A Privacy Preserving Attribute-Based Access Control Model for the Tokenization of Mineral Resources via Blockchain

Abstract

The blockchain technology is transforming the mining industry by enabling mineral reserve tokenization, improving security, transparency, and traceability. However, controlling access to sensitive mining data remains a challenge. Existing access control models, such as role-based access control, are too rigid because they assign permissions based on predefined roles rather than real-world conditions like mining licenses, regulatory approvals, or investment status. To address this, this paper explores an attribute-based access control model for blockchain-based mineral tokenization systems. ABAC allows access permissions to be granted dynamically based on multiple attributes rather than fixed roles, making it more adaptable to the mining industry. This paper presents a high-level system design that integrates ABAC with the blockchain using smart contracts to manage access policies and ensure compliance. The proposed model is designed for permissioned blockchain platforms, where access control decisions can be automated and securely recorded. A comparative analysis between ABAC and RBAC highlights how ABAC provides greater flexibility, security, and privacy for mining operations. By introducing ABAC in blockchain-based mineral reserve tokenization, this paper contributes to a more efficient and secure way of managing data access in the mining industry, ensuring that only authorized stakeholders can interact with tokenized mineral assets.

1. Introduction

Governance of mineral assets plays a pivotal role in national resource strategies, environmental regulation, and foreign investment. Yet, the mining industry continues to struggle with fragmented data infrastructure, opaque auditing processes, and centralized control of high-value asset records. As digital transformation accelerates across capital-intensive sectors, blockchain technology has been proposed as a mechanism for decentralization, traceability, and operational transparency in mining operations [1,2].

A prominent application of blockchain in asset management is tokenization— the process of digitally representing real-world assets, such as mining licenses or mineral reserves, as on-chain tokens. Recent studies have demonstrated the use of blockchain in mineral supply chains, highlighting its potential to improve traceability, stakeholder accountability, and provenance assurance in sectors like diamond and cobalt mining [3]. However, if such tokenized systems lack fine-grained access control mechanisms, they risk exposing commercially sensitive data and may fail to comply with multi-jurisdictional regulations.

Traditional role-based access control models [4] have dominated access governance in enterprise systems, including some blockchain integrations. However, RBAC struggles with the dynamic, contextual nature of access in mining operations—where permissions should depend on factors like license status, regulatory clearance, organizational affiliation, or environmental conditions. In response, the ABAC paradigm [5] has gained attention for its flexibility and expressiveness, yet ABAC has seen limited deployment in industrial blockchain systems due to technical challenges in enforcement and scalability.

Motivated by these challenges, this paper presents a blockchain-integrated ABAC framework for tokenized mineral governance. In such regulated environments, access must account for multiple dynamic attributes—such as environmental zones, organizational roles, and jurisdictional mandates—that static RBAC models cannot accommodate [6]. ABAC enables expressive and granular policy enforcement suitable for cross-organizational mining data sharing [7].

To meet the performance, privacy, and compliance demands of the mining sector, we adopt Hyperledger Fabric as the blockchain foundation. Fabric’s support for permissioned networks aligns well with the consortium-based structure of mineral governance, offering enhanced identity management, transaction throughput, and confidentiality [8,9].

While the integration of ABAC with blockchain has been explored in various domains such as healthcare, IoT, and enterprise systems [10,11], its targeted application to the tokenization and governance of mineral resources remains underexplored. Prior work typically addresses generic access scenarios without accounting for the complex, multi-jurisdictional constraints of mining operations, such as dynamic licensing conditions, environmental compliance, and cross-organizational data exchange. This paper addresses that gap by proposing a domain-specific ABAC framework designed to handle the regulatory, operational, and privacy requirements unique to mineral asset tokenization.

This paper contributes a domain-specific, smart contract–driven ABAC system deployed over Hyperledger Fabric, designed for secure, configurable, and traceable access control over tokenized mining assets. Our key innovations lie in tailoring ABAC policy structures to mining-sector realities, including (i) a modular ABAC policy engine that supports context-aware, attribute-rich access rules specific to regulatory zones, organizational roles, and environmental permits; (ii) simulation of realistic mining scenarios using synthetic datasets that model industry actors and compliance conditions; (iii) performance benchmarking against RBAC and generic ABAC implementations, demonstrating superior control precision and latency under mining-relevant conditions; and (iv) verifiable on-chain policy auditing suited to high-compliance industrial settings. These contributions highlight the practical feasibility of fine-grained, regulation-conscious access control for tokenized mineral ecosystems.

1.1. Challenges

While integrating blockchain with ABAC offers significant promise for secure and auditable governance, several practical challenges hinder its adoption in compliance-critical sectors like mining:

(i)

Rigid Access Models: Existing implementations primarily rely on role-based access control, which lacks the flexibility to accommodate the dynamic, multi-attribute requirements of operational mining environments [12].

(ii)

Off-Chain Policy Handling: Some systems offload access control logic to off-chain processes, reducing transparency and weakening the trust benefits of blockchain-based enforcement [13].

