ABC: A Cryptocurrency-Focused Threat Modeling Framework
Cryptocurrencies are an emerging economic force, but there are concerns about their security. This is due, in part, to complex collusion cases and new threat vectors, that could be missed by conventional security assessment strategies. To address these issues, we propose ABC, an Asset-Based Cryptocurrency-focused threat modeling framework capable of identifying such risks. ABC's key innovation is the use of collusion matrices. A collusion matrix forces a threat model to cover a large space of threat cases while simultaneously manages this process to prevent it from being overly complex. We demonstrate that ABC is effective by presenting real-world use cases and by conducting a user study. The user study showed that around 71 identify financial security threats, as compared to only 13 who used the popular framework STRIDE.
READ FULL TEXT