Enforcing cryptographic distributed-VCS access control with no trust on servers

Document Type

Article

Publication Date

9-2025

Department

Department of Computer Science

Abstract

Version control systems (VCS), including central VCS (CVCS) and distributed VCS (DVCS), are widely adopted to manage changes to software code and various types of documents. Unlike CVCS, where entities obtain data from a central server, each entity in DVCS stores the entire repository and shares it independently. In VCS, existing access control schemes require the participation of a central server and cannot be deployed in a completely distributed scenario. Additionally, these schemes often fail to enforce fine-grained access control for write permissions, which is crucial for collaborative work in a distributed environment. In this paper, we propose a distributed version control system access control scheme (named DVAC), which enforces cryptographic access control on distributed user nodes based on attribute-based encryption (ABE) and attribute-based signature (ABS). DVAC is designed to enforce a cryptographic access control protocol for DVCS, which enables file granularity read and write separation access control without the support of a central server. To ensure the integrity of the core version control functions in DVCS while protecting data security, DVAC incorporates a version control adaptation protocol. Additionally, DVAC leverages Ethereum smart contracts to maintain access control policies, ensuring distributed storage and trusted management of access policies. The architecture of DVAC is designed to seamlessly integrate with existing mature DVCS, such as Git, with minimal modifications. We have implemented a prototype of DVAC and integrated it with Git. A comprehensive performance evaluation was conducted to assess the overhead introduced by DVAC, and it was demonstrated that the overhead is modest.

Publication Title

Journal of Information Security and Applications

Link to Full Text

Share

COinS