Access Control Challenges in Enterprise Ecosystems: Blockchain-Based Technologies as an Opportunity for Enhanced Access Control

Access Control Challenges in Enterprise Ecosystems: Blockchain-Based Technologies as an Opportunity for Enhanced Access Control

Hugo Santos Martins, Sérgio Luís Guerreiro
DOI: 10.4018/978-1-5225-5927-6.ch004
(Individual Chapters)
No Current Special Offers


There is an increasing gap between the needs of modern, complex, and distributed environments in regards to control of access to data and the level to which classical access control solutions can fulfill those needs. The purpose of this chapter is to highlight the current state of art of existing research over access control in increasingly decentralized environments and to argue how the subject of access control is more relevant than ever before, with increasing research opportunities emerging. In this chapter, the authors analyze the current state of the art of access control mechanisms and systems over decentralized applications with a focus on enterprise ecosystems, analyze the current challenges and opportunities that the new technological landscape offers, specifically over the application of blockchain-based technologies in access control, and propose new research directions for the future.
Chapter Preview


Access control has been a subject of research since the early inceptions of the digital era, from time-sharing systems such as the ADEPT-50 (Weissman, 1969) research conducted in the 1970s (Graham & Denning, 1972; Bell & LaPadula, 1973; Lampson, 1974), cloud computing (Yu, Wang, Ren, & Lou, 2010; Wang, Liu, & Wu, 2010; Wan, Liu, & Deng, 2012; Ruj, Nayak, & Stojmenovic, 2011) and, more recently, over the Internet of Things (IoT) ecosystem (Ouaddah, Mousannif, Abou Elkalam, & Ait Ouahman, 2017; Dorri, Kanhere, & Jurdak, 2016). Nonetheless, it is a subject with endless research opportunities due to the continuous advances offered in the industry.

Although it has been deeply researched, there is an increased perception of its importance due to, among other things, recent and recurring data breaches (Burgess, 2017; Lieber, 2017; The Guardian, n.d.), and the rise of IoT devices’ usage and cloud services. Increasingly complex and distributed technological ecosystems, with increasing numbers of users, demand different approaches to the subject of access control and its management. With information and resources increasingly scattered around the globe, in high-functioning distributed clusters of computational capacity, new challenges to the current access control methodologies are emerging. In an increasingly digital world, in which huge quantities of data are created each day, it is becoming a necessity to strengthen and adapt the mechanisms of access control.

A survey over existing decentralized access control solutions (Miltchev, Smith, Prevelakis, Keromytis, & Ioannidis, 2008) for distributed file systems has found issues with ease of use, scalability, and management difficulties, especially over permission revocation. Existing access control solutions for cloud services are either centralized (Calero, Edwards, Kirschnick, Wilcock, & Wray, 2010; Ruj, Nayak, & Stojmenovic, 2011; Yu, Wang, Ren, & Lou, 2010) or rely heavily on complex Public Key Infrastructure and Key Distribution Centers (Ruj, Stojmenovic, & Nayak, 2012; Ruj, Stojmenovic, & Nayak, 2014; Bauer, Garriss, & Reiter, 2005). A review of the state of art over access control in IoT (Ouaddah, Mousannif, Abou Elkalam, & Ait Ouahman, 2017) has suggested a modern approach to access control should be concerned with providing ”many and diverse approaches” (p. 242) rather than a ”one-size-fits-all approach” (p. 242).

Ouaddah, Mousannif, Elkalam, and Ouahman (2017) suggest that current IoT access control solutions face two main challenges: developing improved access control mechanisms over the classical ones, and developing decentralized approaches to access control in IoT in an effort to improve security and ensure privacy. Access control for the Internet has also been researched by using smart certificates over a centralized architecture (Park & Sandhu, 1999).

Other efforts in researching decentralized access control are either outdated for modern applications (Satyanarayanan, 1989; Karger, 1977) or are purely theoretical (Thomas & Sandhu, 1993). Much of the existing research has been found to be centralized, lacking in implementations, for current systems, lacking in scalability capacities and traceability, focused on IoT or cloud services.

Key Terms in this Chapter

Access Control Model: Conceptual model by which access control is designed, managed, and enforced in a specific context.

Public Blockchain: Blockchains that are accessible either to read and/or write publicly to any interested party.

Blockchain: Decentralized ledger, whose data and integrity are maintained and validated by a collection of participants in a network through consensus protocols.

Access Control: The approval or rejection of access from a specific subject to a specific resource.

Permissioned Blockchain: A blockchain in which control of read and/or write permissions can be managed for the entire network or a subset of its nodes.

Private Blockchain: A blockchain that is not accessible to the general public and is not therefore readable or writable by the public. These blockchains can be permissioned or lack permissioned capabilities. Examples of private blockchains are blockchains hidden behind firewall or internal to a specific organization.

Decentralized Network: A distributed network that lacks a central authority and maintains consensus between the participants in the network through consensus protocols.

Internet of Things: Network of physical devices embedded with electronic components that allow them to connect with each other and exchange information.

Distributed Network: A network whose participants and stakeholders are distributed either geographically or virtually. A distributed network can be decentralized whenever it lacks a central point of authority; in other cases, it remains a centralized distributed network.

Complete Chapter List

Search this Book: