TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications

Aisyah Ismail; Qian Wu; Mark Toohey; Young Choon Lee; Zhongli Dong; Albert Y. Zomaya

doi:10.1109/Blockchain53845.2021.00088

TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications

Aisyah Ismail, Qian Wu, Mark Toohey, Young Choon Lee, Zhongli Dong, Albert Y. Zomaya

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

6 Citations (Scopus)

Abstract

The use of smart contracts for access control has shown to be promising as it ensures integrity and governs access to stored data, thanks to blockchain's immutability. While several recent studies have shown such usage, their applicability to supply chain applications remains limited due to less governance control capability and implementation complexity with smart contracts. This paper proposes the use of a tokenized role-attribute based access control (TRABAC) as a two-level access control for supply chain applications. In particular, TRABAC combines the simplicity of Role-Based Access Control (RBAC) and the flexibility and fine-grained capacity of Attribute-Based Access Control (ABAC). We consider these methods coupled with the use of Non-Fungible Token (NFT) as virtual assets in the supply chain. We also define four roles or parties that can have distinct and varied access rights. These roles are incorporated into TRABAC. The efficacy of TRABAC has been evaluated in five access control scenarios. Our experimental results show that TRABAC is capable of delegating access to four different supply chain roles. Importantly, TRABAC can effectively prevent unauthorized access requests by accounts that lack a valid Level 1 role or accounts that lack a valid token attribute or a tag in Level 2 of TRABAC.

Original language	English
Title of host publication	Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021
Editors	Yang Xiang, Ziyuan Wang, Honggang Wang, Valtteri Niemi
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	584-589
Number of pages	6
ISBN (Electronic)	9781665417600
DOIs	https://doi.org/10.1109/Blockchain53845.2021.00088
Publication status	Published - 2021
Event	4th IEEE International Conference on Blockchain, Blockchain 2021 - Melbourne, Australia Duration: 6 Dec 2021 → 8 Dec 2021

Publication series

Name	Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021

Conference

Conference	4th IEEE International Conference on Blockchain, Blockchain 2021
Country/Territory	Australia
City	Melbourne
Period	6/12/21 → 8/12/21

Access to Document

10.1109/Blockchain53845.2021.00088

Cite this

Ismail, A., Wu, Q., Toohey, M., Lee, Y. C., Dong, Z., & Zomaya, A. Y. (2021). TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications. In Y. Xiang, Z. Wang, H. Wang, & V. Niemi (Eds.), Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021 (pp. 584-589). (Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/Blockchain53845.2021.00088

Ismail, Aisyah ; Wu, Qian ; Toohey, Mark et al. / TRABAC : a tokenized role-attribute based access control using smart contract for supply chain applications. Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021. editor / Yang Xiang ; Ziyuan Wang ; Honggang Wang ; Valtteri Niemi. Piscataway, NJ : Institute of Electrical and Electronics Engineers (IEEE), 2021. pp. 584-589 (Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021).

@inproceedings{216ba93485dd44b2b080d037d244fd59,

title = "TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications",

abstract = "The use of smart contracts for access control has shown to be promising as it ensures integrity and governs access to stored data, thanks to blockchain's immutability. While several recent studies have shown such usage, their applicability to supply chain applications remains limited due to less governance control capability and implementation complexity with smart contracts. This paper proposes the use of a tokenized role-attribute based access control (TRABAC) as a two-level access control for supply chain applications. In particular, TRABAC combines the simplicity of Role-Based Access Control (RBAC) and the flexibility and fine-grained capacity of Attribute-Based Access Control (ABAC). We consider these methods coupled with the use of Non-Fungible Token (NFT) as virtual assets in the supply chain. We also define four roles or parties that can have distinct and varied access rights. These roles are incorporated into TRABAC. The efficacy of TRABAC has been evaluated in five access control scenarios. Our experimental results show that TRABAC is capable of delegating access to four different supply chain roles. Importantly, TRABAC can effectively prevent unauthorized access requests by accounts that lack a valid Level 1 role or accounts that lack a valid token attribute or a tag in Level 2 of TRABAC.",

author = "Aisyah Ismail and Qian Wu and Mark Toohey and Lee, {Young Choon} and Zhongli Dong and Zomaya, {Albert Y.}",

year = "2021",

doi = "10.1109/Blockchain53845.2021.00088",

language = "English",

series = "Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "584--589",

editor = "Yang Xiang and Ziyuan Wang and Honggang Wang and Valtteri Niemi",

booktitle = "Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021",

address = "United States",

note = "4th IEEE International Conference on Blockchain, Blockchain 2021 ; Conference date: 06-12-2021 Through 08-12-2021",