(iii)

Lack of Auditable and Scalable Infrastructure: Many solutions fail to provide structured audit trails or scalable mechanisms for high-volume enterprise data, undermining accountability and operational readiness [11].

In parallel, tokenization pilots in the mining and energy sectors have focused on provenance and traceability but often overlook fine-grained, dynamic access boundaries and confidentiality requirements. This gap increases the risk of unauthorized exposure of sensitive financial, legal, or environmental data [10].

These challenges motivate the need for a decentralized ABAC framework that is auditable, scalable, and specifically tailored to govern access to tokenized mineral assets in permissioned blockchain environments.

1.2. Contributions

Real-world initiatives such as the Web3in Tech-Lab [14] demonstrate growing industry interest in leveraging permissioned blockchain for mineral resource governance. Building on this momentum, we propose a targeted, smart contract–driven ABAC framework that addresses the nuanced access control, privacy, and regulatory challenges inherent in tokenizing mining assets. We aim to simulate a realistic attribute-based access control system for tokenized mining licenses in this paper. While not a production deployment, the implementation closely mirrors enterprise-grade requirements in terms of data formats, access policy logic, and performance evaluation.

To sum it up, this paper makes the following key contributions to the field of blockchain-enabled access control for tokenized mining assets:

• A modular ABAC framework: We design and implement a blockchain-integrated ABAC architecture, tailored specifically for the privacy, compliance, and scalability needs of the mining industry, building upon methodologies proposed by Rouhani et al. [10].
• Smart contract development: We develop a suite of reusable smart contracts in Go for Hyperledger Fabric, supporting decentralized user registration, policy specification, and access evaluation.
• Simulation-based validation: We simulate a controlled test environment with 50 synthetic users and 30 tokenized resources to execute and log 1500 access evaluations under realistic policy constraints.
• Audit logs: The system generates structured, timestamped CSV logs that support post-hoc analysis for anomaly detection, compliance auditing, and policy refinement.
• Comparative evaluation: We conduct a comparative analysis between ABAC and traditional RBAC implementations, showing improved policy granularity, enforcement precision, and contextual flexibility [11].

1.3. Organization of the Paper

The remainder of the paper is organized as follows. Section 2 reviews the current landscape of blockchain-integrated access control, identifying key limitations in existing models. Section 3 introduces the architectural foundations of the proposed ABAC framework, highlighting its domain-specific design considerations. Section 4 presents the detailed implementation of system components, including smart contracts, data generation, and simulation logic. Section 5 provides an evaluation of the framework’s performance, scalability, and auditability through controlled simulation experiments. Section 6 concludes the paper with a summary of findings and outlines directions for future research. Appendix A offers replication materials to facilitate transparency and reproducibility.

2. Related Work

This section reviews the state of the art in blockchain-based access control, privacy-aware access enforcement, and tokenized asset management in the context of mineral resource governance. Prior studies have explored blockchain’s potential for improving traceability and transparency in resource supply chains, but few have addressed the implementation of fine-grained, policy-driven access control systems tailored to the compliance-intensive needs of the mining sector. This paper builds upon recent advancements in ABAC and permissioned blockchain frameworks to present a practical, audit-capable solution for managing access to tokenized mineral assets.

2.1. Access Control Systems in Mineral Resource Governance

The integration of blockchain technology into mineral resource governance has introduced innovative approaches to access control, particularly through the adoption of ABAC models. Hyperledger fabric, a permissioned blockchain framework, has been instrumental in facilitating these advancements.

Pericherla et al. [15] proposed methods to provide full ABAC functionality in Hyperledger Fabric, addressing the need for fine-grained access control in enterprise settings. Their performance evaluations using the Hyperledger Caliper benchmarking tool demonstrated the efficiency of their approach in practical scenarios.

In the context of mineral resource tokenization, platforms like Vero have emerged, transforming real-world mineral assets into verifiable digital tokens. Vero’s blockchain-powered platform ensures transparent engagement and compliant capital formation, highlighting the practical application of blockchain in mineral resource management [16]. These real-world developments provide a comprehensive review of blockchain applications in the mining industry, including tokenization and supply chain transparency [1].

Furthermore, DAMREV has explored the tokenization of minerals, emphasizing the potential of blockchain to enhance transparency and efficiency in the mining industry [17]. These initiatives reflect a broader trend, where tokenized assets have been shown to improve transaction efficiency, data integrity, and regulatory alignment across decentralized resource-based sectors [18]. Robust access control mechanisms remain essential to safeguarding sensitive data and maintaining compliance.

These developments underscore the critical role of ABAC models in managing access to tokenized mineral assets, ensuring that only authorized entities can interact with sensitive data and resources. By leveraging Hyperledger Fabric’s capabilities, these systems can enforce dynamic, attribute-driven access policies, aligning with the complex requirements of mineral resource governance.

