KR102635720B1 - Method for threat modeling using blockchain technology - Google Patents

Abstract

According to an embodiment of the present disclosure, a threat modeling method performed by a first node constituting a blockchain network, comprising the steps of obtaining a task request containing data required to perform threat modeling through the blockchain network ; In response to the task request, generating a result of threat modeling performed based on the data; And transmitting the result of the threat modeling to the blockchain network so that evaluation information about the result and verification information about the evaluation information can be generated. The evaluation information includes, the blockchain network. In the constituting second node, it is generated through evaluation of the results obtained through the blockchain network based on predetermined evaluation criteria and transmitted to the blockchain network, and the verification information is transmitted to the blockchain network. In a third node constituting the, the evaluation information obtained through the blockchain network is generated through verification of the validity of the generation based on the predetermined evaluation criteria, and transmitted to the blockchain network, and When the validity of the generation of evaluation information is verified, it may be decided to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network.

Description

Threat modeling method using blockchain technology{METHOD FOR THREAT MODELING USING BLOCKCHAIN TECHNOLOGY}

This disclosure relates to a threat modeling method, and more specifically, to a threat modeling method using blockchain technology.

Due to the development of Information & Communication Technology (ICT), various cybersecurity threats are increasing. Therefore, serious financial losses or human casualties may occur due to security problems in information systems. Some of these security problems are caused by poor design. Most systems do not design security functions properly and rely on secure coding or mock hacking to implement security functions.

If security function requirements are derived from a system in which the security function was not properly designed and redesigned, the number of system vulnerabilities can be reduced. Therefore, a step to analyze security function requirements may be necessary early in the development of the system.

Threat modeling techniques can generally be used to derive security function requirements. Threat modeling can be a systematic security analysis method that identifies and lists assets under analysis, possible vulnerabilities, and potential threats, and prioritizes mitigation measures.

Threat modeling can produce the best results when experts from multiple fields work together rather than when an individual performs it alone. Therefore, it may be important to provide compensation through appropriate evaluation and verification to encourage experts in multiple domains to participate in threat modeling.

Republic of Korea Patent No. 10-0862187 (registered on October 1, 2008)

This disclosure was created in response to the above-described background technology and seeks to provide a threat modeling method using blockchain technology.

The technical problems of the present disclosure are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art from the description below.

According to some embodiments of the present disclosure to solve the above-mentioned problems, a threat modeling method performed by a first node constituting a blockchain network includes a task request containing data required for performing threat modeling. Obtaining through the blockchain network; In response to the task request, generating a result of threat modeling performed based on the data; And transmitting the result of the threat modeling to the blockchain network so that evaluation information about the result and verification information about the evaluation information can be generated. The evaluation information includes, the blockchain network. In the constituting second node, it is generated through evaluation of the results obtained through the blockchain network based on predetermined evaluation criteria and transmitted to the blockchain network, and the verification information is transmitted to the blockchain network. In a third node constituting the, the evaluation information obtained through the blockchain network is generated through verification of the validity of the generation based on the predetermined evaluation criteria, and transmitted to the blockchain network, and When the validity of the generation of evaluation information is verified, it may be decided to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network.

Alternatively, the data may include at least one of system model data including a data flow diagram (DFD) or architecture data.

Alternatively, the results of the threat modeling may be included in work information on creating a system model, work information on collection of attack libraries, work information on identification of threats, work information on creation of attack scenarios, and risk assessment. It may include at least one of work information related to work information and work information related to preparation of mitigation measures.

Alternatively, the evaluation information may include points calculated by evaluating each task information included in the result of the threat modeling.

Alternatively, the predetermined evaluation criteria may include, in the case of work information regarding the creation of the system model included in the output of the threat modeling, the level of the system model, whether objects of the system model are created, and the data flow of the system model. It can be based on whether it is written or not.

Alternatively, the predetermined evaluation criteria may include, in the case of operational information regarding the collection of attack libraries included in the output of the threat modeling, the common vulnerability scoring system score of the attack library and the It can be based on the place of use.

Alternatively, the predetermined evaluation criteria may be based on the degree of threat to the target in the case of operational information regarding the identification of threats included in the result of the threat modeling.

Alternatively, the predetermined evaluation criteria may be based on the number of each attack tree item and whether or not a valid attack scenario is created, in the case of work information related to the creation of an attack scenario included in the result of the threat modeling.

Alternatively, the predetermined evaluation criteria may be based on voting results of a plurality of nodes included in the blockchain network in the case of work information regarding risk assessment included in the result of the threat modeling.

Alternatively, the predetermined evaluation criteria may be based on the voting results of a plurality of nodes included in the blockchain network in the case of work information regarding the preparation of mitigation measures included in the result of the threat modeling.

According to several other embodiments of the present disclosure to solve the problems described above, a threat modeling method is performed by a second node constituting a blockchain network, and the result of threat modeling performed based on data is transmitted to the block. Obtaining through a chain network; Generating evaluation information through evaluation of the results based on predetermined evaluation criteria; And transmitting the evaluation information to the blockchain network so that verification information for the evaluation information can be generated, wherein the result of the threat modeling is, in a first node constituting the blockchain network, In response to a task request containing the data obtained through the blockchain network, generated through execution based on the data, and transmitted to the blockchain network, the verification information constitutes the blockchain network. In a third node, the evaluation information obtained through the blockchain network is generated through verification of the validity of the generation based on the predetermined evaluation criteria, and transmitted to the blockchain network, and the evaluation information is When the validity of creation is verified, it may be decided to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network.

According to several further embodiments of the present disclosure for solving the above-described problems, a threat modeling method performed by a third node constituting a blockchain network, based on predetermined evaluation criteria, results of threat modeling Obtaining evaluation information generated through evaluation of through the blockchain network; generating verification information through verification of the validity of the generation of the assessment information based on the predetermined evaluation criteria; and transmitting the verification information to the blockchain network, wherein the result of the threat modeling includes data obtained through the blockchain network at a first node constituting the blockchain network. In response to a request, the evaluation information is generated through execution based on the data and transmitted to the blockchain network, and the evaluation information is, at a second node constituting the blockchain network, based on the predetermined evaluation criteria. A smart contract ( It may be decided to pay compensation corresponding to the evaluation information to the first node through a smart contract.

This disclosure can smoothly perform threat modeling using blockchain technology.

The effects that can be obtained from the present disclosure are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description below. .

Various aspects will now be described with reference to the drawings, where like reference numerals are used to collectively refer to like elements. In the following examples, for purposes of explanation, numerous specific details are set forth to provide a comprehensive understanding of one or more aspects. However, it will be clear that such aspect(s) may be practiced without these specific details.
1 is a block diagram of a system for providing a threat modeling method using blockchain technology according to some embodiments of the present disclosure.
FIG. 2 is a diagram illustrating an architecture layer structure for performing threat modeling using blockchain technology according to some embodiments of the present disclosure.
Figure 3 is a flowchart showing a threat modeling method performed by a first node constituting a blockchain network according to some embodiments of the present disclosure.
Figure 4 is a flowchart showing a threat modeling method performed by a second node constituting a blockchain network according to some embodiments of the present disclosure.
Figure 5 is a flowchart showing a threat modeling method performed by a third node constituting a blockchain network according to some embodiments of the present disclosure.
Figure 6 is a flowchart of a threat modeling method using blockchain technology according to some embodiments of the present disclosure.
7 is a general schematic diagram of an example computing environment in which embodiments of the subject matter of the present disclosure may be implemented.

Various embodiments are now described with reference to the drawings. In this specification, various descriptions are presented to provide an understanding of the disclosure. However, it is clear that these embodiments may be practiced without these specific descriptions.

As used herein, the terms “component,” “module,” “system,” and the like refer to a computer-related entity, hardware, firmware, software, a combination of software and hardware, or an implementation of software. For example, a component may be, but is not limited to, a process running on a processor, a processor, an object, a thread of execution, a program, and/or a computer. For example, both an application running on a computing device and the computing device can be a component. One or more components may reside within a processor and/or thread of execution. A component may be localized within one computer. A component may be distributed between two or more computers. Additionally, these components can execute from various computer-readable media having various data structures stored thereon. Components can transmit signals, for example, with one or more data packets (e.g., data and/or signals from one component interacting with other components in a local system, a distributed system, to other systems and over a network such as the Internet). Depending on the data being transmitted, they may communicate through local and/or remote processes.

