Multi-attribute-Based Access Control Policy for Supply Chain Data Service

The Electronic product code (EPC) network is established and maintained in worldwide-scale based on the EPC standard framework to guarantee the real-time information recognition, and provide efficient management for supply chain. In EPC network, a series of data services can be provided due to the requirements of users. Aiming to guarantee the security of data services, we propose a dynamic access control model for data services based on multiple attributes. We extract specific attribute sets from user, and calculate security level of user using certainty and uncertainty theories based on the attribute sets. The data can be provided to users according to the security level of user and data. The security of data in the supply chain can be guaranteed, and data acquisition can be dynamic and fine-grained. We deploy the proposed model to real supply chain management system we built to verify effectiveness and feasibility of the solution.