DeepAI AI Chat
Log In Sign Up

A Taxonomy for Understanding the Security Technical Debts in Blockchain Based Systems

by   Sabreen Ahmadjee, et al.
University of Birmingham

Blockchain is a disruptive technology intended at implementing secure decentralized distributed systems, in which transactional data can be shared, stored and verified by participants of a system using cryptographic and consensus mechanisms, elevating the need for a central authentication/verification authority. Contrary to the belief, blockchain-based systems are not inherently secure by design; it is crucial for security software engineers to be aware of the various blockchain specific architectural design decisions and choices and their consequences on the dependability of the software system. We argue that sub-optimal and ill-informed design decisions and choices of blockchain components and their configurations including smart contracts, key management, cryptographic and consensus mechanisms, on-chain vs. off chain storage choices can introduce security technical debt into the system. The technical debt metaphor can serve as a powerful tool for early, preventive and transparent evaluation of the security design of blockchain-based systems by making the potential security technical debt visible to security software engineers. We review the core architectural components of blockchain-based systems and we show how the ill-choice or sub-optimal design decisions and configuration of these components can manifest into security technical debt. We contribute to a taxonomy that classifies the blockchain specific design decisions and choices and we describe their connection to potential debts. The taxonomy can help architects of this category of systems avoid potential security risks by visualising the security technical debts and raising its visibility. We use examples from two case studies to discuss the taxonomy and its application.


Blockchain-based Application Security Risks: A Systematic Literature Review

Although the blockchain-based applications are considered to be less vul...

A Survey of Blockchain Data Management Systems

Blockchain has been widely deployed in various sectors, such as finance,...

FedChain: Secure Proof-of-Stake-based Framework for Federated-blockchain Systems

In this paper, we propose FedChain, a novel framework for federated-bloc...

SoK of Used Cryptography in Blockchain

The underlying fundaments of blockchain are cryptography and cryptograph...

A Framework for Designing Foundation Model based Systems

The recent release of large language model (LLM) based chatbots, such as...

Scaling a Blockchain-based Railway Control System Prototype for Mainline Railways: a Progress Report

Railway operations require control systems to ensure safety and efficien...