Dyacon: JointCloud Dynamic Access Control Model of Data Security Based on Verifiable Credentials

In JointCloud, when multiple entities conduct data collaboration, role-based access control (RBAC) can offer flexible and secure access control policies to ensure security, privacy of data, which is widely utilized in data access of organizations. However, existing RBAC is confronted with problems such as lacking in dynamic role assignment, explosion of role number and uncertainty and unreliability of users' identities, which affect the performance of access control. In this paper, we propose a model to formulate fine-grained access control policy for data and implement dynamic and automatic assignment of roles in hierarchical tree structure based on multi-dimensional attributes. This model adopts decentralized identifier and verifiable credential to describe entities' identity, and leverages blockchain and smart contract to conduct access control policies. This model makes up for the deficiencies of existing RBAC and strengthens the dynamicity of access control policies. Experimental results shows that the model can assign roles to users in a dynamic and automatic way, which verifies the feasibility of the model.