Skip to main content

Enabling Auditing of Smart Contracts Through Process Mining

  • Chapter
  • First Online:
From Software Engineering to Formal Methods and Tools, and Back

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11865))

  • 1665 Accesses

Abstract

The auditing sector is acquiring a strong interest in the diffusion of blockchain technologies. Such technologies guarantee the persistence, and authenticity of transactions related to the execution of a contract, and then enable auditing activities. In particular, they make possible to check if observed sequences of transactions are in line with the possibly expected ones. In other words, auditing blockchain transactions allow users to check if the smart contract fits the expectation of the designers, that for instance could check if a given activity is performed or if it satisfies a given set of properties. In such a setting we propose a methodology that exploits process mining techniques to evaluate smart contracts, and to support the work of the auditor. Models resulting from the mining can be used to diagnose if the deployed application works as expected, and possibly to continuously improve them. We illustrate the use of our approach using a small, but real, case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://apromore.unicam.it.

  2. 2.

    http://www.promtools.org.

  3. 3.

    https://www.rotohive.com.

  4. 4.

    http://pros.unicam.it/blockchainauditing/.

  5. 5.

    https://etherscan.io/address/0x0d19d264207a3afad4094f26b693ff5590361b0d.

References

  1. Van der Aalst, W., Adriansyah, A., van Dongen, B.: Replaying history on process models for conformance checking and performance analysis. Wiley Interdisc. Rev. Data Min. Knowl. Disc. 2(2), 182–192 (2012)

    Article  Google Scholar 

  2. van der Aalst, W.M.P.: Process Mining - Data Science in Action, 2nd edn. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49851-4

    Book  Google Scholar 

  3. van der Aalst, W.M.P., et al.: Process mining manifesto. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM 2011. LNBIP, vol. 99, pp. 169–194. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28108-2_19

    Chapter  Google Scholar 

  4. van der Aalst, W.M.P., van Hee, K.M., van der Werf, J.M.E.M., Verdonk, M.: Auditing 2.0: using process mining to support tomorrow’s auditor. IEEE Comput. 43(3), 90–93 (2010)

    Article  Google Scholar 

  5. Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: Symposium on Applied Computing, pp. 1709–1716. ACM (2012)

    Google Scholar 

  6. Aceto, L., Larsen, K.G., Morichetta, A., Tiezzi, F.: A cost/reward method for optimal infinite scheduling in mobile cloud computing. In: Braga, C., Ölveczky, P.C. (eds.) FACS 2015. LNCS, vol. 9539, pp. 66–85. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-28934-2_4

    Chapter  Google Scholar 

  7. Adriansyah, A., van Dongen, B.F., van der Aalst, W.M.P.: Towards robust conformance checking. In: zur Muehlen, M., Su, J. (eds.) BPM 2010. LNBIP, vol. 66, pp. 122–133. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20511-8_11

    Chapter  Google Scholar 

  8. Ahmad, A., Saad, M., Bassiouni, M., Mohaisen, A.: Towards blockchain-driven, secure and transparent audit logs. In: 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 443–448. ACM (2018)

    Google Scholar 

  9. Augusto, A., et al.: Automated discovery of process models from event logs: review and benchmark. IEEE Trans. Knowl. Data Eng. 31, 686–705(2018)

    Google Scholar 

  10. Augusto, A., Conforti, R., Dumas, M., Rosa, M.L.: Split Miner: discovering accurate and simple business process models from event logs. In: International Conference on Data Mining, pp. 1–10. IEEE (2017)

    Google Scholar 

  11. Bertolino, A., Marchetti, E., Morichetta, A.: Adequate monitoring of service compositions. In: 9th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 59–69 (2013)

    Google Scholar 

  12. Buijs, J.C.A.M., van Dongen, B.F., van der Aalst, W.M.P.: On the role of fitness, precision, generalization and simplicity in process discovery. In: Meersman, R., et al. (eds.) OTM 2012. LNCS, vol. 7565, pp. 305–322. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33606-5_19

    Chapter  Google Scholar 

  13. Casino, F., Dasaklis, T.K., Patsakis, C.: A systematic literature review of blockchain-based applications: current status, classification and open issues. Telematics Inform. 36, 55–81 (2019)

    Article  Google Scholar 

  14. Corradini, F., Morichetta, A., Polini, A., Re, B., Tiezzi, F.: Collaboration vs. choreography conformance in BPMN 2.0: from theory to practice. In: 22nd International Enterprise Distributed Object Computing Conference, pp. 95–104. IEEE (2018)

    Google Scholar 

  15. Corradini, F., Fornari, F., Polini, A., Re, B., Tiezzi, F.: A formal approach to modeling and verification of business process collaborations. Sci. Comput. Program. 166, 35–70 (2018)

    Article  Google Scholar 

  16. Corradini, F., Fornari, F., Polini, A., Re, B., Tiezzi, F., Vandin, A.: BproVe: a formal verification framework for business process models. In: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, Urbana, IL, USA, 30 October–03 November 2017, pp. 217–228 (2017)

