scholarly journals BCST-APTS: Blockchain and CP-ABE Empowered Data Supervision, Sharing, and Privacy Protection Scheme for Secure and Trusted Agricultural Product Traceability System

2022 ◽  
Vol 2022 ◽  
pp. 1-11
Guofeng Zhang ◽  
Xiao Chen ◽  
Bin Feng ◽  
Xuchao Guo ◽  
Xia Hao ◽  

Blockchain provides new technologies and ideas for the construction of agricultural product traceability system (APTS). However, if data is stored, supervised, and distributed on a multiparty equal blockchain, it will face major security risks, such as data privacy leakage, unauthorized access, and trust issues. How to protect the privacy of shared data has become a key factor restricting the implementation of this technology. We propose a secure and trusted agricultural product traceability system (BCST-APTS), which is supported by blockchain and CP-ABE encryption technology. It can set access control policies through data attributes and encrypt data on the blockchain. This can not only ensure the confidentiality of the data stored in the blockchain, but also set flexible access control policies for the data. In addition, a whole-chain attribute management infrastructure has been constructed, which can provide personalized attribute encryption services. Furthermore, a reencryption scheme based on ciphertext-policy attribute encryption (RE-CP-ABE) is proposed, which can meet the needs of efficient supervision and sharing of ciphertext data. Finally, the system architecture of the BCST-APTS is designed to successfully solve the problems of mutual trust, privacy protection, fine-grained, and personalized access control between all parties.

2008 ◽  
Vol 10 (4) ◽  
pp. 1-37 ◽  
Luc Bouganim ◽  
Francois Dang Ngoc ◽  
Philippe Pucheral

2002 ◽  
Vol 5 (1) ◽  
pp. 1-35 ◽  
Piero Bonatti ◽  
Sabrina De Capitani di Vimercati ◽  
Pierangela Samarati

Thanh-Nhan Luong ◽  
Hanh-Phuc Nguyen ◽  
Ninh-Thuan Truong

The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems’ resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. However, the complexity of combining components, libraries and programming languages during the implementation stage of web systems’ access control policies may arise potential flaws that make applications’ access control policies inconsistent with their specifications. In this paper, we introduce an approach to review the implementation of these models in web applications written by Java EE according to the MVC architecture under the support of the Spring Security framework. The approach can help developers in detecting flaws in the assignment implementation process of the models. First, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the application. Next, algorithms are introduced to validate the correctness of the implemented user-role and role-permission assignments in the application system. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool is also experimented with a number of access violation scenarios in the medical record management system.

Amani Abu Jabal ◽  
Elisa Bertino ◽  
Jorge Lobo ◽  
Mark Law ◽  
Alessandra Russo ◽  

Sign in / Sign up

Export Citation Format

Share Document