Justifying the Dependability and Security of Business-Critical Blockchain-based Applications

TL;DR

This paper advocates for a structured engineering approach using assurance cases to justify the dependability and security of blockchain-based applications critical to business operations, exemplified through a case study with Hyperledger Fabric.

Contribution

It introduces a formal framework, CAE, for systematically justifying the dependability and security of business-critical blockchain applications, bridging safety-critical engineering principles with blockchain development.

Findings

The CAE framework effectively structures dependability and security arguments.

Application to Hyperledger Fabric demonstrates practical feasibility.

Provides a systematic approach for safety assurance in blockchain applications.

Abstract

In the industry, blockchains are increasingly used as the backbone of product and process traceability. Blockchain-based traceability participates in the demonstration of product and/or process compliance with existing safety standards or quality criteria. In this perspective, services and applications built on top of blockchains are business-critical applications, because an intended failure or corruption of the system can lead to an important reputation loss regarding the products or the processes involved. The development of a blockchain-based business-critical application must be then conducted carefully, requiring a thorough justification of its dependability and security. To this end, this paper encourages an engineering perspective rooted in well-understood tools and concepts borrowed from the engineering of safety-critical systems. Concretely, we use a justification framework, called CAE (Claim, Argument, Evidence), by following an approach based on assurance cases, in order to provide convincing arguments that a business-critical blockchain-based application is dependable and secure. The application of this approach is sketched with a case study based on the blockchain HYPERLEDGER FABRIC.