Clever Use of Blockchain in Access Control

I recently spent time with two fine entrepreneurs, Chris Finan and Rob Seger, learning about their company, Manifold. What I discovered was an elegant design for the strong enforcement of data access policy across an enterprise. The Manifold concept involves the clever use of advanced analytics as basis for controlling access to structured and unstructured data in an enterprise. It's a good idea.

Since the Manifold data access control system uses distributed proxies, the question emerged during our discussion as to proper system orchestration. I wanted to know, for example, how their platform coordinated the management of distributed logs, perhaps with drifting clocks. This is when Chris and Rob, with no hesitation, explained that they’d incorporated blockchain into their design to deal with such concerns.

This was a great answer, and it got me thinking: We’re close now to the universal need in virtually every cyber security management infrastructure for real-time coordination of distributed transaction management - and this includes logging. Blockchain turns out to be just what the doctor ordered for this type of arrangement, because it integrates comfortably with distributed workloads operating in parallel.

You will recall that blockchain works on the premise that a hash function associates arbitrary length input with fixed length output. If we view transactional records, such as in Manifold proxy data control, as input to a hash function, then the output uniquely designates the activity. The cleverness of blockchain involves connecting or chainingthe hash of one action with the hash of a successive one.

The result is a high-integrity activity log, because malicious change to any previous record obligates an attacker to re-hash records in the subsequent blockchain. The additional requirement that each hash produce a specific prepended numeric pattern of 0’s increases the work required to properly mine a given transaction record. The resulting aggregate work obligation makes blockchain super tough to hack.

Furthermore, by employing distributed blockchain structures, the result is that if any one blockchain has a transaction altered, then the subsequent hash value, although potentially consistent with the numeric pattern requirement, would expose differences. The result is an ingenious, cryptographically controlled integrity preservation device, useful for many different cyber security applications.

I guess I’ve gotten a bit off track here – having started this article to explain the fine data access controls Chris and Rob are building into Manifold, not to mention the elegant proxy arrangement that supports distributed workload processing in a hybrid environment. It's great to see data access control taking such full advantage of the best available security technologies. Kudos to Manifold.

But the more general observation emerges that the cyber security community is now increasingly recognizing the usefulness of blockchain to help secure any distributed transaction coordination environment. It's a good trend - one that we would be well-served to promote and continue. It gives me hope.

Let me know what you think.