Additionally, the term “or” is intended to mean an inclusive “or” and not an exclusive “or.” That is, unless otherwise specified or clear from context, “X utilizes A or B” is intended to mean one of the natural implicit substitutions. That is, either X uses A; X uses B; Or, if X uses both A and B, “X uses A or B” can apply to either of these cases. Additionally, the term “and/or” as used herein should be understood to refer to and include all possible combinations of one or more of the related listed items.

Additionally, the terms “comprise” and/or “comprising” should be understood to mean that the corresponding feature and/or element is present. However, the terms “comprise” and/or “comprising” should be understood as not excluding the presence or addition of one or more other features, elements and/or groups thereof. Additionally, unless otherwise specified or the context is clear to indicate a singular form, the singular terms herein and in the claims should generally be construed to mean “one or more.”

And, the term “at least one of A or B” should be interpreted to mean “a case containing only A,” “a case containing only B,” and “a case of combining A and B.”

Those skilled in the art will additionally recognize that the various illustrative logical blocks, components, modules, circuits, means, logic, and algorithm steps described in connection with the embodiments disclosed herein may be implemented using electronic hardware, computer software, or a combination of both. It must be recognized that it can be implemented with To clearly illustrate the interchangeability of hardware and software, various illustrative components, blocks, configurations, means, logics, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented in hardware or software will depend on the specific application and design constraints imposed on the overall system. A skilled technician can implement the described functionality in a variety of ways for each specific application. However, such implementation decisions should not be construed as causing a departure from the scope of the present disclosure.

The description of the presented embodiments is provided to enable anyone skilled in the art to use or practice the present invention. Various modifications to these embodiments will be apparent to those skilled in the art. The general principles defined herein may be applied to other embodiments without departing from the scope of the disclosure. Therefore, the present invention is not limited to the embodiments presented herein. The present invention is to be interpreted in the broadest scope consistent with the principles and novel features presented herein.

In the present disclosure, terms represented by N, such as first, second, or third, are used to distinguish at least one entity. For example, the entities expressed as first and second may be the same or different from each other.

1 is a block diagram of a system for providing a threat modeling method using blockchain technology according to some embodiments of the present disclosure.

The configuration of the system for providing a threat modeling method using blockchain technology shown in Figure 1 is only a simplified example. In one embodiment of the present disclosure, a system for providing a threat modeling method using blockchain technology may include different configurations for providing a threat modeling method, and only some of the disclosed configurations may configure a computing device.

Referring to Figure 1, a system for providing a threat modeling method using blockchain technology includes a first node 100, a second node 200, a third node 300, a blockchain network 400, and/or It may include at least one of the communication networks 500. At least one of the first node 100, the second node 200, and/or the third node 300 may be a node constituting the blockchain network 400. For example, the first node 100, the second node 200, and the third node 300 may each be nodes constituting the blockchain network 400.

The first node 100 according to some embodiments of the present disclosure may be a node that participates in the blockchain network 400 to receive compensation. First node 100 may include any type of computer system or computer device, such as, for example, microprocessors, mainframe computers, digital processors, portable devices, and device controllers. However, it is not limited to this. The first node 100 may be a node constituting the blockchain network 400. There may be at least one first node 100, or it may be comprised of multiple nodes.

The first node 100 may include a processor 110, a memory 130, and a network unit 150. The processor 110 may be composed of one or more cores, and may include a central processing unit (CPU), a general purpose graphics processing unit (GPGPU), and a tensor processing unit (TPU) of a computing device. unit) may include a processor for data analysis. The processor 110 can typically control the overall operation of the first node 100. For example, the processor 110 may process signals, data information, etc. that are input or output through components included in the first node 100. For another example, the processor 110 may read a computer program stored in the memory 130 and perform data processing according to an embodiment of the present disclosure.

According to some embodiments of the present disclosure, the memory 130 may store any type of information generated or determined by the processor 110 and any type of information received by the network unit 150.

According to some embodiments of the present disclosure, the memory 130 may be a flash memory type, hard disk type, multimedia card micro type, or card type memory (e.g. (e.g. SD or Memory), magnetic memory, magnetic disk, and optical disk may include at least one type of storage medium. The first node 100 may operate in relation to web storage that performs a storage function of the memory 130 on the Internet. The description of the memory described above is merely an example, and the present disclosure is not limited thereto. The network unit 150 according to some embodiments of the present disclosure may include any wired or wireless communication network capable of transmitting and receiving arbitrary types of data and signals. The techniques described herein can be used in the networks mentioned above, as well as other networks.

The first node 100 may be a threat modeling performer node, which is a node that performs threat modeling. The processor 110 of the first node 100 may obtain a task request containing data required to perform threat modeling through the blockchain network 400.

Threat modeling may be a systematic security analysis method that identifies and lists at least one of the assets under analysis, possible vulnerabilities, and/or potential threats, and prioritizes mitigation measures.

The processor 110 may create a system model in the process of performing threat modeling. The system model may include drawings, 3D models, etc. including structure and configuration for system design. For example, the system model may include at least one of a data flow diagram (DFD), a process flow diagram, and/or a unified modeling language diagram. Accordingly, the processor 110 can create a data flow diagram based on major components through analysis of the structure of the system.

A data flow diagram may mean a schematic representation of the internal data flow of a system. A data flow diagram may be a diagram expressing at least one of detailed functions and/or relationships between detailed functions.

A process flow chart may be a drawing showing the entire process from raw materials to product completion. For example, the process flow diagram may include at least one of a drawing showing the movement relationship between materials and devices, a drawing showing materials for the process, heat balance, etc., and/or a drawing showing a piping relationship between devices.

A unified modeling language diagram may be a drawing that depicts system interaction, work flow, message passing between objects, system structure, component relationships, etc. using the unified modeling language (UML). For example, integrated modeling language diagrams include use case diagrams that depict interactions between the system and the outside during the requirements analysis process, activity diagrams that model the flow of work or express the life cycle of objects, and Sequence diagram, which analyzes message transfer between objects in time flow, collaboration diagram, which is a diagram centered on messages exchanged between objects, Class diagram, which depicts the structural appearance of the system, and component diagram, which depicts the software structure ( component) diagram and/or a deployment diagram depicting the configuration of the corporate environment and the relationships between components.

The data may be data required to perform threat modeling. For example, the data may include at least one of system model data and/or architecture data. The data of the system model may include at least one of a data flow diagram (DFD), a process flow diagram, and/or a unified modeling language diagram.

The architecture data may be data of at least some of the design method of the entire computer system including at least one of hardware and/or software. The processor 110 may generate system model data based on architecture data.

Work requests may be generated from customer nodes included or not included in the blockchain network 400. In other words, the customer node is an individual or company node that can generate a task request containing data required to perform threat modeling. The generated work request may be transmitted from the customer node to the blockchain network 400. That is, the customer node can transmit the generated work request to the blockchain network 400.

A customer node may include a processor, memory, and network unit. The processor of the customer node may consist of one or more cores, including the computing device's central processing unit (CPU), general purpose graphics processing unit (GPGPU), and tensor processing unit (TPU). unit) may include a processor for data analysis. The customer node's processor can typically control the overall operation of the customer node. For example, the processor of the customer node can process signals, data information, etc. that are input or output through components included in the customer node. For another example, the processor of the customer node may read a computer program stored in the memory of the customer node and perform data processing according to an embodiment of the present disclosure.

According to some embodiments of the present disclosure, the memory of the customer node may store any type of information generated or determined by the processor of the customer node and any type of information received by the network unit of the customer node.

According to some embodiments of the present disclosure, the memory of the customer node may be a flash memory type, a hard disk type, a multimedia card micro type, or a card type of memory (e.g. (e.g. SD or Memory), magnetic memory, magnetic disk, and optical disk may include at least one type of storage medium. The customer node may operate in relation to web storage, which performs a storage function of the customer node's memory on the Internet. The description of the memory of the customer node described above is only an example, and the present disclosure is not limited thereto. The network unit of the customer node according to some embodiments of the present disclosure may include any wired or wireless communication network capable of transmitting and receiving any type of data and signal.

The processor 110 analyzes assets (e.g., data, related devices (e.g., hardware, software, etc.), transmission media, systems, etc.) that may cause malfunction of the analysis target (e.g., system model, etc.). can be identified.

