A Standard-Driven Framework for BlockchainSecurity Risk Assessment

A Standard-Driven Framework for BlockchainSecurity Risk Assessment | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article A Standard-Driven Framework for BlockchainSecurity Risk Assessment Maher Boughdiri, Mohamed Hkima, Takoua ABDELATIF, Chirine GHEDIRA GUEGAN This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6194972/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 01 Jul, 2025 Read the published version in Peer-to-Peer Networking and Applications → Version 1 posted 10 You are reading this latest preprint version Abstract This paper addresses the security challanges faced by the adoption of blockchaintechnology. It presents a comprehensive framework designed to assess securityrisks within blockchain-based applications. This framework leverages a novelapproach based on threat modeling methodology and industry standards. Itbegins with threat intelligence analysis, which involves gathering and analyzinginformation about emergent threats in blockchain landscape. Then, conduct athreat modeling to identify, assess, and mitigate potential vulnerabilities in ablockchain system. Based on the system’s high-level design, potential vulnerabilities are identified. The STRIDE model is used to classify identified attackvectors on the system. After that, these vectors are mapped to the MITREATT&CK framework and rated using the DREAD/CVSS models. Finally, several countermeasures and mitigations are suggested and mapped to the NISTSP 800-53 Rev 5 list to mitigate the identified attack vectors. The proposedmethodology is applied to decentralized exchange (DEX) and supply chain usecases, demonstrating its effectiveness in identifying, assessing, and mitigatingsecurity challenges unique to these systems. The proposed approach in this workis a fully indexed, scalable, adjustable, and exploitable framework for blockchainsecurity risk assessment. Ultimately, it serves as a valuable resource for securityprofessionals and system architects seeking to adopt threat modeling practicesfor developing secure-by-design blockchain systems. Blockchain Threat modeling STRIDE MITRE ATT&CK DREAD NIST Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 01 Jul, 2025 Read the published version in Peer-to-Peer Networking and Applications → Version 1 posted Editorial decision: Revision requested 14 Apr, 2025 Reviews received at journal 12 Apr, 2025 Reviews received at journal 05 Apr, 2025 Reviewers agreed at journal 24 Mar, 2025 Reviewers agreed at journal 16 Mar, 2025 Reviewers agreed at journal 15 Mar, 2025 Reviewers invited by journal 14 Mar, 2025 Editor assigned by journal 12 Mar, 2025 Submission checks completed at journal 12 Mar, 2025 First submitted to journal 10 Mar, 2025 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-6194972","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":429256289,"identity":"100ffc8d-34ce-435d-9731-942ec9daacb4","order_by":0,"name":"Maher Boughdiri","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABFUlEQVRIie3RsUrDQBjA8U8OMp3NekFIX+ELgZgu9lVSMnRJdS1Y6rkrXRX7CkIfwOFCoF1Osp6QwSJkCoKbbqZpxSiJXR3uD9/dcPzguAPQ6f5hKOhmE+VQYAEwey/p/SYuANmdGc2k/4OU64DvI97qMX4ZQ2Zjeh+r9YM/nB3NBKGTkzPoXotGIk9DR0LuonoN/SBno9t5AoQuwx43OkEjEZFncUgGCyU9Fgg2WqgQyCEnCAbFJoJpcfxRJ8P+lly0ExV5BxVJryoSIKtI8gcpXItj7lqKun5JnJsswXi+XKFhRC0Xi5w3Ps7sTiqdp3cx7Zp3l+vnYnKOJpGNZAfLYV/Pw7bf1PYttUzxTXQ6nU5X7xPdomLI1Gb5XAAAAABJRU5ErkJggg==","orcid":"","institution":"SERCOM Laboratory, University of Carthage, Carthage, 1054, Tunisia.","correspondingAuthor":true,"prefix":"","firstName":"Maher","middleName":"","lastName":"Boughdiri","suffix":""},{"id":429256290,"identity":"2a033455-1ff8-43bf-9726-19b8a2af3996","order_by":1,"name":"Mohamed Hkima","email":"","orcid":"","institution":"SERCOM Laboratory, University of Carthage, Carthage, 1054, Tunisia.","correspondingAuthor":false,"prefix":"","firstName":"Mohamed","middleName":"","lastName":"Hkima","suffix":""},{"id":429256291,"identity":"b5947ce5-bbdc-4f3e-9fdf-25ee0c090250","order_by":2,"name":"Takoua ABDELATIF","email":"","orcid":"","institution":"SERCOM Laboratory, University of Carthage, Carthage, 1054, Tunisia.","correspondingAuthor":false,"prefix":"","firstName":"Takoua","middleName":"","lastName":"ABDELATIF","suffix":""},{"id":429256292,"identity":"fbd52938-a223-4522-8e7d-68afa9b98d8f","order_by":3,"name":"Chirine GHEDIRA GUEGAN","email":"","orcid":"","institution":"Univ Lyon, Université Jean Moulin Lyon 3, iaelyon school of Management, CNRS, INSA Lyon, UCBL, LIRIS, UMR5205, France.","correspondingAuthor":false,"prefix":"","firstName":"Chirine","middleName":"GHEDIRA","lastName":"GUEGAN","suffix":""}],"badges":[],"createdAt":"2025-03-10 11:23:28","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-6194972/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-6194972/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1007/s12083-025-02042-4","type":"published","date":"2025-07-01T15:58:42+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":86180025,"identity":"e4440561-41dc-414f-b171-16a9c403ab3f","added_by":"auto","created_at":"2025-07-07 16:20:54","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1269921,"visible":true,"origin":"","legend":"","description":"","filename":"TMSpaper.pdf","url":"https://assets-eu.researchsquare.com/files/rs-6194972/v1_covered_26266539-192c-495f-be73-78cfd6b61982.