We propose an audit-based architecture that leverages the Hyperledger Fabric distributed ledger as a means to increase accountability and decentralize the authorization decision process of Attribute-Based Access Control policies by using smart contracts. Our goal is to decrease the trust in administrators and users with privileged accounts, and make the a posteriori verification of access events more reliable. We implement our approach to the use case of Electronic Health Record access control. Preliminary experiments show the viability of the proposed approach.
Audit-Based Access Control with a Distributed Ledger: Applications to Healthcare Organizations / Morelli, U.; Ranise, S.; Sartori, D.; Sciarretta, G.; Tomasi, A.. - 11738:(2019), pp. 19-35. (Intervento presentato al convegno 15th International Workshop on Security and Trust Management, STM 2019 held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 tenutosi a lux nel 2019) [10.1007/978-3-030-31511-5_2].
Audit-Based Access Control with a Distributed Ledger: Applications to Healthcare Organizations
Morelli U.;Ranise S.;Sciarretta G.;
2019-01-01
Abstract
We propose an audit-based architecture that leverages the Hyperledger Fabric distributed ledger as a means to increase accountability and decentralize the authorization decision process of Attribute-Based Access Control policies by using smart contracts. Our goal is to decrease the trust in administrators and users with privileged accounts, and make the a posteriori verification of access events more reliable. We implement our approach to the use case of Electronic Health Record access control. Preliminary experiments show the viability of the proposed approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
