基于零信任机制的粮食溯源区块链访问控制模型  

作　　者：左敏[1] 刘泓辰 汪颢懿 钟睿哲 张青川 Zuo Min;Liu Hongchen;Wang Haoyi;Zhong Ruizhe;Zhang Qingchuan(National Engineering Research Centre for AgriProduct Quality Traceability,Beijing Technology and Business University,Beijing 100048)

机构地区：[1]北京工商大学农产品质量安全追溯技术及应用国家工程研究中心,北京100048

出　　处：《信息安全研究》2024年第10期944-951,共8页Journal of Information Security Research

基　　金：国家重点研发计划项目(2021YFD2100605)。

摘　　要：针对现有基于区块链的粮食溯源模型中存在的恶意访问、数据来源不可信、身份伪造等问题,提出了一种基于零信任机制的粮食溯源区块链访问控制模型.以零信任安全模型为基础,贯穿“永不信任,始终验证”的理念,将区块链与基于令牌的访问控制(tokenbased access control,TBAC)相结合.以令牌作为访问资源的凭证,同时引入用户信任度分析,建立了动态灵活的授权机制,实现了细粒度的访问控制.加以区块链智能合约保证访问控制自动可信的判决,利用TBAC模型实现以令牌为基础的访问控制;其次,基于用户的访问行为,使用模糊层次分析法(FAHP),从而得到用户信任值的计算方法,并设计相应的访问控制策略.实验结果表明,该方法能够正确、高效地响应访问请求,在保证粮食溯源数据有效访问的基础上动态授予用户访问权限,实现了安全可靠的数据访问控制.Aiming at the problems of malicious access,untrustworthy data sources,and identity forgery in the existing blockchainbased grain traceability model,a blockchain access control model for grain traceability based on a zerotrust mechanism is proposed.Based on the zerotrust security model and the concept of“never trust,always verify”,the blockchain is combined with tokenbased access control(TBAC).Using tokens as credentials to access resources,while introducing user trust analysis,establishing a dynamic and flexible authorization mechanism to achieve finegrained access control.Adding the blockchain smart contract to guarantee the automatic and trustworthy judgment of access control,TBAC is utilized to realize tokenbased access control;secondly,based on the user’s access behavior,Fuzzy Hierarchical Hierarchy Analysis(FAHP)is used so as to obtain the calculation method of the user’s trust value and to design the corresponding access control policy.Experimental results show that the method can correctly and efficiently respond to access requests,and dynamically grant users access rights on the basis of ensuring effective access to grain traceability data,realizing safe and reliable data access control.

关 键 词：零信任安全 区块链 访问控制 粮食溯源 信任评估 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]