The processor 110 may collect attack libraries in the process of performing threat modeling. For example, the processor 110 may collect an attack library related to at least one of vulnerabilities in the system model to be designed and/or attack methods to the system model to be designed, based on a plurality of data.

The plurality of data may include data collected through at least one of papers, conferences, technical documents, Common Vulnerabilities and Exposures (CVE), and/or Common Weakness Enumeration (CWE).

A CVE included in an attack library may include a corresponding score from the common vulnerability scoring system (CVSS). The score may be within a predetermined range (e.g., range 0 to 10, minimum 0.1, etc.). The processor 110 may determine a risk group (eg, low risk group, medium risk group, high risk group, critical risk group, etc.) corresponding to each of at least one CVE based on the score. For example, if the score of the first CVE included in the attack library is 0.1 or more and 3.9 or less, the processor 110 may determine the first CVE to be a low-risk group. For another example, if the score of the second CVE included in the attack library is 4.0 or more and 6.9 or less, the processor 110 may determine the second CVE to be a medium risk group. For another example, the processor 110 may determine the third CVE included in the attack library as a high-risk group if the score of the third CVE is 7.0 or more and 8.9 or less. As another example, the processor 110 may determine that the fourth CVE included in the attack library is a critical risk group if the score of the fourth CVE is 9.0 or more and 10.0 or less.

Elements included in the attack library (e.g., CVE, CWE, etc.) may be used in at least one of the process of identifying threats and/or creating attack scenarios. For example, the processor 110 may use the first CVE included in the attack library in the process of identifying a threat or creating an attack scenario.

The processor 110 may identify threats while performing threat modeling. For example, the processor 110 may identify and/or classify threats to the system model being designed in an attack library based on preset security properties. Preset security properties may include STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege). .

Spoofing may be related to authentication among the security attributes. For example, the processor 110 may identify a threat that obtains system privileges using a fake account in an attack library and classify the threat as corresponding to spoofing.

Tampering may be related to integrity among the security properties. For example, the processor 110 may identify a threat that illegally changes data in an attack library and classify the threat as corresponding to tampering.

Repudiation may be related to non-repudiation among the security properties. For example, the processor 110 may identify threats in the attack library that deny not performing a specific service or deny responsibility, and classify the threats as denials.

Information disclosure may be related to confidentiality as a security attribute. For example, processor 110 may identify a threat that provides information to someone who does not have access, which may occur in an attack library, and classify the threat as information disclosure.

Denial of service may be related to availability among the security properties. For example, the processor 110 may identify a threat that interferes with the normal performance of a service or application from an attack library and classify the threat as a denial of service.

Privilege escalation may be related to granting privileges among the security attributes. For example, the processor 110 may identify a threat in an attack library that grants a specific node permission to perform a specific service that was not previously granted, and classify the threat as privilege escalation.

The processor 110 may create an attack scenario while performing threat modeling. For example, processor 110 may generate attack trees and/or attack scenarios based on attack libraries and identified threats.

An attack scenario may be data expressing the detailed process performed by an attacker (attack node) to achieve the final goal. For example, an attack scenario could be that an attacker hacks a node with specific permissions and uses specific permissions.

The attack tree may include information about the final attack target. For example, in an attack tree, a final attack target may be placed at the top node of the attack tree, and at least one threat related to the final attack target may be placed at at least one child node associated with the top node.

The processor 110 may perform a risk assessment in the process of performing threat modeling. The processor 110 may perform a risk assessment of the identified threat. For example, the processor 110 sets a score based on damage potential information, reproducibility information, exploitability information, affected users information, and discoverability, and The risk level can be derived. Here, the risk level may quantitatively represent the dangerous degree of the identified threat or the degree of risk occurrence due to the identified threat. Damage potential information may include information indicating the degree of damage if a threat occurs. For example, when a threat occurs, the processor 110 can set a score and derive a risk level based on the degree of damage caused by an identification problem.

Reproducibility information may include information indicating the difficulty of reproducing the threat. For example, the processor 110 may set a score and derive a risk level based on the difficulty of reproducing the threat.

Exploitability information may include information indicating the need for knowledge to create a threat. For example, the processor 110 may set a score and derive a risk level based on the need for knowledge to generate a threat.

User information may include information about the number of users (number of nodes) affected when a threat occurs. For example, the processor 110 may set a score and derive a risk level based on the number of users affected when a threat occurs.

Discoverability information may include information about the difficulty in discovering a threat. For example, the processor 110 may set a score and derive a risk level based on the difficulty level for detecting a threat. However, the evaluation method for assessing risk is not limited to this. Accordingly, the processor 110 may use various evaluation techniques to evaluate risk.

The processor 110 may prepare mitigation measures in the process of performing threat modeling. The processor 110 may generate mitigation information to mitigate adverse effects caused by each of the at least one identified threat.

The processor 110 may determine a level corresponding to each at least one threat based on the level of risk. If the risk level of the first threat is 1 or more and 4 or less, the processor 110 may determine that the first threat corresponds to a low level. If the risk level of the second threat is 5 or more and 8 or less, the processor 110 may determine that the second threat corresponds to a middle level. If the risk level of the third threat is 9 or more and 12 or less, the processor 110 may determine that the third threat corresponds to a high level.

In response to the task request, the processor 110 may generate a result of threat modeling performed based on data required to perform threat modeling included in the task request. The results of threat modeling include work information on creating the above-mentioned system model, work information on collection of attack libraries, work information on identification of threats, work information on creation of attack scenarios, work information on risk assessment, and /Or it may include at least one piece of work information regarding the preparation of mitigation measures.

The processor 110 may transmit the result of threat modeling to the blockchain network 400 so that evaluation information about the result and verification information about the evaluation information can be generated.

Evaluation information may be generated in the second node 200 constituting the blockchain network 400 through evaluation of the results obtained through the blockchain network based on predetermined evaluation criteria. Evaluation information may be transmitted from the second node 200 to the blockchain network 400.

The evaluation information may include points calculated by evaluating each task information included in the result of threat modeling.

In the case of work information related to the creation of the system model included in the output of the threat modeling, the predetermined evaluation criteria may be based on the level of the system model, whether objects of the system model are created, and whether or not the data flow of the system model is created.

The level of the system model may be determined based on the degree of granularity of the process of the system model. For example, the level of the data flow diagram included in the system model may include at least one of level 0, level 1, and/or level 2. Level 0 may be a context diagram. Level 0 may be a data flow diagram that represents the system as a single high-level process with relationships to external entities. Level 1 may be a data flow diagram showing the classification of a single higher-level process in the data flow diagram of level 0. Level 2 may be a data flow diagram showing detailed classification of the classification shown in the data flow diagram of Level 1.

Creating objects in the system model may mean inputting objects included in the system model into the system model.

Creating a data flow in a system model may mean entering into the system model a representation related to the movement of data that occurs between objects included in the system model.

An example of the points of work information related to the creation of a system model included in the result of threat modeling can correspond to [Table 1] below.

DFD level Object final creation Create final data flow level 0 2 points 1 point level 1 4 points 1.5 points level 2 6 points 2 points

Referring to [Table 1], the score can be determined according to the DFD level, object final creation, and data flow final creation. Object final creation and data flow final creation can be determined by accumulating scores for each number. For example, if there are two final creations of level 0 objects, the first node 100 or the second node 200 may determine a score of 4. The first node 100 or the second node 200 may determine a score of 10 when the final level 0 data flow creation is 10 cases. The first node 100 or the second node 200 may calculate a score by evaluating work information related to the creation of a system model included in the result of threat modeling based on predetermined evaluation criteria. The first node 100 or the second node 200 may generate evaluation information including the calculated score. Evaluation information can be scored based on the number of participation, participation period, and level of the system model for each item included in the work information. The reward may be determined in proportion to the score. According to some embodiments of the present disclosure, the first node 100 may transmit the generated system model to the customer node. The first node 100 may receive compensation for creating a system model from the customer node. The customer node may perform evaluation on the generated system model and transmit compensation corresponding to the evaluation to the first node 100. Compensation for creating a system model may be made according to an agreement between the customer node and the first node 100.

Predetermined evaluation criteria may be based on the common vulnerability scoring system score of the attack library and the usage of the attack library, in the case of operational information regarding the collection of attack libraries included in the output of threat modeling. Uses of the attack library may include the process of identifying threats and creating attack scenarios.

