Blockhub: Blockchain-based Secure Cross-domain Software Development System

Denis Ulybyshev1, Bharat Bhargava1, Miguel Villarreal-Vasquez1, Aala Alsalem1, Ganapathy Mani1, Leszek

Lilien1, Donald Steiner2, Jason Kobes2, Steve Seaberg2, Paul Conoval2, Robert Pike2, Rohit Ranchal3

1Computer Science and CERIAS, Purdue University; 2Northrop Grumman; 3IBM

ACKNOWLEDGEMENT: This research is supported by Northrop

Grumman. We collaborated with Donald Steiner, Leon Li, Jason Kobes, Steve Seaberg, Peter Meloy, Paul Conoval

FEATURES• Encrypted SM is stored in SB

• Role- and attribute-based

access control

• X and Y, can share software

via smart contracts running in

blockchain network

• Every request and transfer of

SM is logged in blockchain’s

distributed ledger

• For software transfer

authorization needed by both

smart contract and policy

enforcement engine of the SB

1. Registration of software attributes and ID information

2. Access Authorization

3. Process Automation

External Storage: Software Bundles

Blockchain

Collaborator Y

Blockchain Network: 1. Data directory2. Access Control 3. Provenance4. Accountability

SB 4

1. Registration of software attributes and ID information

2. Access Authorization

3. Process Automation

External Storage: Software Bundles

Blockchain

Collaborator X

SB 2

Secure Software Sharing

SB Location Synchronization

SB Location Synchronization

WaxedPrune [1, 2] (Northrop Grumman) /

Software Bundle

BlockchainProvenance Data

On-the-fly Data Analytics

SOFTWARE SHARING SYSTEM

SOFTWARE SPILLAGE DETECTION

• SB contains Enc [ Software (S) ] = {Enck1 (SM1), ... , Enckn

( SMn) } and Access Control Policies (P) = {p1,.., pk}

• X is authorized to extract and decrypt SM1 from SB

• X leaks Enc(SM1) or SM1 to unauthorized service Y

• When Y tries to decrypt SM1 CM checks policies:

whether SM1 is supposed to be at Y

• If plaintext SM1 is leaked: visual watermarks; web

crawler checks digital watermarks

SERVICE X

SB, SM1

SB or SM1

leakage SERVICE Y

SB or SM1

CENTRAL

MONITOR

P

SBSERVICE A

SB

Src ID (X),

Dest ID (Y)

Class of SM1 Time

OBJECTIVES• Provide secure software

sharing and software

access auditing

• Provide integrity of provenance data

• Detect software spillage

PUBLICATIONS, PROTOTYPE

[1] D. Ulybyshev, B. Bhargava, M. Villarreal-Vasquez, D. Steiner, L. Li, J. Kobes, H. Halpin, R. Ranchal, A. Alsalem, “Privacy-preserving Data Dissemination in Untrusted Cloud”, IEEE Cloud 2017[2] NG WAXEDPRUNE Prototype https://github.com/Denis-Ulybysh/absoa17

WAXEDPRUNE ARCHITECTURE

Cloud Provider

Web Crypto Authentication

Client1

DataOwner

Web Crypto Authentication

Client2

Web Crypto Authentication

ClientM

EHRNCM

Dat

a R

eq

ue

st1

Dat

a R

equ

est 2

Dat

a R

equ

est M

Res

ult

= D

1

Res

ult

= D

2

Res

ult

= D

M

Request

1

CM

Trust Calculator

Leakage Detector3

4

Service2

EHR2

ServiceM

5

Service

Trust level,

Leakage

EHR1

Active Bundle(s)

2

Service2

Service (authenticated client)requests trust and leakageverification from CM

Client requests data from EHR DB1

2

3CM responds with trust level of requesting service and leakage check result

4 Data request transferred to EHR, access control policies evaluated

5 Result is sent to client

CheckResult

EVALUATION

SB 1 SB N SB 5SB 3