Editorial: Blockchain for trusted information systems

Frontiers in Blockchain Pub Date : 2023-06-19 DOI:10.3389/fbloc.2023.1235704

G. Meroni, M. Comuzzi, Julius Köpke

{"title":"Editorial: Blockchain for trusted information systems","authors":"G. Meroni, M. Comuzzi, Julius Köpke","doi":"10.3389/fbloc.2023.1235704","DOIUrl":null,"url":null,"abstract":"Organizations are often required to collaborate to achieve their goals (Vandermerwe and Rada, 1988). For example, in the logistics domain, several organizations must coordinate their internal tasks to successfully deliver goods to their customers (Perboli et al., 2018). In the medical domain, various actors, such as healthcare providers, pharmacies, and insurance companies, need to collaborate to provide their services (Haleem et al., 2021). In such settings, organizations are required to exchange information in a trusted way. As some participants may be competitors, organizations must ensure to provide other partners with all and only the information required for the tasks that they are in charge of, while at the same time avoiding the leaking of confidential information. Similarly, mechanisms to ensure the provenance of the information provided, and to verify the identity of the participants, should be put in place. Blockchain systems are a promising technology to address trust issues in information systems (Xu et al., 2019). Thanks to their distributed and decentralized nature, and their ability to reach consensus among untrusted parties, blockchains proved to be successful in supporting the exchange of digital (e.g., cryptocurrency) and possibly physical assets in a trusted way. As far as data storage is concerned, it is almost impossible for a single party or a restricted group thereof to alter or delete the information stored in a blockchain. In addition, second-generation blockchains have introduced the so-called smart contracts (Buterin, 2014), arbitrary agreements embodied by immutable code executed among multiple participants with possibly conflicting interests. Despite these features, exploiting blockchains to build trusted information systems remains far from trivial (Köpke et al., 2023). Although the mechanisms handling the execution of smart contracts, as well as handling the data that originate from the blockchain itself, can be considered secure, the same cannot be said for the smart contracts and for the data that they receive as input. First, smart contracts may contain code vulnerabilities, which may cause unexpected behaviors and be exploited by malicious agents. For example, in 2016 a vulnerability in a smart contract allowed 3.6 million ETH to be stolen, causing the so-called DAO accident, which forced a hard fork in the Ethereum blockchain (Mehar et al., 2019). Another major issue is represented by the data originating from outside of the blockchain. Such data is not subject to the tight consistency constraints implemented within blockchains (Comuzzi et al., 2020). Consequently, with these data the blockchain alone does not provide an out-ofthe-box solution to ensure traceability, persistence, and access control. OPEN ACCESS","PeriodicalId":426570,"journal":{"name":"Frontiers in Blockchain","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Frontiers in Blockchain","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3389/fbloc.2023.1235704","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Organizations are often required to collaborate to achieve their goals (Vandermerwe and Rada, 1988). For example, in the logistics domain, several organizations must coordinate their internal tasks to successfully deliver goods to their customers (Perboli et al., 2018). In the medical domain, various actors, such as healthcare providers, pharmacies, and insurance companies, need to collaborate to provide their services (Haleem et al., 2021). In such settings, organizations are required to exchange information in a trusted way. As some participants may be competitors, organizations must ensure to provide other partners with all and only the information required for the tasks that they are in charge of, while at the same time avoiding the leaking of confidential information. Similarly, mechanisms to ensure the provenance of the information provided, and to verify the identity of the participants, should be put in place. Blockchain systems are a promising technology to address trust issues in information systems (Xu et al., 2019). Thanks to their distributed and decentralized nature, and their ability to reach consensus among untrusted parties, blockchains proved to be successful in supporting the exchange of digital (e.g., cryptocurrency) and possibly physical assets in a trusted way. As far as data storage is concerned, it is almost impossible for a single party or a restricted group thereof to alter or delete the information stored in a blockchain. In addition, second-generation blockchains have introduced the so-called smart contracts (Buterin, 2014), arbitrary agreements embodied by immutable code executed among multiple participants with possibly conflicting interests. Despite these features, exploiting blockchains to build trusted information systems remains far from trivial (Köpke et al., 2023). Although the mechanisms handling the execution of smart contracts, as well as handling the data that originate from the blockchain itself, can be considered secure, the same cannot be said for the smart contracts and for the data that they receive as input. First, smart contracts may contain code vulnerabilities, which may cause unexpected behaviors and be exploited by malicious agents. For example, in 2016 a vulnerability in a smart contract allowed 3.6 million ETH to be stolen, causing the so-called DAO accident, which forced a hard fork in the Ethereum blockchain (Mehar et al., 2019). Another major issue is represented by the data originating from outside of the blockchain. Such data is not subject to the tight consistency constraints implemented within blockchains (Comuzzi et al., 2020). Consequently, with these data the blockchain alone does not provide an out-ofthe-box solution to ensure traceability, persistence, and access control. OPEN ACCESS

查看原文本刊更多论文

社论:可信信息系统的区块链

组织经常需要合作来实现他们的目标(Vandermerwe和Rada, 1988)。例如，在物流领域，几个组织必须协调其内部任务才能成功地将货物交付给客户(Perboli等人，2018)。在医疗领域，医疗保健提供者、药店和保险公司等各种行为者需要合作提供服务(Haleem et al.， 2021)。在这种设置中，要求组织以可信的方式交换信息。由于一些参与者可能是竞争对手，组织必须确保向其他合作伙伴提供他们所负责的任务所需的全部信息，同时避免机密信息泄露。同样，应该建立确保所提供信息的来源和验证参与者身份的机制。区块链系统是解决信息系统信任问题的一种有前途的技术(Xu et al.， 2019)。由于其分布式和去中心化的性质，以及它们在不受信任的各方之间达成共识的能力，区块链被证明在以可信的方式支持数字(例如加密货币)和可能的实物资产交换方面是成功的。就数据存储而言，任何一方或受限制的团体几乎不可能更改或删除存储在区块链中的信息。此外，第二代区块链引入了所谓的智能合约(Buterin, 2014)，这是一种由不可变代码体现的任意协议，在多个可能存在利益冲突的参与者之间执行。尽管有这些特点，利用区块链来构建可信的信息系统仍然远非微不足道(Köpke等人，2023)。尽管处理智能合约执行以及处理源自区块链本身的数据的机制可以被认为是安全的，但对于智能合约和它们作为输入接收的数据来说，情况并非如此。首先，智能合约可能包含代码漏洞，这些漏洞可能导致意外行为并被恶意代理利用。例如，2016年智能合约中的漏洞导致360万ETH被盗，导致所谓的DAO事故，迫使以太坊区块链发生硬分叉(Mehar et al.， 2019)。另一个主要问题是来自区块链外部的数据。这些数据不受区块链内部实施的严格一致性约束(Comuzzi等人，2020)。因此，仅凭这些数据，区块链并不能提供开箱即用的解决方案来确保可追溯性、持久性和访问控制。开放获取

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Frontiers in Blockchain

CiteScore

7.00

自引率

0.00%

发文量