The common vulnerability rating system score of the attack library can be determined in response to the CVEs included in the attack library.

The use of the attack library may include at least one of a threat identification process and/or an attack scenario creation process.

An example of the score of the task information related to the collection of the attack library included in the result of threat modeling can correspond to [Table 2] below.

item Details score Common vulnerability rating system scores for collected attack libraries 0.1~3.9 0.1 point 4.0~6.9 0.2 points 7.0~8.9 0.3 points 9.0~10.0 0.4 points attack library Used for threat identification 1 point Used to create attack scenarios 5 points

Referring to [Table 2], the score can be determined according to the common vulnerability rating system score of the collected attack library and the use of the attack library. The common vulnerability rating system score of the collected attack library and the use of the attack library can be determined by accumulating scores for each number. For example, the second node 200 may determine a score of 0.2 if there is a CVE of 0.2 and a CVE of 0.3. The second node 200 may calculate a score by evaluating work information regarding the collection of attack libraries included in the result of threat modeling based on predetermined evaluation criteria. The second node 200 may generate evaluation information including the calculated score.

The specific numbers in [Table 2] may be changed based on the voting results of a plurality of second nodes.

The predetermined evaluation criteria may be based on the degree of threat to the target in the case of work information regarding the identification of threats included in the results of threat modeling. For example, when a threat directly attacks the target, the second node 200 may determine the threat to be a direct threat to the target. For another example, if the threat does not attack the target directly but indirectly attacks the target, the second node 200 may determine the threat to be an indirect threat to the target.

An example of the score of work information related to the identification of threats included in the result of threat modeling can be corresponded to [Table 3] below based on the STRIDE threat modeling technique.

item Details score Threat identification Indirect threat to target 1 point Direct threat to target 2 points

Referring to [Table 3], the score can be determined according to the common vulnerability rating system score of the collected attack library and the use of the attack library. The common vulnerability rating system score of the collected attack library and the use of the attack library can be determined by accumulating scores for each number. For example, the second node 200 may determine a score of 0.2 if there is a CVE of 0.2 and a CVE of 0.3. The second node 200 may calculate a score by evaluating work information regarding the collection of attack libraries included in the result of threat modeling based on predetermined evaluation criteria. The second node 200 may generate evaluation information including the calculated score.

The specific numbers in [Table 3] may be changed based on the voting results of a plurality of second nodes.

In the case of work information related to the creation of attack scenarios included in the results of threat modeling, the predetermined evaluation criteria may be based on the number of each attack tree item and whether or not an effective attack scenario has been created.

An example of the score of the work information related to the creation of the attack scenario included in the result of threat modeling can correspond to [Table 4] below.

item score Creation of each item in the created attack tree 0.1 point Final creation of effective attack scenario 5 points

Referring to [Table 4], the score can be determined depending on the number of each item in the attack tree and whether or not the final effective attack scenario is created. The number of each item in the attack tree and whether or not to finalize an effective attack scenario can be determined by accumulating scores for each number. For example, if two items of each attack tree are created, the second node 200 may determine a score of 0.2. The second node 200 may calculate a score by evaluating work information regarding the creation of an attack scenario included in the result of threat modeling based on predetermined evaluation criteria. The second node 200 may generate evaluation information including the calculated score. The specific values in [Table 4] may be changed based on the voting results of a plurality of second nodes.

The predetermined evaluation criteria may be based on the voting results of a plurality of nodes included in the blockchain network 400 in the case of work information regarding risk assessment included in the result of threat modeling. For example, the second node 200 can calculate the error in the voting result by comparing the total voting results in which the first node 100 and the second node 200 participated with the voting results of the first node 100. there is. The second node 200 may determine the score based on the error in the voting result.

An example of the score of work information related to risk assessment included in the result of threat modeling can be provided in [Table 5] below.

item score When participating in risk assessment voting 1 point Voting result error less than 0.5 5 points Voting result error 0.5 or more and less than 1 3 points Voting result error 1 or more but less than 1.5 1 point Voting result error more than 1.5 0 points

Referring to [Table 5], the score can be determined depending on participation in the risk assessment vote and the error in the voting result. The second node 200 may calculate a score by evaluating work information related to risk assessment included in the result of threat modeling based on predetermined evaluation criteria. The second node 200 may generate evaluation information including the calculated score.

The specific scores in [Table 5] may be changed based on the voting results of a plurality of second nodes.

The predetermined evaluation criteria may be based on the voting results of a plurality of nodes included in the blockchain network 400 in the case of work information regarding the preparation of mitigation measures included in the results of threat modeling.

The risk level corresponding to each of the at least one identified threat may be determined based on the voting results of a plurality of nodes included in the blockchain network 400. The level corresponding to each of the at least one identified threat may be determined based on the risk level. Accordingly, the second node 200 may determine a score based on the threat level determined based on the voting results of a plurality of nodes included in the blockchain network 400.

An example of the score of work information on mitigating measures included in the results of threat modeling can be provided in [Table 6] below.

Evaluation results score Establish mitigation measures for low-level threats 2.5 points Establish mitigation measures for middle-grade threats 5 points Establish mitigation measures for high-level threats 10 points

Referring to [Table 6], the score can be determined depending on the level of the threat. The second node 200 may calculate a score by evaluating work information on preparing mitigation measures included in the result of threat modeling based on predetermined evaluation criteria. The second node 200 may generate evaluation information including the calculated score.

The specific score values in [Table 6] may be changed based on the voting results of a plurality of second nodes.

Verification information may be generated through verification of the validity of the generation of evaluation information obtained through the blockchain network based on predetermined evaluation criteria in the third node 300 constituting the blockchain network 400. Verification information may be transmitted from the third node 300 to the blockchain network 400.

When the validity of the generation of evaluation information is verified, the blockchain network 400 pays compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network 400. can be decided.

A smart contract according to one embodiment of the present disclosure is a computer protocol for digitally verifying and executing any type of contract or negotiation. Smart contracts are written in digital language and can be executed on any computing device. When code and/or functions included in a smart contract are executed, operations described in the code and/or function may be performed.

A smart contract according to embodiments of the present disclosure is at least one of a method of creating a new smart contract, a method of executing a function on a specific smart contract, and/or a method of transmitting a coin/token operable in a blockchain network. It can be executed by . Additionally, smart contracts can be executed by transactions initiated by externally owned accounts or by other contracts.

A smart contract for paying rewards according to embodiments of the present disclosure may require payment of a specific execution cost when executing a transaction, for example, to prevent malicious code such as infinite repetition and to protect the integrity of data related to the payment of rewards. It can also be stipulated. The execution cost here may refer to any type of coin tradable in the blockchain network 400 or a separate form of medium (e.g., gas, etc.) that can be linked to the coin. As a non-limiting example, the default execution cost of a transaction may be set to 21,000 gas. For example, such execution costs may include the cost of processing the Elliptic Curve Digital Signature Algorithm (ECDSA) for the transaction issuer's account address, storage costs for storing transactions, and network bandwidth costs. In this way, if a specific cost is defined to be paid when executing a smart contract, malicious attacks such as infinite execution such as intentional DDoS attacks can be prevented.

The execution cost of an entity that wants to create or execute a smart contract staking a specific good (coin, token, etc.) on the blockchain network 400 and then executing the smart contract without paying additional fees. Policies may also be used. In this case, when staking ends, execution of the smart contract is not permitted.

A call between smart contracts to pay compensation according to embodiments of the present disclosure may be implemented using a structure called a message. For example, these messages can be generated by a contract account and passed to other contracts when calling a function. In this case, unlike transactions that occur in externally owned accounts, messages are created and processed inside the blockchain network 400, so separate execution costs such as gas may not be incurred.

In implementing the payment of compensation according to the embodiments of the present disclosure, when the function of the smart contract is included in the transaction in the form of compiled code and synchronized through the blockchain, the information included in the transaction is used as the input of the function. A smart contract can be implemented by executing a function expressed in code and then storing the result in a separate state.

A smart contract according to an embodiment of the present disclosure may include at least one of a registration contract (RC), a profile contract (PC), and/or a task contract (TC).

The registration contract may be a contract for initially registering a user. For example, the registration contract may be a contract used when a user (user node) newly registers his or her account in the blockchain network 400. The registration contract may include at least one of an arbitrary identification number (ID) assigned to the user (user node), a blockchain hash address, and/or the address of a profile contract.

