Embedding Security Awareness into a Blockchain-Based Dynamic Access Control Framework for the Zero Trust Model in the Distributed System
Guardado en:
| Publicado en: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | The Zero Trust (ZT) model strengthens distributed system security by enforcing strict identity verification, fine-grained access control (AC), and continuous monitoring. Unlike traditional models that assume implicit trust, ZT treats every entity as a potential threat, requiring dynamic access control mechanisms to regulate privileges and mitigate risks.Dynamic Access Control Schemes (DACSs) are vital for ZT implementation, adjusting policies based on real-time context to reduce insider threats and suspicious behaviors. DACSs autonomously coordinate Access Control Lists (ACLs) with security events and evolving policies. Embedding security awareness enables real-time risk assessment and permission adjustments. However, as systems grow in complexity, centralized policy management struggles to scale and adapt, making decentralized solutions necessary. Blockchain-based management addresses these challenges by providing tamper-proof policy storage and immutable access logs.This research introduces a blockchain-based DACS framework to implement ZT principles in distributed systems. The framework dynamically manages ACLs and enforces policies through smart contracts. I developed an extended blockchain node architecture that maintains ACLs for each node’s objects, incorporating a minimum trust metric (TM) threshold to evaluate access requests. The TM, reflecting trustworthiness, adjusts dynamically based on observed behavior. A security awareness component analyzes access request patterns in real-time, enabling proactive risk assessment through a newly introduced Risk Factor (RF) metric. This metric continuously evaluates operational risk and informs dynamic privilege adjustments. I also extended smart contracts to enable continuous monitoring and real-time updating of trust metrics. Nodes exhibiting suspicious behavior are automatically penalized through a dynamic enforcement mechanism embedded in the smart contracts, ensuring adaptive policy adjustments even against credentialed but untrustworthy entities.I validated the blockchain-based DACS framework by deploying extended smart contracts and node processes on an Ethereum test network. Through simulations of broken access control attacks and normal access scenarios, the framework demonstrated enhanced security, scalability, and adaptability. These results confirm the model’s effectiveness as a next-generation security framework for dynamic, decentralized environments. |
|---|---|
| ISBN: | 9798291546192 |
| Fuente: | ProQuest Dissertations & Theses Global |