2.2. ABAC Integration in Blockchain Systems

ABAC has gained significant traction for its ability to enforce fine-grained, context-aware policies. Unlike RBAC, ABAC leverages dynamic attributes—such as organizational role, project status, or environmental context—to enable more expressive and scalable access decisions [19].

Implementing ABAC in blockchain environments presents challenges related to policy enforcement, system performance, and the protection of confidential data. A smart contract–based architecture for ABAC enforcement on Ethereum has demonstrated the feasibility of fine-grained access control in decentralized settings [5]. However, public blockchains often suffer from scalability constraints and inherent privacy limitations, making them less suitable for enterprise-grade applications.

Permissioned blockchains like Hyperledger Fabric are increasingly favored for implementing enterprise-grade ABAC due to their modular architecture, decentralized identity management, and reduced consensus overhead. These features enable scalable and fine-grained policy enforcement while also supporting efficient attribute revocation and trust management—capabilities that are critical for secure access governance in dynamic environments such as the Internet of Things (IoT) and organizational networks [20]. Recent work has also demonstrated enhanced policy expressiveness and scalability through hierarchical attribute structures and sharding techniques in smart contract–based ABAC systems [21] as well as improved throughput in Hyperledger environments for IoT-focused applications [22].

On-chain enforcement of attribute-based policies in Hyperledger Fabric has been demonstrated using a modular ABAC framework, improving policy expressiveness over traditional access models [11].

These studies build upon these foundations by deploying a full ABAC-enforced system using Hyperledger Fabric for the tokenization of mining licenses. It contributes a reusable smart contract suite, structured access logs, and an evaluation framework for analyzing latency, scalability, and auditability in enterprise conditions.

2.3. Access Control in Mineral Resource Governance

The digital transformation of mineral resource governance necessitates secure, transparent, and compliant access control mechanisms. While blockchain technology has been explored for enhancing traceability in mineral supply chains, challenges remain in implementing fine-grained access control to protect sensitive data. For instance, blockchain-enabled traceability systems in mineral supply chains often fail to address existing inequalities in resource use and access, highlighting the need for robust data governance mechanisms [3].

To address these challenges, integrating attribute-based access control models with blockchain technology has been proposed. A recent scheme presents a traceable and revocable multi-authority ABAC framework tailored for the mineral industry, utilizing blockchain and InterPlanetary File System (IPFS) to ensure secure data storage and fine-grained access control [23]. This approach enables dynamic policy enforcement and enhances privacy preservation in multi-jurisdictional compliance scenarios.

Building upon these insights, our work implements an ABAC framework tailored to tokenized mining licenses. We introduce a scalable permissioned blockchain system that enforces contextual access policies using smart contracts, thereby enabling confidentiality, auditability, and regulatory alignment in mineral asset management.

2.4. Comparison with Existing Work

Most existing blockchain-based access control systems tend to follow rigid RBAC models, rely on public blockchains, or lack the auditability and scalability required for enterprise use. In contrast, our framework is designed for real-world deployment in the mineral governance domain, emphasizing fine-grained control, performance, and compliance readiness.

In summary, prior research has laid a strong conceptual foundation for integrating ABAC with blockchain, particularly within permissioned architectures like Hyperledger Fabric. However, existing solutions often lack domain-specific deployment, audit readiness, and scalability for compliance-heavy industries such as mining, as shown in

Table 1. Comparative Summary of Blockchain-Based ABAC Approaches.

Criteria	Conceptual Research	Prototype Implementations	This Work
ABAC Integration with Blockchain	Explored theoretically	Partially implemented	Fully implemented
Permissioned Blockchain Use (e.g., Fabric)	Proposed	Used with limited policies	Used with domain-specific policies
Tokenization of Mineral Assets	Not addressed	Generic token examples	Applied to mining licenses
Policy Dynamics (Revocation, Context)	Static or assumed	Limited automation	Fully dynamic and contextual
Auditability and Structured Logging	Not considered	Basic or missing	Fully supported
Domain-Specific Design (Mining)	Absent	Generic or IoT domains	Tailored to mineral governance
Enterprise Evaluation Metrics (e.g., latency, scalability)	Not included	Partial benchmarking	Included with deployment analysis

. This paper addresses these gaps by designing and implementing a blockchain-enforced ABAC system tailored to tokenized mineral asset governance. Our work advances beyond theoretical models by offering a deployable, auditable framework that supports dynamic policies, structured logging, and enterprise-grade evaluation metrics.

3. System Design

This section outlines the architectural design and methodology used to implement a blockchain-integrated ABAC system over Hyperledger Fabric. It describes the smart contract logic, synthetic data generation, and simulation steps employed to validate policy enforcement under realistic conditions.

3.1. Overview

The methodology adopted in this research demonstrates the practical viability of an ABAC system integrated with blockchain technology for the privacy-preserving tokenization of mineral reserves.

