Research On Access Control Mechanism Of Multi-domain Environment Based On Blockchain

The interconnectivity among a growing multitude of institutions,enterprises,and their respective departments has been progressively established,forming a multi-domain environment.The multi-domain environment fosters the sharing of information resources across diverse domains,enabling members to engage in cross-domain authorization and access activities,while also providing administrators with a convenient means for management of users and their permissions.Nevertheless,owing to the intricacy of the multi-domain environment,characterized by an extensive array of users originating from distinct domains and possessing a wide range of complex permissions,may give rise to security challenges such as erroneous authorizations,falsification of identity,and permission credentials,ultimately resulting in illicit access.Consequently,it is imperative that suitable access control mechanisms are employed for diverse users within the multi-domain environment when accessing resources,either within or across domains,to mitigate the risk of unauthorized access.Considering the unique features of the multi-domain environment and the challenges associated with access control,this study embarks on an investigation encompassing the following aspects:Firstly,during the process of designing an access control model,several challenges may arise,including role naming conflicts,platform-domain management conflicts,inter-domain management conflicts,and cross-domain sharing difficulties.In order to tackle these challenges,a role-based access control model for inter-system cross-domain(RBAC-IC)have been studied.This model is an improvement on the Role-Based Access Control(RBAC)for a multi-domain environment and is designed through a formal definition.RBAC-IC divides roles into abstract roles and specific roles,and has a unique operation process.It features four key characteristics:support role name repetition,platform-domain isolation management,inter-domain isolation management,and fine-grained cross-domain sharing.To ensure the safety of the model,security violation formulas are established for security analysis.The results of analysis demonstrate that RBAC-IC can operate safely.Secondly,within online multi-domain environment platforms or systems,the utilization of a centralized management paradigm may give rise to an array of security concerns throughout procedures encompassing identity authentication,authorization,and access control,manifesting as the fabrication or alteration of identities,permissions,and resources.To address these problems,a blockchain-based access control architecture for a multi-domain environment have been studied.This architecture deploys the multi-domain environment within an alliance blockchain,where Decentralized Identifiers(DID)are utilized to serve as the user’s identity credential.Users can conduct operations within the platform using their respective public/secret key pairs.This architecture is capable of addressing various issues that arise due to data heterogeneity,identity tampering,and permission tampering in the multi-domain environment.It enhances the security of the access control process and effectively safeguards against any unauthorized operations in the multi-domain environment.Finally,the objective of designing a blockchain-based multi-domain operation management information platform is to bolster the confidentiality and security of information and operations in multi-domain operations.The platform employs RBAC-IC as its underlying access control model and ensures the security of all access control processes through access control architecture.Taking into account the context of multi-domain operations and the features of blockchain,the platform’s overall architecture has been devised along with the structures of DID documents and verifiable credentials.With blockchain and smart contracts serving as the foundation,the platform’s decentralization and security have been bolstered.The platform’s safety is analyzed using the Petri net model,demonstrating its security.The function and performance tests of the platform demonstrate that it can run normally and efficiently.The implementation of the proposed RBAC-IC and the accompanying Access Control Architecture on the platform has effectively validated their rationality.