学术文献库

Role-based access control (RBAC) policies represent the rights of subjects in terms of roles to access resources. This research proposes a scalable, flexible and auditable RBAC system using the EOS blockchain platform to meet the security requirements of organizations. The EOS blockchain platform for developing smart contract and decentralized applications (DAPPs) aims to address the scalability problem found in existing blockchain platforms. This smart contract platform aims to eliminate transaction fees while conducting millions of transactions per second. In our proposed approach, the EOS blockchain transparently stores RBAC policies. Administrative roles control access to resources at a higher level according to the way organisations perform operations. An organisation creates roles, role hierarchies and constraints to regulate user actions. Therefore, once an RBAC framework is established, the administrative user (issuer) only needs to grant and revoke roles to support changes in the organisational structure. Our proposed blockchain-based RBAC supports delegation capabilities using gaseless transactions which makes it adoptable and appealing in a large number of application scenarios. Our proposed solution is application-agnostic and well-suited for diverse use cases. Existing state-of-the art security frameworks are not suitable due to the difficulty of scale, higher cost and single point of failure. Consequently, organisations demand a scalable, cost-effective and lightweight access control solution which can better protect their privacy as well. A proof of concept implementation is developed based on the EOS blockchain. Our experimental results and analysis clearly show that our EOS blockchain-based RBAC outperforms existing blockchain platforms in terms of cost, latency, block generation time, contract execution time and throughput.