Securing cross-domain data access with decentralized attribute-based access control
In attribute-based access control (ABAC), access to resources depends on the specific attributes of the entity requesting access. Existing ABAC models primarily depend on local attribute authorities to define and confirm attributes, which makes it challenging to support access decisions cross-domains without introducing centralization. Centralized solutions often conflict with individual domains’ security, privacy, and control requirements and, if compromised for any reason, can impact access to large datasets across participating domains. This paper introduces a novel access control model for cross-domain environments that significantly reduces central control. Our decentralized ABAC (D-ABAC) model uses group signature techniques to exchange attribute information securely and privately within cross-domains. Each domain maintains its own policies and attribute authorities, reducing the need for global trust or centralization to mutual trust between attribute authorities. We further design and implement a proof-of-concept system to demonstrate the practical feasibility of our proposed system for the collaborative and secure sharing of healthcare data in cross-domain environments. The proposed system model enhances security, scalability, and privacy in cross-domain settings, making it suitable for sensitive environments such as healthcare.