Go to DBLP homepageFlexAuth: A Decentralized Authorization System with Flexible Delegation
Abstract: The dispersion of resource authorization across various authorization systems raises the complexity and inconsistency of authorization management. Therefore, the pursuit of a unified resource authorization management system is necessary. Most widely used authorization systems are based on centralized services with a single delegation pattern. These authorization systems can be easily compromised, leading to permissions tampering, and are unsuitable for complex usage scenarios. We propose a decentralized authorization system that provides flexible delegation called FlexAuth. We first define a decentralized data storage layer based on blockchain, using smart contracts to implement data writing and resolving, preventing data from being tampered with. On top of this, we implement active and passive delegation patterns of authorization services. We allow users to delegate permissions actively. Also, FlexAuth enables them to respond to authorization requests passively by making flexible and expressive access control policies based on relation-ships and attributes, using the proposed Hybrid Access Control Model (HACM). Furthermore, all delegations in FlexAuth are transitive. Finally, through analysis and experiments, we validate the usability and efficiency of FlexAuth. To our knowledge, FlexAuth is the first decentralized authorization system with transitive delegation in active and passive patterns, achieving flexible delegation.
Loading