Advertisement

Risk Engineering and Blockchain: Anticipating and Mitigating Risks

  • Michael HuthEmail author
  • Claire Vishik
  • Riccardo Masucci
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 339)

Abstract

Complex systems require an integrated approach to risks. In this paper, we describe risk engineering, a methodology to incorporate risks at the planning and design stage for complex systems, and introduce some of its components. We examine, at a high level, how risk engineering can help improve the risk picture for blockchain technologies and their applications and outline challenges and benefits of this approach.

Keywords

Risk engineering Blockchain Ontology Reasoning Integrated risk analysis 

References

  1. 1.
  2. 2.
    Software Engineering Institute (SEI): Carnegie Mellon University, Architecture Tradeoff Analysis Method (2015). http://www.sei.cmu.edu/architecture/tools/evaluate/atam.cfm
  3. 3.
    Katsumata, P., Hemenway, J., Gavins, W.: Cybersecurity risk management. In: Military Communications Conference, 2010-MILCOM 2010. IEEE (2010)Google Scholar
  4. 4.
    Cyber-Physical Systems Public Working Group: Framework for Cyber-Physical Systems. Release 0.8. DRAFT, September 2015Google Scholar
  5. 5.
    Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Rel. Eng. Sys. Safety 110, 110–126 (2013)CrossRefGoogle Scholar
  6. 6.
    International Atomic Energy Agency (IAEA): International nuclear safety group (INSAG), Defence in depth in nuclear safety, INSAG-10, STI/PUB/1013 (1996)Google Scholar
  7. 7.
    Sweeney, L.: Technology Dialectics: Constructing Provably Appropriate Technology. Data Privacy Lab, Fall (2006). http://dataprivacylab.org/dataprivacy/projects/dialectics/index.html. Accessed 26 Aug 2015
  8. 8.
    Ozment, A.: Software security growth modeling: examining vulnerabilities with reliability growth models. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds.) Quality of Protection. Advances in Information Security, vol. 23, pp. 25–36. Springer, Boston (2006).  https://doi.org/10.1007/978-0-387-36584-8_3CrossRefGoogle Scholar
  9. 9.
    Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy, pp. 273–284 (2002)Google Scholar
  10. 10.
    Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. In: Security and Communication Networks, vol. 5(8), pp. 929–943, John Riley & Sons (2012)Google Scholar
  11. 11.
    Vishik, C., Balduccini, M.: Making sense of future cybersecurity technologies: using ontologies for multidisciplinary domain analysis. ISSE 2015, pp. 135–145. Springer, Wiesbaden (2015).  https://doi.org/10.1007/978-3-658-10934-9_12CrossRefGoogle Scholar
  12. 12.
    Mylopoulos, J., Jarke, M., Koubarakis, M.: Telos – a language for representing knowledge about information systems. ACM Trans. Inf. Syst. 8(4), 327–362 (1990)CrossRefGoogle Scholar
  13. 13.
    Herzog, A., Shahmehri, N., Duma, C.: An ontology of information security. Int. J. Inf. Secur. 1(4), 1–23 (2007)CrossRefGoogle Scholar
  14. 14.
    Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: ASIACCS 2009, pp. 183–194 (2009)Google Scholar
  15. 15.
    Mouratidis, H., Giorgini, P., Manson, G.: An ontology for modelling security: the tropos approach. In: Palade, V., Howlett, Robert J., Jain, L. (eds.) KES 2003. LNCS (LNAI), vol. 2773, pp. 1387–1394. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45224-9_187CrossRefGoogle Scholar
  16. 16.
    Massacci, F., Mylopoulos, J., Paci, F., Tun, T.T., Yu, Y.: An extended ontology for security requirements. In: Salinesi, C., Pastor, O. (eds.) CAiSE 2011. LNBIP, vol. 83, pp. 622–636. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22056-2_64CrossRefGoogle Scholar
  17. 17.
    Nakamoto, S.: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf
  18. 18.
    Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)CrossRefGoogle Scholar
  19. 19.
    Lundbaek, L., Beutel, D., Huth, M., Kirk, L., Jackson, S.: Proof of kernel work: a resilient & scalable blockchain consensus algorithm for dynamic low-energy networks. xain.io/assets/downloads/XAIN_Yellowpaper_PoKW_Version_1.3.pdf
  20. 20.
    Schneider, F.B., Mulligan, D.: Doctrine for cybersecurity. Daedalus 140, 70–92 (2011). FallGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Imperial College LondonLondonUK
  2. 2.Intel CorporationSanta ClaraUSA

Personalised recommendations