The profile contract may be a contract that shows the user (user node) information and a list of threat modeling being performed. The profile contract may include at least one of a blockchain address, a user's profile, arbiter status information indicating whether the user is an arbiter, and/or blockchain addresses of working contracts.

A work contract may be a contract containing information related to work. The work contract may include information about the user's reputation and the threat modeling the user is performing. For example, a task contract may include a blockchain address, status of the current task, deposits and evaluation of the current task, a task ID and task pointer, and/or entitlements for access to material stored in storage in the blockchain network 400. It can include at least one contract that returns the newly issued public key so that only users with the contract can access content signed with the private key.

A user node may be a node included or not included in the blockchain network 400. A user node may include a processor, memory, and network unit.

The processor of the user node may consist of one or more cores, and the computing device's central processing unit (CPU: central processing unit), general purpose graphics processing unit (GPGPU), and tensor processing unit (TPU) unit) may include a processor for data analysis. The processor of the user node can typically control the overall operation of the user node. For example, the processor of the user node can process signals, data information, etc. that are input or output through components included in the user node. For another example, the processor of the user node may read a computer program stored in the memory of the user node and perform data processing according to an embodiment of the present disclosure.

According to some embodiments of the present disclosure, the memory of the user node may store any type of information generated or determined by the processor of the user node and any type of information received by the network unit of the user node.

According to some embodiments of the present disclosure, the memory of the user node may be a flash memory type, a hard disk type, a multimedia card micro type, or a card type memory (e.g. (e.g. SD or Memory), magnetic memory, magnetic disk, and optical disk may include at least one type of storage medium. The user node may operate in relation to web storage, which performs a storage function of the user node's memory on the Internet. The description of the memory described above is merely an example, and the present disclosure is not limited thereto. The network unit of the user node according to some embodiments of the present disclosure may include any wired or wireless communication network capable of transmitting and receiving any type of data and signal.

The second node 200 may be an evaluator node that evaluates the results of threat modeling generated by the first node 100. Second node 200 may include any type of computer system or computer device, such as, for example, microprocessors, mainframe computers, digital processors, portable devices, and device controllers. However, it is not limited to this. The second node 200 may be a node constituting the blockchain network 400. There may be at least one second node 200, or it may be comprised of multiple nodes.

The second node 200 may include a processor 210, a memory 230, and a network unit 250. Each configuration of the second node 200 may correspond to the configuration of the first node 100. Accordingly, a detailed description of each component of the second node 200 may be replaced with a detailed description of each component of the corresponding first node 100. In the process of explaining the second node 200, content that overlaps with the above-described content may be omitted.

The processor 210 may be composed of one or more cores, and may include a central processing unit (CPU), a general purpose graphics processing unit (GPGPU), and a tensor processing unit (TPU) of the computing device. unit) may include a processor for data analysis. The processor 210 can typically control the overall operation of the second node 200. For example, the processor 210 may process signals, data information, etc. that are input or output through components included in the second node 200. For another example, the processor 210 may read a computer program stored in the memory 230 and perform data processing according to an embodiment of the present disclosure.

According to some embodiments of the present disclosure, the memory 230 may store any type of information generated or determined by the processor 210 and any type of information received by the network unit 250.

According to some embodiments of the present disclosure, the memory 230 may be a flash memory type, hard disk type, multimedia card micro type, or card type memory (e.g. (e.g. SD or Memory), magnetic memory, magnetic disk, and optical disk may include at least one type of storage medium. The second node 200 may operate in relation to web storage that performs a storage function of the memory 230 on the Internet. The description of the memory described above is merely an example, and the present disclosure is not limited thereto. The network unit 250 according to some embodiments of the present disclosure may include any wired or wireless communication network capable of transmitting and receiving any type of data and signal.

The second node 200 can obtain the results of threat modeling performed based on data through the blockchain network 400.

The second node 200 may generate evaluation information by evaluating the results based on predetermined evaluation criteria.

The second node 200 may transmit evaluation information to the blockchain network 400 so that verification information for the evaluation information can be generated.

The result of threat modeling is generated by the first node 100 constituting the blockchain network 400 through data-based performance in response to a task request containing data obtained through the blockchain network 400. You can. The result of threat modeling may be transmitted from the first node 100 to the blockchain network 400.

Verification information is generated by the third node 300 constituting the blockchain network 400 through verification of the validity of the generation of evaluation information obtained through the blockchain network 400 based on predetermined evaluation criteria. You can. Verification information may be transmitted from the third node 300 to the blockchain network 400.

When the validity of the generation of evaluation information is verified, the blockchain network 400 may decide to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network 400.

The second node 200 can obtain review information through the blockchain network 400. The second node 200 may compare the review information and evaluation information and transmit a re-examination request to raise an objection to the blockchain network 400.

The third node 300 may be an arbiter node selected through voting among a plurality of second nodes. The third node 300 may perform verification on the evaluation information generated by the second node 200. The third node 300 may be an individual or a company whose purpose is to prevent malicious actions that may occur during the threat modeling process.

The third node 300 may be determined from among candidate nodes determined from among the plurality of second nodes. Candidate nodes can be determined based on the number of tokens they hold. For example, candidate nodes may be participants who hold more than 3% of tokens in circulation on the blockchain network 400. The third node 300 may be the top 10 vote getters among the candidates. The third node 300 may check the threat modeling evaluation content submitted by the second node 200 to determine whether there has been an unfair act of intentionally giving low evaluation to provide less compensation for legitimate work content. The third node 300 may review whether there has been any unfair action, such as colluding with the first node 100 and providing high compensation for incorrect work content.

Third node 300 may include any type of computer system or computer device, such as, for example, microprocessors, mainframe computers, digital processors, portable devices, and device controllers. However, it is not limited to this. The third node 300 may be a node constituting the blockchain network 400. There may be at least one third node 300, or it may be comprised of multiple nodes.

The third node 300 may include a processor 310, a memory 330, and a network unit 350. Each configuration of the third node 300 may correspond to the configuration of the first node 100 or the second node 200. Accordingly, a detailed description of each component of the third node 300 may be replaced with a detailed description of each component of the corresponding first node 100 or second node 200. In the process of explaining the third node 300, content that overlaps with the above-described content may be omitted.

The processor 310 may consist of one or more cores, and may include a central processing unit (CPU), a general purpose graphics processing unit (GPGPU), and a tensor processing unit (TPU) of a computing device. unit) may include a processor for data analysis. The processor 310 can typically control the overall operation of the third node 300. For example, the processor 310 may process signals, data information, etc. that are input or output through components included in the third node 300. For another example, the processor 310 may read a computer program stored in the memory 330 and perform data processing according to an embodiment of the present disclosure.

According to some embodiments of the present disclosure, the memory 330 may store any type of information generated or determined by the processor 310 and any type of information received by the network unit 350.

According to some embodiments of the present disclosure, the memory 330 may be a flash memory type, hard disk type, multimedia card micro type, or card type memory (e.g. (e.g. SD or Memory), magnetic memory, magnetic disk, and optical disk may include at least one type of storage medium. The third node 300 may operate in relation to web storage that performs a storage function of the memory 330 on the Internet. The description of the memory described above is merely an example, and the present disclosure is not limited thereto. The network unit 350 according to some embodiments of the present disclosure may include any wired or wireless communication network capable of transmitting and receiving arbitrary types of data and signals.

The third node 300 can obtain evaluation information generated through evaluation of the results of threat modeling based on predetermined evaluation criteria through the blockchain network 400.

The third node 300 may generate verification information by verifying the validity of the generation of the evaluation information based on predetermined evaluation criteria.

The third node 300 may transmit verification information to the blockchain network 400.

The result of threat modeling is generated by the first node 100 constituting the blockchain network 400 through data-based performance in response to a task request containing data obtained through the blockchain network 400. , and can be transmitted to the blockchain network 400.

Evaluation information is generated in the second node 200 constituting the blockchain network 400 through evaluation of the results obtained through the blockchain network 400 based on predetermined evaluation criteria, and the blockchain network It can be sent to (400).

When the validity of the generation of evaluation information is verified, the blockchain network 400 may decide to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network 400. .

In the case of evaluation information regarding the collection of the attack library, the third node 300 provides points and/or compensation payment details based on a scoring system agreed upon for the collection of the attack library (e.g., [Table 2], etc.). At least one can be verified.

