Skip to content
/ AuBACE Public

Audit-Based Access Control Enforcement (AuBACE) is a DLT-oriented framework to support controlled information sharing

License

Notifications You must be signed in to change notification settings

stfbk/AuBACE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 

Repository files navigation

The Audit-Based Access Control Enforcement (AuBACE) framework

Controlled information sharing in organizations is essential to prevent unauthorized disclosure and malicious or accidental unauthorized changes to data, while ensuring accessibility by authorized users whenever needed: i.e., grant availability of data while ensuring its confidentiality and integrity.

Given the diffusion and impact of insider attacks, and the constraints and guarantees introduced by privacy regulations (e.g. GDPR), we propose a framework that employs the Hyperledger Fabric Distributed Ledger Technology (DLT) to guarantee the strong integrity of the audit log, a single point of policy administration, and the efficient and distributed enforcement of policies with less trust in administrators.

Additional information can be found at sites.google.com/fbk.eu/aubace.

Usage

To run our Healthcare use case: start the network; enroll users, if it hasn't been done already; run the web app and open the browser to interact with the ledger.

./start_network.sh
./enroll.sh
node app.js

Please check the output of each script. If receiving an error associated with the Docker orderer container when starting the network, stop the network (with the command below), ensure that the channel-artifacts folder exists (and is empty) and manually remove the crypto-config folder; then attempt the running again.

To stop the network:

./stop_network.sh

The test dashboard is available at localhost:8000. Allowed operations in the web app are:

Auditing / Emergency

< Data1, Auditing, Query All Electronic Health Record Saved >

< Emergency1, Emergency services, Query All Electronic Health Record Saved / Query a Specific Electronic Health Record (Tax code of any patient) >

Doctors / Nurses

< Doctor1/2, Preventive medicine / Medical Diagnosis / Provision of care, Query a Specific Electronic Health Record / Ask for permission to update Electronic Health Record (Tax Code of a patient with consent set to true beforehand) >

< Doctor1/2, Preventive medicine / Medical Diagnosis / Provision of care, Create Electronic Health Record (non pre-existing Tax Code) >

< Nurse1/2, Provision of care, Query a Specific Electronic Health Record (Tax Code of a patient with consent set to true beforehand) >

Patients

< Patient1, Whatever, Query a Specific Electronic Health Record (RSSSTF63M05C112S) / Update Consent on Electronic Health Record (true/false)>

< Patient2, Whatever, Query a Specific Electronic Health Record (BNCCRL85M12C143Y) / Update Consent on Electronic Health Record (true/false) >

< Patient3, Whatever, Query a Specific Electronic Health Record (VRDNNA97F01S432I) / Update Consent on Electronic Health Record (true/false) >

< Patient4, Whatever, Query a Specific Electronic Health Record (SMNGVN96M03A111S) / Update Consent on Electronic Health Record (true/false) >

< Patient5, Whatever, Query a Specific Electronic Health Record (RSSALS45F11R021T) / Update Consent on Electronic Health Record (true/false) >

For testing purposes, the enrolling script also registers the identities of patient6 (FISCALCODE1) to patient15 (FISCALCODE10); their operations can be performed via http://127.0.0.1:8000/get_ehr/FISCALCODEX-patientY-whatever and http://localhost:8000/update_consent/FISCALCODEX-true-patientY-whatever once their EHR has been created by a doctor (e.g., via < Doctor1, Provision of care, Create Electronic Health Record (FISCALCODE1) >).

Requirements

The core requirements are derived from Hyperledger Fabric, with smart contracts written in go and client software in nodejs.

Installation (linux)

  1. Install requirements:
sudo apt install software-properties-common gcc g++ make docker.io docker-compose npm nodejs golang
sudo usermod -aG docker $USER

Log out and back in for the group evaluation to take effect. If running in a virtual machine, you may need to restart it instead.

  1. Install Hyperledger Fabric Binaries and docker images v.1.4.8
curl -sSL http://bit.ly/2ysbOFE | bash -s -- 1.4.8 1.4.8 0.4.21
  1. Add the following line to ~/.profile:
export PATH=<path to fabric-samples location>/bin:$PATH

where the ''path to download location'' is the path to the ''fabric-samples'' directory downloaded with cUrl, above. For go version less than 1.13, also add export PATH=$PATH:$GOPATH/bin; newer versions do not require this.

source ~/.profile

or log out and back in to apply changes.

The YAML files are configured to run the docker images tagged as latest: if Hyperledger containers are updated, modify the YAML files to select v.1.4.8 images (e.g., hyperledger/fabric-ca:x86_64-1.4.8 instead of hyperledger/fabric-ca).

  1. Download (or clone) the Healthcare_scenario in this repo.

  2. npm install in your Healthcare_scenario folder.

About

Audit-Based Access Control Enforcement (AuBACE) is a DLT-oriented framework to support controlled information sharing

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published