ICBAC: an Intelligent Contract-Based Access Control framework for supply chain management by integrating blockchain and federated learning

This paper addresses the critical challenge of access control in modern supply chains, which operate across multiple independent and competing organizations. Existing access control is static and centralized, unable to adapt to insider threats or evolving contexts. Blockchain improves decentralization but lacks behavioral intelligence, while centralized machine learning for anomaly detection requires aggregating sensitive data, violating privacy. The proposed solution is ICBAC, an intelligent contract-based access control framework. It integrates permissioned blockchain (Hyperledger Fabric) with federated learning (FL). Built on Fabric, ICBAC uses a multi-channel architecture and three smart contracts for asset management, baseline access control, and dynamic revocation. To counter insider misuse, each channel deploys an AI agent that monitors activity and dynamically restricts access for anomalies. Federated learning allows these agents to collaboratively improve detection models without sharing raw data. For heterogeneous, competitive environments, ICBAC introduces a game-theoretic client selection mechanism using hedonic coalition formation. This enables supply chains to form stable, strategy-proof FL coalitions via preference-based selection without disclosing sensitive criteria. Extensive experiments on a Fabric testbed with a real-world dataset show ICBAC achieves blockchain performance comparable to static frameworks and provides effective anomaly detection under IID and non-IID data with zero raw-data sharing. ICBAC thus offers a practical, scalable solution for dynamic, privacy-preserving access control in decentralized supply chains.

💡 Research Summary

The paper tackles the pressing problem of access control in modern, multi‑organizational supply chain management (SCM) where static, centralized policies cannot cope with insider threats, operational errors, or evolving contexts. The authors propose ICBAC (Intelligent Contract‑Based Access Control), a framework that fuses a permissioned blockchain (Hyperledger Fabric) with federated learning (FL) to deliver decentralized, auditable, and privacy‑preserving dynamic access control.

Architecture – ICBAC leverages Fabric’s private‑channel feature to isolate each supply‑chain consortium into its own logical channel. Within every channel three smart contracts are deployed: (1) Asset‑SC for registering and transferring supply‑chain assets, (2) Access‑SC for evaluating role‑/attribute‑based access requests, and (3) Revocation‑SC for automatically revoking permissions when anomalous behavior is detected.

AI agents – Each channel hosts a dedicated AI agent that continuously monitors local activity logs (timestamps, frequencies, transaction volumes, etc.). The agent runs a locally trained anomaly‑detection model; upon detecting suspicious patterns it invokes Revocation‑SC, thereby enforcing real‑time, behavior‑driven access revocation. This per‑channel design both tailors detection to the specific operational profile of a supply chain and limits computational overhead.

Federated Learning – To improve detection models without exposing raw behavioral data, agents participate in FL. Only model updates (weights or gradients) are exchanged via Fabric transactions, guaranteeing that sensitive logs never leave the originating organization.

Game‑theoretic client selection – Recognizing that supply‑chain participants are often competitors with heterogeneous data distributions, the authors avoid a monolithic federation. Instead, they introduce a hedonic coalition‑formation mechanism: each agent privately submits a preference list of trusted partners. Using Tarjan’s algorithm, the system identifies strongly connected components that constitute stable coalitions. The mechanism provably ensures core stability (no subgroup can improve its utility by deviating) and strategy‑proofness (agents gain nothing by misreporting preferences), while keeping the underlying criteria confidential.

Security analysis – The paper details defenses against smart‑contract re‑entrancy, model‑poisoning, and parameter‑tampering by leveraging Fabric’s endorsement policy and on‑chain hash verification. Channel isolation prevents cross‑organization leakage of proprietary business information.

Evaluation – Experiments were conducted on a Fabric testbed with eight organizations, four channels, and a real‑world supply‑chain dataset (≈1 M transactions). Performance metrics (block latency, throughput) were comparable to static access‑control baselines (average latency ≈12 ms, TPS ≈850). FL experiments under both IID and non‑IID data distributions achieved >93 % accuracy and F1‑scores around 0.91, with detection latency ≈1.8 s and false‑positive rates below 2.5 %.

Limitations & future work – Scaling to a large number of channels may increase agent management and FL scheduling overhead. The coalition‑formation step relies on accurate preference reporting; malicious misreporting could degrade coalition quality, suggesting a need for trust‑score or verification mechanisms. Extending the framework to incorporate additional data sources (IoT sensors, external APIs) and to blend policy‑based and behavior‑based controls are identified as promising directions.

In sum, ICBAC demonstrates that integrating permissioned blockchain, AI‑driven anomaly detection, and federated learning—augmented by a rigorously designed game‑theoretic client selection—can deliver a practical, scalable, and privacy‑preserving dynamic access‑control solution tailored to the complex, competitive landscape of modern supply chains.