Publication Details

The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses

HOMOLIAK Ivan, VENUGOPALAN Sarad, REIJSBERGEN Daniel, HUM Qingze, SCHUMI Richard and SZALACHOWSKI Pawel. The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses. IEEE Communications Surveys and Tutorials, vol. 23, no. 1, 2021, pp. 341-390. ISSN 1553-877X. Available from: https://doi.org/10.1109/COMST.2020.3033665
Czech title
Bezpečnostní referenční architektura pro blockchainy: Směrem ke standardizovanému modelu pro studium zranitelností, hrozeb a obrany
Type
journal article
Language
english
Authors
Homoliak Ivan, Ing., Ph.D. (DITS FIT BUT)
Venugopalan Sarad (SUTD)
Reijsbergen Daniel (SUTD)
Hum Qingze (SUTD)
Schumi Richard (SUTD)
Szalachowski Pawel, Dr. (SUTD)
URL
Keywords


Reference architecture, blockchains, distributed
ledgers, security, privacy, vulnerabilities, threats, ISO/IEC 15408

Abstract

Blockchains are distributed systems, in which security is a critical factor for their success. However, despite their increasing popularity and adoption, there is a lack of standardized models that study blockchain-related security threats. To fill this gap, the main focus of our work is to systematize and extend the knowledge about the security and privacy aspects of blockchains and contribute to the standardization of this domain.
We propose the security reference architecture (SRA) for blockchains, which adopts a stacked model (similar to the ISO/OSI) describing the nature and hierarchy of various security and privacy aspects. The SRA contains four layers: (1) the network layer, (2) the consensus layer, (3) the replicated state machine layer, and (4) the application layer. At each of these layers, we identify known security threats, their origin, and countermeasures, while we also analyze several cross-layer dependencies. Next, to enable better reasoning about security aspects of blockchains by the practitioners, we propose a blockchain-specific version of the threat-risk assessment standard ISO/IEC 15408 by embedding the stacked model into this standard. Finally, we provide designers of blockchain platforms and applications with a design methodology following the model of SRA and its hierarchy.

Published
2021
Pages
341-390
Journal
IEEE Communications Surveys and Tutorials, vol. 23, no. 1, ISSN 1553-877X
Publisher
Institute of Electrical and Electronics Engineers
DOI
UT WoS
000631089200014
EID Scopus
BibTeX
@ARTICLE{FITPUB12335,
   author = "Ivan Homoliak and Sarad Venugopalan and Daniel Reijsbergen and Qingze Hum and Richard Schumi and Pawel Szalachowski",
   title = "The Security Reference Architecture for Blockchains: Toward a Standardized Model for Studying Vulnerabilities, Threats, and Defenses",
   pages = "341--390",
   journal = "IEEE Communications Surveys and Tutorials",
   volume = 23,
   number = 1,
   year = 2021,
   ISSN = "1553-877X",
   doi = "10.1109/COMST.2020.3033665",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12335"
}
Back to top