Multi-party business processes are based on the cooperation of different actors in a distributed setting. Blockchains can provide support for the automation of such processes, even in conditions of partial trust among the participants. On-chain data are stored in all replicas of the ledger and therefore accessible to all nodes that are in the network. Although this fosters traceability, integrity, and persistence, it undermines the adoption of public blockchains for process automation since it conflicts with typical confidentiality requirements in enterprise settings. In this paper, we propose a novel approach and software architecture that allow for fine-grained access control over process data on the level of parts of messages. In our approach, encrypted data are stored in a distributed space linked to the blockchain system backing the process execution; data owners specify access policies to control which users can read which parts of the information. To achieve the desired properties, we utilise AttributeBased Encryption for the storage of data, and smart contracts for access control, integrity, and linking to process data. We implemented the approach in a proof-of-concept and conduct a case study in supply-chainmanagement. From the experiments, we find our architecture to be robustwhile still keeping execution costs reasonably low.

Fine-Grained Data Access Control for Collaborative Process Execution on Blockchain / Marangone, Edoardo; DI CICCIO, Claudio; Weber, Ingo. - 459:(2022), pp. 51-67. (Intervento presentato al convegno BPM 2022 Blockchain Forum tenutosi a Münster, Germany) [10.1007/978-3-031-16168-1_4].

Fine-Grained Data Access Control for Collaborative Process Execution on Blockchain

Edoardo Marangone
;
Claudio Di Ciccio;
2022

Abstract

Multi-party business processes are based on the cooperation of different actors in a distributed setting. Blockchains can provide support for the automation of such processes, even in conditions of partial trust among the participants. On-chain data are stored in all replicas of the ledger and therefore accessible to all nodes that are in the network. Although this fosters traceability, integrity, and persistence, it undermines the adoption of public blockchains for process automation since it conflicts with typical confidentiality requirements in enterprise settings. In this paper, we propose a novel approach and software architecture that allow for fine-grained access control over process data on the level of parts of messages. In our approach, encrypted data are stored in a distributed space linked to the blockchain system backing the process execution; data owners specify access policies to control which users can read which parts of the information. To achieve the desired properties, we utilise AttributeBased Encryption for the storage of data, and smart contracts for access control, integrity, and linking to process data. We implemented the approach in a proof-of-concept and conduct a case study in supply-chainmanagement. From the experiments, we find our architecture to be robustwhile still keeping execution costs reasonably low.
2022
BPM 2022 Blockchain Forum
Attribute Based Encryption; Blockchain; Business process management; IPFS
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Fine-Grained Data Access Control for Collaborative Process Execution on Blockchain / Marangone, Edoardo; DI CICCIO, Claudio; Weber, Ingo. - 459:(2022), pp. 51-67. (Intervento presentato al convegno BPM 2022 Blockchain Forum tenutosi a Münster, Germany) [10.1007/978-3-031-16168-1_4].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1668366
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 6
social impact