| With the rapid development of information technologies such as big data,cloud computing,and the Internet of Things,secure data sharing in multi-domain environments has gradually become a key concern.The access control technology is one of the critical technologies for protecting data resources.This paper explores the combination of blockchain technology and access control technology to address the issues of traditional access control technology,such as single point of failure,lack of transparency and auditability in access control decision-making when deployed in multi-domain environments.The proposed approach achieves trusted execution,traceability,autonomous authorization,fine-grained,scalable cross-domain access control in multi-domain environments.The main contributions and innovations of this paper are as follows:(1)A multi-chain-based cross-domain access control scheme(MC-CDAC)is proposed to address the privacy and scalability requirements in multi-domain environments that cannot be met by existing blockchain-based access control mechanisms.A multi-chain-based cross-domain access control architecture is designed.Each security domain deploys an ABAC-based access chain that the intra-domain and inter-domain access control decisions are delegated to intradomain access chain.This architecture can achieve intra-domain autonomous authorization,finegrained and traceable access control.The heterogeneous access chains in each security domain are connected by the Relay chain to realize the forwarding and recording of cross-domain access requests and responses;The smart contracts supporting cross-domain access control and intradomain and inter-domain access control processes are designed.The functions of intra-domain policy decision contract(PDPC),policy administration contract(PAPC),attribute authority contract(AAC),trust evaluation contract(TEC)and interdomain intermediary contract(ICC)are described that can implement trusted cross-domain access control processes without the need for third-party intervention.Experiment show that MC-CDAC supports decentralized authorization,transparent permission decision,dynamic and fine-grained access control.Meanwhile,compared with single-chain architecture,MC-CDAC has advantages in scalability and concurrency.Finally,FSM proves that MC-CDAC scheme is secure.(2)A cross-chain data exchange method that combines the improved hash time-locked contract and relay chain is proposed to solve the problem of secure exchange of control information in the process of multi-chain-based cross-domain access control.The cross-chain data forwarding mechanism based on the relay chain is proposed to satisfy the compatibility requirements of heterogeneous chain platforms.The cross-domain forwarding process based on smart contract of relay chain and the cross-chain data validation algorithm based on SPV are designed to meet the verification requirements of parallel chains in the security domain for cross-chain data and ensure the cross-chain auditability and verifiability.A secure hashed timelock contract(SHTLC)integrating the non-interactive Schnorr zero-knowledge proof is proposed.Under the premise of ensuring the atomicity of cross-chain transactions,it rejects cross-chain asset access requests that have not been verified,and solves the channel congestion problem caused by a large number of cross chain requests sent by malicious users in a short time.Experiment shows that this method achieves cross-chain data exchange on heterogeneous blockchain platforms,and meets cross-chain throughput requirements of common blockchain.HTLC integrating the non-interactive Schnorr protocol can effectively resist a large number of cross-chain requests from malicious users in a short time.Finally,security analysis proves the security of SHTLC and the traceability and unforgeability of cross-chain data.(3)A dynamic trust evaluation method based on behavioral trust is proposed to address the security risks caused by malicious behavior of legitimate entities in blockchain-based crossdomain access control systems.A trust evaluation algorithm based on behavioral trust is designed.By using unalterable access records on the blockchain,objective and trustworthy trust evaluation is achieved.A dynamic attribute in ABAC is designed,which uses trust value to support punishment for different access behaviors,effectively resisting the impact of malicious attacks and ensuring dynamic security guarantees for access control.Experiment shows that the proposed method can effectively limit the access rights of malicious entities in the access control system.The integration of trust evaluation in the access control method has no significant impact on judgment efficiency and can effectively meet the dynamic security requirements of the access control system. |
