Multi-party business processes are based on the cooperation of different actors in a distributed setting. Blockchain can provide support for the automation of such processes, even in conditions of partial trust among the participants. However, on-chain data are stored in all replicas of the ledger and therefore accessible to all nodes that are in the network. Although this fosters traceability, integrity, and persistence, it undermines the adoption of public blockchains for process automation since it conflicts with typical confidentiality requirements in enterprise settings. In this paper, we propose a novel approach and software architecture that allow for fine-grained access control over process data on the level of parts of messages. In our approach, encrypted data is stored in a distributed space linked to the blockchain system backing the process execution; data owners specify access policies to control which users can read which parts of the information. To achieve the desired properties, we utilize Attribute-Based Encryption for the storage of data, and smart contracts for access control, integrity, and linking to process data. We implemented the approach in a proof-of-concept and conduct a case study in supply-chain management. From the experiments, we find our architecture to be robust, while still keeping execution costs reasonably low.
翻译:多党业务流程以不同行为者在分布式环境中的合作为基础。链链可以支持这些流程的自动化,即使是在参与者部分信任的条件下也是如此。但链条数据储存在分类账的所有复制品中,因此网络中的所有节点都可以查阅。虽然这有助于可追踪、完整和持久,但会破坏采用公共链链链进行流程自动化,因为它与企业环境中典型的保密要求相冲突。在本文件中,我们提出一种新的方法和软件结构,允许对部分信息水平的流程数据进行细微的存取控制。在我们的方法中,加密数据储存在与支持流程执行的链条系统相连的分布空间中;数据所有者指定了用户可以阅读哪些信息部分的存取控制政策。为了实现预期的特性,我们使用基于属性的加密来存储数据,以及访问控制、完整性和与流程数据连接的智能合同。我们在验证和进行供应链管理的案例研究中采用了这一方法。我们从实验中发现,我们的架构在保持低成本的同时,仍然保持稳健。