Secure blockchain in the enterprise: A methodology

doi:10.1016/j.pmcj.2019.101038

Pervasive and Mobile Computing

Volume 59, October 2019, 101038

https://doi.org/10.1016/j.pmcj.2019.101038 Get rights and content

Abstract

The adoption of blockchain in a software architecture should be perceived as a double-edged sword: if on the one hand, it allows to achieve benefits in terms of auditability, strong integrity protection and virtual tokens management, on the other hand they come together with peculiarities, like immutability, that need to be properly considered; for example, in the interaction with personal data, blockchain adoption may result particularly critical. Therefore, in order to guide software architects wishing to leverage the potential of an existing blockchain technology for their solutions, we propose a list of security threats specific to blockchain, integrated in a multi-staged architecture analysis approach based on threat modeling. It comprises methods for the evaluation and identification of the most suitable blockchain technology (if at all viable) for the scenario, coupled with design analysis processes which consider web application — as well as our blockchain-specific security threats. We illustrate our approach through a paradigmatic example.

Introduction

The term “blockchain” has become popular in the last decade, also for the general public. Mainstream media used it extensively, especially to discuss and explain crypto-currencies, and the concepts were studied and analyzed by the finance research community (as examples, see [1], [2], [3]); Bitcoin [4] in particular, whose importance is demonstrated by observing its market capitalization, about 5B dollars in April 2019 [5]. Such interest is also motivated by the properties of blockchain technologies and their promises of decentralization, robustness, immutability, transparency and at the same time, anonymity. It is only natural, therefore, that the software engineering community begin to adopt the blockchain, in different technology flavors [6]. However, blockchain adoption requires specific cares, spanning from an understanding of the underpinnings to architectural and implementation details, that are not necessarily adopted everywhere [7]. Recent studies in the international development sector [8] seem to confirm this perception.

In this work, we propose our methodology for a secure adoption of blockchain technologies in enterprise software development projects. It relies on threat modeling as means to achieve a security-by-design and sound approach to software security. The methodology guides software architects in understanding if blockchain adoption should be considered or not, and in case, which flavors to consider. Subsequently, we focus on the security implications of blockchain adoption, by including in our proposal an extension to a well-known and industrial-adopted architecture review methodology, the Microsoft-developed threat modeling approach STRIDE [9]. We do so by proposing a list of blockchain-specific security risks. We aim in this way at maximizing the general applicability of our methodology, considering the broad scope of STRIDE.

To exemplify our methodology, we will follow the activities of a persona character, Alice, a software architect, that is about to start a new software project considering the inclusion of blockchain technologies.

Alice is starting her new software project. And as long as she remembers, she has been a big fan of retrogaming. Back in the times, she was spending countless hours playing shooter games at the arcade, always aiming at reaching place 1 in the leaderboard. Today she thinks about giving the new generation the thrill of this experience in a new kind of video game. She has the idea of a coin-operated game and of a global leaderboard; this makes her think that she may use a blockchain solution. Afew days of brainstorming later, she comes-up with an initial design. Now is the time to validate the concept from a security point of view by applying our blockchain-specific threat modeling methodology.

Threat modeling can be defined as “an approach for creating an abstraction of a software system, aimed at identifying attackers’ abilities and goals, and using that abstraction to generate and catalog possible threats that the system must mitigate”. It can integrate the early stages of a software development process, where software architectures are reviewed from a security perspective, effectively materializing a security-by-design approach. Among the threat modeling methods, we chose the Microsoft-developed STRIDE for its industrial adoption and support tool availability.¹ The methodology includes the analysis of a software architecture and its data flows according to a list of threats organized in the mentioned six threat categories. Its result is a list of actual threats for the software system under analysis.

Alice will then perform her analysis following our blockchain threat modeling methodology, composed of four different steps.

Step 1
Assess whether blockchain can be a viable solution at all for the project at hand, in a motto: “when to use the blockchain”.
Step 2
Analyze which blockchain implementation can be up to the task, i,e., “choosing a blockchain implementation”.
Step 3
Review threats specific to the building blocks of the chosen blockchain solution.
Step 4
Perform a traditional threat modeling assessment for the global solution.

The paper is structured as follows. Section 2 presents the main concepts on blockchains and on threat modeling that are relevant background for our contribution. The four steps of our methodology are covered in Section 3 with an introduction of our methodology, followed by Section 3.1 that presents our criteria to decide about the inclusion of blockchain technologies. Section 3.2 illustrates the different blockchain technologies and their usages, while the associated threats are presented in Section 3.3. The threat modeling analysis of Alice’s software project, considering our threat list, is presented in Section 3.4. Lastly, Section 4 shall offer a conclusion.

Section snippets

Main concepts and state of the art

This section presents the conceptual underpinnings of our work: a definition of blockchain in its main characteristics, together with a presentation of threat modeling as security architecture review practice.

Our methodology

This section presents our methodology, organized in four different steps, illustrated following Alice’s design activities.

