actor based risk analysis for blockchains in smart
play

Actor-based Risk Analysis for Blockchains in Smart Mobility Ranwa - PowerPoint PPT Presentation

Sep 28, 2022 •382 likes •575 views

Actor-based Risk Analysis for Blockchains in Smart Mobility Ranwa Al Mallah, Bilal Farooq Laboratory of Innovations in Transportation, Ryerson University, Toronto, Canada, CryBlock @ MobiCom 2020 September 25, 2020 Ranwa et al., 2020

  1. Actor-based Risk Analysis for Blockchains in Smart Mobility Ranwa Al Mallah, Bilal Farooq Laboratory of Innovations in Transportation, Ryerson University, Toronto, Canada, CryBlock @ MobiCom 2020 September 25, 2020 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 1 / 19

  2. Table of Contents Introduction 1 Methodology 2 Risk assessment of the BSMD 3 Outcomes 4 Conclusion and future work 5 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 2 / 19

  3. Table of Contents Introduction 1 Methodology 2 Risk assessment of the BSMD 3 Outcomes 4 Conclusion and future work 5 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 3 / 19

  4. Motivation Nowadays, transportation data are shared across multiple entities and stored in central servers. Multi-layered Blockchain framework for Smart Mobility Data-market (BSMD) was recently proposed to solve the privacy, security and management [1]. Security issues related to blockchain are critical in terms of cybersecurity. Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 4 / 19

  5. Related work Studies Methodology Drawbacks - Examination of security -Do not consider the risk Li et al., [2] risks/survey of attacks to as a function of probabil- popular blockchains. ity and impact. - Analyze related vulnerabil- - Real scope of the risk is ities exploited. not described. -Analyze security vulnerabil- -Don’t account for vari- Atzei et al., [3] ities of smart contracts. ous nature of threats. -Show a series of attacks. - Isolate analysis from a security programming. -Hierarchy of four layers. -Don’t quantify risk. Homoliak et al., [4] -Identified four threat -Generic architecture not agents and report vulnera- evaluated on realistic bilities at each layer. blockchain. Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 5 / 19

  6. Multi-layered Blockchain model for Smart Mobility Data-market (BSMD) Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 6 / 19

  7. Table of Contents Introduction 1 Methodology 2 Risk assessment of the BSMD 3 Outcomes 4 Conclusion and future work 5 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 7 / 19

  8. Methodology Definitions: ◮ Actor: Entity violates integrity/privacy/confidentiality to obtain a benefit. ◮ Attack goal: Final effect desired by actor with impact on victim. ◮ Scenario: Set of actions carried by actor to achieve his attack goal. ◮ Impact: Quantification of the attack goal’s effect on the victim. ◮ Vulnerability: A flaw that offers the opportunity to damage a system. Actor-based risk analysis: ◮ STEP 1: Identify potential actors. ◮ STEP 2: Determine the attack goals. ◮ STEP 3: Quantify the impact on the victim of such attack goals. Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 8 / 19

  9. Table of Contents Introduction 1 Methodology 2 Risk assessment of the BSMD 3 Outcomes 4 Conclusion and future work 5 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 9 / 19

  10. Actor-based risk analysis : Step 1 Identify potential actors: ◮ A1. Cybercriminals ◮ A2. Industrial spies ◮ A3. Foreign Intelligence Agencies ◮ A4. Terrorist groups ◮ A5. Insider threat Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 10 / 19

  11. Actor-based risk analysis : Step 2 Determine the attack goals: ◮ G1. Gain knowledge about the data-market ◮ G2. Access sensitive data on the nodes of the network ◮ G3. Manipulate and modify blockchain information ◮ G4. Sabotage activities ◮ G5. Induce participants in the blockchain network to make errors Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 11 / 19

  12. Actor-based risk analysis : Step 3 Impact types: Monetary, Privacy, Integrity, Trust. Impact levels Risk treatment 1. Minor Accept 2. Significant Accept 3. Severe Manage 4 . Catastrophic Refuse Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 12 / 19

  13. Actor-based risk analysis : Step 3 Impact on the victims by attack goal - Monetary (M), Privacy (P), Integrity (I) and Trust (T). Impact scale ranges from 1 to 4, with 4 being the most severe. Goal M P I T G 1 - Gain knowledge about the data-market 1 2 - 1 G 2 - Access sensitive data 2 3 - 2 G 3 - Manipulate and modify blockchain information 3 2 4 4 G 4 - Sabotage activities 3 - 2 3 G 5 - Induce participants to make errors 2 - 3 3 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 13 / 19

  14. Table of Contents Introduction 1 Methodology 2 Risk assessment of the BSMD 3 Outcomes 4 Conclusion and future work 5 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 14 / 19

  15. Outcomes In terms of monetary, privacy, integrity and trust, G3 represents a risk that is either unacceptable or undesirable. G1 results in an acceptable or negligible risk because the benefits that the system brings are greater than the potential risk. In terms of monetary impact, G2, G3, G4 and G5 represent a risk in terms of economic losses. In terms of privacy impact, G2 is the riskiest attack goal. In terms of integrity and trust, G3 and G5 have a catastrophic impact on the trust of the blockchain system. Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 15 / 19