The primary objective is to move beyond traditional role-based systems and validate a dynamic, attribute-driven model where access permissions are governed based on real-world conditions such as mining licenses, ownership percentages, and regulatory statuses [24]. This direction aligns with recent advances in lightweight ABAC models that leverage blockchain frameworks, such as Hyperledger Fabric, to enforce fine-grained, auditable, and decentralized access control for sensitive resources in constrained environments [25].

The overall approach can be divided into three main phases:

• Blockchain and Smart Contract Design: A permissioned blockchain environment is configured (using Hyperledger Fabric) to deploy smart contracts capable of managing user attributes, resource access policies, and evaluation mechanisms securely and immutably [8].
• Synthetic Data Generation: A simulated dataset is generated to mirror realistic operational conditions. Each user receives multi-dimensional attributes relevant to the mining sector.
• Simulation and Scalability Testing: Automated scripts register users, create policies, and evaluate access in a large-scale manner, resulting in thousands of transactions that assess system correctness, performance, and scalability [26].

3.2. Blockchain Network and Smart Contract Deployment

A permissioned blockchain network is deployed using Hyperledger Fabric v2.2 as shown in Figure 1 to facilitate secure and verifiable policy evaluation and access management [8,25]. The network comprises two peer organizations (Org1 and Org2) and one ordering service organization. Chaincode (smart contract) is developed in Go and instantiated on the channel named mychannel. The smart contract includes three core functions: RegisterUser, CreatePolicy, and EvaluateAccess. These functions enable user registration with attribute-based details, dynamic policy creation for mining licenses, and real-time access evaluations, respectively [27].

Recent advances have explored scalable permissioned blockchain frameworks optimized for privacy-preserving IoT authentication and lightweight data storage [28]. These improvements are especially relevant in enterprise contexts, such as mineral resource governance, where scalability and secure data management are critical.

To ensure modular and maintainable development, the chaincode structure follows best practices as described in the Hyperledger Fabric documentation [8]. Access control conditions are defined using logical combinations of user attributes such as role, location, and affiliation [24].

The blockchain network uses a permissioned consortium-based architecture built with Hyperledger Fabric. For implementation details, including Docker containerization, TLS security, and organizational setup.

Deployment is orchestrated through Docker-based containers, providing modularity, isolated service management, and future extensibility [29]. Communications among peer nodes are secured using mutual Transport Layer Security (TLS). Endorsement policies are configured to require multi-organization approval, enhancing system trust through collaborative validation.

The blockchain network uses a permissioned consortium-based architecture built with Hyperledger Fabric. For implementation details, including Docker containerization, TLS security, and organizational setup.

All chaincode invocations and queries are executed via the Fabric CLI (peer commands), with TLS certificates and Orderer addresses explicitly configured in evxecution context [30].

(a)

The FABRIC_CFG_PATH environment variable is exported during simulation execution to ensure the correct linkage to peer configuration files (e.g., core.yaml).

(b)

MSP artifacts for each peer are derived from the organizations/peerOrganizations directory to ensure identity recognition and endorsement compatibility across the network.

(c)

Separate endorsement policies are dynamically configurable depending on the type of resource being accessed. This allowed fine-tuned control over policy enforcement and reflects a scalable and adaptable network design.

3.3. Synthetic Data Generation for Users and Resources

The smart contract encapsulates three primary functions essential to the simulated access control environment: user registration, policy creation, and access evaluation. These operations are engineered to map directly to real-world interactions within resource access management systems, ensuring contextual relevance and system fidelity.

(1)

User Registration Function (RegisterUser)

Users are registered on the blockchain ledger with distinct identities and attribute sets. Each user’s attributes—such as designation, organization, and roles—are captured in a JSON object. Upon invocation, the smart contract securely stores these attributes on-chain, linking them immutably to the user identifier [19,31].

(2)

Policy Creation Function (CreatePolicy)

Access policies are formulated for each mining license resource, based on ABAC principles. Policies specify permissible conditions (e.g., roles allowed to access specific licenses). The smart contract maintains these policies on-chain as key-value mappings between resource IDs and their access conditions, allowing efficient retrieval and enforcement during queries [32].

(3)

Access Evaluation Function (EvaluateAccess)

During access requests, the smart contract is invoked to dynamically evaluate user attributes against the corresponding resource’s policy rules. Access decisions are returned as Granted or Denied, with each interaction immutably logged on-chain. This mechanism ensures consistency in policy enforcement and provides a reliable basis for post-simulation analysis.

3.3.1. Chaincode Interaction Flow

A high-level view of the interaction flow among the core smart contract operations is shown in Figure 2. The arrows indicate the sequence of interaction between the user/client and smart contract functions (RegisterUser, CreatePolicy, EvaluateAccess), with each label denoting the specific operation invoked.

3.3.2. Security and Robustness Considerations

All transactions are secured with TLS, and chaincode endorsement policies are enforced to require multiple peer approvals, ensuring resistance against unilateral manipulations. Furthermore, input validations are embedded to mitigate injection or malformed query risks, enhancing system resilience.

