(ICBC 2020) Dynamic Role-Based Access Control for Decentralized Applications

Abstract: "Access control management is an integral part of maintaining the security of an application. For access control management on the Distributed Ledger Technology (DLT), available traditional access control frameworks are inadequate. Existing access control management mechanisms are tightly coupled with the business logic, resulting in an adverse impact on the overall software quality for DLT based Decentralized Applications (dApps). In this paper, we propose a novel framework to implement dynamic role-based access control for dApps. The framework completely decouples the access control logic from the business logic and provides seamless integration with any dApp. The smart contract architecture allows for the independent management of business logic and execution of access control policies. The framework also facilitates secure, low cost, and a high degree of flexibility of access control management. Additionally, it promotes decentralized governance of access control policies and efficient smart contract upgrades. In this paper, we evaluate the framework on relevant various software quality attributes to understand its more profound implications on access control techniques. The framework can be implemented in any smart contract programming language exhibiting Turing completeness. We use the Solidity programming language to implement the framework and discuss the results."

Authors: Arnab Chatterjee and Yash Pitroda (Robert Bosch Engineering and Business Solutions Private Ltd., India); Manojkumar Somabhai Parmar (Robert Bosch Engineering and Business Solutions Private Limited, India & HEC Paris, France)

Email: arnabkaycee@gmail.com, Yash.Pitroda@in.bosch.com, parmarmanojkumar@gmail.com