Justifying the Dependability and Security of Business-Critical Blockchain-based Applications
This addresses the need for rigorous justification in blockchain systems to prevent failures that could lead to reputation loss, though it is incremental as it adapts existing safety-critical engineering methods to a new domain.
The paper tackles the problem of ensuring dependability and security in business-critical blockchain-based applications, such as those used for product traceability, by proposing an engineering approach based on assurance cases and the CAE framework, applied to a case study with Hyperledger Fabric.
In the industry, blockchains are increasingly used as the backbone of product and process traceability. Blockchain-based traceability participates in the demonstration of product and/or process compliance with existing safety standards or quality criteria. In this perspective, services and applications built on top of blockchains are business-critical applications, because an intended failure or corruption of the system can lead to an important reputation loss regarding the products or the processes involved. The development of a blockchain-based business-critical application must be then conducted carefully, requiring a thorough justification of its dependability and security. To this end, this paper encourages an engineering perspective rooted in well-understood tools and concepts borrowed from the engineering of safety-critical systems. Concretely, we use a justification framework, called CAE (Claim, Argument, Evidence), by following an approach based on assurance cases, in order to provide convincing arguments that a business-critical blockchain-based application is dependable and secure. The application of this approach is sketched with a case study based on the blockchain HYPERLEDGER FABRIC.