3.3.3. Design Choices Justification

The smart contract design emphasizes modularity, allowing independent evolution of user, policy, and evaluation logic. Furthermore, the ABAC model is selected over traditional role-based models to better reflect real-world complexity, where access conditions often depend on dynamic multi-attribute evaluations rather than static role assignments.

3.3.4. Synthetic Dataset Generation

In order to simulate a realistic operational environment, synthetic datasets are generated for both users and mining licenses. This approach is commonly used in blockchain performance testing to ensure control over input variance and reproducibility [33].

(a)

User Dataset: A script is developed to programmatically generate 50 user profiles, each associated with randomized yet structured attributes. These included roles such as Regulator, CompanyOfficial, and FieldEngineer, along with geographic affiliations.

(b)

Resource Dataset: A sample of mining license data is obtained from Australian government datasets of current mining licenses. Each license is identified by a unique Tenement Number (TNO) and accompanied by relevant metadata.

Attribute values are carefully balanced to simulate diversity, ensuring a mixture of users who qualify for access under different policy conditions. This was achieved by using stratified random sampling across predefined attribute categories (e.g., role, clearance level, organization), ensuring that each combination occurred with sufficient frequency to meaningfully trigger policy-based access decisions during simulation. Generated users are stored in a structured JSON file (generated_users.json), and mining licenses are organized similarly in mining_licences_sample.json.

3.4. Policy Creation and Access Simulation

In order to simulate realistic system conditions, a structured synthetic data generation methodology is adopted. The generated datasets encompass three primary entities: users, resources (mining licenses), and access control policies. Each dataset is crafted to mimic the diversity and complexity observed in real-world industrial environments, thereby enhancing the relevance and applicability of subsequent analysis. [33,34].

• User Data Generation

Fifty distinct users are synthetically created, each assigned a unique identifier (user01, user02, …, and user50). For every user, a set of attributes was generated, including:

(a)

Role: (e.g., geologist, engineer, regulator)

(b)

Organization: (e.g., Org1, Org2)

(c)

Department: (optional, e.g., Mining Operations, Compliance)

(d)

Clearance Level: (e.g., Confidential, Restricted, Public)

• The user profiles are constructed in JSON format to ensure compatibility with both blockchain transaction payloads and downstream AI/ML tools.

{

  "user_id": "user01",

  "attributes": {

    "role": "geologist",

    "organization": "Org1",

    "clearance": "Confidential"

  }

}

2.

Resource (Mining License) Data Generation

A curated sample of 30 mining license entries is prepared. Each mining license was identified by a unique tenement number (TNO) and accompanied by metadata such as

(a)

Resource Type: (e.g., coal, iron ore, gold)

(b)

Geographic Location

(c)

Regulatory Sensitivity Level

This resource pool reflects real-world mining license databases, enabling meaningful modeling of access policies.

3.

Access Control Policy Generation

For each resource, policies are dynamically generated based on user attributes. Policies specify allowable access based on logical conditions such as

{

  "MIN4701": {

    "organization": "Org1",

    "role": "geologist",

    "clearance": "Confidential"

  }

}

3.4.1. Workflow Summary Diagram

A summary of the synthetic data generation process is illustrated in Figure 3.

3.4.2. Rationale Behind Structured Generation

Structured and schema-consistent generation of synthetic datasets is critical to

(a)

Ensure compatibility with blockchain transaction formats.

(b)

Enable repeatable and scalable simulations with minimal manual intervention.

(c)

Facilitate AI-readiness for future data analytics and visualization tasks by maintaining machine-readable JSON formats.

3.5. Structured Output for Easier Analysis

To validate the robustness, responsiveness, and scalability of the blockchain-based access control system, an extensive simulation involving 50 unique users and 30 distinct resources was executed. This setup was designed to mirror the interaction complexity found in real-world multi-user environments such as mining governance, industrial IoT systems, and decentralized data platforms [27,35].

• User-Resource Interaction Matrix

A combinatorial evaluation is performed, whereby every user is assessed against every resource to determine access eligibility. This resulted in a total of

$$\mathrm{Total}\mathrm{Evaluations}=50\mathrm{users}\times 30\mathrm{resources}=1500\mathrm{access}\mathrm{queries}$$

Each query simulates a blockchain smart contract invocation that either grants or denies access based on the dynamic evaluation of attribute-based policies.

2.

System Execution Flow

The simulation is organized into three sequential phases:

(a)

User Registration: All 50 users are registered on the blockchain network via smart contract invocations.

(b)

Policy Creation: Policies are dynamically created and mapped to resources, ensuring access conditions varied in complexity.

(c)

Access Evaluation: Each user-resource pair is evaluated individually through smart contract queries, with interactions logged systematically for later analysis.

The execution flow of the simulation script is illustrated in Figure 4.

3.

Performance and Latency Considerations

Performance metrics such as transaction latency and access decision speed are implicitly captured via blockchain event timestamps. Although detailed profiling (e.g., endorsement time, commit latency) is not performed, the system demonstrates capability to handle large query volumes without error or deadlock under the test configuration.

