repository
Self-Adaptive Security Requirements Engineering for Blockchain-Based Cloud Platform
- Author(s)
- IRISH SINGH
- Alternative Author(s)
- SINGH IRISH
- Advisor
- Seok-Won Lee
- Department
- 일반대학원 컴퓨터공학과
- Publisher
- The Graduate School, Ajou University
- Publication Year
- 2022-08
- Language
- eng
- Keyword
- SLA; attacks; blockchain; cloud; healthcare; banking; intelligent transportation system; security; smart contract; threat model; self-adaptation; vulnerabilities; goal model
- Alternative Abstract
- Several security vulnerabilities have been reported in the current state of blockchain-based cloud systems. One of these is the lack of a standard design process for developing secure smart contracts (SC). Also, the security mechanisms in the system are not designed to continuously evolve to address evolving adversary attacks. These issues prevent the BBC from taking effective decisions when faced with an attack. The goal of this study is to build a self-adaptive security framework that will allow the BBC to take effective decisions when faced with evolving adversary attacks. This framework is built on the principles of the software development lifecycle, which is designed to model secure SC. The system uses the multi-model adaptation loop to make decisions based on the threat models and the service level agreement, which are used to identify and mitigate threats. Through the validation of the proposed methodology, we were able to demonstrate the validity of the research questions and the hypothesis. We then compare the proposed approach with the security quality requirements engineering approach known as SQUARE. The results of the study revealed that the proposed approach performed better than the SQUARE approach in terms of various parameters such as the quality of artifacts, the time it took to respond to security threats, and the complexity of the system. The proposed methodology can be used by SC security developers to quickly develop and implement secure contracts. They can also take advantage of the flexibility of the framework to adapt it to their needs. The key contribution of this study are as follows: 1) Comparatively Analyze the feasibility of Blockchain for secure cloud 2) Propose a Blockchain based cloud (BBC) framework to enhance the security and trust of the data stored in the Cloud, make Service Level Agreements (SLA) transparent and open to all users, and maintain the confidentiality and integrity of the data 3) Propose RE_BBC: Requirements Engineering process for Service Level Agreements in BBC, where we used RE modelling to build SC to perform actions of third-party providers in the cloud, such as to develop SLA and to provision SLA for services and security functionalities to the users. 4) The proposed SRE_BBC Process is a self-adaptive security requirements engineering (SRE) approach to address the security vulnerabilities in the BBC's Smart Contracts using a combination of threat model, goal model, and MAPE-BBC process. This approach can be used to provide secure implementations of the contracts based on the Service Level Agreement (SLA). 5) To provide a secure and resilient framework, we need to develop formalisms that are designed to provide a self-adaptive approach to contract language. So, we propose the Adaptive Secure Business Contract Language (AS_BCL) and Adaptive Secure Formal Contract Language (AS_FCL). 6) We statistically prove the research questions and hypotheses using the t-test [11] and Mann–Whitney U test [12]. 7) The proposed SRE_BBC approach is compared with the state-of-the-art Security Quality Requirements Engineering approach (SQUARE) method [13] to evaluate various parameters such as quality of artifacts and self-adaptive security evaluation quality, efficiency, complexity, and usability based on statistical tests. 8) We applied our proposed approach to three case studies, including Healthcare Data Management Blockchain-Based Cloud (HDM_BBC) case study, Banking Blockchain-Based Cloud (B_BBC), and Intelligent Transportation system Blockchain-Based Cloud (ITS_BBC). 9) Six subject matter experts from the software engineering field are involved in this study to validate our research study. They have extensive experience in analyzing security concepts such as blockchain, cloud computing, and SC. The proposed approach SRE_BBC is novel and necessary because as of now, there is no design standard that follows RE principles to model secure smart contracts for the BBC system. As a result, the development quality is not assured, and several security issues, and privacy leakage plague the development of smart contracts for BBC applications. The SRE-_BBC process responds to the many of these challenges of the BBC and determines a novel direction to provide secure and quality development of blockchain-based applications. The SRE_BBC process aims to reach a complete understanding of the problems in BBC systems and to have a quality set of security requirements for a meaningful SLA process that is sufficient for building secure BBC systems and is satisfied by customers. Smart contract development has a lot of potential as the Smart contract market size is to reach USD 345.4 million by 2026 from USD 106.7 Million in 2019 at a Compound Annual Growth Rate of 18.1% and there is increasing adoption of more than 50 industries that smart contract development could transform. Some of them are banking, healthcare, government, management, supply chain, automobile, real estate, insurance, etc. Our SRE_BBC process can provide secure and quality development services to the above industries. Keywords: security; attacks; vulnerabilities; goal model; threat model; self-adaptation; Service Level Agreement; smart contract; blockchain; cloud; healthcare; banking; intelligent transportation system.
- Fulltext
- Appears in Collections:
- Graduate School of Ajou University > Department of Computer Engineering > 4. Theses(Ph.D)
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
-
- License
- STATISTICS
- Total Visit :3,765,145
- Total Download :1,819
- Today View :1,646
