ABC: A Cryptocurrency-Focused Threat Modeling Framework
This addresses security concerns for cryptocurrency systems and related distributed technologies, offering a novel approach but with incremental improvements over existing methods.
The authors tackled the problem of security threats in cryptocurrencies by proposing ABC, a threat modeling framework that uses collusion matrices and system-specific threat categories, resulting in 71% of users identifying financial security threats compared to 13% with STRIDE.
Cryptocurrencies are an emerging economic force, but there are concerns about their security. This is due, in part, to complex collusion cases and new threat vectors that could be missed by conventional security assessment strategies. To address these issues, we propose ABC, an Asset-Based Cryptocurrency-focused threat modeling framework capable of identifying such risks. ABC's key innovation is the use of collusion matrices. A collusion matrix forces a threat model to cover a large space of threat cases while simultaneously manages this process to prevent it from being overly complex. Moreover, ABC derives a system-specific threat categories that account for the financial aspects and the new asset types that cryptocurrencies introduce. We demonstrate that ABC is effective by conducting a user study and by presenting real-world use cases. The user study showed that around 71$\%$ of those who used ABC were able to identify financial security threats, as compared to only 13$\%$ of participants who used the popular framework STRIDE. The use cases further attest to the usefulness of ABC's tools for both cryptocurrency-based systems, as well as a cloud native security technology. This shows the potential of ABC as an effective security assessment technique for various types of large-scale distributed systems.