  16. Table of Contents Introduction 1 Methodology 2 Risk assessment of the BSMD 3 Outcomes 4 Conclusion and future work 5 Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 16 / 19

  17. Conclusion and future work Actor-based risk analysis of a realistic blockchain for smart mobility data-markets showed impacts at four scales. Extend the analysis to a scenario-based risk assessment. Perform a combined risk assessment. Detection mechanisms specific for the data-market ecosystem should be designed. Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 17 / 19

  18. References [1] D. Lopez, B. Farooq, A multi-layered blockchain framework for smart mobility data-markets, in: Transportation Research Part C: Emerging Technologies, 2020, pp. 588-615. [2] X. Li, P. Jiang, T. Chen, X. Luo, Q. Wen, A survey on the security of blockchain systems, Future Generation Computer Systems (2017). [3] N. Atzei, M. Bartoletti, T. Cimoli, A survey of attacks on ethereum smart contracts (sok), in: International conference on principles of security and trust, Springer, 2017, pp. 164–186. [4] I. Homoliak, S. Venugopalan, Q. Hum, P. Szalachowski, A security reference architecture for blockchains, in: 2019 IEEE International Conference on Blockchain (Blockchain), IEEE, 2019, pp. 390–397. Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 18 / 19

  19. THANK YOU ranwa.almallah@ryerson.ca Ranwa et al., 2020 (LITrans, RU) Short Title September 25, 2020 19 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map

Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map

Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map of websites sexual relations Actor and Network analysis, WHY? Most problems cannot be solved by a single actor; Quality of analysis and

356 views • 12 slides
Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa

Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa

Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa Madhavan Mukund Chennai Mathematical Institute http:/ /www.cmi.ac.in/~madhavan Outline Introduction to blockchains Smart contracts

859 views • 37 slides
SmartChainDB: Towards Semantic Events on Blockchains for Smart Manufacturing Abhisha

SmartChainDB: Towards Semantic Events on Blockchains for Smart Manufacturing Abhisha

. . . . . . . . . . . . . . . . SmartChainDB: Towards Semantic Events on Blockchains for Smart Manufacturing Abhisha Bhattacharyya, Rahul Iyer, Kemafor Anyanwu October 26, 2019 NC State University . . . . . . . . . . .

212 views • 10 slides
PoW Experience Dr. Ghassan Karame NEC Laboratories Europe PoW-based Blockchains Pros:

PoW Experience Dr. Ghassan Karame NEC Laboratories Europe PoW-based Blockchains Pros:

Towards Secure and Scalable Permissionless Blockchains The PoW Experience Dr. Ghassan Karame NEC Laboratories Europe PoW-based Blockchains Pros: Open permissionless system. No need for identity management. Scales to millions

456 views • 28 slides
Blockchains, Smart Contracts (DApps), and Regulation A briefing from Coin Center Peter Van

Blockchains, Smart Contracts (DApps), and Regulation A briefing from Coin Center Peter Van

Blockchains, Smart Contracts (DApps), and Regulation A briefing from Coin Center Peter Van Valkenburgh Intro: What is Coin Center and what do we do? OUR SUPPORTERS What we do: Education Policy Research Advocacy Backgrounders Reports

830 views • 67 slides
Permissioned Blockchains - Who is the Controller? Permissioned Blockchains Re-centralization of

Permissioned Blockchains - Who is the Controller? Permissioned Blockchains Re-centralization of

Permissioned Blockchains - Who is the Controller? Permissioned Blockchains Re-centralization of Blockchain and its consequences for data protection agenda Controllers and the GDPR How do we apply a centralized regulation on a

382 views • 17 slides
Information Propagation on Blockchains: Analysis,Method and Evaluation

Information Propagation on Blockchains: Analysis,Method and Evaluation

Information Propagation on Blockchains: Analysis,Method and Evaluation - - 5120309578 Preface Blockchain is a distributed system node that

229 views • 18 slides
Integrated Actor and Needs Analysis Yasar A. Adanali Group

Integrated Actor and Needs Analysis Yasar A. Adanali Group

Integrated Actor and Needs Analysis Yasar A. Adanali Group presenta7ons The task SWOT analysis Group A: Pia, Muna, jula, Manal, Insaf

593 views • 25 slides
Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Analysis Biosafety Risk assessment, Risk Risk analysis encom passes Management & risk risk assessm ent, risk communication m anagem ent, and risk com m unication. Ephy Khaemba International Livestock Research Institute

506 views • 11 slides
Blockchains Beyond Bitcoin: Notations Towards Optimal Level of Analysis of the Problem Let Us

Blockchains Beyond Bitcoin: Notations Towards Optimal Level of Analysis of the Problem Let Us

How Financial . . . Limitations of the . . . Blockchain as an . . . Formulation of the . . . Blockchains Beyond Bitcoin: Notations Towards Optimal Level of Analysis of the Problem Let Us Find the . . . Decentralization in Storing

298 views • 14 slides
ORCA: Ownership and Reference Counting based Garbage Collection in the Actor World

