基于区块链和可信执行环境的细粒度访问控制方案研究与应用——以物联网为例  被引量：1

作　　者：蒋伟进 李恩 罗田甜 周文颖 杨莹 JIANG Weijin;LI En;LUO Tiantian;ZHOU Wenying;YANG Ying(School of Computer Science,Hunan University of Technology and Business,Changsha 410205,China;School of Computer Science and Engineer,Hunan University of Information Technology,Changsha 410151,China;Xiangjiang Laboratory,Changsha 410205,China;School of Computer Science and Artificial Intelligence,Wuhan University of Technology,Wuhan 430070,China)

机构地区：[1]湖南工商大学计算机学院,长沙410205 [2]湖南信息学院计算机科学与工程学院,长沙410151 [3]湘江实验室,长沙410205 [4]武汉理工大学计算机与人工智能学院,武汉430070

出　　处：《系统工程理论与实践》2024年第7期2394-2410,共17页Systems Engineering-Theory & Practice

基　　金：国家自然科学基金(61772196);湖南省自然科学基金(2020JJ4249);湖南省社会科学成果评审委员会课题重点项目(XSP19ZD1005);湖南省教育厅科学研究重点项目(21A0374)。

摘　　要：新型物联网技术的普及使得物联网资源的访问和共享需求不断扩大,而现有的物联网访问控制技术显现出的访问策略粗粒度、弱可审计性、缺乏访问过程控制以及过度特权等问题,使物联网设备面临着极大的安全隐患和隐私威胁.基于此,提出了一种以区块链技术为基础的基于加密货币的访问控制模型(cryptocurrency-based access control, CcBAC),可为物联网提供细粒度、有效的可审计性和访问过程控制,并借助可信执行环境来提供更强大的安全性.介绍了访问控制模型的技术原理、特点、研究现状,详细阐述了CcBAC模型框架,并对其进行了形式化定义;同时,对模型中的函数进行了具体的描述,给出了本模型在一般应用场景中的访问控制流程;最后通过理论分析和实验评估验证了本模型的实用性和性能,证实本模型不仅能使资源所有者完全控制对其资源的访问,同时还兼顾访问控制的细粒度和可审计性.Intelligence and convenience have been brought to our lives by the widespread use of IoT devices,but the issue of privacy leakage cannot be ignored.To address the problems widely existing in IoT environments,such as coarse-grained access policies,unverifiability of access records,lack of process control,and excessive permissions,a policy-based access control method is proposed.In this method,access control is implemented using blockchain technology,reducing reliance on third-party organizations.Additionally,uniform fine-grained access policies are established,and smart contracts are deployed to securely publish,update,and execute policies.Feasible execution environments are utilized to ensure the secure execution of off-chain access control policies.Finally,this method is theoretically analyzed and evaluated in multiple blockchain environments,and the results indicate that fine-grained policies for access control can be implemented by the resource owner through this solution,while ensuring high security and good performance.

关 键 词：区块链 访问控制 物联网 加密货币 可信执行环境 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]