Efficient Blockchain Enabled Attribute-based Access Control as a Service.

In recent years, Attribute-Based Access Control (ABAC) has become popular in organizations implementing fine grained control of access to their data, systems and other resources. However, migration from existing non-ABAC systems is not only time consuming, it also requires significant redesigning of application code. Providing ABAC as a cloud service can help in this process by eliminating the need for ab initio development of ABAC support in already running stable applications. While attractive from a management perspective, there is always a concern for security of the cloud service itself. In this paper, we propose ABAC as a service with security guarantee provided through the use of blockchain, specifically Ethereum. We build an effective functionality that enables user organizations to verify whether its access control data as well as access mediation decisions made by the cloud service were indeed done in an authorized manner. All the changes to the various ABAC components along with access history are added to the Ethereum blockchain using efficiently written smart contracts in Solidity. We have developed a prototype system on the Rinkeby Ethereum test network. Experimental results demonstrate that the proposed approach is effective and incurs only a modest additional cost.