4.

Scalability to Real-World Scenarios

The simulation framework ensures system scalability through the following settings.

(a)

JSON-formatted payloads for flexible input scaling.

(b)

Dynamic attribute-based smart contracts for adaptable evaluations.

(c)

Structured CSV/JSON logs suitable for easier analysis with minimal preprocessing.

Access evaluation results are stored in structured, machine-readable logs with the following fields:

(a)

Requester (user ID)

(b)

Resource (TNO/license ID)

(c)

Status (Granted/Denied)

(d)

LatencyMs (response time)

(e)

Timestamp (ISO 8601 [36])

3.6. Simulation Scalability and Real-World Relevance

The simulation is scaled to model 50 users interacting with multiple mining license resources, reflecting enterprise or governmental deployment sizes and addressing known scalability concerns in blockchain systems [8,37] as depicted in Figure 5. Each user had a unique identity and attributes to simulate role diversity. Each user-resource pair triggers three core operations: registration, policy creation, and access evaluation, as depicted in

Table 2. Mining Licence Access Simulation Data.

Requester	Resource	Status
user1	MIN006412	Granted
user2	MIN50642	Denied
user8	MIN5512	Granted
user10	MIN553912	Denied
user17	MIN5404	Denied
user13	MIN4519	Granted
user14	MIN4519	Denied
user15	MIN006412	Denied
user16	MIN52944	Denied
user17	MIN5404	Granted
user18	MIN4519	Denied
user19	MIN006412	Denied
user20	MIN50053	Denied
user21	MIN5512	Denied
user22	MIN50040	Granted
user23	MIN4519	Denied
user24	MIN00602	Granted
user25	MIN5362	Denied
user26	MIN00064	Denied
user27	MIN5404	Granted
user28	MIN4519	Denied
user29	MIN00642	Denied
user30	MIN5423	Granted
user31	MIN4566	Denied
user32	MIN4566	Denied
user33	MIN5423	Granted
user37	MIN4566	Denied

, resulting in thousands of transactions across a single simulation run. Despite the load, the architecture requires no fundamental change, consistent with prior findings on Hyperledger Fabric’s scalability and transaction throughput [38,39].

Transaction latencies remain consistently in the low millisecond range [39,40], and system error rates are negligible post-initial configuration tuning.

It is important to note that these simulations were executed on a local, Docker-based deployment of Hyperledger Fabric, which does not reflect the full behavior of geographically distributed or enterprise-scale networks. Performance results such as latency and throughput may vary under real-world conditions due to inter-peer communication delays, consensus timing, and infrastructure variability.

In addition, the system was tested using synthetic user and policy data designed to mirror realistic mining operations. While this allows for systematic control over experiment variables, it does not fully capture the unpredictability of real-world datasets or user behavior.

Future extensions may incorporate peer failures, network delays, or adversarial scenarios for stress testing [41,42].

In summary, this section outlines a full-stack approach to designing, deploying, and validating a blockchain-based ABAC framework tailored for mineral asset governance. By combining smart contract implementation, synthetic data modeling, and large-scale simulation, the system is evaluated for correctness and scalability. However, we acknowledge that full deployment in operational settings may involve additional complexity not captured by this controlled simulation environment. The architecture’s modular design and structured logging enable downstream analytics and future expansion into production-ready applications in compliance-driven environments.

4. Design and Development

In this section, we present the multi-layered architecture, data structures, and deployment configurations that underpin our blockchain-integrated ABAC system. We detail how Hyperledger Fabric, structured JSON/CSV formats, and scripted simulations were combined to support automated access control, evaluation, and analysis for tokenized mining licenses.

4.1. Architecture Overview

The system architecture developed in this paper follows a multi-layered design, structured to deliver fine-grained access control for tokenized mining licenses through blockchain-enabled ABAC mechanisms. Each layer is responsible for specific operations, ranging from user interaction to policy enforcement and ledger recording. This modular and decentralized approach has been shown to enhance both security and scalability in permissioned blockchain systems [10,13].

4.1.1. Test Network and Base Repository Reference

This setup builds on the official Hyperledger Fabric test-network GitHub repository (https://github.com/hyperledger/fabric-samples/tree/main/test-network accessed on 20 May 2025), which provides Docker-based scripts for launching Fabric peer nodes, ordering services, and Certificate Authorities in a local development context.

Custom components—smart contracts, user registration logic, and simulation scripts—were integrated atop this base repository to support ABAC-specific functionality.

4.1.2. Layered System Breakdown

(a)

Application Layer: This layer consists of user-facing components and the ABAC Policy, which handles attribute-based authorization, access simulations, and client requests.

(b)

ABAC Policy Engine: Core functions include access policy parsing, rule matching, and simulation orchestration. It bridges client interactions with blockchain smart contracts, a design pattern supported by recent work on dynamic policy enforcement in blockchain-based systems [13].

(c)

Blockchain Network: Powered by Hyperledger Fabric for decentralized identity, chaincode execution, and immutable logging.

