| Fabric blockchain is one of the most widely used federated blockchains among many blockchain application platforms.Fabric blockchain smart contract,also known as chaincode function,is the basis of blockchain application development.In order to simplify the process of smart contract development and reduce the development cost,this thesis designs and implements a general smart contract basic module based on Fabric blockchain.To ensure the security of general smart contracts,this thesis introduces a new access control mechanism to restrict the callable chain code functions and access objects from the user level.This mechanism uses Attribute Based Access Control(ABAC),which implements coarse-grained function-level access control and fine-grained object-level access control.(1)This thesis analyses the characteristics of smart contract transactions in Fabric blockchains,and designs a general basic module based on the Key-Value storage model and JSON specification.The module does not restrict the structure of keys and values,and all methods are application-independent.(2)Instead of customizing the access control logic inside the chain code function,this thesis proposes a new proxy design mode,which decouples the access control logic from the general intelligent contract to achieve attribute-based access control and avoid changing the chain code function and redeploying it when the access policy changes.(3)This thesis defines an access policy expression consisting of tuples and logical operators.The validation process of the access control policy is transformed into the infix expression calculation process by interpreter design mode,which implements function-level access control and object-level access control.(4)Extensive experimental evaluations validate the generality and securityof the proposed scheme. |
PDF Full Text Request