DL-BAC: Distributed ledger based access control for web applications

Lei Xu; Zhimin Gao; Lin Chen; Yang Lu; Nolan Shah; Weidong Shi

doi:10.1145/3041021.3053897

DL-BAC: Distributed ledger based access control for web applications

Lei Xu, Zhimin Gao, Lin Chen, Yang Lu, Nolan Shah, Weidong Shi

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

Since Internet based applications have become the norm for most users, security has become a bigger concern than ever before, especially for applications like social networking and cloud based storage. Access control is one of the key techniques that can mitigate security concerns for web based applications. However, most existing access control mechanisms require a trusted party, which are vulnerable to many threats including malicious insiders and single point failure. In response to these challenges, we propose DL-BAC, a novel access control system based on the distributed ledger. DL-BAC robustly enforces access control policies without depending on a single trusted party. We also provide an extension of DL-BAC that is privacy respecting and evaluate the performance of DL-BAC to show its practicability.

Original language	English
Title of host publication	26th International World Wide Web Conference 2017, WWW 2017 Companion
Publisher	International World Wide Web Conferences Steering Committee
Pages	1445-1450
Number of pages	6
ISBN (Electronic)	9781450349147
DOIs	https://doi.org/10.1145/3041021.3053897
State	Published - 2017
Event	26th International World Wide Web Conference, WWW 2017 Companion - Perth, Australia Duration: Apr 3 2017 → Apr 7 2017

Publication series

Name	26th International World Wide Web Conference 2017, WWW 2017 Companion

Conference

Conference	26th International World Wide Web Conference, WWW 2017 Companion
Country/Territory	Australia
City	Perth
Period	04/3/17 → 04/7/17

Keywords

Distributed ledger
Security
Web application

Access to Document

10.1145/3041021.3053897

Cite this

Xu, L., Gao, Z., Chen, L., Lu, Y., Shah, N., & Shi, W. (2017). DL-BAC: Distributed ledger based access control for web applications. In 26th International World Wide Web Conference 2017, WWW 2017 Companion (pp. 1445-1450). (26th International World Wide Web Conference 2017, WWW 2017 Companion). International World Wide Web Conferences Steering Committee. https://doi.org/10.1145/3041021.3053897

@inproceedings{36072ef790f848d093715492dc71c0ea,

title = "DL-BAC: Distributed ledger based access control for web applications",

abstract = "Since Internet based applications have become the norm for most users, security has become a bigger concern than ever before, especially for applications like social networking and cloud based storage. Access control is one of the key techniques that can mitigate security concerns for web based applications. However, most existing access control mechanisms require a trusted party, which are vulnerable to many threats including malicious insiders and single point failure. In response to these challenges, we propose DL-BAC, a novel access control system based on the distributed ledger. DL-BAC robustly enforces access control policies without depending on a single trusted party. We also provide an extension of DL-BAC that is privacy respecting and evaluate the performance of DL-BAC to show its practicability.",

keywords = "Distributed ledger, Security, Web application",

author = "Lei Xu and Zhimin Gao and Lin Chen and Yang Lu and Nolan Shah and Weidong Shi",

note = "Publisher Copyright: {\textcopyright} 2017 International World Wide Web Conference Committee (IW3C2), published under Creative Commons CC BY 4.0 License.; 26th International World Wide Web Conference, WWW 2017 Companion ; Conference date: 03-04-2017 Through 07-04-2017",

year = "2017",

doi = "10.1145/3041021.3053897",

language = "English",

series = "26th International World Wide Web Conference 2017, WWW 2017 Companion",

publisher = "International World Wide Web Conferences Steering Committee",

pages = "1445--1450",

booktitle = "26th International World Wide Web Conference 2017, WWW 2017 Companion",

}

Xu, L, Gao, Z, Chen, L, Lu, Y, Shah, N & Shi, W 2017, DL-BAC: Distributed ledger based access control for web applications. in 26th International World Wide Web Conference 2017, WWW 2017 Companion. 26th International World Wide Web Conference 2017, WWW 2017 Companion, International World Wide Web Conferences Steering Committee, pp. 1445-1450, 26th International World Wide Web Conference, WWW 2017 Companion, Perth, Australia, 04/3/17. https://doi.org/10.1145/3041021.3053897

DL-BAC: Distributed ledger based access control for web applications. / Xu, Lei; Gao, Zhimin; Chen, Lin et al.
26th International World Wide Web Conference 2017, WWW 2017 Companion. International World Wide Web Conferences Steering Committee, 2017. p. 1445-1450 (26th International World Wide Web Conference 2017, WWW 2017 Companion).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DL-BAC

T2 - 26th International World Wide Web Conference, WWW 2017 Companion

AU - Xu, Lei

AU - Gao, Zhimin

AU - Chen, Lin

AU - Lu, Yang

AU - Shah, Nolan

AU - Shi, Weidong

PY - 2017

Y1 - 2017

N2 - Since Internet based applications have become the norm for most users, security has become a bigger concern than ever before, especially for applications like social networking and cloud based storage. Access control is one of the key techniques that can mitigate security concerns for web based applications. However, most existing access control mechanisms require a trusted party, which are vulnerable to many threats including malicious insiders and single point failure. In response to these challenges, we propose DL-BAC, a novel access control system based on the distributed ledger. DL-BAC robustly enforces access control policies without depending on a single trusted party. We also provide an extension of DL-BAC that is privacy respecting and evaluate the performance of DL-BAC to show its practicability.

AB - Since Internet based applications have become the norm for most users, security has become a bigger concern than ever before, especially for applications like social networking and cloud based storage. Access control is one of the key techniques that can mitigate security concerns for web based applications. However, most existing access control mechanisms require a trusted party, which are vulnerable to many threats including malicious insiders and single point failure. In response to these challenges, we propose DL-BAC, a novel access control system based on the distributed ledger. DL-BAC robustly enforces access control policies without depending on a single trusted party. We also provide an extension of DL-BAC that is privacy respecting and evaluate the performance of DL-BAC to show its practicability.

KW - Distributed ledger

KW - Security

KW - Web application

UR - http://www.scopus.com/inward/record.url?scp=85048356604&partnerID=8YFLogxK

U2 - 10.1145/3041021.3053897

DO - 10.1145/3041021.3053897

M3 - Conference contribution

AN - SCOPUS:85048356604

T3 - 26th International World Wide Web Conference 2017, WWW 2017 Companion

SP - 1445

EP - 1450

BT - 26th International World Wide Web Conference 2017, WWW 2017 Companion

PB - International World Wide Web Conferences Steering Committee

Y2 - 3 April 2017 through 7 April 2017

ER -

DL-BAC: Distributed ledger based access control for web applications

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this