(d)

Smart Contracts: Encapsulate logic for user registration, access policy creation, and access evaluation.

(e)

Data Layer: Comprises users, resources, and structured datasets.

4.2. Data Structures and File Formats

4.2.1. User and Policy JSON Inputs

Blockchain transactions were structured using JSON-formatted payloads for user registration and policy definition. Listing 1 illustrates the structure of a user registration payload, where each user is assigned a unique identifier and a set of descriptive attributes, such as organizational affiliation, role, and clearance level.

Listing 1. Sample user registration input.

Similarly, Listing 2 presents a sample policy specification format, mapping resource identifiers (e.g., mining license IDs) to attribute-based access control conditions. These JSON policies are evaluated at runtime during access requests

Listing 2. Sample policy input format.

4.2.2. CSV Log Format for Evaluation Results

The access evaluation results are stored in a structured CSV format with the following fields: user_id, resource_id, status, latency_ms, and timestamp. An example is shown in Listing 3.

Listing 3. Excerpt from simulation_results.csv.

user01, MIN4701, Granted, 42, 2025-04-25T07 : 22 : 11Z

user02, MIN5288, Denied, 38, 2025-04-25T07 : 22 : 12Z

The use of structured JSON for inputs and CSV for logging enabled reproducible experimentation, streamlined access auditing, and seamless integration with data analytics tools such as Python (Pandas), Excel, and machine learning pipelines.

4.3. Deployment Configuration and Execution Scripts

The blockchain environment and simulation workflows were deployed and orchestrated using automated configurations and scripting tools. This setup ensured experimental consistency and facilitated reproducibility of results.

4.3.1. Docker-Based Setup

Using Docker Compose to deploy:

(a)

peer0.org1.example.com

(b)

peer0.org2.example.com

(c)

orderer.example.com

(d)

Organization-specific CAs

(e)

CLI containers

4.3.2. Fabric Configuration

Each peer was configured using a dedicated core.yaml file, and environment variable FABRIC_CFG_PATH was set to enable secure CLI-based interactions.

4.3.3. Python Simulation Script

A script run_simulation.py automates:

(a)

User registration

(b)

Policy creation

(c)

Access evaluation over 1500 user-resource interactions

4.3.4. Environment Setup

(a)

Docker v20.10+

(b)

Hyperledger Fabric v2.2

(c)

Python 3.8+

(d)

Bash with peer CLI access

4.3.5. Script Flow Overview

The simulation execution flow is summarized as in Figure 6:

For complete YAML configurations, CLI command sequences, and reproduction instructions, refer to Appendix A.

In summary, the architecture follows a modular and layered design that integrates Hyperledger Fabric smart contracts with an ABAC policy engine. The structured use of data formats and automated scripting ensures scalability, reproducibility, and integration readiness for performance testing and analytics workflows.

5. Evaluation and Results

In this section, the operational performance and decision accuracy of the proposed ABAC-based blockchain framework are evaluated within a permissioned mining governance context. The evaluation is conducted by simulating 1500 access requests involving 50 distinct users and 30 tokenized mining licenses, executed on a locally hosted Hyperledger Fabric network. The assessment encompasses key performance metrics, including latency and throughput, as well as access decision distributions. A comparative analysis between ABAC and RBAC models is also presented. Additionally, visualizations and log data are used to support the auditability and practical applicability of the framework under dynamic, attribute-based policy conditions.

5.1. Simulation Setup

To assess the operational validity and performance of the blockchain-integrated ABAC framework, a controlled simulation environment was configured and executed. The simulation was designed to emulate a realistic access control scenario within a permissioned mining governance network, thereby providing representative insights into the system’s behavior under practical conditions.

5.1.1. Evaluation Environment

The simulation was conducted on a locally hosted Hyperledger Fabric v2.2 network (Figure 7) with the following configuration:

(a)

Network Topology: Two peer organizations (Org1, Org2), one ordering service, and one Certificate Authority (CA) per organization.

(b)

Channel: A single communication channel named mychannel for all smart contract transactions.

(c)

Smart Contract: Written in Go, encapsulating three core functions—RegisterUser, CreatePolicy, and EvaluateAccess.

(d)

Security: All communications were secured using Transport Layer Security (TLS). Peer CLI invocations used MSP identities and certificate chains.

5.1.2. Simulation Workflow

The evaluation was executed using a Python automation script:

• Registering 50 users with unique attribute profiles.
• Creating ABAC rules for 30 mining licenses.
• Evaluating 1500 user-resource access queries.

5.1.3. Data Inputs and Logging

Input JSON files:

• generated_users.json
• mining_licenses.json
• access_policies.json

Outputs were written to simulation_results.csv and included user ID, resource ID, access status, latency, and timestamp.

5.2. Access Outcome Analysis and Performance Metrics

We present the distribution of access decisions made during the simulation. The granted and denied request counts highlight how the implemented ABAC policies filtered user-resource combinations based on defined attribute conditions.

