TY - JOUR
T1 - Trustworthiness Evaluation for Permissioned Blockchain-Enabled Applications
AU - Cha, Shi Cho
AU - Shiung, Chuang Ming
AU - Li, Wen Wei
AU - Peng, Chun Neng
AU - Hung, Yi Hsuan
AU - Yeh, Kuo Hui
N1 - Publisher Copyright:
© 2022 Tech Science Press. All rights reserved.
PY - 2022
Y1 - 2022
N2 - As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations, related stakeholders need a means to assess the trustworthiness of the applications involved within. It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy. Therefore, this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications. The framework divides itself into different implementation domains, i.e., organization security, application security, consensus mechanism security, node management and network security, host security and perimeter security, and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains. In addition, a case study, including a security testing and risk evaluation on each stack of a specific organization, is demonstrated as an implementation instruction of our proposed risk management framework. According to the best of our knowledge, this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view. If users can trust the applications that adopted this framework, this study can contribute to the adoption of permissioned blockchain-enabled technologies. Furthermore, application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.
AB - As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations, related stakeholders need a means to assess the trustworthiness of the applications involved within. It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy. Therefore, this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications. The framework divides itself into different implementation domains, i.e., organization security, application security, consensus mechanism security, node management and network security, host security and perimeter security, and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains. In addition, a case study, including a security testing and risk evaluation on each stack of a specific organization, is demonstrated as an implementation instruction of our proposed risk management framework. According to the best of our knowledge, this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view. If users can trust the applications that adopted this framework, this study can contribute to the adoption of permissioned blockchain-enabled technologies. Furthermore, application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.
KW - Permissioned blockchain
KW - blockchain risk evaluation
KW - blockchain security
UR - http://www.scopus.com/inward/record.url?scp=85132727675&partnerID=8YFLogxK
U2 - 10.32604/cmc.2022.029161
DO - 10.32604/cmc.2022.029161
M3 - Article
AN - SCOPUS:85132727675
SN - 1546-2218
VL - 73
SP - 2731
EP - 2755
JO - Computers, Materials and Continua
JF - Computers, Materials and Continua
IS - 2
ER -