软件学报 ISSN 1000-9825, CODEN RUXUEW                                       E-mail: jos@iscas.ac.cn
                 Journal of Software,2021,32(5):1547−1564 [doi: 10.13328/j.cnki.jos.006011]   http://www.jos.org.cn
                 ©中国科学院软件研究所版权所有.                                                         Tel: +86-10-62562563


                                                              ∗
                 一种基于区块链的域间访问控制模型

                      1,2
                                        1,2
                               1,2
                 张建标 ,   张兆乾 ,   徐万山 ,   吴   娜  1,2
                 1
                 (北京工业大学  信息学部,北京   100124)
                 2
                 (可信计算北京市重点实验室(北京工业大学),北京  100124)
                 通讯作者:  张建标, E-mail: zjb@bjut.edu.cn

                 摘   要:  云计算、物联网和移动互联网等新型计算模式的出现,使得域间相互访问以及数据共享的需求不断扩
                 大,而目前“中心化”的传统访问控制技术所显现出的访问控制策略执行不透明、动态数据管理不灵活、资源拥有
                 者自主性差,使其难以满足海量、动态和分布的新型计算模式.提出了一种以 ABAC 模型为基础、以区块链为交互
                 方式的域间访问控制模型.介绍了 ABAC 模型和区块链的技术原理、特点、研究现状,详细阐述了模型框架,对
                 ABAC 模型进行了形式化定义;同时,对模型中的智能合约进行了具体描述,给出了本模型在具体场景中的应用和具
                 体的访问控制流程;最后对比了现有的研究方案.该模型可以为域间访问提供标准化的安全、便捷、自主且细粒度
                 的访问控制.
                 关键词:  区块链;ABAC;跨域;访问控制;数据共享
                 中图法分类号: TP393

                 中文引用格式:  张建标,张兆乾,徐万山,吴娜.一种基于区块链的域间访问控制模型.软件学报,2021,32(5):1547−1564.
                 http://www. jos.org.cn/1000-9825/6011.htm
                 英文引用格式: Zhang JB, Zhang ZQ, Xu WS, Wu N. Inter-domain access control model based on blockchain. Ruan Jian Xue
                 Bao/Journal of Software, 2021,32(5):1547−1564 (in Chinese). http://www.jos.org.cn/1000-9825/6011.htm

                 Inter-domain Access Control Model Based on Blockchain
                               1,2
                                                                1,2
                                                  1,2
                 ZHANG Jian-Biao ,  ZHANG Zhao-Qian ,   XU Wan-Shan ,  WU Na 1,2
                 1 (Faculty of InformationTechnology, Beijing University of Technology, Beijing 100124, China)
                 2 (Beijing Key Laboratory of Trusted Computing (Beijing University of Technology), Beijing 100124, China)
                 Abstract:    The emergence of new computing paradigms such as cloud computing, the Internet of Things, and the mobile Internet has
                 increased the need for inter-domain access and data sharing, while at present the “centralized” traditional access control technology have
                 showed opaque of access control policy execution, inflexibility of dynamic data management, low-autonomy of resource owners, these
                 shortcomings make it difficult to satisfy the requirements of access control for new computing paradigms with massive, dynamic, and
                 distributed features,  an inter-domain access  control  model based on ABAC  model  and blockchain interaction is proposed.  This paper
                 introduces the technical principle, characteristics and research status of the ABAC model and blockchain, elaborates the model framework,
                 defines the definition of the ABAC model. At the same time, the smart contract in the model is described in detail, and the application in
                 the specific scenario and the specific access control flow are given. Finally, compared with the existing research solution, this model can
                 provide standardized security, convenient, autonomous, and fine-grained access control for inter-domain access.
                 Key words:    blockchain; ABAC; cross-domain; access control; data sharing

                    随着互联网的迅猛发展,数据成为网络时代最重要的资源.各种安全域之间的数据交换共享变得必不可少,

                   ∗  基金项目:  北京市自然科学基金(M21039);  北京工业大学国际种子基金(2018A01)
                      Foundation item: Natural Science Foundation of Beijing Municipality (M21039); International Research Cooperation Seed Fund of
                 Beijing University of Technology (2018A01)
                      收稿时间: 2019-08-10;  修改时间: 2019-10-19;  采用时间: 2019-12-19