We are witnessing an ongoing global trend towards the automation of almost any transaction through the employment of some Internet-based mean. Furthermore, the large spread of cloud computing and the massive emergence of the software as a service (Saas) paradigm have unveiled many opportunities to combine distinct services, provided by different parties, to establish higher level and more advanced services, that can be offered to end users and enterprises. Business-to-business (B2B) integration and third-party authorization (i.e., using standards like OAuth) are examples of processes requiring more parties to interact each other to deliver some desired functionality. These kinds of interactions mostly consist of transactions and are usually regulated by some agreement which defines the obligations that involved parties have to comply with. In case one of the parties claims a violation of some clause of such agreement, disputes can occur if the party accused of the infraction refuses to recognize its fault. Moreover, in case of auditing, for convenience reasons a party may deny to have taken part in a given transaction, or may forge historical records related to that transaction. Solutions based on a trusted third party (TTP) have drawbacks: high overhead due to the involvement of an additional party, possible fees to pay for each transaction, and the risks stemming from having to blindly trust another party. If it were possible to only base on transaction logs to sort disputes out, then it would be feasible to get rid of any TTP and related shortcomings. In this paper we propose an architecture, and an algorithm to execute in such architecture, aimed at providing strong guarantees on the integrity of transaction logs, so that they can be certified and used as unquestionable proofs when controversies arise. The solution we suggest includes three steps: (i) identification of the monitoring points where to produce the logs during transaction execution, (ii) an agreement among involved parties on produced logs, and (iii) persistence of the hashes of these logs in a blockchain-based storage. As a case study, we describe an instantiation of such architecture for federations of clouds.
An architecture for enabling log-based resolution of disputes in multi-party transactions / Aniello, Leonardo; Baldoni, Roberto; Lombardi, Federico. - ELETTRONICO. - (2016). (Intervento presentato al convegno The 5th international Conference in Software Engineering for Defense Applications tenutosi a Roma nel 10 Maggio 2016).
An architecture for enabling log-based resolution of disputes in multi-party transactions
ANIELLO, LEONARDO;BALDONI, Roberto;
2016
Abstract
We are witnessing an ongoing global trend towards the automation of almost any transaction through the employment of some Internet-based mean. Furthermore, the large spread of cloud computing and the massive emergence of the software as a service (Saas) paradigm have unveiled many opportunities to combine distinct services, provided by different parties, to establish higher level and more advanced services, that can be offered to end users and enterprises. Business-to-business (B2B) integration and third-party authorization (i.e., using standards like OAuth) are examples of processes requiring more parties to interact each other to deliver some desired functionality. These kinds of interactions mostly consist of transactions and are usually regulated by some agreement which defines the obligations that involved parties have to comply with. In case one of the parties claims a violation of some clause of such agreement, disputes can occur if the party accused of the infraction refuses to recognize its fault. Moreover, in case of auditing, for convenience reasons a party may deny to have taken part in a given transaction, or may forge historical records related to that transaction. Solutions based on a trusted third party (TTP) have drawbacks: high overhead due to the involvement of an additional party, possible fees to pay for each transaction, and the risks stemming from having to blindly trust another party. If it were possible to only base on transaction logs to sort disputes out, then it would be feasible to get rid of any TTP and related shortcomings. In this paper we propose an architecture, and an algorithm to execute in such architecture, aimed at providing strong guarantees on the integrity of transaction logs, so that they can be certified and used as unquestionable proofs when controversies arise. The solution we suggest includes three steps: (i) identification of the monitoring points where to produce the logs during transaction execution, (ii) an agreement among involved parties on produced logs, and (iii) persistence of the hashes of these logs in a blockchain-based storage. As a case study, we describe an instantiation of such architecture for federations of clouds.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
