TTECCDU: a blockchain-based approach for expressive authorization management

Abstract

Authorization uses the access control policies to allow or limit a user the access to a resource. Blockchain-based access control models are used to manage authorization in a decentralized way. Many approaches exist that have provided the distributed access control frameworks which are user driven, transparent and provide fairness with its distributed architecture. Some approaches have used authorization tokens as access control mechanisms and mostly have used smart contracts for the authorization process. The problem is that most of the approaches rely on a single authorization factor like either trust or temporal; however, none has considered other important factors like cost, cardinality, or usage constraints of a resource making the existing approaches less expressive and coarse-grained. Also, the approaches using smart contracts are either complex in design or have high gas cost. To the best of our knowledge, there is no approach that uses all the important authorization factors in a unified framework. In this article, we present an authorization framework: TTECCDU that consists of multi-access control models i.e., trust-based, cost-based, temporal-based, cardinality-based, and usage-based to provide strong and expressive authorization mechanism. TTECCDU also handles the delegation context for authorization decisions. The proposed framework is implemented using smart contracts which are written in a modular form so that they are easily manageable and can be re-deployed when needed. Performance evaluation results show that our smart contracts are written in an optimized manner which consume 60.4% less gas cost when the trust-based access is compared and 59.2% less gas cost when other proposed smart contracts from our approach are compared to the existing approaches.