In the case of evaluation information regarding the identification of a threat, the third node 300 provides at least one of points and/or compensation payment details based on a scoring system agreed upon for identification of the threat (e.g., [Table 3], etc.) can be verified.

In the case of evaluation information regarding the creation of an attack scenario, the third node 300 provides points and/or compensation payment details based on a scoring system agreed upon for the creation of the attack scenario (e.g., [Table 4], etc.). At least one can be verified.

The third node 300 can verify evaluation information regarding risk assessment based on the voting results of a plurality of nodes included in the blockchain network 400.

The third node 300 can verify evaluation information regarding the preparation of mitigation measures based on the voting results of a plurality of nodes included in the blockchain network 400.

The blockchain network 400 may include a plurality of nodes (e.g., first node 100, second node 200, third node 300, etc.) operating based on blockchain technology. there is. Blockchain technology can be any form of distributed ledger technology that distributes and stores data subject to management across multiple nodes using a storage structure in which blocks or events are connected to each other, or a storage structure in which transactions are connected to each other. . A blockchain network according to an embodiment of the present disclosure may operate according to any form of distributed ledger technologies based on Directed Acyclic Graph (DAG) technology.

In one embodiment of the present disclosure, nodes in a blockchain network may operate by a blockchain core package according to an architecture layer structure. The architectural hierarchy may include at least one of an application layer, a blockchain layer, and/or a storage layer.

The application layer may include clients, modules, program compilers, etc.

The client allows users (e.g., users of the first node 100, users of the second node 200, users of the third node 300, users of the customer node, etc.) to perform threat modeling. It may be an interface (eg, user interface, etc.). Clients can run without relying on a central server.

The module may include at least one of a user management module, a work management module, and/or a voting module.

The user management module may be a module for managing users. The user management module can register users on the blockchain and view the user's profile.

The task management module may be a module for managing tasks. The work management module may at least one of manage, perform, submit and/or evaluate users' work related to threat modeling.

The voting module may be a module for conducting voting. The voting module can perform voting between nodes constituting the blockchain network 400 within the blockchain network 400. The voting module may generate results for votes performed.

The blockchain layer is an intermediate layer that can provide consensus and run a state machine in the blockchain network 400. Programs in the application layer can be compiled and then transmitted to the blockchain layer. At least one miner included in the blockchain layer can check the program received from the application layer. Programs verified by miners can be written on the blockchain. A miner may be an individual or company node that participates in the blockchain network to pursue maximum personal benefit. Miners can stabilize the blockchain network 400 and prevent sybil attacks in the process of pursuing profits.

The storage layer can store the actual data values of the operation. The storage space used for the storage layer may not be specified. Actual data values can be signed and stored with the owner's private key.

Depending on the implementation type, the blockchain network 400 according to an embodiment in the present disclosure is a public blockchain network in which arbitrary nodes can perform consensus operations, or only predetermined nodes can perform consensus operations. It can include private or consortium blockchain networks. However, the blockchain network 400 is not limited to this.

The consensus algorithms performed in the blockchain network in this disclosure include Proof of Work (PoW) algorithm, Proof of Stake (PoS) algorithm, Delegated Proof of Stake (DPoS) algorithm, Practical Byzantine Fault Tolerance (PBFT) algorithm, and DBFT ( Delegated Byzantine Fault Tolerance (RBFT) algorithm, Redundant Byzantine Fault Tolerance (RBFT) algorithm, Sieve algorithm, Tendermint algorithm, Paxos algorithm, Raft algorithm, PoA (Proof of Authority) algorithm, PoET (Proof of Elapsed Time) algorithm, Tangle network consensus algorithm, and /or may include at least one of the Hedera Hashgraph consensus algorithms.

The communication network 500 may include any wired or wireless communication network capable of transmitting and receiving at least one of any form of data, signal, and/or information. For example, the network 300 transmits task requests, results of threat modeling, evaluation information, and verification information between the first node 100, the second node 200, the third node 300, and the blockchain network 400. It may include a wired or wireless communication network capable of transmitting and receiving, etc.

FIG. 2 is a diagram illustrating an architecture layer structure for performing threat modeling using blockchain technology according to some embodiments of the present disclosure.

Referring to Figure 2, the architectural hierarchy may include at least one of an application layer 10, a blockchain layer 20, and/or a storage layer 30.

The application layer 10 may include a client, a module, a program compiler, etc.

The blockchain layer 20 is an intermediate layer that provides consensus through a consensus algorithm (consensus protocol) in a network (e.g., blockchain network 400) and operates a state machine ( state machine) can be executed. The program of the application layer 10 may be compiled and then transmitted to the blockchain layer 20. At least one miner included in the blockchain layer 20 can check the program received from the application layer 10. Programs verified by miners can be written on the blockchain. A miner may be an individual or company node that participates in the blockchain network to pursue maximum personal benefit. Miners can stabilize the blockchain network 400 and prevent sybil attacks in the process of pursuing profits.

The storage layer 30 may store the actual data values of the task. The storage space used for the storage layer 30 may not be specified. Actual data values can be signed and stored with the owner's private key. A detailed description of the architectural hierarchy not explained in FIG. 2 can be replaced with the contents of the architectural hierarchy described above in FIG. 1 .

Figure 3 is a flowchart showing a threat modeling method performed by a first node constituting a blockchain network according to some embodiments of the present disclosure.

Referring to FIG. 3, the first node 100 may obtain a task request including data required to perform threat modeling through the blockchain network 400 (S110).

The data may include at least one of data of a system model including a data flow diagram or data of an architecture.

In response to the task request, the first node 100 may generate a result of threat modeling performed based on data (S120).

The results of threat modeling include work information on creating a system model, work information on collection of attack libraries, work information on identification of threats, work information on creation of attack scenarios, work information on risk assessment, and mitigation measures. It may contain at least one piece of operational information about the arrangement.

The evaluation information may include points calculated by evaluating each task information included in the result of threat modeling.

The first node 100 may transmit the result of threat modeling to the blockchain network 400 so that evaluation information about the result and verification information about the evaluation information can be generated (S130).

Evaluation information is generated in the second node 200 constituting the blockchain network 400 through evaluation of the results obtained through the blockchain network 400 based on predetermined evaluation criteria, and the blockchain network It can be sent to (400).

The predetermined evaluation criteria may be based on the level of the system model, whether objects of the system model are created, and whether data flows of the system model are created, in the case of work information related to the creation of the system model included in the output of the threat modeling.

Predetermined evaluation criteria may be based on the common vulnerability scoring system score of the attack library and the usage of the attack library, in the case of operational information regarding the collection of attack libraries included in the output of threat modeling.

The predetermined evaluation criteria may be based on the degree of threat to the target in the case of work information regarding the identification of threats included in the results of threat modeling.

In the case of work information related to the creation of attack scenarios included in the results of threat modeling, the predetermined evaluation criteria may be based on the number of each attack tree item and whether or not an effective attack scenario has been created.

The predetermined evaluation criteria may be based on the voting results of a plurality of nodes included in the blockchain network 400 in the case of work information regarding risk assessment included in the result of threat modeling.

The predetermined evaluation criteria may be based on the voting results of a plurality of nodes included in the blockchain network 400 in the case of work information regarding the preparation of mitigation measures included in the results of threat modeling.

Verification information is generated by the third node 300 constituting the blockchain network 400 through verification of the validity of the generation of evaluation information obtained through the blockchain network 400 based on predetermined evaluation criteria. , and can be transmitted to the blockchain network 400.

When the validity of the generation of evaluation information is verified, a smart contract stored on the blockchain network 400 may determine to pay compensation corresponding to the evaluation information to the first node.

Figure 4 is a flowchart showing a threat modeling method performed by a second node constituting a blockchain network according to some embodiments of the present disclosure.

The second node 200 can obtain the results of threat modeling performed based on data through the blockchain network (S210).

The result of threat modeling is generated by the first node 100 constituting the blockchain network 400 through data-based performance in response to a task request containing data obtained through the blockchain network 400. , and can be transmitted to the blockchain network 400.

The second node 200 may generate evaluation information by evaluating the results based on predetermined evaluation criteria (S220).

The second node 200 may transmit the evaluation information to the blockchain network 400 so that verification information for the evaluation information can be generated (S230).