Conclusions

The general attention to blockchain technologies is due to the valuable security properties potentially achievable through their adoption, for example, immutability, decentralization, transparency and anonymity. As any other technology, they come with constraints that software architects need to consider carefully when designing their software projects. However, the very nature of such properties calls for conscious software design, putting additional strain on software architects that must

Declaration of competing interest

The authors declared that they had no conflicts of interest with respect to their authorship or the publication of this article.

References (28)

HilemanG. et al.
Global Cryptocurrency Benchmarking Study, 33
(2017)
BambaraJ.J. et al.
Blockchain: A Practical Guide to Developing Business, Law, and Technology Solutions
(2018)
HinzenF.J. et al.
Proof-of-Work’s Limited Adoption Problem
(2019)
NakamotoS.
Bitcoin: A P2P Electronic Cash System
(2009)
BitcoinS.
Bitcoin Cash Charts
(2018)
CasinoF. et al.
A systematic literature review of blockchain-based applications: current status, classification and open issues
Telemat. Inform.
(2018)
ValdesR.
Capture Success From Your Failing Blockchain Project
(2017)
BurgJ. et al.
Blockchain for International Development: Using a Learning Agenda to Address Knowledge Gaps
(2018)
ShostackA.
Experiences threat modeling at microsoft
ZhengZ. et al.
Blockchain challenges and opportunities: a survey
Int. J. Web Grid Serv.
(2018)

SwansonT.

Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems

(2015)

TuwinerJ.

Bitcoin Mining Pools

(2019)

SzaboN.

Smart Contracts

(1994)

ScandariatoR. et al.

A descriptive study of microsoft’s threat modeling technique

Requir. Eng.

(2015)

Cited by (29)