}

Ismail, A, Wu, Q, Toohey, M, Lee, YC, Dong, Z & Zomaya, AY 2021, TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications. in Y Xiang, Z Wang, H Wang & V Niemi (eds), Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021. Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021, Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, pp. 584-589, 4th IEEE International Conference on Blockchain, Blockchain 2021, Melbourne, Australia, 6/12/21. https://doi.org/10.1109/Blockchain53845.2021.00088

TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications. / Ismail, Aisyah; Wu, Qian; Toohey, Mark et al.
Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021. ed. / Yang Xiang; Ziyuan Wang; Honggang Wang; Valtteri Niemi. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2021. p. 584-589 (Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - TRABAC

T2 - 4th IEEE International Conference on Blockchain, Blockchain 2021

AU - Ismail, Aisyah

AU - Wu, Qian

AU - Toohey, Mark

AU - Lee, Young Choon

AU - Dong, Zhongli

AU - Zomaya, Albert Y.

PY - 2021

Y1 - 2021

N2 - The use of smart contracts for access control has shown to be promising as it ensures integrity and governs access to stored data, thanks to blockchain's immutability. While several recent studies have shown such usage, their applicability to supply chain applications remains limited due to less governance control capability and implementation complexity with smart contracts. This paper proposes the use of a tokenized role-attribute based access control (TRABAC) as a two-level access control for supply chain applications. In particular, TRABAC combines the simplicity of Role-Based Access Control (RBAC) and the flexibility and fine-grained capacity of Attribute-Based Access Control (ABAC). We consider these methods coupled with the use of Non-Fungible Token (NFT) as virtual assets in the supply chain. We also define four roles or parties that can have distinct and varied access rights. These roles are incorporated into TRABAC. The efficacy of TRABAC has been evaluated in five access control scenarios. Our experimental results show that TRABAC is capable of delegating access to four different supply chain roles. Importantly, TRABAC can effectively prevent unauthorized access requests by accounts that lack a valid Level 1 role or accounts that lack a valid token attribute or a tag in Level 2 of TRABAC.

AB - The use of smart contracts for access control has shown to be promising as it ensures integrity and governs access to stored data, thanks to blockchain's immutability. While several recent studies have shown such usage, their applicability to supply chain applications remains limited due to less governance control capability and implementation complexity with smart contracts. This paper proposes the use of a tokenized role-attribute based access control (TRABAC) as a two-level access control for supply chain applications. In particular, TRABAC combines the simplicity of Role-Based Access Control (RBAC) and the flexibility and fine-grained capacity of Attribute-Based Access Control (ABAC). We consider these methods coupled with the use of Non-Fungible Token (NFT) as virtual assets in the supply chain. We also define four roles or parties that can have distinct and varied access rights. These roles are incorporated into TRABAC. The efficacy of TRABAC has been evaluated in five access control scenarios. Our experimental results show that TRABAC is capable of delegating access to four different supply chain roles. Importantly, TRABAC can effectively prevent unauthorized access requests by accounts that lack a valid Level 1 role or accounts that lack a valid token attribute or a tag in Level 2 of TRABAC.

UR - http://www.scopus.com/inward/record.url?scp=85125660690&partnerID=8YFLogxK

U2 - 10.1109/Blockchain53845.2021.00088

DO - 10.1109/Blockchain53845.2021.00088

M3 - Conference proceeding contribution

AN - SCOPUS:85125660690

T3 - Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021

SP - 584

EP - 589

BT - Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021

A2 - Xiang, Yang

A2 - Wang, Ziyuan

A2 - Wang, Honggang

A2 - Niemi, Valtteri

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

Y2 - 6 December 2021 through 8 December 2021

ER -

Ismail A, Wu Q, Toohey M, Lee YC, Dong Z, Zomaya AY. TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications. In Xiang Y, Wang Z, Wang H, Niemi V, editors, Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). 2021. p. 584-589. (Proceedings - 2021 IEEE International Conference on Blockchain, Blockchain 2021). doi: 10.1109/Blockchain53845.2021.00088

TRABAC: a tokenized role-attribute based access control using smart contract for supply chain applications

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this