As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It...As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy.Therefore,this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications.The framework divides itself into different implementation domains,i.e.,organization security,application security,consensus mechanism security,node management and network security,host security and perimeter security,and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains.In addition,a case study,including a security testing and risk evaluation on each stack of a specific organization,is demonstrated as an implementation instruction of our proposed risk management framework.According to the best of our knowledge,this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view.If users can trust the applications that adopted this framework,this study can contribute to the adoption of permissioned blockchain-enabled technologies.Furthermore,application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.展开更多
基金This work was supported by the Ministry of Science and Technology,Taiwan,under grants MOST 110-2218-E-011-007-MBK,MOST 111-2218-E-011-012-MBK,MOST 109-2221-E-011-110-MY2,MOST 109-2221-E-259-011-MY2,MOST 110-2629-E-259-001,MOST 110-2926-I-259-501,and MOST 110-2634-F-A49-004.
文摘As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy.Therefore,this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications.The framework divides itself into different implementation domains,i.e.,organization security,application security,consensus mechanism security,node management and network security,host security and perimeter security,and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains.In addition,a case study,including a security testing and risk evaluation on each stack of a specific organization,is demonstrated as an implementation instruction of our proposed risk management framework.According to the best of our knowledge,this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view.If users can trust the applications that adopted this framework,this study can contribute to the adoption of permissioned blockchain-enabled technologies.Furthermore,application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.