5.2.1. Access Decision Distribution

• Granted: 356 requests (23.7%)
• Denied: 1144 requests (76.3%)

5.2.2. Pattern Observations

Here, we analyze the trends observed in the simulation results. This includes the influence of user attributes, organizational affiliation, and license policy structure on access outcomes, providing insights into policy effectiveness and selectivity.

(a)

Attribute combinations such as Regulator + Confidential showed high access alignment with policies.

(b)

Users from Org2 and those with Public clearance were largely filtered out by policy conditions.

(c)

Licenses with broader attribute criteria (e.g., MIN4701) accounted for a majority of granted decisions.

5.2.3. Evaluation Accuracy

Manual cross-checks revealed zero mismatches in access decisions, confirming full decision consistency as verified during earlier validation.

5.2.4. Performance Metrics

We report key performance metrics, including latency and throughput, to evaluate the system’s operational feasibility. These results demonstrate the responsiveness, scalability, and technical robustness of the ABAC framework under simulated enterprise conditions.

Latency Observations:

• Min Latency: 28 ms
• Max Latency: 61 ms
• Avg Latency: ∼39.7 ms

Throughput Observations:

• Over 100 tx/min
• No failures; TLS securely maintained

Performance Drivers

• Docker local execution minimized latency
• Modular smart contract structure
• Sequential batch processing

5.3. Comparative Assessment

RBAC vs. ABAC: Traditional role-based access control models lack flexibility in handling dynamic, attribute-driven conditions. In contrast, the attribute-based access control model implemented here enabled nuanced decisions based on user attributes like clearance level and organizational affiliation. Experiments showed ABAC achieved a lower false grant rate compared to a simulated RBAC baseline.

Prior Work Comparison: Previous blockchain-based ABAC models—for example, Zhang et al. [43]—report latencies ranging from 50 to 100 milliseconds, primarily within IoT contexts. In comparison, our system achieved an average latency of approximately 39 milliseconds while supporting cryptographically verifiable, multi-attribute policies specifically tailored to mining governance.

5.4. Visualization-Based Insights

To provide a clearer understanding of access behavior, we analyzed simulation outcomes using three visual representations.

Figure 8 shows the overall access outcome distribution. Out of 1500 total access requests, 356 were granted while 1144 were denied, reflecting the strict enforcement of attribute-based policies in our framework.

Figure 9 depicts the percentage of successful access requests per user. The results indicate that users affiliated with regulatory roles and possessing higher clearance levels had significantly higher grant rates, whereas general users lacking sufficient attributes consistently experienced denials.

Finally, Figure 10 presents an access matrix mapping users to resources. Granted and denied requests are visually clustered, illustrating how various attribute profiles either satisfied or failed to meet the ABAC policy conditions. This visualization reinforces the observed selectivity of the access control logic.

5.5. Security Considerations and Threat Awareness

While this work does not include a formal threat model, certain classes of security concerns are inherently addressed by the system’s architectural design. The use of Hyperledger Fabric ensures that all access control operations—such as policy definition, evaluation, and logging—are tamper-evident and auditable through immutable ledger records. Attribute-based access control allows for context-sensitive enforcement, reducing exposure to hardcoded privilege escalation risks typical of static RBAC systems.

However, the system has not yet been evaluated against advanced threat scenarios such as insider collusion, policy injection attacks, or compromised peer nodes. These remain important areas for future work. In particular, applying formal threat modeling frameworks such as STRIDE, attack trees, or misuse cases could provide a more systematic analysis of resilience under adversarial conditions.

6. Conclusions and Future Work

This paper presented a modular, blockchain-based access control framework that integrates ABAC with smart contracts to manage access to tokenized mining licenses. Deployed on Hyperledger Fabric and validated through structured simulation, the system demonstrated robust correctness by enforcing over 1500 access decisions in full compliance with defined policies. The framework provided fine-grained control, granting access to only 23.7% of requests based on dynamic attribute conditions, thereby mitigating the risk of unauthorized exposure. Performance testing indicated the system could sustain over 100 access evaluations per minute with sub-40 ms latency, confirming its responsiveness for real-world applications. Furthermore, the use of structured JSON inputs and CSV logs ensured auditability and readiness for integration with AI and data analytics pipelines.

Looking ahead, future research can expand this work through large-scale stress testing, including adversarial simulations and distributed peer deployments to assess fault tolerance. Such stress testing under adverse network conditions and peer failures remains to be conducted, as this study focused on controlled environments with stable parameters. Live pilot trials in partnership with industry or regulators will provide opportunities for field validation. Enhancements such as incorporating contextual conditions (e.g., geolocation or time-based rules), integrating privacy-preserving mechanisms like zero-knowledge proofs, and leveraging structured logs for AI-based policy optimization and anomaly detection represent promising directions to extend the system’s utility in compliance-critical environments.

The current framework incorporates foundational access control aligned with privacy principles, though detailed consideration of cross-border regulations and ethical frameworks is reserved for future work