AudiWFlow:分布式工作流的保密、防合谋审计

IF 6.9 3区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Xiaohu Zhou , Antonio Nehme , Vitor Jesus , Yonghao Wang , Mark Josephs , Khaled Mahbub , Ali Abdallah
{"title":"AudiWFlow:分布式工作流的保密、防合谋审计","authors":"Xiaohu Zhou ,&nbsp;Antonio Nehme ,&nbsp;Vitor Jesus ,&nbsp;Yonghao Wang ,&nbsp;Mark Josephs ,&nbsp;Khaled Mahbub ,&nbsp;Ali Abdallah","doi":"10.1016/j.bcra.2022.100073","DOIUrl":null,"url":null,"abstract":"<div><p>We discuss the problem of accountability when multiple parties cooperate towards an end result, such as multiple companies in a supply chain or departments of a government service under different authorities. In cases where a fully trusted central point does not exist, it is difficult to obtain a trusted audit trail of a workflow when each individual participant is unaccountable to all others. We propose AudiWFlow, an auditing architecture that makes participants accountable for their contributions in a distributed workflow. Our scheme provides confidentiality in most cases, collusion detection, and availability of evidence after the workflow terminates. AudiWFlow is based on verifiable secret sharing and real-time peer-to-peer verification of records; it further supports multiple levels of assurance to meet a desired trade-off between the availability of evidence and the overhead resulting from the auditing approach. We propose and evaluate two implementation approaches for AudiWFlow. The first one is fully distributed except for a central auxiliary point that, nevertheless, needs only a low level of trust. The second one is based on smart contracts running on a public blockchain, which is able to remove the need for any central point but requires integration with a blockchain.</p></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"3 3","pages":"Article 100073"},"PeriodicalIF":6.9000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2096720922000148/pdfft?md5=acaeec002917db3fdf93808b9740c4f6&pid=1-s2.0-S2096720922000148-main.pdf","citationCount":"1","resultStr":"{\"title\":\"AudiWFlow: Confidential, collusion-resistant auditing of distributed workflows\",\"authors\":\"Xiaohu Zhou ,&nbsp;Antonio Nehme ,&nbsp;Vitor Jesus ,&nbsp;Yonghao Wang ,&nbsp;Mark Josephs ,&nbsp;Khaled Mahbub ,&nbsp;Ali Abdallah\",\"doi\":\"10.1016/j.bcra.2022.100073\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>We discuss the problem of accountability when multiple parties cooperate towards an end result, such as multiple companies in a supply chain or departments of a government service under different authorities. In cases where a fully trusted central point does not exist, it is difficult to obtain a trusted audit trail of a workflow when each individual participant is unaccountable to all others. We propose AudiWFlow, an auditing architecture that makes participants accountable for their contributions in a distributed workflow. Our scheme provides confidentiality in most cases, collusion detection, and availability of evidence after the workflow terminates. AudiWFlow is based on verifiable secret sharing and real-time peer-to-peer verification of records; it further supports multiple levels of assurance to meet a desired trade-off between the availability of evidence and the overhead resulting from the auditing approach. We propose and evaluate two implementation approaches for AudiWFlow. The first one is fully distributed except for a central auxiliary point that, nevertheless, needs only a low level of trust. The second one is based on smart contracts running on a public blockchain, which is able to remove the need for any central point but requires integration with a blockchain.</p></div>\",\"PeriodicalId\":53141,\"journal\":{\"name\":\"Blockchain-Research and Applications\",\"volume\":\"3 3\",\"pages\":\"Article 100073\"},\"PeriodicalIF\":6.9000,\"publicationDate\":\"2022-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2096720922000148/pdfft?md5=acaeec002917db3fdf93808b9740c4f6&pid=1-s2.0-S2096720922000148-main.pdf\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Blockchain-Research and Applications\",\"FirstCategoryId\":\"1093\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2096720922000148\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Blockchain-Research and Applications","FirstCategoryId":"1093","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2096720922000148","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 1

摘要

我们讨论了当多方为了最终结果而合作时的问责问题,例如供应链中的多个公司或不同权限下的政府服务部门。在不存在完全可信的中心点的情况下,当每个单独的参与者对所有其他人都不负责时,很难获得工作流的可信审计跟踪。我们提出AudiWFlow,这是一个审计架构,它使参与者对他们在分布式工作流中的贡献负责。我们的方案在大多数情况下提供了保密性,共谋检测,以及在工作流终止后的证据可用性。AudiWFlow基于可验证的秘密共享和记录的实时点对点验证;它进一步支持多级保证,以满足证据可用性和审计方法产生的开销之间的折衷。我们提出并评估了AudiWFlow的两种实现方法。第一个是完全分布的,除了一个中心辅助点,然而,它只需要低水平的信任。第二种是基于运行在公共区块链上的智能合约,它能够消除对任何中心点的需求,但需要与区块链集成。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
AudiWFlow: Confidential, collusion-resistant auditing of distributed workflows

We discuss the problem of accountability when multiple parties cooperate towards an end result, such as multiple companies in a supply chain or departments of a government service under different authorities. In cases where a fully trusted central point does not exist, it is difficult to obtain a trusted audit trail of a workflow when each individual participant is unaccountable to all others. We propose AudiWFlow, an auditing architecture that makes participants accountable for their contributions in a distributed workflow. Our scheme provides confidentiality in most cases, collusion detection, and availability of evidence after the workflow terminates. AudiWFlow is based on verifiable secret sharing and real-time peer-to-peer verification of records; it further supports multiple levels of assurance to meet a desired trade-off between the availability of evidence and the overhead resulting from the auditing approach. We propose and evaluate two implementation approaches for AudiWFlow. The first one is fully distributed except for a central auxiliary point that, nevertheless, needs only a low level of trust. The second one is based on smart contracts running on a public blockchain, which is able to remove the need for any central point but requires integration with a blockchain.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
11.30
自引率
3.60%
发文量
0
期刊介绍: Blockchain: Research and Applications is an international, peer reviewed journal for researchers, engineers, and practitioners to present the latest advances and innovations in blockchain research. The journal publishes theoretical and applied papers in established and emerging areas of blockchain research to shape the future of blockchain technology.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信