Distributed ledger technologies have gained significant attention and adoption in recent years. Despite various security features distributed ledger technology provides, they are vulnerable to different and new malicious attacks, such as selfish mining and Sybil attacks. While such vulnerabilities have been investigated, detecting and discovering appropriate countermeasures still need to be reported. Cybersecurity knowledge is limited and fragmented in this domain, while distributed ledger technology usage grows daily. Thus, research focusing on overcoming potential attacks on distributed ledgers is required. This study aims to raise awareness of the cybersecurity of distributed ledger technology by designing a security risk assessment method for distributed ledger technology applications. We have developed a database with possible security threats and known attacks on distributed ledger technologies to accompany the method, including sets of countermeasures. We employed a semi-systematic literature review combined with method engineering to develop a method that organizations can use to assess their cybersecurity risk for distributed ledger applications. The method has subsequently been evaluated in three case studies, which show that the method helps to effectively conduct security risk assessments for distributed ledger applications in these organizations.
翻译:近年来,分布式账本技术获得了广泛关注与应用。尽管分布式账本技术提供了多种安全特性,它们仍易遭受不同类型的新型恶意攻击,例如自私挖矿和女巫攻击。虽然此类漏洞已被研究,但检测和发现相应应对措施的成果仍有待报道。在此领域,网络安全知识有限且零散,而分布式账本技术的使用却与日俱增。因此,需要开展专注于克服分布式账本潜在攻击的研究。本研究旨在通过设计一种针对分布式账本技术应用的安全风险评估方法,提升对分布式账本技术网络安全的认识。我们开发了一个数据库,包含分布式账本技术可能面临的安全威胁、已知攻击以及相应的应对措施集,以配合该方法的使用。我们采用半系统性文献综述与方法工程相结合的方式,开发了一种可供组织用于评估其分布式账本应用网络安全风险的方法。该方法随后在三个案例研究中进行了评估,结果表明,该方法有助于这些组织有效地开展分布式账本应用的安全风险评估。