Joint Proceedings of Modellierung 2020 Short, Workshop and Tools & Demo Papers Int. Workshop on Conceptual Modeling for Distributed Ledger Technologies 45 Trusted artifact-driven monitoring of business processes using blockchains Giovanni Meroni1 Abstract: Having a reliable business process monitoring platform is important to promptly detect and react to violations during process execution. Typically, when processes span among multiple organizations or require manual activities, a relationship of trust must be established among participants to obtain meaningful results. Also, when a violation is detected, most monitoring platforms report it and expect participants to stop executing the process and to manually solve it before resuming the execution. Trusted artifact-driven monitoring tries to overcome these limitations. By relying on a declarative model of the process to monitor, rather than an imperative one, trusted artifact-driven monitoring can continue to monitor the process even after a violation occurred. Also, it relies on events coming from artifacts (i.e., physical or virtual objects) participating in the process to infer when activities are executed. Finally, to guarantee the immutability of monitoring information once they are produced, it relies on a blockchain-based architecture to store and retrieve this information. Keywords: Business Process Monitoring; Blockchain; Artifact-driven Monitoring 1 Introduction Business process monitoring plays an important role in the Business Process Management lifecycle [Du13]. In fact, if properly performed, process monitoring allows to obtain useful insights on the processes being executed. For instance, it is possible to know if some activities are causing bottlenecks, or if a deviations between the process definitions and the actual execution occurred. This information is particularly important when multiple organizations participate in the same process. In case accidents occur, reliable monitoring information allows to identify the root cause of the accident and, consequently, the involved organization. For these reasons, a reliable process monitoring solution should collect only events coming from the processes being executed. In addition, it should protect collected events from accidental or intentional deletions or modifications. Thank to the properties of persistence, non-repudiation and decentralization, a blockchain is a good starting point to build a reliable process monitoring solution. In fact, a blockchain is explicitly designed to create a trusted environment among untrusted entities. For these reasons, some blockchain-based engines 1 Politecnico di Milano, Piazza Leonardo da Vinci 32, 20133 Milan, Italy giovanni.meroni@polimi.it Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). 46 Giovanni Meroni have been proposed in the literature, such as [Pr17] or [Ló19]. However, most solutions rely on an imperative model to represent the process to monitor. This has the disadvantage of making the platform unable to fully monitor executions that do not follow the execution flow defined in the model. In addition, they expect events to explicitly indicate which activity is being executed, which is problematic when activities are manually executed. In this case, to generate events, human operators are required to interrupt their work and manually send notifications, a task which is prone to be forgotten or incorrectly performed. 2 Approach To solve these issues, trusted artifact-driven monitoring has been proposed [MPV19]. Instead of relying on an imperative representation of the process, artifact-driven monitoring relies on a declarative model following the Extended Guard-Stage-Milestone (E-GSM) specifications [Me18]. In this way, execution flow dependencies are treated as descriptive rather than prescriptive. Consequently, the platform can continue monitoring the process even if it violates the execution flow dependencies. Also, it can detect subsequent violations, and for each of them it can mark the activity responsible for the violation. Another advantage of artifact-driven monitoring is that, to detect when activities are executed, it relies on events notifying changes in the artifacts – physical or virtual objects – participating in the process. In particular, the E-GSM specifications allow to define for each activity (Stage) in which conditions are the artifacts expected to be for it to start (Data Flow Guard) and to complete its execution (Milestone). Therefore, by monitoring the conditions of the artifacts – a task that can be automated thanks to the Internet of Things (IoT) revolution – it is possible to monitor the process in a completely transparent fashion. More in detail, smart devices can collect through sensors information on the physical objects, summarize it, and publish it on a blockchain. To reduce the amount of data stored on a blockchain and, consequently, the computational and – in case of a public blockchain – monetary costs, trusted artifact-driven monitoring follows an approach similar to [Hä18]. In fact, by adopting a distributed file system, both the process model and the conditions of the artifacts can be stored off-chain. In this case, only the hash of this information is stored on-chain, thus guaranteeing integrity. This also allows monitoring information to be encrypted and, consequently, be accessible only to the organizations that possess the decryption key. 3 Discussion This talk will provide a detailed overview on trusted artifact-driven monitoring and its potential applications in the real world. To this aim, a case study belonging to the logistics domain will be adopted to demonstrate the need for reliable inter-organizational process Trusted artifact-driven monitoring of business processes using blockchains 47 monitoring, and to outline how trusted artifact-driven monitoring can address it. The talk will also discuss the current limitations of trusted artifact-driven monitoring, the trade-offs in terms of privacy and costs that have to be made, and the currently ongoing research work to solve these issues. References [Du13] Dumas, M.; La Rosa, M.; Mendling, J.; Reijers, H. A.: Fundamentals of Business Process Management. Springer, 2013. [Hä18] Härer, F.: Decentralized Business Process Modeling and Instance Tracking Secured by a Blockchain. In (Bednar, P. M.; Frank, U.; Kautz, K., eds.): 26th European Conference on Information Systems: Beyond Digitization - Facets of Socio-Technical Change, ECIS 2018, Portsmouth, UK, June 23-28, 2018. P. 55, 2018, url: https://aisel.aisnet. org/ecis2018%5C_rp/55. [Ló19] López-Pintado, O.; García-Bañuelos, L.; Dumas, M.; Weber, I.; Ponomarev, A.: Cater- pillar: A business process execution engine on the Ethereum blockchain. Softw., Pract. Exper. 49/7, pp. 1162–1193, 2019, url: https://doi.org/10.1002/spe.2702. [Me18] Meroni, G.; Baresi, L.; Montali, M.; Plebani, P.: Multi-party business process compliance monitoring through IoT-enabled artifacts. Inf. Syst. 73/, pp. 61–78, 2018, url: https: //doi.org/10.1016/j.is.2017.12.009. [MPV19] Meroni, G.; Plebani, P.; Vona, F.: Trusted Artifact-Driven Process Monitoring of Multi-party Business Processes with Blockchain. In: Business Process Management: Blockchain and Central and Eastern Europe Forum - BPM 2019 Blockchain and CEE Forum, Vienna, Austria, September 1-6, 2019, Proceedings. Pp. 55–70, 2019, url: https://doi.org/10.1007/978-3-030-30429-4%5C_5. [Pr17] Prybila, C.; Schulte, S.; Hochreiner, C.; Weber, I.: Runtime verification for business processes utilizing the Bitcoin blockchain. FGCS/, 2017, issn: 0167-739X.