Looking at securing confidential information in Hyperledger Composer

If assets and transactions in a business network have ACL's to prevent a competitor participant (non-owner) from viewing confidential information, what access can the competitor have to assets and transactions owned by another participant?

Can the competitor access the underlying Fabric ledger to view assets/transactions?

Can the competitor view the transaction processing function?

Can the competitor view the logs of the transaction processing function?

How secure are ACLs?

I don't know if there is some documentation covering this already, or how much is about the security of Fabric rather than Composer.

Dan Selman suggested on RocketChat to ask here.

Thanks

Andrew

Composer's Access Control Engine prevents transaction processor functions written in Javascript from accessing the data in the ledger, based on the type of access requested, the current participant, and the transaction being processed.

The ACL engine does not encrypt the data on the ledger, or attempt to filter the chaincode container logs to remove information.

So, I would say in its current incarnation it is not a suitable mechanism to prevent someone who has physical access to a peer (world state, or the blockchain itself) from viewing information they should not have access to. Modifications are obviously much harder, due to the immutable nature of the blockchain.

In many ways this is similar to access control logic for a relational database. Someone who has physical access to the database files on disk can likely circumvent all access control rules on tables/views etc.

I do believe that we need to go further than this, but first I think we need more detail on the requirements.