The overall system structure is depicted in this UML deployment diagram.
Smart contracts, deployed on the Ethereum testnet Rinkeby perform internal computations like conference and account management. This computation is executed via the EVM on each miner's computer. The web interface is deployed on a web server, while conference management information is fetched from the blockchain via RPC. This communication is enabled by the JavaScript API web3, which is injected by the add-on MetaMask into the user's browser. Detailed conference information, paper PDFs and review texts are stored on the P2P file storage network IPFS.
This figure was made with Visual Paradigm Community Edition
The back end consist of Smart Contracts, written in Solidity and IPFS as an off-chain file storage. The contract structure is depicted in this UML component diagram
Conferences are created via a conference registry. Each conference possesses a list of papers, each paper possess a list of reviews.
Access to certain objects and operatins is restricted to different roles: Admin, Programm-Commitee Member and Author. Accounts can be assigned to such a role by the conference admin. The account which created a conference is the conference's admin. This model, namely Role Based Access Control is described by this figure:
The OpenZeppelin framework offers many pieces of security relevant Solidity scripts, including interfaces for RBAC.