A blockchain privacy-conserving framework for secure medical data transmission in the internet of medical things
2024, Decision Analytics Journal
The Internet of Medical Things (IoMT) has transformed healthcare, collecting and transmitting vast medical data. This study proposes an innovative solution, integrating blockchain into IoMT within a fog-cloud computing framework for secure medical data transmission. The blockchain-based zero-trust system ensures reliable data auditing and Electronic Health Repository (EHR) protection. New blockchain entries atop prior blocks deter tampering, with Quad Merkle tree and zero-knowledge proof encryption ensuring data integrity and privacy. The multi-critic deep deterministic policy gradient algorithm optimizes task-offloading decisions in the fog-cloud layer. Security analyses validate its effectiveness, improving computing efficiency and ensuring data fidelity and privacy. These findings position the system as a promising solution for enhancing medical data security and integrity in edge-fog cloud environments, aligning with evolving healthcare technology demands.
Application of building information modeling-blockchain integration in the Architecture, Engineering, and Construction / Facilities Management industry: A review
2023, Journal of Building Engineering
The Architecture, Engineering, and Construction/Facilities Management (AEC/FM) industry has been evolving to embrace highly efficient collaboration. This has emphasized the need to apply cloud Building Information Modelling (BIM) technology. However, conventional cloud storage and computing in BIM are not completely effective in providing trusted networks. The application of relevant blockchain technology to achieve this goal is essential. In this regard, the engagement of BIM-blockchain integration is anticipated to promote promising resolutions. Such a proposed system is expected to provide trusted networks which exclude the third party. Likewise, a decentralized system can largely reduce the risk of operating failure. Hence, this study aims to investigate the potential of BIM-blockchain integration for distributed storage and computing in the AEC/FM industry. A three-step review approach provides a comprehensive literature review on BIM, blockchain, and BIM-blockchain integration. Focusing on distributed storage and computing, this research has reviewed 215 papers. It proposes an engagement of BIM-blockchain integration in the AEC/FM industry to facilitate the effective implementation of working collaboration. This research concluded that with BIM-blockchain integration, distributed storage and computing in the AEC/FM industry can avoid various issues and get several benefits.
Benefits for the bunker industry in adopting blockchain technology for dispute resolution
2023, Blockchain: Research and Applications
The bunker industry has faced negative perception to their trust and credibility in recent times. This is further compounded by the need for the industry to answer new challenges to meet the requirement of the International Maritime Organization 2020. The aim of this work is to illustrate how blockchain technology may be adopted for aiding in bunker dispute resolution.
To demonstrate how blockchain may aid in disputes within the bunker industry, this paper first examines the existing bunker supply process, which involves the formation of contracts under English law, the Bunker Delivery Notes, the different types of disputes that may arise during a bunker transaction and the methods of dispute resolution utilised by the industry. Furthermore, the current literature in relation to blockchain technology and blockchain smart contracts is examined. Finally, interviews and surveys within the industry have been conducted to identify the benefits and challenges in adopting blockchain technology.
The research found that blockchains may benefit the bunker supply chain offering the effective resolution of bunker quality disputes. Furthermore, blockchains may also serve as a verification tool for electronic bunker delivery notes, which may aid quality and quantity bunker disputes as well as compliance with the new International Maritime Organisation 2020 requirements. As a result, despite the research having shown blockchain to be situationally dependent and having an element of legal uncertainty, blockchain does offer a solution to aid in bunker disputes and for improving the trust and credibility within the bunker industry.
EBDF: The enterprise blockchain design framework and its application to an e-Procurement ecosystem
2022, Computers and Industrial Engineering
Citation Excerpt :
Bhushan, Khamparia, et al., 2020) while presenting the blockchain technology as a solution for security challenges in smart cities, it presented a diagram to decide if blockchain can be employed or not. ( Hebert & Di Cerbo, 2019) proposed a methodology that can be used by software developers to assess the security of a software architecture and risk evaluation of applying blockchain technologies. ( Fan et al., 2020) presented a systematic study including existing blockchain performance evaluation procedures covering empirical and analytical evaluation approaches.
Blockchain technologies have seen a steady growth in interest from industries as the technology is gaining maturity. It is offering a novel way to establish trust amongst multiple stakeholders without relying or trusting centralised authorities. While its use as a decentralised store of value has been validated through the emergence of cryptocurrencies, its use case in industrial applications with multiple stakeholder ecosystems such as industrial supply chain management, is still at an early stage of design and experimentation where private blockchains are used as opposed to public blockchains. Many enterprise blockchain projects failed to gain traction after initial launches, due to inefficient design, lack of incentives to all stakeholders or simply because the use of blockchain was not really necessary in the first place. There has been a need for a framework that allows blockchain designers and researchers to evaluate scenarios when a blockchain solution is useful and design the key configurations for an enterprise blockchain solution. Literature on blockchain architectures are sparse and only applicable to specific use cases or functionalities. This paper proposes a comprehensive Enterprise Blockchain Design Framework (EBDF), that not only identifies the relevant use cases when a blockchain must be utilised, but also details all the characteristics and configurations for designing an enterprise blockchain ecosystem, applicable to multiple industries. To validate the EBDF, we apply the same to the Vortal e-Procurement ecosystem allowing for multiple platforms to interoperate with greater transparency and accountability over the proposed blockchain framework. In this use case, many vendors bid for procurement procedures, often for publicly managed funds where it is extremely vital that full transparency and accountability is ensured in the entire process. Ensuring that certain digital certification functions, such as timestamps are independent from e-Procurement platform owners has been a challenge. Blockchain technology has emerged as a promising solution for not only ensuring transparency and immutability of records, but also providing for interoperability across different platforms by acting as a trusted third-party. The applied framework is used to design a Hyperledger based blockchain solution with some of the key architectural elements that could fulfil these needs while presenting the advantages of such a solution.
Risk assessment of maritime container shipping blockchain-integrated systems: An analysis of multi-event scenarios
2022, Transportation Research Part E: Logistics and Transportation Review
Citation Excerpt :
A specific issue with the maritime logistics industry is the fragmentation of data regimes, where most connections are one-to-one, leading to potential deficiencies and vulnerabilities in operations (Perego et al., 2011, Carlan et al., 2020). Cyberattack is still a significant threat to BIS’s security (Hebert and Di Cerbo, 2019). Smart contract is both a feature and vulnerability that inadequate auditing, testing, and patching could be exploited to defunct or override the intended/expected behaviors (Atzei et al., 2017, Viriyasitavat et al., 2019, Yamashita et al., 2019, Green et al., 2020).
Blockchain applications in maritime logistics services face uncertainties and risks, obstructing a broader and more sustainable adoption. Although the operational risk of blockchain-integrated systems (BISs) is significant, studies in this area are still conceptual and scarce. This research is a mixed-methods risk analysis focusing on (1) modeling the risk situation by a connected network of potential disruptive events in container shipping BISs, and (2) applying a quantitative risk analysis with probabilistic indexes considering the multiplicity of multi-event risk scenarios (MESs). Thirty-two telephone interviews with experts from container terminal operators, shipping companies, and freight forwarders helped establish a risk network with the description of 25 vertices and 54 directed connections. The quantitative analysis of 64 web survey responses provided insights and foresight about different characteristics of each risk and causal connection. The results enable a comprehensive view of the potential failure modes of blockchain applications. This study is the first to explore the potential risk situation in container shipping BISs with inputs from the industry. The applied methodological framework expands the toolkit of risk researchers, analysts, and managers against the fast-paced development of digitalization in maritime logistics and supply chain operations.
Organizational governance in the smart era: the implications of blockchain
2023, Nankai Business Review International

View all citing articles on Scopus

View full text

Secure blockchain in the enterprise: A methodology

Abstract

Introduction

Section snippets

Main concepts and state of the art

Our methodology

Conclusions

Declaration of competing interest

Global Cryptocurrency Benchmarking Study, 33

Blockchain: A Practical Guide to Developing Business, Law, and Technology Solutions

Proof-of-Work’s Limited Adoption Problem

Bitcoin: A P2P Electronic Cash System

Bitcoin Cash Charts

A systematic literature review of blockchain-based applications: current status, classification and open issues

Telemat. Inform.

Capture Success From Your Failing Blockchain Project

Blockchain for International Development: Using a Learning Agenda to Address Knowledge Gaps

Experiences threat modeling at microsoft

Blockchain challenges and opportunities: a survey

Int. J. Web Grid Serv.

Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems

Bitcoin Mining Pools

Smart Contracts

A descriptive study of microsoft’s threat modeling technique

Requir. Eng.