Many applications by design depend on costly trusted third-party auditors. One such example is the industrial application case of federated multi-disciplinary optimization (MDO), in which different organizations contribute to a complex engineering design effort. Although blockchain and distributed ledger technology (DLT) has strong potential in reducing the dependence on such intermediaries, the architectural complexity involved in designing a solution is daunting. In this paper, we analyze the architectural variants for decentralized private data sharing while guaranteeing auditability in terms of data access operations. Non-repudiation of actions taken by each party is a key requirement, as is availability of the shared data. % through storage governed by the chain. The architectural variants analyzed focus on attaining:~(i)~confidential data exchange, (ii)~maintaining and governing access to the shared data, (iii)~providing data access auditability, (iv)~data validation or conflict resolution, and to a lesser degree (v)~transaction and identity privacy. We systematically enumerate architectural decisions at the levels of:~storage, policy-based file access control, data encryption methods, and auditability mechanisms for private data. This analysis is based on extensive assessment of the state of the art on decentralized private data access management using static or dynamic policies, and private data validation without exposing confidential information. The main contribution of this work is a comprehensive overview of architectural variants for decentralized control of private, encrypted data, and the involved trade-offs in terms of performance, auditable trust and security. These findings are validated in the context on the aforementioned industry case that involves federated multi-disciplinary optimization (MDO).
Analysis of Architectural Variants for Auditable Blockchain-based Private Data Sharing
Paolo Viviani;
2019-01-01
Abstract
Many applications by design depend on costly trusted third-party auditors. One such example is the industrial application case of federated multi-disciplinary optimization (MDO), in which different organizations contribute to a complex engineering design effort. Although blockchain and distributed ledger technology (DLT) has strong potential in reducing the dependence on such intermediaries, the architectural complexity involved in designing a solution is daunting. In this paper, we analyze the architectural variants for decentralized private data sharing while guaranteeing auditability in terms of data access operations. Non-repudiation of actions taken by each party is a key requirement, as is availability of the shared data. % through storage governed by the chain. The architectural variants analyzed focus on attaining:~(i)~confidential data exchange, (ii)~maintaining and governing access to the shared data, (iii)~providing data access auditability, (iv)~data validation or conflict resolution, and to a lesser degree (v)~transaction and identity privacy. We systematically enumerate architectural decisions at the levels of:~storage, policy-based file access control, data encryption methods, and auditability mechanisms for private data. This analysis is based on extensive assessment of the state of the art on decentralized private data access management using static or dynamic policies, and private data validation without exposing confidential information. The main contribution of this work is a comprehensive overview of architectural variants for decentralized control of private, encrypted data, and the involved trade-offs in terms of performance, auditable trust and security. These findings are validated in the context on the aforementioned industry case that involves federated multi-disciplinary optimization (MDO).
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
