Abstract
Blockchain technology is ready to revolutionise the financial industry. The financial industry has various security challenges (e.g., tampering, repudiation, denial of service, etc). The Corda platform provides suitable technological infrastructure to build the blockchain-based application (CorDapp) in the financial industry to overcome these challenges. In this paper, we take a case of the capital market post-trade matching and confirmation process to perform security risk management. We compare the countermeasures of centralised application and CorDapp that mitigate the security risks. Furthermore, we explain what security risks appear within the CorDapp.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AccentureSecurity: Future Cyber Threats: Extreme But Plausible Threat Scenarios In Financial Services (2019)
Agarwal, S.: Cybersecurity essentials for capital markets firms in the digital age. http://bit.ly/37rdMTe
Al-essa, M.: The Impact of Blockchain Technology on Financial Technology (2019)
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). POST (2017)
Baker, R.P.: The Trade Lifecycle: Behind the Scenes of the Trading Process (2015)
Bellekens, X., Hamilton, A., Seeam, P., Nieradzinska, K., Franssen, Q., Seeam, A.: Pervasive eHealth services a security and privacy risk awareness survey. CyberSA\(\acute{1}\)6 (2016)
Brubaker, C., Jana, S., Ray, B., Khurshid, S., Shmatikov, V.: Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In: Proceedings - IEEE Symposium on Security and Privacy (2014)
CMA: Capital Markets Fraud Investigations Unit. http://bit.ly/2SVxClg
Dagan, G.: The Actual Networking behind the Ethereum Network: How It Works (2018). http://bit.ly/2HjtchG
Docs, C.: Corda Threat Model. http://bit.ly/39xcuHJ
Dubois, É., Heymans, P., Mayer, N., Matulevičius, R.: A Systematic Approach to Define the Domain of Information System Security Risk Management (2010)
ECB: Potential Impact of DLTs on Securities Post-Trading Harmonisation and on the Wider EU Financial Market Integration (2017). http://bit.ly/37jMFcG
Hearn, M.: Corda: A distributed ledger (Whitepaper) (2016). https://www.corda.net/content/corda-technical-whitepaper.pdf
Hearn, M.: The Future of Corda (2018). https://www.r3.com/wp-content/uploads/2018/04/The-Future-of-Corda-ENG.pdf
Iqbal, M., Matulevičius, R.: Blockchain-based application security risks: a systematic literature review. In: CAiSE 2019 Workshop (2019)
Iqbal, M., Matulevičius, R.: Comparison of blockchain-based solutions to mitigate data tampering security risk. In: Di Ciccio, C., et al. (eds.) BPM 2019. LNBIP, vol. 361, pp. 13–28. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30429-4_2
Koens, T., King, S., Bos, M.V.D., Wijk, C.V., Koren, A.: Solutions for the Corda Security and Privacy Trade-off : Having Your Cake and Eating It (2019)
Kubo, R.: Detection and mitigation of false data injection attacks for secure interactive networked control systems. ISR (2018)
Matulevicius, R.: Fundamentals of Secure System Modelling. Lecture Notes in Business Information Processing. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61717-6_12
Maurer, T., Levite, A., Perkovich, G.: Toward a global norm against manipulating the integrity of financial data (2017)
Moser, J.: The Application and Impact of the European General Data Protection Regulation on Blockchains (2017)
Mylrea, M., Gourisetti, S.N.G.: Blockchain for smart grid resilience: Exchanging distributed energy at speed, scale and security. In: RWS (2017)
OWASP: A10-Insufficient Logging and Monitoring (2017). http://bit.ly/31P2Du7
Placāns, J.: Security risk management in corda-based application for capital markets. Master’s thesis, Riga Technical University (2019)
Polyviou, A., Velanas, P., Soldatos, J.: Blockchain Technology: Financial Sector Applications Beyond Cryptocurrencies (2019)
R3: Corda: Secure Coding Guidelines. http://bit.ly/2TluaiO
Ruffy, F., Hommel, W., Eye, F.V.: A STRIDE-based security architecture for software-defined networking. ICN 2016 (c) (2016)
Sato, T., Himura, Y.: Smart-contract based system operations for permissioned Blockchain. In: NTMS 2018 (2018)
Sweigart, C.: Global Information Assurance Certification Paper (2003)
Thulasidas, M.: Principles of Quantitative Development (2010)
Velissarios, J., Herzig, J., Didem, U.: Blockchain’s potential starts with security. Practice Nurs. 24(5), 561–568 (2019)
Yin, W.E.I., Wen, Q., Li, W., Zhang, H.U.A., Jin, Z.: An Anti-Quantum Transaction Authentication Approach in Blockchain 6 (2018)
Acknowledgement
The authors would like to thank Justs Placāns (Riga Technical University) for the constructive comments and significant contribution while preparing this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Iqbal, M., Matulevičius, R. (2020). Managing Security Risks in Post-Trade Matching and Confirmation Using CorDapp. In: Robal, T., Haav, HM., Penjam, J., Matulevičius, R. (eds) Databases and Information Systems. DB&IS 2020. Communications in Computer and Information Science, vol 1243. Springer, Cham. https://doi.org/10.1007/978-3-030-57672-1_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-57672-1_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57671-4
Online ISBN: 978-3-030-57672-1
eBook Packages: Computer ScienceComputer Science (R0)