Verification information is generated by the third node 300 constituting the blockchain network 400 through verification of the validity of the generation of evaluation information obtained through the blockchain network 400 based on predetermined evaluation criteria. , and can be transmitted to the blockchain network 400.

When the validity of the generation of the evaluation information is verified, a smart contract stored on the blockchain network 400 may determine to pay compensation corresponding to the evaluation information to the first node 100.

Figure 5 is a flowchart showing a threat modeling method performed by a third node constituting a blockchain network according to some embodiments of the present disclosure.

The third node 300 can obtain evaluation information generated through evaluation of the results of threat modeling based on predetermined evaluation criteria through the blockchain network 400 (S310).

The result of threat modeling is generated by the first node 100 constituting the blockchain network 400 through data-based performance in response to a task request containing data obtained through the blockchain network 400. , and can be transmitted to the blockchain network 400.

The third node 300 may generate verification information by verifying the validity of the generation of the evaluation information based on predetermined evaluation criteria (S320).

Evaluation information is generated in the second node 200 constituting the blockchain network 400 through evaluation of the results obtained through the blockchain network 400 based on predetermined evaluation criteria, and the blockchain network It can be sent to (400).

The third node 300 may transmit verification information to the blockchain network 400 (S330).

When the validity of the generation of the evaluation information is verified, a smart contract stored on the blockchain network 400 may determine to pay compensation corresponding to the evaluation information to the first node 100.

Figure 6 is a flowchart of a threat modeling method using blockchain technology according to some embodiments of the present disclosure.

Referring to FIG. 6, the blockchain network 400 may receive a task request containing data required to perform threat modeling from a customer node. Accordingly, work requests may be posted on the blockchain network 400.

The first node 100 may obtain a work request through the blockchain network 400 (S411).

The first node 100 may respond to the task request and generate a threat modeling result (S412).

The first node 100 may transmit the result of threat modeling to the blockchain network 400 (S413). For example, the first node 100 may transmit the results of threat modeling to the blockchain network 400 within a predetermined deadline. Accordingly, the results of threat modeling may be posted on the blockchain network 400.

The second node 200 can obtain the results of threat modeling through the blockchain network 400 (S421).

The second node 200 may generate evaluation information by evaluating the results based on predetermined evaluation criteria (S422).

The second node 200 may transmit evaluation information to the blockchain network 423. Accordingly, evaluation information may be posted on the blockchain network 400.

The third node 300 can obtain evaluation information through the blockchain network 400 (S431).

The third node 300 may generate verification information by verifying the validity of the generation of the evaluation information based on predetermined evaluation criteria (S432).

The third node 300 may transmit verification information to the blockchain network 400 (S433). Accordingly, verification information may be posted on the blockchain network 400.

The blockchain network 400 can confirm the validity of the generation of evaluation information based on the verification information (S441).

When the validity of the generation of evaluation information is verified, the blockchain network 400 can pay compensation corresponding to the evaluation information to the first node 100 by a smart contract stored on the blockchain network 400. (S442).

The steps shown in FIGS. 3 to 6 are exemplary steps. Accordingly, it will also be apparent to those skilled in the art that some of the steps in FIGS. 2 to 6 may be omitted or additional steps may be present without departing from the scope of the present disclosure. In addition, specific details regarding the configurations depicted in FIGS. 2 to 6 (e.g., the first node 100, the second node 200, the third node 300, the blockchain network 400, etc.) It can be replaced with the content previously described with reference to FIGS. 1 and 2.

As described above with reference to FIGS. 1 to 6, nodes constituting the blockchain network 400 according to some embodiments of the present disclosure (e.g., the first node 100, the second node 200) , the third node 300) pays compensation according to the participation of participating nodes through a fair compensation system using blockchain and smart contracts, thereby increasing the participation of experts in each field in threat modeling. In addition, the nodes constituting the blockchain network 400 according to some embodiments of the present disclosure (e.g., the first node 100, the second node 200, and the third node 300) receive compensation. By encouraging the participation of multiple nodes, the best results can be achieved.

7 is a general schematic diagram of an example computing environment in which embodiments of the subject matter of the present disclosure may be implemented.

Although the present disclosure has generally been described above as being capable of being implemented by a computing device, those skilled in the art will understand that the present disclosure can be implemented in combination with computer-executable instructions and/or other program modules that can be executed on one or more computers and/or in hardware and software. It will be well known that it can be implemented as a combination.

Typically, program modules include routines, programs, components, data structures, etc. that perform specific tasks or implement specific abstract data types. Additionally, those skilled in the art will understand that the methods of the present disclosure are applicable to single-processor or multiprocessor computer systems, minicomputers, mainframe computers, as well as personal computers, handheld computing devices, microprocessor-based or programmable consumer electronics, etc. It will be appreciated that each of these may be implemented in other computer system configurations, including those capable of operating in conjunction with one or more associated devices.

The described embodiments of the disclosure can also be practiced in distributed computing environments where certain tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.

Computers typically include a variety of computer-readable media. Computer-readable media can be any medium that can be accessed by a computer, and such computer-readable media includes volatile and non-volatile media, transitory and non-transitory media, removable and non-transitory media. Includes removable media. By way of example, and not limitation, computer-readable media may include computer-readable storage media and computer-readable transmission media. Computer-readable storage media refers to volatile and non-volatile media, transient and non-transitory media, removable and non-removable, implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Includes media. Computer readable storage media may include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital video disk (DVD) or other optical disk storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage. This includes, but is not limited to, a device, or any other medium that can be accessed by a computer and used to store desired information.

A computer-readable transmission medium typically implements computer-readable instructions, data structures, program modules, or other data on a modulated data signal, such as a carrier wave or other transport mechanism. Includes all information delivery media. The term modulated data signal refers to a signal in which one or more of the characteristics of the signal have been set or changed to encode information within the signal. By way of example, and not limitation, computer-readable transmission media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared, and other wireless media. Combinations of any of the above are also intended to be included within the scope of computer-readable transmission media.

An example environment 1100 is shown that implements various aspects of the present disclosure, including a computer 1102, which includes a processing unit 1104, a system memory 1106, and a system bus 1108. do. System bus 1108 couples system components, including but not limited to system memory 1106, to processing unit 1104. Processing unit 1104 may be any of a variety of commercially available processors. Dual processors and other multiprocessor architectures may also be used as processing unit 1104.

System bus 1108 may be any of several types of bus structures that may further be interconnected to a memory bus, peripheral bus, and local bus using any of a variety of commercial bus architectures. System memory 1106 includes read only memory (ROM) 1110 and random access memory (RAM) 1112. The basic input/output system (BIOS) is stored in non-volatile memory 1110, such as ROM, EPROM, and EEPROM, and is a basic input/output system that helps transfer information between components within the computer 1102, such as during startup. Contains routines. RAM 1112 may also include high-speed RAM, such as static RAM, for caching data.

Computer 1102 may also include an internal hard disk drive (HDD) 1114 (e.g., EIDE, SATA)—the internal hard disk drive 1114 may also be configured for external use within a suitable chassis (not shown). Yes - a magnetic floppy disk drive (FDD) 1116 (e.g., for reading from or writing to a removable diskette 1118), and an optical disk drive 1120 (e.g., a CD-ROM for reading the disk 1122 or reading from or writing to other high-capacity optical media such as DVDs). Hard disk drive 1114, magnetic disk drive 1116, and optical disk drive 1120 are connected to system bus 1108 by hard disk drive interface 1124, magnetic disk drive interface 1126, and optical drive interface 1128, respectively. ) can be connected to. The interface 1124 for implementing an external drive includes at least one or both of Universal Serial Bus (USB) and IEEE 1394 interface technologies.

These drives and their associated computer-readable media provide non-volatile storage of data, data structures, computer-executable instructions, and the like. For computer 1102, drive and media correspond to storing any data in a suitable digital format. Although the description of computer-readable media above refers to removable optical media such as HDDs, removable magnetic disks, and CDs or DVDs, those skilled in the art will also recognize removable optical media such as zip drives, magnetic cassettes, flash memory cards, cartridges, etc. It will be appreciated that other types of computer-readable media, such as the like, may also be used in the example operating environment and that any such media may contain computer-executable instructions for performing the methods of the present disclosure.

