Blockchain Based Auditable Access Control for Distributed Business Processes

Ahmed Akhtar¹, Basit Shafiq¹, Jaideep Vaidya², Ayesha Afzal³, Shafay Shamail¹, Omer Rana⁴

Affiliations

¹ Computer Science Department, Lahore University of Management Sciences, Lahore, Pakistan.
² MSIS Department, Rutgers University, Newark, USA.
³ Computer Science Department, Air University, Multan, Pakistan.
⁴ School of Computer Science, & Informatics, Cardiff University, Cardiff, UK.

PMID: 33972821
PMCID: PMC8105781
DOI: 10.1109/ICDCS47774.2020.00015

Blockchain Based Auditable Access Control for Distributed Business Processes

Ahmed Akhtar et al. Proc Int Conf Distrib Comput Syst. 2020 Nov-Dec.

. 2020 Nov-Dec:2020:12-22.

doi: 10.1109/ICDCS47774.2020.00015. Epub 2021 Feb 23.

Authors

Ahmed Akhtar¹, Basit Shafiq¹, Jaideep Vaidya², Ayesha Afzal³, Shafay Shamail¹, Omer Rana⁴

Affiliations

¹ Computer Science Department, Lahore University of Management Sciences, Lahore, Pakistan.
² MSIS Department, Rutgers University, Newark, USA.
³ Computer Science Department, Air University, Multan, Pakistan.
⁴ School of Computer Science, & Informatics, Cardiff University, Cardiff, UK.

PMID: 33972821
PMCID: PMC8105781
DOI: 10.1109/ICDCS47774.2020.00015

Abstract

The use of blockchain technology has been proposed to provide auditable access control for individual resources. However, when all resources are owned by a single organization, such expensive solutions may not be needed. In this work we focus on distributed applications such as business processes and distributed workflows. These applications are often composed of multiple resources/services that are subject to the security and access control policies of different organizational domains. Here, blockchains can provide an attractive decentralized solution to provide auditability. However, the underlying access control policies may be overlapping in terms of the component conditions/rules, and simply using existing solutions would result in repeated evaluation of user's authorization separately for each resource, leading to significant overhead in terms of cost and computation time over the blockchain. To address this challenge, we propose an approach that formulates a constraint optimization problem to generate an optimal composite access control policy. This policy is in compliance with all the local access control policies and minimizes the policy evaluation cost over the blockchain. The developed smart contract(s) can then be deployed to the blockchain, and used for access control enforcement. We also discuss how the access control enforcement can be audited using a game-theoretic approach to minimize cost. We have implemented the initial prototype of our approach using Ethereum as the underlying blockchain and experimentally validated the effectiveness and efficiency of our approach.

Keywords: Access Control; Blockchain; Business Processes; Workflows; XACML.

PubMed Disclaimer

Figures

**Fig. 1.**
Emergency Management Workflow

**Fig. 2.**
Assignment grading BP from virtual university domain

**Fig. 3.**
Access control policy graphs of a few services from assignment grading BP

**Fig. 4.**
Architectural view of the proposed approach for BP access control over blockchain

**Fig. 5.**
Global mediated access control policy graph shown in outermost dashed rectangular box, and fragments of composite access control policy shown in small rectangular boxes

**Fig. 6.**
Policy evaluation and enforcement mechanism for BP over blockchain

**Fig. 7.**
Cheating Detection Probability for different levels of cheating and different number of smart contracts checked

**Fig. 8.**
Minimum number of smart contracts that need to be verified to ensure sufficient detection probability

**Fig. 9.**
Cost comparison of Assignment Grading BP for 2500 Evaluations

**Fig. 10.**
Cost comparison of different degrees of overlap for 2500 Evaluations

See this image and copyright information in PMC

Cited by

Blockchain Based Auditable Access Control For Business Processes With Event Driven Policies.
Akhtar A, Barati M, Shafiq B, Rana O, Afzal A, Vaidya J, Shamail S. Akhtar A, et al. IEEE Trans Dependable Secure Comput. 2024 Sep-Oct;21(5):4699-4716. doi: 10.1109/tdsc.2024.3356811. Epub 2024 Jan 22. IEEE Trans Dependable Secure Comput. 2024. PMID: 39398103 Free PMC article.
A Service-oriented Framework for Developing Personalized Patient Care Plans for COVID-19.
Elahraf A, Afzal A, Akhtar A, Shafiq B, Vaidya J. Elahraf A, et al. Proc Int Conf Digit Gov Res. 2021 Jun;2021:234-241. doi: 10.1145/3463677.3463742. Epub 2021 Jun 9. Proc Int Conf Digit Gov Res. 2021. PMID: 35224568 Free PMC article.
Towards Supporting Attribute-Based Access Control in Hyperledger Fabric Blockchain.
Pericherla A, Paul P, Sural S, Vaidya J, Atluri V. Pericherla A, et al. IFIP Adv Inf Commun Technol. 2022 Jun;648:360-376. doi: 10.1007/978-3-031-06975-8_21. Epub 2022 Jun 3. IFIP Adv Inf Commun Technol. 2022. PMID: 36544863 Free PMC article.

References

1. Mei H, Huang G, and Xie T, “Internetware: A software paradigm for internet computing,” Computer, vol. 45, no. 6, pp. 26–31, 2012.
1. Afzal A, Shafiq B, Shamail S, Elahraf A, Vaidya J, and Adam NR, “Assemble: Attribute, structure and semantics based service mapping approach for collaborative business process development,” IEEE Transactions on Services Computing, 2018.
1. Im J, Kim S, and Kim D, “Iot mashup as a service: cloud-based mashup service for the internet of things,” in 2013 IEEE International Conference on Services Computing, pp. 462–469, IEEE, 2013.
1. Ranchal R, Bhargava B, Angin P, and Othmane LB, “Epics: A framework for enforcing security policies in composite web services,” IEEE Transactions on Services Computing, 2018.
1. Shafiq B, Ghayyur S, Masood A, Pervaiz Z, Almutairi A, Khan F, and Ghafoor A, “Composability verification of multi-service workflows in a policy-driven cloud computing environment,” IEEE Transactions on Dependable and Secure Computing, vol. 14, pp. 478–493, September. 2017.

Grants and funding

LinkOut - more resources

Full Text Sources
- Europe PubMed Central
- PubMed Central

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Blockchain Based Auditable Access Control for Distributed Business Processes

Affiliations

Blockchain Based Auditable Access Control for Distributed Business Processes

Authors

Affiliations

Abstract

Figures

Similar articles

Cited by

References

Grants and funding

LinkOut - more resources

Full Text Sources