当前位置: X-MOL 学术IEEE Commun. Surv. Tutor. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses
IEEE Communications Surveys & Tutorials ( IF 35.6 ) Pub Date : 2020-01-01 , DOI: 10.1109/comst.2020.3033665
Ivan Homoliak , Sarad Venugopalan , Daniel Reijsbergen , Qingze Hum , Richard Schumi , Pawel Szalachowski

Due to their specific features, such as decentralization and immutability, blockchains have become popular in recent years. Blockchains are full-stack distributed systems in terms of realization, where security is a critical factor for their success. However, despite increasing popularity and adoption, there is a lack of standardized models to study security threats related to blockchains in a similar fashion as was done, e.g., in the area of cloud computing. To fill this gap, the main focus of our work is to systematize the knowledge about security and privacy aspects of blockchains, and thus contribute to the standardization of this domain. To this end, we propose the security reference architecture for blockchains, which utilizes a stacked model (similar to the ISO/OSI) that demonstrates the nature and hierarchy of various security and privacy threats. The model contains four layers: (1) the network layer, (2) the consensus layer, (3) the replicated state machine layer, and (4) the application layer. At each of these layers, we identify known security threats, their origin as well as mitigation techniques or countermeasures. % while we discuss the costs and impact of particular countermeasures. Although a similar model has already been used in previous work to serve as a general outline of the blockchain infrastructure, we adapt it for the purpose of studying security threats in this domain. Further, we propose a blockchain-specific version of the threat-risk assessment standard ISO/IEC 15408 by embedding the stacked model into this standard. Finally, following our stacked model and its categorization, we provide an extensive survey of blockchain-oriented and related research as well as its applications.

中文翻译:

区块链的安全参考架构:迈向研究漏洞、威胁和防御的标准化模型

由于其特定的特性,例如去中心化和不变性,区块链近年来变得流行起来。就实现而言,区块链是全栈分布式系统,其中安全性是其成功的关键因素。然而,尽管越来越受欢迎和采用,但缺乏标准化模型来研究与区块链相关的安全威胁,就像在云计算领域所做的那样。为了填补这一空白,我们工作的主要重点是系统化有关区块链安全和隐私方面的知识,从而为该领域的标准化做出贡献。为此,我们提出了区块链的安全参考架构,它利用堆叠模型(类似于 ISO/OSI)来展示各种安全和隐私威胁的性质和层次结构。该模型包含四层:(1)网络层,(2)共识层,(3)复制状态机层,(4)应用层。在每一层,我们都会识别已知的安全威胁、它们的来源以及缓解技术或对策。% 同时我们讨论特定对策的成本和影响。尽管在之前的工作中已经使用了类似的模型来作为区块链基础设施的总体轮廓,但我们对其进行了调整以研究该领域的安全威胁。此外,我们通过将堆叠模型嵌入到该标准中,提出了威胁风险评估标准 ISO/IEC 15408 的区块链特定版本。最后,
更新日期:2020-01-01
down
wechat
bug