How to Secure Blockchains from Attacks: A Security Reference Architecture for Distributed Ledger Technologies

Eray ALTILI
11 min readAug 2, 2023

Table of Contents

Introduction

  • What are blockchains and why are they important?
  • What are the main security challenges and limitations of blockchains?
  • What is the main goal and contribution of the paper?

The Security Reference Architecture

  • What is the security reference architecture (SRA) and how does it work?
  • What are the two models of the SRA: the stacked model and the threat-risk assessment model?
  • How does the SRA help to systematize and extend the knowledge about the security and privacy aspects of blockchains?

The Stacked Model

  • What are the four layers of the stacked model: network, consensus, replicated state machine, and application?
  • What are the types of threats and countermeasures at each layer?
  • How do the layers interact and depend on each other?

The Threat-Risk Assessment Model

  • What are the components and actors of the threat-risk assessment model: owners, assets, threat agents, threats, countermeasures, and risks?
  • How does the threat-risk assessment model help to identify, assess, and mitigate security threats in blockchain systems?
  • How does the threat-risk assessment model embed the stacked model into the ISO/IEC 15408 standard?

Key Findings and Insights

  • What are some of the key findings and insights from the paper?
  • How does the SRA help to design secure blockchain platforms and applications?
  • How does the SRA contribute to the standardization of blockchain security?

Conclusion

  • What are the main points and takeaways of the blog post?
  • Where can readers find more information or read the original paper?
  • How can readers provide feedback or comments on the blog post?

Introduction

Blockchain technology has revolutionized the way we think about trust, transparency, and security in digital transactions. Blockchains are distributed systems that enable…

--

--

Eray ALTILI

I am passionate about Technology, Cloud Computing, Machine Learning, Blockchain and Finance. All opinions are my own and do not express opinions of my employer.