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"A Standard-Driven Framework for BlockchainSecurity Risk Assessment","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"peer-to-peer-networking-and-applications","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ppna","sideBox":"Learn more about [Peer-to-Peer Networking and Applications](http://link.springer.com/journal/12083)","snPcode":"12083","submissionUrl":"https://submission.nature.com/new-submission/12083/3","title":"Peer-to-Peer Networking and Applications","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"Blockchain, Threat modeling, STRIDE, MITRE ATT\u0026CK, DREAD, NIST","lastPublishedDoi":"10.21203/rs.3.rs-6194972/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-6194972/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"This paper addresses the security challanges faced by the adoption of blockchaintechnology. It presents a comprehensive framework designed to assess securityrisks within blockchain-based applications. This framework leverages a novelapproach based on threat modeling methodology and industry standards. Itbegins with threat intelligence analysis, which involves gathering and analyzinginformation about emergent threats in blockchain landscape. Then, conduct athreat modeling to identify, assess, and mitigate potential vulnerabilities in ablockchain system. Based on the system’s high-level design, potential vulnerabilities are identified. The STRIDE model is used to classify identified attackvectors on the system. After that, these vectors are mapped to the MITREATT\u0026CK framework and rated using the DREAD/CVSS models. Finally, several countermeasures and mitigations are suggested and mapped to the NISTSP 800-53 Rev 5 list to mitigate the identified attack vectors. The proposedmethodology is applied to decentralized exchange (DEX) and supply chain usecases, demonstrating its effectiveness in identifying, assessing, and mitigatingsecurity challenges unique to these systems. The proposed approach in this workis a fully indexed, scalable, adjustable, and exploitable framework for blockchainsecurity risk assessment. Ultimately, it serves as a valuable resource for securityprofessionals and system architects seeking to adopt threat modeling practicesfor developing secure-by-design blockchain systems.","manuscriptTitle":"A Standard-Driven Framework for BlockchainSecurity Risk Assessment","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-03-17 04:56:45","doi":"10.21203/rs.3.rs-6194972/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2025-04-15T03:38:20+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-04-12T13:48:44+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-04-05T20:17:30+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"109321966795590691630922688783167046588","date":"2025-03-24T14:36:25+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"319394373365115756191908367785615914430","date":"2025-03-17T02:22:51+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"76010785157952719896593005063655480137","date":"2025-03-15T16:56:25+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2025-03-14T23:40:39+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2025-03-13T02:56:14+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2025-03-13T01:22:43+00:00","index":"","fulltext":""},{"type":"submitted","content":"Peer-to-Peer Networking and Applications","date":"2025-03-10T11:11:38+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"peer-to-peer-networking-and-applications","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ppna","sideBox":"Learn more about [Peer-to-Peer Networking and Applications](http://link.springer.com/journal/12083)","snPcode":"12083","submissionUrl":"https://submission.nature.com/new-submission/12083/3","title":"Peer-to-Peer Networking and Applications","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"d71bf7b9-8858-4d75-af8d-e1d371ff0d7e","owner":[],"postedDate":"March 17th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2025-07-07T16:13:18+00:00","versionOfRecord":{"articleIdentity":"rs-6194972","link":"https://doi.org/10.1007/s12083-025-02042-4","journal":{"identity":"peer-to-peer-networking-and-applications","isVorOnly":false,"title":"Peer-to-Peer Networking and Applications"},"publishedOn":"2025-07-01 15:58:42","publishedOnDateReadable":"July 1st, 2025"},"versionCreatedAt":"2025-03-17 04:56:45","video":"","vorDoi":"10.1007/s12083-025-02042-4","vorDoiUrl":"https://doi.org/10.1007/s12083-025-02042-4","workflowStages":[]},"version":"v1","identity":"rs-6194972","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-6194972","identity":"rs-6194972","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}