Blockchain enables novel, trustworthy Process-Aware Information Systems (PAISs) by enforcing the security, robustness, and traceability of operations. In particular, transparency ensures that all information exchanges are openly accessible, fostering trust within the system. Although this is a desirable property to enable notarization and auditing activities, it also represents a limitation for such cases where confidentiality is a requirement since interactions involve sensible data. Current solutions rely on obfuscation techniques or private infrastructures, hindering the enforcing capabilities of smart contracts and the public verifiability of transactions. Against this background, we propose CONFETTY, an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency. Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information. We assess the security of our solution through a systematic threat model analysis and assess its practical feasibility by gauging the performance of our implemented prototype in different scenarios from the literature.

翻译：区块链通过确保操作的安全性、鲁棒性和可追溯性，实现了新颖且可信的过程感知信息系统（PAISs）。具体而言，透明度保证了所有信息交换的公开可访问性，从而在系统内建立信任。尽管这一特性对于实现公证和审计活动是可取的，但在涉及敏感数据的交互场景中，当需要保密性时，它也成为了一种限制。现有解决方案依赖于混淆技术或私有基础设施，这阻碍了智能合约的执行能力以及交易的公开可验证性。在此背景下，我们提出了CONFETTY，一种面向基于区块链的PAISs的架构，旨在同时保护机密性和透明度。智能合约负责制定、执行和存储公开交互，而基于属性的加密技术则被用于指定对机密信息的访问权限。我们通过系统化的威胁模型分析评估了所提方案的安全性，并通过衡量所实现原型在文献中不同场景下的性能来评估其实际可行性。