Blockhub: Blockchain-based Secure Cross-domain Software Development System
Primary Investigator:
Bharat Bhargava
Denis Ulybyshev, Bharat Bhargava, Miguel Villarreal-Vasquez, Aala Alsalem, Ganapathy Mani, Leszek Lilien, Donald Steiner, Jason Kobes, Steve Seaberg, Paul Conoval, Robert Pike, Rohit Ranchal
Abstract
To ensure integrity, trust, immutability and authenticity of software and information (cyber data, user data and attack event data) in a collaborative environment, research is needed for cross-domain data communication, global software collaboration, sharing, access auditing and accountability. Blockchain technology can significantly automate the software export auditing and tracking processes. It allows to track and control what data or software components are shared between entities across multiple security domains. Our blockchain-based solution relies on role- and attribute-based access control and prevents unauthorized data accesses. It guarantees integrity of provenance data on who updated what software module and when. Furthermore, our solution detects data leakages, made behind the scene by authorized blockchain network participants, to unauthorized entities. Our approach is used for data forensics/provenance, when the identity of those entities who have accessed/ updated/ transferred the sensitive cyber data or sensitive software is determined. All the transactions in the global collaborative software development environment are recorded in the blockchain public ledger and can be verified any time in the future. Transactions can not be repudiated by invokers. We also propose modified transaction validation procedure to improve performance and to protect permissioned IBM Hyperledger-based blockchains from DoS attacks, caused by bursts of invalid transactions.
Our solution supports decentralized and distributed data exchange, that is essential in V2X systems, where a Central Authority (CA) is not required to enforce access control policies. Furthermore, we facilitate querying encrypted Vehicle Records through Structured Query Language (SQL) queries.