    Google Scholar 

  17. Doganata, Y., Curbera, F.: Effect of using automated auditing tools on detecting compliance failures in unmanaged processes. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds.) BPM 2009. LNCS, vol. 5701, pp. 310–326. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03848-8_21

    Chapter  Google Scholar 

  18. Ghose, A., Koliadis, G.: Auditing business process compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74974-5_14

    Chapter  Google Scholar 

  19. Holotiuk, F., Pisani, F., Moormann, J.: The impact of blockchain technology on business models in the payments industry. In: Towards Thought Leadership in Digital Transformation: 13. Internationale Tagung Wirtschaftsinformatik, pp. 12–15 (2017)

    Google Scholar 

  20. Jans, M., Alles, M.G., Vasarhelyi, M.A.: The case for process mining in auditing: sources of value added and areas of application. Int. J. Accounting Inf. Syst. 14(1), 1–20 (2013)

    Article  Google Scholar 

  21. Leemans, S.J.J., Fahland, D., van der Aalst, W.M.P.: Discovering block-structured process models from event logs containing infrequent behaviour. In: Lohmann, N., Song, M., Wohed, P. (eds.) BPM 2013. LNBIP, vol. 171, pp. 66–78. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06257-0_6

    Chapter  Google Scholar 

  22. Leemans, S.J., Fahland, D., van der Aalst, W.M.: Discovering block-structured process models from event logs - a constructive approach. Petri Nets 7927, 311–329 (2013)

    MathSciNet  MATH  Google Scholar 

  23. Leng, K., Bi, Y., Jing, L., Fu, H., Nieuwenhuyse, I.V.: Research on agricultural supply chain system with double chain architecture based on blockchain technology. Future Gener. Comp. Syst. 86, 641–649 (2018)

    Article  Google Scholar 

  24. Mannhardt, F., de Leoni, M., Reijers, H.A., van der Aalst, W.M.P.: Data-driven process discovery - revealing conditional infrequent behavior from event logs. In: Dubois, E., Pohl, K. (eds.) CAiSE 2017. LNCS, vol. 10253, pp. 545–560. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59536-8_34

    Chapter  Google Scholar 

  25. Myers, D., Suriadi, S., Rad, K., Foo, E.: Anomaly detection for industrial control systems using process mining. Comput. Secur. 78, 103–125 (2018)

    Article  Google Scholar 

  26. Nakamoto, S., et al.: Bitcoin: A peer-to-peer electronic cash system (2008)

    Google Scholar 

  27. OMG: Business process model and notation (2011)

    Google Scholar 

  28. OMG: XES standard definition (2019)

    Google Scholar 

  29. Ramezani, E., Fahland, D., van der Aalst, W.M.P.: Where did i misbehave? diagnostic information in compliance checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 262–278. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32885-5_21

    Chapter  Google Scholar 

  30. Rozinat, A., de Medeiros, A.K.A., Günther, C.W., Weijters, A.J.M.M., van der Aalst, W.M.P.: The need for a process mining evaluation framework in research and practice. In: ter Hofstede, A., Benatallah, B., Paik, H.-Y. (eds.) BPM 2007. LNCS, vol. 4928, pp. 84–89. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78238-4_10

    Chapter  Google Scholar 

  31. Samavi, R., Consens, M.P.: Publishing privacy logs to facilitate transparency and accountability. J. Web Semant. 50, 1–20 (2018)

    Article  Google Scholar 

  32. Sutton, A., Samavi, R.: Blockchain enabled privacy audit logs. In: d’Amato, C., et al. (eds.) ISWC 2017. LNCS, vol. 10587, pp. 645–660. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68288-4_38

    Chapter  Google Scholar 

  33. Wood, G.: Ethereum: A secure decentralised generalised transaction ledger. Technical report, Ethereum Project Yellow Paper 151 (2014)

    Google Scholar 

  34. Zerbino, P., Aloini, D., Dulmin, R., Mininno, V.: Process-mining-enabled audit of information systems: methodology and an application. Expert Syst. Appl. 110, 80–92 (2018)

    Article  Google Scholar 

Download references

Acknowledgement

It is really our pleasure to take part in Stefania’s Festschrift. The cooperation with her and her group is somehow recent, nevertheless it has been very profitable, and inspiring both from the professional and human profile. In particular the cooperation has strengthened in relation to the Learn PAd European research project where both UNICAM and ISTI–CNR were partners. The work we present here can be somehow considered a germination of the research carried on together within Learn PAd. We thank Stefania for her friendship, and wish her all the best for the future.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Barbara Re .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Corradini, F., Marcantoni, F., Morichetta, A., Polini, A., Re, B., Sampaolo, M. (2019). Enabling Auditing of Smart Contracts Through Process Mining. In: ter Beek, M., Fantechi, A., Semini, L. (eds) From Software Engineering to Formal Methods and Tools, and Back. Lecture Notes in Computer Science(), vol 11865. Springer, Cham. https://doi.org/10.1007/978-3-030-30985-5_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30985-5_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30984-8

  • Online ISBN: 978-3-030-30985-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics