Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Blockhub: Blockchain-based Secure Cross-domain Software Development System
Denis Ulybyshev1, Bharat Bhargava1, Miguel Villarreal-Vasquez1, Aala Alsalem1, Ganapathy Mani1, Leszek
Lilien1, Donald Steiner2, Jason Kobes2, Steve Seaberg2, Paul Conoval2, Robert Pike2, Rohit Ranchal3
1Computer Science and CERIAS, Purdue University; 2Northrop Grumman; 3IBM
ACKNOWLEDGEMENT: This research is supported by Northrop
Grumman. We collaborated with Donald Steiner, Leon Li, Jason Kobes, Steve Seaberg, Peter Meloy, Paul Conoval
FEATURES• Encrypted SM is stored in SB
• Role- and attribute-based
access control
• X and Y, can share software
via smart contracts running in
blockchain network
• Every request and transfer of
SM is logged in blockchain’s
distributed ledger
• For software transfer
authorization needed by both
smart contract and policy
enforcement engine of the SB
1. Registration of software attributes and ID information
2. Access Authorization
3. Process Automation
External Storage: Software Bundles
Blockchain
Collaborator Y
Blockchain Network: 1. Data directory2. Access Control 3. Provenance4. Accountability
SB 4
1. Registration of software attributes and ID information
2. Access Authorization
3. Process Automation
External Storage: Software Bundles
Blockchain
Collaborator X
SB 2
Secure Software Sharing
SB Location Synchronization
SB Location Synchronization
WaxedPrune [1, 2] (Northrop Grumman) /
Software Bundle
BlockchainProvenance Data
On-the-fly Data Analytics
SOFTWARE SHARING SYSTEM
SOFTWARE SPILLAGE DETECTION
• SB contains Enc [ Software (S) ] = {Enck1 (SM1), ... , Enckn
( SMn) } and Access Control Policies (P) = {p1,.., pk}
• X is authorized to extract and decrypt SM1 from SB
• X leaks Enc(SM1) or SM1 to unauthorized service Y
• When Y tries to decrypt SM1 CM checks policies:
whether SM1 is supposed to be at Y
• If plaintext SM1 is leaked: visual watermarks; web
crawler checks digital watermarks
SERVICE X
SB, SM1
SB or SM1
leakage SERVICE Y
SB or SM1
CENTRAL
MONITOR
P
SBSERVICE A
SB
Src ID (X),
Dest ID (Y)
Class of SM1 Time
OBJECTIVES• Provide secure software
sharing and software
access auditing
• Provide integrity of provenance data
• Detect software spillage
PUBLICATIONS, PROTOTYPE
[1] D. Ulybyshev, B. Bhargava, M. Villarreal-Vasquez, D. Steiner, L. Li, J. Kobes, H. Halpin, R. Ranchal, A. Alsalem, “Privacy-preserving Data Dissemination in Untrusted Cloud”, IEEE Cloud 2017[2] NG WAXEDPRUNE Prototype https://github.com/Denis-Ulybysh/absoa17
WAXEDPRUNE ARCHITECTURE
Cloud Provider
Web Crypto Authentication
Client1
DataOwner
Web Crypto Authentication
Client2
Web Crypto Authentication
ClientM
EHRNCM
Dat
a R
eq
ue
st1
Dat
a R
equ
est 2
Dat
a R
equ
est M
Res
ult
= D
1
Res
ult
= D
2
Res
ult
= D
M
Request
1
CM
Trust Calculator
Leakage Detector3
4
Service2
EHR2
ServiceM
5
Service
Trust level,
Leakage
EHR1
Active Bundle(s)
2
Service2
Service (authenticated client)requests trust and leakageverification from CM
Client requests data from EHR DB1
2
3CM responds with trust level of requesting service and leakage check result
4 Data request transferred to EHR, access control policies evaluated
5 Result is sent to client
CheckResult
EVALUATION
SB 1 SB N SB 5SB 3