A Standard-Driven Framework for BlockchainSecurity Risk Assessment

This paper addresses the security challanges faced by the adoption of blockchaintechnology. It presents a comprehensive framework designed to assess securityrisks within blockchain-based applications. This framework leverages a novelapproach based on threat modeling methodology and industry standards. Itbegins with threat intelligence analysis, which involves gathering and analyzinginformation about emergent threats in blockchain landscape. Then, conduct athreat modeling to identify, assess, and mitigate potential vulnerabilities in ablockchain system. Based on the system’s high-level design, potential vulnerabilities are identified. The STRIDE model is used to classify identified attackvectors on the system. After that, these vectors are mapped to the MITREATT&CK framework and rated using the DREAD/CVSS models. Finally, several countermeasures and mitigations are suggested and mapped to the NISTSP 800-53 Rev 5 list to mitigate the identified attack vectors. The proposedmethodology is applied to decentralized exchange (DEX) and supply chain usecases, demonstrating its effectiveness in identifying, assessing, and mitigatingsecurity challenges unique to these systems. The proposed approach in this workis a fully indexed, scalable, adjustable, and exploitable framework for blockchainsecurity risk assessment. Ultimately, it serves as a valuable resource for securityprofessionals and system architects seeking to adopt threat modeling practicesfor developing secure-by-design blockchain systems.