respectively, to achieve dynamic and fine-grained access control with full transparency. Next, this paper introduces the reputation evaluation mechanism into the ABAC model, assigns different access rights to different nodes, prevents unauthorized access and dynamically checks malicious nodes. Finally, we implement our proposed scheme in a private Ethereum blockchain and the simulation experiments verify the effectiveness of this scheme.
作者
巴阳
陈越
胡学先
刘扬
徐阳
BA Yang;CHEN Yue;HU Xuexian;LIU Yang;XU Yang(Information Engineering University,Zhengzhou 450001,China;School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2022年第5期608-616,共9页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(62172433,6217434,61862011)。
