TY - GEN
T1 - Fine-Grained Data Access Control for Collaborative Process Execution on Blockchain
AU - Marangone, Edoardo
AU - Di Ciccio, Claudio
AU - Weber, Ingo
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Multi-party business processes are based on the cooperation of different actors in a distributed setting. Blockchains can provide support for the automation of such processes, even in conditions of partial trust among the participants. On-chain data are stored in all replicas of the ledger and therefore accessible to all nodes that are in the network. Although this fosters traceability, integrity, and persistence, it undermines the adoption of public blockchains for process automation since it conflicts with typical confidentiality requirements in enterprise settings. In this paper, we propose a novel approach and software architecture that allow for fine-grained access control over process data on the level of parts of messages. In our approach, encrypted data are stored in a distributed space linked to the blockchain system backing the process execution; data owners specify access policies to control which users can read which parts of the information. To achieve the desired properties, we utilise Attribute-Based Encryption for the storage of data, and smart contracts for access control, integrity, and linking to process data. We implemented the approach in a proof-of-concept and conduct a case study in supply-chain management. From the experiments, we find our architecture to be robust while still keeping execution costs reasonably low.
AB - Multi-party business processes are based on the cooperation of different actors in a distributed setting. Blockchains can provide support for the automation of such processes, even in conditions of partial trust among the participants. On-chain data are stored in all replicas of the ledger and therefore accessible to all nodes that are in the network. Although this fosters traceability, integrity, and persistence, it undermines the adoption of public blockchains for process automation since it conflicts with typical confidentiality requirements in enterprise settings. In this paper, we propose a novel approach and software architecture that allow for fine-grained access control over process data on the level of parts of messages. In our approach, encrypted data are stored in a distributed space linked to the blockchain system backing the process execution; data owners specify access policies to control which users can read which parts of the information. To achieve the desired properties, we utilise Attribute-Based Encryption for the storage of data, and smart contracts for access control, integrity, and linking to process data. We implemented the approach in a proof-of-concept and conduct a case study in supply-chain management. From the experiments, we find our architecture to be robust while still keeping execution costs reasonably low.
KW - Attribute Based Encryption
KW - Blockchain
KW - Business process management
KW - IPFS
UR - http://www.scopus.com/inward/record.url?scp=85138757477&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-16168-1_4
DO - 10.1007/978-3-031-16168-1_4
M3 - Conference contribution
AN - SCOPUS:85138757477
SN - 9783031161674
T3 - Lecture Notes in Business Information Processing
SP - 51
EP - 67
BT - Business Process Management
A2 - Marrella, Andrea
A2 - Matulevičius, Raimundas
A2 - Gabryelczyk, Renata
A2 - Axmann, Bernhard
A2 - Bosilj Vukšić, Vesna
A2 - Gaaloul, Walid
A2 - Indihar Štemberger, Mojca
A2 - Kő, Andrea
A2 - Lu, Qinghua
PB - Springer Science and Business Media Deutschland GmbH
T2 - Blockchain Forum, the Robotic Process Automation (RPA) Forum, and the Central and Eastern Europe (CEE) Forum, held as part of the 20th International Conference on Business Process Management, BPM 2022
Y2 - 11 September 2022 through 16 September 2022
ER -