We propose an audit-based architecture that leverages the Hyperledger Fabric distributed ledger as a means to increase accountability and decentralize the authorization decision process of Attribute-Based Access Control policies by using smart contracts. Our goal is to decrease the trust in administrators and users with privileged accounts, and make the a posteriori verification of access events more reliable. We implement our approach to the use case of Electronic Health Record access control. Preliminary experiments show the viability of the proposed approach.

Audit-Based Access Control with a Distributed Ledger: Applications to Healthcare Organizations / Morelli, U.; Ranise, S.; Sartori, D.; Sciarretta, G.; Tomasi, A.. - 11738:(2019), pp. 19-35. (Intervento presentato al convegno 15th International Workshop on Security and Trust Management, STM 2019 held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 tenutosi a lux nel 2019) [10.1007/978-3-030-31511-5_2].

Audit-Based Access Control with a Distributed Ledger: Applications to Healthcare Organizations

Morelli U.;Ranise S.;Sciarretta G.;
2019-01-01

Abstract

We propose an audit-based architecture that leverages the Hyperledger Fabric distributed ledger as a means to increase accountability and decentralize the authorization decision process of Attribute-Based Access Control policies by using smart contracts. Our goal is to decrease the trust in administrators and users with privileged accounts, and make the a posteriori verification of access events more reliable. We implement our approach to the use case of Electronic Health Record access control. Preliminary experiments show the viability of the proposed approach.
2019
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND
Springer
978-3-030-31510-8
978-3-030-31511-5
Morelli, U.; Ranise, S.; Sartori, D.; Sciarretta, G.; Tomasi, A.
Audit-Based Access Control with a Distributed Ledger: Applications to Healthcare Organizations / Morelli, U.; Ranise, S.; Sartori, D.; Sciarretta, G.; Tomasi, A.. - 11738:(2019), pp. 19-35. (Intervento presentato al convegno 15th International Workshop on Security and Trust Management, STM 2019 held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 tenutosi a lux nel 2019) [10.1007/978-3-030-31511-5_2].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333098
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? 6
social impact