On the Applicability of Security and Privacy Threat Modeling for Blockchain Applications

  • Dimitri Van LanduytEmail author
  • Laurens Sion
  • Emiel Vandeloo
  • Wouter Joosen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11980)


Elicitative threat modeling approaches such as Microsoft STRIDE and LINDDUN for respectively security and privacy use Data Flow Diagrams (DFDs) to model the system under analysis. Distinguishing between external entities, processes, data stores and data flows, these system models are particularly suited for modeling centralized, traditional multi-tiered system architectures.

This raises the question whether these approaches are also suited for inherently decentralized architectures such as distributed ledgers or blockchains, in which the processing, storage, and control flow is shared among many equal participants.

To answer this question, we perform an in-depth analysis of the compatibility between blockchain security and privacy threat types documented in literature and these threat modeling approaches. Our findings identify areas for future improvement of elicitative threat modeling approaches.


Threat modeling STRIDE LINDDUN Blockchain 



This research is partially funded by the Research Fund KU Leuven and the imec-ICON BOSS research project.


  1. 1.
    Almashaqbeh, G., Bishop, A., Cappos, J.: ABC: a cryptocurrency-focused threat modeling framework. arXiv preprint arXiv:1903.03422 (2019)
  2. 2.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). Scholar
  3. 3.
    Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in Bitcoin P2P network. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 15–29. ACM (2014)Google Scholar
  4. 4.
    Biryukov, A., Pustogarov, I.: Bitcoin over Tor isn’t a good idea. In: 2015 IEEE Symposium on Security and Privacy, pp. 122–134. IEEE (2015)Google Scholar
  5. 5.
    Carson, B., Romanelli, G., Walsh, P., Zhumaev, A.: Blockchain beyond the hype: what is the strategic business value. McKinsey & Company (2018)Google Scholar
  6. 6.
    Conti, M., Kumar, E.S., Lal, C., Ruj, S.: A survey on security and privacy issues of Bitcoin. IEEE Commun. Surv. Tutorials 20(4), 3416–3452 (2018)CrossRefGoogle Scholar
  7. 7.
    Courtois, N.T., Bahack, L.: On subversive miner strategies and block withholding attack in Bitcoin digital currency. arXiv preprint arXiv:1402.1718 (2014)
  8. 8.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)CrossRefGoogle Scholar
  9. 9.
    DuPont, J., Squicciarini, A.C.: Toward de-anonymizing Bitcoin by mapping users location. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 139–141. ACM (2015)Google Scholar
  10. 10.
    Eskandari, S., Clark, J., Barrera, D., Stobert, E.: A first look at the usability of Bitcoin key management. arXiv preprint arXiv:1802.04351 (2018)
  11. 11.
    Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. Commun. ACM 61(7), 95–102 (2018)CrossRefGoogle Scholar
  12. 12.
    Finney, H.: Best practice for fast transaction acceptance-how high is the risk (2011)Google Scholar
  13. 13.
    Gervais, A., Capkun, S., Karame, G.O., Gruber, D.: On the privacy provisions of bloom filters in lightweight Bitcoin clients. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 326–335. ACM (2014)Google Scholar
  14. 14.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium (2015)Google Scholar
  15. 15.
    Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)Google Scholar
  16. 16.
    Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in Bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). Scholar
  17. 17.
    Kwon, Y., Kim, D., Son, Y., Vasserman, E., Kim, Y.: Be selfish and avoid dilemmas: fork after withholding (FAW) attacks on Bitcoin. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM (2017)Google Scholar
  18. 18.
    Meiklejohn, S., et al.: A fistful of Bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 127–140. ACM (2013)Google Scholar
  19. 19.
    Microsoft Corporation: Microsoft Threat Modeling Tool 2016 (2016).
  20. 20.
    Nakamoto, S., et al.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  21. 21.
    Nick, J.D.: Data-driven de-anonymization in Bitcoin. Master’s thesis, ETH-Zürich (2015)Google Scholar
  22. 22.
    Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks, pp. 197–223. Springer, New York (2013). Scholar
  23. 23.
    Rosenfeld, M.: Analysis of bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980 (2011)
  24. 24.
    Shevchenko, N., Chick, T.A., O’Riordan, P., Scanlon, T.P., Woody, C.: Threat modeling: a summary of available methods (2018)Google Scholar
  25. 25.
    Shostack, A.: Threat Modeling: Designing for Security. Wiley Publishing, Indianapolis (2014)Google Scholar
  26. 26.
    Sion, L., Van Landuyt, D., Yskout, K., Joosen, W.: SPARTA: security & privacy architecture through risk-driven threat assessment. IEEE (2018)Google Scholar
  27. 27.
    Sion, L., Wuyts, K., Yskout, K., Van Landuyt, D., Joosen, W.: Interaction-based privacy threat elicitation. In: International Workshop on Privacy Engineering (2018)Google Scholar
  28. 28.
    Sion, L., Yskout, K., Van Landuyt, D., Joosen, W.: Solution-aware data flow diagrams for security threat modelling. In: SAC 2018: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 1425–1432, April 2018.
  29. 29.
    Tuma, K., Calikli, G., Scandariato, R.: Threat analysis of software systems: a systematic literature review. J. Syst. Softw. 144, 275–294 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Dimitri Van Landuyt
    • 1
    Email author
  • Laurens Sion
    • 1
  • Emiel Vandeloo
    • 1
  • Wouter Joosen
    • 1
  1. 1.imec-DistriNet, KU LeuvenLeuvenBelgium

Personalised recommendations