Designing secure business processes for blockchains with SecBPMN2BC

Julius Köpke*, Giovanni Meroni, Mattia Salnitri

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

68 Downloads (Pure)


Collaborative business processes can be seen as smart contracts, as they are oftentimes adopted to express agreements among different organizations. Indeed, they provide mechanisms to formalize the obligations of each involved party. For instance, collaborative business processes can specify when a certain task should be executed, under which conditions a service should be offered to the other participants, and how physical objects and information should be manipulated. In this setting, to prevent misuse of smart contracts and services and information provided, it is paramount to guarantee by design that security requirements are fulfilled. With the rise in popularity of blockchains, several approaches exploiting the trusted smart contract execution environment offered by this technology to enforce collaborative business processes have been proposed. Yet, the complexity of business processes, security requirements, and blockchain applications calls for an engineering approach that guides the design of secure business processes. Such an approach should both take advantage of the possibilities offered by blockchain technology to enforce some security requirements (e.g., non-repudiation), and take into account the limitations blockchain poses for other security requirements (e.g., confidentiality). However, we are not aware of any existing work that aims at addressing such issues following a similar approach. In this article, we propose SecBPMN2BC: a model-driven approach to designing business processes with security requirements that are meant to be deployed on blockchains. SecBPMN2BC consists of: (i) an extension of BPMN 2.0 that allows designing secure smart contracts; (ii) a set of algorithms and their implementation that check incompatible security requirements and help the design of smart contracts; (iii) a workflow that guides the application of the method. The method has been validated with a survey conducted on security and BPMN experts.

Original languageEnglish
JournalFuture Generation Computer Systems
Pages (from-to)382-398
Publication statusPublished - Apr 2023


  • Blockchain
  • Business processes
  • Information systems
  • Model-driven engineering
  • Security
  • Smart contracts


Dive into the research topics of 'Designing secure business processes for blockchains with SecBPMN2BC'. Together they form a unique fingerprint.

Cite this