Security risk management (SRM) is crucial for protecting valuable assets from malicious harm. While blockchain technology has been proposed to mitigate security threats in traditional applications, it is not a perfect solution, and its security threats must be managed. This paper addresses the research problem of having no unified and formal knowledge models to support the SRM of traditional applications using blockchain and the SRM of blockchain-based applications. In accordance with this, we present a blockchain-based reference model (BbRM) and an ontology driven reference framework (OntReF) for the SRM of traditional and blockchain-based applications. The BbRM consolidates security threats of traditional and blockchain-based applications, structured following the SRM domain model and offers guidance for creating the OntReF using the domain model. OntReF is grounded on unified foundational ontology (UFO) and provides semantic interoperability and supporting the dynamic knowledge representation and instantiation of information security knowledge for the SRM. Our evaluation approaches demonstrate that OntReF is practical to use.
Read full abstract