The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses
share
Due to their specific features, such as decentralization and immutability, blockchains have become popular in recent years. Blockchains are full-stack distributed systems in terms of realization, where security is a critical factor for their success. However, despite increasing popularity and adoption, there is a lack of standardized models to study security threats related to blockchains in a similar fashion as was done, e.g., in the area of cloud computing. To fill this gap, the main focus of our work is to systematize the knowledge about security and privacy aspects of blockchains, and thus contribute to the standardization of this domain. To this end, we propose the security reference architecture for blockchains, which utilizes a stacked model (similar to the ISO/OSI) that demonstrates the nature and hierarchy of various security and privacy threats. The model contains four layers: (1) the network layer, (2) the consensus layer, (3) the replicated state machine layer, and (4) the application layer. At each of these layers, we identify known security threats, their origin as well as mitigation techniques or countermeasures. particular countermeasures. Although a similar model has already been used in previous work to serve as a general outline of the blockchain infrastructure, we adapt it for the purpose of studying security threats in this domain. Further, we propose a blockchain-specific version of the threat-risk assessment standard ISO/IEC 15408 by embedding the stacked model into this standard. Finally, following our stacked model and its categorization, we provide an extensive survey of blockchain-oriented and related research as well as its applications.
READ FULL TEXT