Mitigating Security Risks in Multi-Cloud Environments: A Blockchain-Enabled Zero Trust Architecture for Resilient Information Systems
Abstract
Multi-cloud computing environments are emerging as a standard in business settings but present much greater security challenges such as the lack of access control fragmentation, audit transparency, complexities of trust boundaries, and vulnerability to single point of failure due to centralized authentication systems. The article proposes a Zero Trust Architecture based on blockchain and the use of the Attribute-Based Access Control (ABAC) to have secure information systems in distributed multi-clouds. The suggested solution uses Hyperledger Fabric 2.5 and CouchDB state database to provide decentralized, immutable, and transparent access control by policy enforcement using smart contracts. Parallel transaction benchmarking was used to do overall performance testing on four test cases with 1,700 transactions with different concurrent loads (2-10 concurrent workers). The experimental data shows production grade level performance with the maximum throughput of 30.78 TPS, mean latency of 85.79 ms, and the best in class reliability (100% success rate). The system is highly linearly scalable with a 5.2x throughput increase between low and high load conditions, and surprisingly 80 percent reduction in the latency during heavier concurrent load conditions. It has made significant contributions, including: (1) production-quality ABAC smart contract deployment on modern blockchain platforms, (2) extensive performance testing by industry-standard parallel benchmarking methodology, (3) demonstration of successful practicability of real multi-cloud security deployments, (4) reproducible experimental setup with open-source deliverables, and (5) closing the theory-practice gap between theoretical blockchain-based access control models and realistic implementation that is suitable to security-critical enterprise settings where immutable audit logs and principles of Zero Trust are needed.
References
Gartner, Inc., “Gartner predicts global public cloud end-user spending to total nearly $600 billion in 2023,” Gartner Press Release, 2023. [Online]. Available: https://www.gartner.com/en/newsroom/press-releases/2023-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-600-billion-in-2023
J. B. Bernabe, J. L. Canovas, J. L. Hernandez-Ramos, R. T. Moreno, and A. Skarmeta, “Privacy-preserving solutions for blockchain: Review and challenges,” IEEE Access, vol. 7, pp. 164908–164940, 2019, doi: 10.1109/ACCESS.2019.2950872
European Union Agency for Cybersecurity (ENISA), Cloud security guide for SMEs, Publications Office of the European Union, 2020, doi: 10.2824/585988
S. Rose, O. Borchert, S. Mitchell, and S. Connelly, Zero trust architecture (NIST Special Publication 800-207), National Institute of Standards and Technology, 2020, doi: 10.6028/NIST.SP.800-207
J. Kindervag, “No more chewy centers: Introducing the zero trust model of information security,” Forrester Research, Inc., 2010
V. C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone, Guide to attribute based access control (ABAC) definition and considerations (NIST Special Publication 800-162), National Institute of Standards and Technology, 2014, doi: 10.6028/NIST.SP.800-162
S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Decentralized Business Review, p. 21260, 2008
T. T. A. Dinh, J. Wang, G. Chen, R. Liu, B. C. Ooi, and K. L. Tan, “BLOCKBENCH: A framework for analyzing private blockchains,” in Proc. 2017 ACM Int. Conf. Management of Data, pp. 1085–1100, 2017, doi: 10.1145/3035918.3064033
Y. Chen, L. Zhang, and M. Wang, “Blockchain-based access control framework for enterprise identity and access management systems,” IEEE Access, vol. 9, pp. 132841–132855, 2021, doi: 10.1109/ACCESS.2021.3115467
Q. Liu, X. Wei, and H. Chen, “Lightweight attribute-based access control for IoT devices using Hyperledger Fabric,” IEEE Internet of Things Journal, vol. 11, no. 4, pp. 6782–6794, 2024, doi: 10.1109/JIOT.2023.3321456
A. Kumar and R. Singh, “Optimized consensus mechanisms for multi-organization blockchain-based supply chain access control,” J. Network and Computer Applications, vol. 208, p. 103512, 2023, doi: 10.1016/j.jnca.2022.103512
H. Zhang, W. Li, and X. Zhao, “Privacy-preserving blockchain-based access control for healthcare data sharing with zero-knowledge proofs,” IEEE Transactions on Services Computing, vol. 16, no. 3, pp. 1842–1855, 2023, doi: 10.1109/TSC.2022.3201847
S. Wang, Y. Zhou, and J. Liu, “Hierarchical attribute-based access control for cloud-edge computing using consortium blockchain,” Future Generation Computer Systems, vol. 126, pp. 41–52, 2022, doi: 10.1016/j.future.2021.07.023
E. Androulaki et al., “Hyperledger Fabric: A distributed operating system for permissioned blockchains,” in Proc. 13th EuroSys Conf., Article 30, pp. 1–15, 2018, doi: 10.1145/3190508.3190538
P. Thakkar, S. Nathan, and B. Viswanathan, “Performance benchmarking and optimizing Hyperledger Fabric blockchain platform,” in Proc. IEEE 26th Int. Symp. Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pp. 264–276, 2018, doi: 10.1109/MASCOTS.2018.00034
A. Baliga, I. Subhod, P. Kamat, and S. Chatterjee, “Performance evaluation of the Quorum blockchain platform,” arXiv preprint, arXiv:1809.03421, 2018, doi: 10.48550/arXiv.1809.03421
Q. Nasir, I. A. Qasse, M. Abu Talib, and A. B. Nassif, “Performance analysis of Hyperledger Fabric platforms,” Security and Communication Networks, vol. 2018, Article 3976093, 2018, doi: 10.1155/2018/3976093
A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, “FairAccess: A new blockchain-based access control framework for the Internet of Things,” Security and Communication Networks, vol. 2017, Article 4535047, 2017, doi: 10.1155/2017/4535047
M. Samaniego and R. Deters, “Blockchain as a service for IoT,” in Proc. IEEE Int. Conf. Internet of Things (iThings), pp. 433–436, 2016, doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2016.102
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role-based access control models,” Computer, vol. 29, no. 2, pp. 38–47, 1996, doi: 10.1109/2.485845
