| Access Control(AC)plays an important role in securing information systems.Traditionally,AC was designed towards a single management domain and used a centralized architecture to perform its functions.With the development of information and communication technology,multi-domain collaborative systems including different management domains are becoming increasingly popular.The lack of a single authority makes the legacy architecture fail to be applied in multi-domain access control(MDAC).Blockchain can establish mutual trust between multiple parties in a decentralized environment.Existing research has explored how to use blockchain to achieve MDAC from different aspects.However,the matching of AC characteristics and blockchain capabilities has not been fully considered,which makes the realized AC functions suffer from security and efficiency issues.Focusing on the canonical process of AC,which includes request initiation,request verification,and content delivery,this thesis identifies three major problems including user privacy leakage,slow request verification,and limited delivery utility.To solve these problems,it proposes three blockchain optimization mechanisms,including a data anonymization mechanism,a parallel execution mechanism,and a computational offloading mechanism.The main contributions of this thesis are as follows:To address the challenge of user privacy leakage caused by blockchain application layer transparency,a blockchain data anonymization mechanism based on zero-knowledge proof is investigated.By utilizing zero-knowledge proof tools,account-hiding AC operations and blockchain verification rules are designed to achieve permission concealment and requester anonymity.After that,two extension models,including repeatable and conditional permission delegation,are designed to improve the expressive ability of basic model.Experimental results show that the verification overhead of the designed zero-knowledge proof is about10 ms,the blockchain throughput can reach 400 tx/s,and the transaction latency is only 100 ms.To address the challenge of slow request validation due to execution redundancy at the blockchain application layer,an Echo consensus based blockchain parallel execution mechanism is investigated.Specifically,based on the blockchain sorting-execution separation architecture,each access request is validated on the blockchain with minimum redundancy,while validation of different request is performed in parallel on blockchain nodes.The execution results are synchronized to all nodes via Echo messages,thus enabling log compression and garbage collection of the system.Besides,echo batching and load-balancing techniques are proposed to effectively reduce the communication and computational overhead of the blockchain.Experimental results show that the blockchain throughput is increased by 55%by applying the proposed scheme.To address the challenge that the requested content delivery process is difficult to schedule due to the limited computing power of the blockchain application layer,a computational offloading mechanism based on solution quality verification is investigated.A smart contract based joint content-communication control is designed to schedule the content delivery process,where communication resources are allocated to legitimate requests based on optimization models.The solution quality verification rule and fault tolerance mechanisms are designed to help the blockchain offload the optimization model and then retrieve correct results.Experimental results show that the proposed scheme improves the utility of communication resource allocation by 17%,while reducing the on-chain overhead by 98%.In summary,this thesis conducts research on blockchain application layer optimization for MDAC from three perspectives,including privacy,performance,and computational power.The proposed mechanisms can be utilized to achieve more secure and efficient MDAC and provide theoretical and technical support for the widespread deployment and application of MDAC. |