Poster: Zero Trust Driven Architecture for Blockchain-Based Access Control Delegation
Authors: 
Rahma Mukta, Shantanu Pal, Michael Hitchens, Hye-Young (Helen) Paik, 
Salil S KanhereAuthors Info & Claims
Abstract
Granting access and controlling access rights for online services is challenging in a highly dynamic and large-scale systems. In particular, the secure propagation of access right delegation is a major issue. Many proposals present access control issues for large-scale systems, however, little attention has been given to flexible and secure delegation in such dynamic systems. This article presents an approach to address such a delegation issue for large-scale systems using blockchain technology. We propose a blockchain-based delegation model that employs, i) self-sovereign identity (SSI) for user/device authentication, and ii) a restricted yet flexibly propagatable delegation process using the sanitizable signature scheme without the need for a centralized system. The goal of our primitive is to propose a Zero Trust architecture for access control delegation. To demonstrate the feasibility of our proposed architecture, we evaluate the system execution time using a sanitizable signature within a hyperledger fabric network. This work is in progress to further evaluate the system's efficiency in delegating access rights.
References
[1]
G. Ateniese, D. Chou, B. de Medeiros, and G. Tsudik. 2005. Sanitizable Signatures. In Computer Security - ESORICS. Springer, 159--177.
[2]
Christoph Buck, Christian Olenberger, André Schweizer, Fabiane Völter, and Torsten Eymann. 2021. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Computers & Security 110 (2021), 102436.
[3]
J. Camenisch, D. Derler, S. Krenn, H. Pöhls, K. Samelin, and D. Slamanig. 2017. Chameleon-Hashes with Ephemeral Trapdoors. In Public-Key Cryptography - PKC, S. Fehr (Ed.). Springer, Berlin, Heidelberg, 152--182.
[4]
R. Mukta, J. Martens, H. Paik, Q. Lu, and S. S. Kanhere. 2020. Blockchain-Based Verifiable Credential Sharing with Selective Disclosure. In TrustCom. 959--966.
[5]
Shantanu Pal, Ali Dorri, and Raja Jurdak. 2022. Blockchain for IoT access control: Recent trends and future research directions. Journal of Network and Computer Applications 203 (2022), 103371.
[6]
Shantanu Pal, Tahiry Rabehaja, Michael Hitchens, Vijay Varadharajan, and Ambrose Hill. 2019. On the design of a flexible delegation model for the Internet of Things using blockchain. IEEE Transactions on Industrial Informatics 16, 5 (2019), 3521--3530.
[7]
Simon Parkinson and Saad Khan. 2022. A survey on empirical security analysis of access-control systems: a real-world perspective. ACM Comput. Surv. 55, 6 (2022), 1--28.
[8]
Y. Rouselakis and B. Waters. 2015. Efficient Statically-Secure Large-Universe Multi-Authority Attribute-Based Encryption. In Financial Cryptography and Data Security, R. Böhme and T. Okamoto (Eds.). Springer, 315--332.
[9]
B. Shneiderman. 1984. Response Time and Display Rate in Human Performance with Computers. ACM Comput. Surv. 16, 3 (1984), 265--285.
[10]
Claudio Zanasi, Silvio Russo, and Michele Colajanni. 2024. Flexible zero trust architecture for the cybersecurity of industrial IoT infrastructures. Ad Hoc Networks (2024), 103414.
Index Terms
- Poster: Zero Trust Driven Architecture for Blockchain-Based Access Control Delegation
Recommendations
Blockchain based permission delegation and access control in Internet of Things (BACI)
AbstractAccess control with permission delegation mechanism allows fine granular access to secure resources. In the literature, existing architectures for permission delegation and access control are either event-based or query-based. These ...
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Delegation in role-based access control
ESORICS'06: Proceedings of the 11th European conference on Research in Computer SecurityUser delegation is a mechanism for assigning access rights available to a user to another user. A delegation operation can either be a grant or transfer operation. Delegation for role-based access control models have extensively studied grant ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2024
140 pages
ISBN:9798400707179
DOI:10.1145/3672202
- Co-chairs:
- Aruna Seneviratne,
- Darryl Veitch,
- Program Co-chairs:
- Vyas Sekar,
- Minlan Yu
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 August 2024
Check for updates
Author Tags
Qualifiers
- Short-paper
Conference
ACM SIGCOMM Posters and Demos '24
Sponsor:
ACM SIGCOMM Posters and Demos '24: ACM SIGCOMM 2024 Conference: Posters and Demos
August 4 - 8, 2024
NSW, Sydney, Australia
Acceptance Rates
Overall Acceptance Rate 92 of 158 submissions, 58%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 379Total Downloads
- Downloads (Last 12 months)379
- Downloads (Last 6 weeks)44
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in