Risk Engineering and Blockchain: Anticipating and Mitigating Risks

  • Michael HuthEmail author
  • Claire Vishik
  • Riccardo Masucci
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 339)


Complex systems require an integrated approach to risks. In this paper, we describe risk engineering, a methodology to incorporate risks at the planning and design stage for complex systems, and introduce some of its components. We examine, at a high level, how risk engineering can help improve the risk picture for blockchain technologies and their applications and outline challenges and benefits of this approach.


Risk engineering Blockchain Ontology Reasoning Integrated risk analysis 


  1. 1.
  2. 2.
    Software Engineering Institute (SEI): Carnegie Mellon University, Architecture Tradeoff Analysis Method (2015).
  3. 3.
    Katsumata, P., Hemenway, J., Gavins, W.: Cybersecurity risk management. In: Military Communications Conference, 2010-MILCOM 2010. IEEE (2010)Google Scholar
  4. 4.
    Cyber-Physical Systems Public Working Group: Framework for Cyber-Physical Systems. Release 0.8. DRAFT, September 2015Google Scholar
  5. 5.
    Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Rel. Eng. Sys. Safety 110, 110–126 (2013)CrossRefGoogle Scholar
  6. 6.
    International Atomic Energy Agency (IAEA): International nuclear safety group (INSAG), Defence in depth in nuclear safety, INSAG-10, STI/PUB/1013 (1996)Google Scholar
  7. 7.
    Sweeney, L.: Technology Dialectics: Constructing Provably Appropriate Technology. Data Privacy Lab, Fall (2006). Accessed 26 Aug 2015
  8. 8.
    Ozment, A.: Software security growth modeling: examining vulnerabilities with reliability growth models. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds.) Quality of Protection. Advances in Information Security, vol. 23, pp. 25–36. Springer, Boston (2006). Scholar
  9. 9.
    Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy, pp. 273–284 (2002)Google Scholar
  10. 10.
    Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. In: Security and Communication Networks, vol. 5(8), pp. 929–943, John Riley & Sons (2012)Google Scholar
  11. 11.
    Vishik, C., Balduccini, M.: Making sense of future cybersecurity technologies: using ontologies for multidisciplinary domain analysis. ISSE 2015, pp. 135–145. Springer, Wiesbaden (2015). Scholar
  12. 12.
    Mylopoulos, J., Jarke, M., Koubarakis, M.: Telos – a language for representing knowledge about information systems. ACM Trans. Inf. Syst. 8(4), 327–362 (1990)CrossRefGoogle Scholar
  13. 13.
    Herzog, A., Shahmehri, N., Duma, C.: An ontology of information security. Int. J. Inf. Secur. 1(4), 1–23 (2007)CrossRefGoogle Scholar
  14. 14.
    Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: ASIACCS 2009, pp. 183–194 (2009)Google Scholar
  15. 15.
    Mouratidis, H., Giorgini, P., Manson, G.: An ontology for modelling security: the tropos approach. In: Palade, V., Howlett, Robert J., Jain, L. (eds.) KES 2003. LNCS (LNAI), vol. 2773, pp. 1387–1394. Springer, Heidelberg (2003). Scholar
  16. 16.
    Massacci, F., Mylopoulos, J., Paci, F., Tun, T.T., Yu, Y.: An extended ontology for security requirements. In: Salinesi, C., Pastor, O. (eds.) CAiSE 2011. LNBIP, vol. 83, pp. 622–636. Springer, Heidelberg (2011). Scholar
  17. 17.
    Nakamoto, S.: A Peer-to-Peer Electronic Cash System.
  18. 18.
    Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)CrossRefGoogle Scholar
  19. 19.
    Lundbaek, L., Beutel, D., Huth, M., Kirk, L., Jackson, S.: Proof of kernel work: a resilient & scalable blockchain consensus algorithm for dynamic low-energy networks.
  20. 20.
    Schneider, F.B., Mulligan, D.: Doctrine for cybersecurity. Daedalus 140, 70–92 (2011). FallGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Imperial College LondonLondonUK
  2. 2.Intel CorporationSanta ClaraUSA

Personalised recommendations