Blockchain Based Auditable Access Control for Distributed Business Processes

Akhtar, Ahmed Bilal; Shafiq, Basit; Vaidya, Jaideep; Afzal, Ayesha; Shamail, Shafay; Rana, Omer

doi:10.1109/icdcs47774.2020.00015

Cited by 8 publications

(5 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since then, following works utilize similar mechanisms by employing smart contracts as a building block to provide tamper-proof for resource assignment processes. We observe that the work by Akhtar et al [5] can be integrated with Blockchain Studio [98] and Sturm et al [127]. By taking local access control policies into account during configuration (L2), the work by Lopez-Pintado et al [81] addresses dynamic role assignments at runtime (L3).…”

Section: J Resource-aware Bps On Bcmentioning

confidence: 98%

“…Using typical evaluation techniques will result in high overhead. To alleviate this, only one study is found by Akhtar et al [5] which try to optimize the collection of individual policies towards composite unified policies. The policy specification follows XACML standard, which will be translated into smart contracts for enforcement and audit purpose.…”

Section: J Resource-aware Bps On Bcmentioning

confidence: 99%

See 1 more Smart Citation

Applications of Blockchain in Business Processes: A Comprehensive Review

Viriyasitavat

Niyato

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Blockchain (BC), as an emerging technology, is revolutionizing Business Process Management (BPM) in multiple ways. The main adoption is to serve as a trusted infrastructure to guarantee the trust of collaborations among multiple partners in trustless environments. Especially, BC enables trust of information by using Distributed Ledger Technology (DLT). With the power of smart contracts, BC enforces the obligations of counterparties that transact in a business process (BP) by programming the contracts as transactions. This paper aims to study the state-of-the-art of BC technologies by (1) exploring its applications in BPM with the focus on how BC provides the trust of BPs in their lifecycles; (2) identifying the relations of BPM as the need and BC as the solution with the assessment towards BPM characteristics; (3) discussing the up-to-date progresses of critical BC in BPM; (4) identifying the challenges and research directions for future advancement in the domain. The main conclusions of our comprehensive review are (1) the study of adopting BC in BPM has attracted a great deal of attention that has been evidenced by a rapidly growing number of relevant articles. (2) The paradigms of BPM over Internet of Things (IoT) have been shifted from persistent to transient, from static to dynamic, and from centralized to decentralized, and new enabling technologies are highly demanded to fulfill some emerging functional requirements (FRs) at the stages of design, configuration, diagnosis, and evaluation of BPs in their lifecycles. (3) BC has been intensively studied and proven as a promising solution to assure the trustiness for both of business processes and their executions in decentralized BPM. (4) Most of the reported BC applications are at their primary stages, future research efforts are needed to meet the technical challenges involved in interoperation, determination of trusted entities, confirmation of time-sensitive execution, and support of irreversibility.INDEX TERMS Blockchain, business process management, smart contracts, and trust assurance.

show abstract

Section: J Resource-aware Bps On Bcmentioning

confidence: 98%

Section: J Resource-aware Bps On Bcmentioning

confidence: 99%

Applications of Blockchain in Business Processes: A Comprehensive Review

Viriyasitavat

Niyato

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Instead, we can leverage the fact that for effective validation, it is not necessary to recheck all the accesses, but only a random fraction of them. We have proposed a gametheoretic mechanism for auditing that reduces the auditing cost while incentivizing honest behavior for the BPM in [2].…”

Section: Auditingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…We note that an initial study of this problem was conducted in [2] where we also proposed a blockchain-based solution for auditable evaluation of access control policies of distributed BPs. However, [2] only considered static policies, whereas this work can be used for event-driven policies which are dynamic in nature. The automata-theoretic approach of this work is also completely new and allows for the restructuring and optimization of smart contracts that reduce the overall evaluation cost.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Blockchain Based Auditable Access Control For Business Processes With Event Driven Policies

Akhtar,

Barati,

Shafiq

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

The use of blockchain technology has been proposed to provide auditable access control for individual resources. Unlike the case where all resources are owned by a single organization, this work focuses on distributed applications such as business processes and distributed workflows. These applications are often composed of multiple resources/services that are subject to the security and access control policies of different organizational domains. Here, blockchains provide an attractive decentralized solution to provide auditability. However, the underlying access control policies may have event-driven constraints and can be overlapping in terms of the component conditions/rules as well as events. Existing work cannot handle event-driven constraints and also does not sufficiently account for overlaps leading to significant overhead in terms of cost and computation time for evaluating authorizations over the blockchain. In this work, we propose an automata-theoretic approach for generating a cost-efficient composite access control policy. We reduce this composite policy generation problem to the standard weighted set cover problem. We show that the composite policy correctly captures all the local access control policies and reduces the policy evaluation cost over the blockchain. We have implemented the initial prototype of our approach using Ethereum as the underlying blockchain and empirically validated the effectiveness and efficiency of our approach.

show abstract