ORCA: Ownership and Reference Counting based Garbage Collection in the Actor World

ORCA: Ownership and Reference Counting based Garbage Collection in the Actor World Sylvan Clebsch, Sebastian Blessing, Juliana Franco, Sophia Drossopoulou Motivation Motivation - 2 ORCA - idea The actor which created an

633 views • 34 slides
An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I Master of

An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I Master of

An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I Master of System and Network Engineering Informatics Institute, University of Amsterdam Peter Bennink Lennart van Gijtenbeek Supervisors: Oskar van Deventer

644 views • 23 slides
Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic analysis for Bitcoin and derived Transaction clustering using network traffic blockchains analysis for Bitcoin and derived blockchains Biryukov, Tikhomirov Introduction Network privacy Alex

491 views • 30 slides
The application of risk assessment in food safety control in Risk Risk Assessment Management

The application of risk assessment in food safety control in Risk Risk Assessment Management

Risk Analysis Framework The application of risk assessment in food safety control in Risk Risk Assessment Management mainland China Science based Policy based Junshi Chen, M.D. Risk Communication I nstitute of Nutrition

442 views • 6 slides
Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A diagnosis coding methodology utilized in risk adjustment models to adjust cost for all patients within a health plan or group Risk

385 views • 23 slides
Building an Experience Factory for a Model-based Risk Analysis Framework Chingwoei Gan, Eric

Building an Experience Factory for a Model-based Risk Analysis Framework Chingwoei Gan, Eric

Building an Experience Factory for a Model-based Risk Analysis Framework Chingwoei Gan, Eric Scharf Department of Electronic Engineering Queen Mary, University of London United Kingdom Agenda Introduction to Risk Analysis Definitions

443 views • 9 slides
Teaching computer science to K-8 students at risk for academic failure: Research findings and

Teaching computer science to K-8 students at risk for academic failure: Research findings and

Teaching computer science to K-8 students at risk for academic failure: Research findings and implica;ons for prac;ce Maya Israel misrael@illinois.edu @misrael09 Roadmap What is K-12 Computer Science (CS) for All in the U.S. ?

543 views • 50 slides
Uncertainty ECON 420: Game Theory Spring 2018 Announcements Homework 3 on Canvas Due

Uncertainty ECON 420: Game Theory Spring 2018 Announcements Homework 3 on Canvas Due

Uncertainty ECON 420: Game Theory Spring 2018 Announcements Homework 3 on Canvas Due Monday, May 21 Reading: Chapter 8 Uncertainty So far: Strategic uncertainty Some players unaware of the actions of other players

682 views • 26 slides
Are Information Security professionals rational decision-makers? . Konstantinos Mersinas

Are Information Security professionals rational decision-makers? . Konstantinos Mersinas

Motivation Approach Design Findings Conclusions Future Work Thank you Are Information Security professionals rational decision-makers? . Konstantinos Mersinas Distance Learning Weekend Conference 2015 Royal Holloway, University of

656 views • 29 slides
ECE 4524 Artificial Intelligence and Engineering Applications Lecture 21: Decisions and Utility

ECE 4524 Artificial Intelligence and Engineering Applications Lecture 21: Decisions and Utility

ECE 4524 Artificial Intelligence and Engineering Applications Lecture 21: Decisions and Utility Reading: AIAMA 16.1-16.3 Todays Schedule: Introduction to Decision Theory - Maximum Expected Utility Utility Functions Examples

220 views • 11 slides
Launching an ERM Program Shobna Varma Launching Enterprise Risk Management in Your Agency NCHRP

Launching an ERM Program Shobna Varma Launching Enterprise Risk Management in Your Agency NCHRP

Launching an ERM Program Shobna Varma Launching Enterprise Risk Management in Your Agency NCHRP 20-14 (105) Three Essential Elements Policy provides organizational endorsement Tools give staff the means to identify and

191 views • 5 slides
Introduction GIS and RS for Introduction GIS and RS for risk assessment risk assessment Cees

Introduction GIS and RS for Introduction GIS and RS for risk assessment risk assessment Cees

International Institute for Geo-Information Science and Earth Observation (ITC) Introduction GIS and RS for Introduction GIS and RS for risk assessment risk assessment Cees van Westen & Mark van der Meijde Department Earth Systems

791 views • 66 slides
Opportunity Risk Management The pessimist sees difficulty in every opportunity. The optimist

Opportunity Risk Management The pessimist sees difficulty in every opportunity. The optimist

Opportunity Risk Management The pessimist sees difficulty in every opportunity. The optimist sees the opportunity in every difficulty Winston Churchill The Risk Management Team Team Manager Angela Beechey (ALARM Risk Manager of the

207 views • 18 slides
Eigenvalues and Eigenvectors Few concepts to remember from linear algebra Let be an

Eigenvalues and Eigenvectors Few concepts to remember from linear algebra Let be an

Eigenvalues and Eigenvectors Few concepts to remember from linear algebra Let be an matrix and the linear transformation = Rank: maximum number of linearly independent

524 views • 34 slides

More recommend