TRABAC: A Tokenized Role-Attribute Based Access Control using Smart Contract for Supply Chain Applications

The use of smart contracts for access control has shown to be promising as it ensures integrity and governs access to stored data, thanks to blockchain's immutability. While several recent studies have shown such usage, their applicability to supply chain applications remains limited due to less governance control capability and implementation complexity with smart contracts. This paper proposes the use of a tokenized role-attribute based access control (TRABAC) as a two-level access control for supply chain applications. In particular, TRABAC combines the simplicity of Role-Based Access Control (RBAC) and the flexibility and fine-grained capacity of Attribute-Based Access Control (ABAC). We consider these methods coupled with the use of Non-Fungible Token (NFT) as virtual assets in the supply chain. We also define four roles or parties that can have distinct and varied access rights. These roles are incorporated into TRABAC. The efficacy of TRABAC has been evaluated in five access control scenarios. Our experimental results show that TRABAC is capable of delegating access to four different supply chain roles. Importantly, TRABAC can effectively prevent unauthorized access requests by accounts that lack a valid Level 1 role or accounts that lack a valid token attribute or a tag in Level 2 of TRABAC.