计算机应用 ›› 2020, Vol. 40 ›› Issue (6): 1674-1679.DOI: 10.11772/j.issn.1001-9081.2019101780

• 网络空间安全 • 上一篇    下一篇

基于区块链和用户信用度的访问控制模型

王海勇1, 潘启青2, 郭凯璇2   

  1. 1.南京邮电大学 计算机学院,南京 210003
    2.南京邮电大学 物联网学院, 南京 210003
  • 收稿日期:2019-10-20 修回日期:2019-12-02 出版日期:2020-06-10 发布日期:2020-06-18
  • 通讯作者: 潘启青(1994—)
  • 作者简介:王海勇(1979—),男,江苏南京人,副研究员,博士,CCF会员,主要研究方向:计算机网络与安全、信息网络.潘启青(1994—),女,江苏南京人,硕士研究生,主要研究方向:区块链、智能合约、访问控制.郭凯璇(1991—),女,山东枣庄人,硕士研究生,主要研究方向:区块链、共识算法、物联网。
  • 基金资助:

    江苏省教育信息化研究资助重点课题(20172105);江苏省现代教育技术研究2017年度智慧校园专项课题(2017-R-59518);南京邮电大学教学改革重点项目(JG06717JX66);南京邮电大学校园信息化创新项目(NYXX217002,NYXX217004);赛尔网络下一代互联网技术创新项目(NGII20180620)。

Access control model based on blockchain and user credit

WANG Haiyong1, PAN Qiqing2, GUO Kaixuan2   

  1. 1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China
    2. School of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China
  • Received:2019-10-20 Revised:2019-12-02 Online:2020-06-10 Published:2020-06-18
  • Contact: PAN Qiqing, born in 1994, M. S. candidate. Her research interests include blockchain, intelligent contract, access control.
  • About author:PAN Qiqing, born in 1994, M. S. candidate. Her research interests include blockchain, intelligent contract, access control.WANG Haiyong, born in 1979, Ph. D., associate research follow. His research interests include computer network and security, information network.GUO Kaixuan, born in 1991, M. S. candidate. Her research interests include blockchain, consensus algorithm, Internet of things.
  • Supported by:

    Jiangsu Provincial Education Informationization Research Funded Key Topic (20172105),the Modern Education Technology Research 2017 Smart Campus Special Topic of Jiangsu Province (2017-R-59518), the Teaching Reform Key Project of Nanjing University of Posts and Telecommunications (JG06717JX66), the Campus Informationization Innovation Project of Nanjing University of Posts and Telecommunications (NYXX217002,NYXX217004), the CERNET Innovation Project (NGII20180620).

摘要:

针对当前访问控制中用户权限不能随着时间动态变化和访问控制合约中存在的安全性问题,提出了一种以基于角色的访问控制(RBAC)模型为基础,同时基于区块链和用户信用度的访问控制模型。首先,角色发布组织分发角色给相关用户,并把访问控制策略通过智能合约的方式存储在区块链中,该合约设定了访问信用度阈值,合约信息对系统内任何服务提供组织都是可验证、可追溯且不可篡改的。其次,该模型根据用户的当前信用度、历史信用度和推荐信用度评估出最终信用度,并根据最终信用度获得对应角色的访问权限。最后,当用户信用度达到合约设定的信用度阈值时,用户就可以访问相应的服务组织。实验结果表明,该模型在安全访问控制上具有一定的细粒度、动态性和安全性。

关键词: 区块链, 智能合约, 基于角色的访问控制模型, 访问控制, 用户信用度

Abstract:

Focusing on the problem that user privileges cannot dynamically change with time in the current access control and the security problems in the access control contract, an access control model based on Role-Based Access Control (RBAC) model, blockchain and user credit was proposed. Firstly, the roles were distributed to relevant users by the role publishing organization, and the access control strategy was stored in the blockchain through smart contract method. In the contract, the access credit threshold was set, and the contract information was verifiable, traceable and tamper-proof to any service provider organization in the system. Secondly, the final credit was evaluated by the model according to current credit, historical credit and recommended credit of the user, and the access privileges of the corresponding role was obtained based on the final credit. Finally, when the user credit reached the credit threshold set in the contract, the user can access the corresponding service organization. Experimental results show that the proposed model has certain fine granularity, dynamicity and security in the security access control.

Key words: blockchain, smart contract, Role-Based Access Control (RBAC) model, access control, user credit

中图分类号: