Litcius/Paper detail

The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses

Ivan Homoliak, Sarad Venugopalan, Daniel Reijsbergen, Qingze Hum, Richard Schumi, Pawel Szalachowski

2020IEEE Communications Surveys & Tutorials89 citationsDOIOpen Access PDF

Abstract

Blockchains are distributed systems, in which security is a critical factor for their success. However, despite their increasing popularity and adoption, there is a lack of standardized models that study blockchain-related security threats. To fill this gap, the main focus of our work is to systematize and extend the knowledge about the security and privacy aspects of blockchains and contribute to the standardization of this domain.We propose the security reference architecture (SRA) for blockchains, which adopts a stacked model (similar to the ISO/OSI) describing the nature and hierarchy of various security and privacy aspects. The SRA contains four layers: (1) the network layer, (2) the consensus layer, (3) the replicated state machine layer, and (4) the application layer. At each of these layers, we identify known security threats, their origin, and countermeasures, while we also analyze several cross-layer dependencies. Next, to enable better reasoning about security aspects of blockchains by the practitioners, we propose a blockchain-specific version of the threat-risk assessment standard ISO/IEC 15408 by embedding the stacked model into this standard. Finally, we provide designers of blockchain platforms and applications with a design methodology following the model of SRA and its hierarchy.

Topics & Concepts

Computer sciencePopularityComputer securityComputer security modelStandardizationFocus (optics)HierarchyEmbeddingReference modelEnterprise information security architectureWork (physics)State (computer science)ArchitectureCloud computing securitySecurity serviceSecurity through obscuritySecurity testingInformation privacySecurity convergenceConcrete securityCryptographyData securityNetwork securitySecurity information and event managementSoftware engineeringInformation securityInformation security standardsKey (lock)AnonymitySecurity analysisScheme (mathematics)Standard of Good PracticePrivacy by DesignApplication securityBlockchain Technology Applications and SecuritySecurity and Verification in ComputingSoftware System Performance and Reliability
The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses | Litcius