A number of program modules may be stored in drives and RAM 1112, including an operating system 1130, one or more application programs 1132, other program modules 1134, and program data 1136. All or portions of the operating system, applications, modules and/or data may also be cached in RAM 1112. It will be appreciated that the present disclosure may be implemented on various commercially available operating systems or combinations of operating systems.

A user may enter commands and information into computer 1102 through one or more wired/wireless input devices, such as a keyboard 1138 and a pointing device such as mouse 1140. Other input devices (not shown) may include microphones, IR remote controls, joysticks, game pads, stylus pens, touch screens, etc. These and other input devices are connected to the processing unit 1104 through an input device interface 1142, which is often connected to the system bus 1108, but may also include a parallel port, an IEEE 1394 serial port, a game port, a USB port, an IR interface, It can be connected by other interfaces, etc.

A monitor 1144 or other type of display device is also connected to system bus 1108 through an interface, such as a video adapter 1146. In addition to monitor 1144, computers typically include other peripheral output devices (not shown) such as speakers, printers, etc.

Computer 1102 may operate in a networked environment using logical connections to one or more remote computers, such as remote computer(s) 1148, via wired and/or wireless communications. Remote computer(s) 1148 may be a workstation, computing device computer, router, personal computer, portable computer, microprocessor-based entertainment device, peer device, or other conventional network node, and is generally connected to computer 1102. For simplicity, only memory storage device 1150 is shown, although it includes many or all of the components described. The logical connections depicted include wired/wireless connections to a local area network (LAN) 1152 and/or a larger network, such as a wide area network (WAN) 1154. These LAN and WAN networking environments are common in offices and companies and facilitate enterprise-wide computer networks, such as intranets, all of which can be connected to a worldwide computer network, such as the Internet.

When used in a LAN networking environment, computer 1102 is connected to local network 1152 through wired and/or wireless communication network interfaces or adapters 1156. Adapter 1156 may facilitate wired or wireless communication to LAN 1152, which also includes a wireless access point installed thereon for communicating with wireless adapter 1156. When used in a WAN networking environment, the computer 1102 may include a modem 1158 or be connected to a communicating computing device on the WAN 1154 or to establish communications over the WAN 1154, such as via the Internet. Have other means. Modem 1158, which may be internal or external and a wired or wireless device, is coupled to system bus 1108 via serial port interface 1142. In a networked environment, program modules described for computer 1102, or portions thereof, may be stored in remote memory/storage device 1150. It will be appreciated that the network connections shown are exemplary and that other means of establishing a communications link between computers may be used.

Computer 1102 may be associated with any wireless device or object deployed and operating in wireless communications, such as a printer, scanner, desktop and/or portable computer, portable data assistant (PDA), communications satellite, wirelessly detectable tag. Performs actions to communicate with any device or location and telephone. This includes at least Wi-Fi and Bluetooth wireless technologies. Accordingly, communication may be a predefined structure as in a conventional network or may simply be ad hoc communication between at least two devices.

Wi-Fi (Wireless Fidelity) allows connection to the Internet, etc. without wires. Wi-Fi is a wireless technology, like cell phones, that allows these devices, such as computers, to send and receive data indoors and outdoors, anywhere within the coverage area of a base station. Wi-Fi networks use wireless technology called IEEE 802.11 (a, b, g, etc.) to provide secure, reliable, and high-speed wireless connections. Wi-Fi can be used to connect computers to each other, the Internet, and wired networks (using IEEE 802.3 or Ethernet). Wi-Fi networks can operate in the unlicensed 2.4 and 5 GHz wireless bands, for example, at data rates of 11 Mbps (802.11a) or 54 Mbps (802.11b), or in products that include both bands (dual band). .

Those skilled in the art will understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols and chips that may be referenced in the above description include voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields. It can be expressed by particles or particles, or any combination thereof.

Those skilled in the art will understand that the various illustrative logical blocks, modules, processors, means, circuits and algorithm steps described in connection with the embodiments disclosed herein may be used in electronic hardware, (for convenience) It will be understood that it may be implemented by various forms of program or design code (referred to herein as software) or a combination of both. To clearly illustrate this interoperability of hardware and software, various illustrative components, blocks, modules, circuits and steps have been described above generally with respect to their functionality. Whether this functionality is implemented as hardware or software depends on the specific application and design constraints imposed on the overall system. A person skilled in the art of this disclosure may implement the described functionality in various ways for each specific application, but such implementation decisions should not be construed as departing from the scope of this disclosure.

The various embodiments presented herein may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. The term article of manufacture includes a computer program, carrier, or media accessible from any computer-readable storage device. For example, computer-readable storage media include magnetic storage devices (e.g., hard disks, floppy disks, magnetic strips, etc.), optical disks (e.g., CDs, DVDs, etc.), smart cards, and flash. Includes, but is not limited to, memory devices (e.g., EEPROM, cards, sticks, key drives, etc.). Additionally, various storage media presented herein include one or more devices and/or other machine-readable media for storing information.

It is to be understood that the specific order or hierarchy of steps in the processes presented is an example of illustrative approaches. It is to be understood that the specific order or hierarchy of steps in processes may be rearranged within the scope of the present disclosure, based on design priorities. The appended method claims present elements of the various steps in a sample order but are not meant to be limited to the particular order or hierarchy presented.

The description of the presented embodiments is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these embodiments will be apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments without departing from the scope of the disclosure. Thus, the present disclosure is not limited to the embodiments presented herein but is to be interpreted in the broadest scope consistent with the principles and novel features presented herein.

Claims (12)

As a threat modeling method performed by the first node constituting the blockchain network,
Obtaining a task request containing data required to perform threat modeling through the blockchain network;
In response to the task request, generating a result of threat modeling performed based on the data; and
Transmitting the result of the threat modeling to the blockchain network so that evaluation information about the result and verification information about the evaluation information can be generated;
Including,
The above evaluation information is,
In a second node constituting the blockchain network, it is generated through evaluation of the results obtained through the blockchain network based on predetermined evaluation criteria, and transmitted to the blockchain network,
The above verification information is,
In a third node constituting the blockchain network, it is generated through verification of the validity of the generation of the evaluation information obtained through the blockchain network based on the predetermined evaluation criteria, and transmitted to the blockchain network. become,
When the validity of the generation of the evaluation information is verified, it is decided to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network, and
The predetermined evaluation criteria are,
In the case of work information regarding the preparation of mitigation measures included in the results of the threat modeling, it is based on the voting results of a plurality of nodes included in the blockchain network,
method.
According to claim 1,
The above data is,
Containing at least one of data of a system model including a data flow diagram (DFD) or data of an architecture,
method.
According to claim 1,
The result of the above threat modeling is,
Work information on creating a system model, work information on collection of attack libraries, work information on identification of threats, work information on creation of attack scenarios, work information on risk assessment, and work information on preparation of mitigation measures. Containing at least one of
method.
According to claim 1,
The above evaluation information is,
Containing points calculated by evaluating each task information included in the result of the threat modeling,
method.
According to claim 1,
The predetermined evaluation criteria are,
In the case of work information regarding the creation of a system model included in the result of the threat modeling, based on the level of the system model, whether an object of the system model is created, and whether the data flow of the system model is created,
method.
According to claim 1,
The predetermined evaluation criteria are,
In the case of work information regarding the collection of attack libraries included in the result of the threat modeling, based on the common vulnerability scoring system score of the attack library and the use of the attack library,
method.
According to claim 1,
The predetermined evaluation criteria are,
In the case of work information regarding the identification of threats included in the results of the threat modeling, based on the degree of threat to the target,
method.
According to claim 1,
The predetermined evaluation criteria are,
In the case of work information regarding the creation of attack scenarios included in the results of the above threat modeling, based on the number of each attack tree item and whether or not an effective attack scenario is created,
method.
According to claim 1,
The predetermined evaluation criteria are,
In the case of work information regarding the assessment of risk included in the result of the threat modeling, it is based on the voting results of a plurality of nodes included in the blockchain network,
method.
delete A threat modeling method performed by a second node constituting a blockchain network,
Obtaining the results of threat modeling performed based on data through the blockchain network;
Generating evaluation information through evaluation of the results based on predetermined evaluation criteria; and
Transmitting the evaluation information to the blockchain network so that verification information for the evaluation information can be generated;
Including,
The result of the above threat modeling is,
In a first node constituting the blockchain network, in response to a task request containing the data obtained through the blockchain network, generated through execution based on the data, and transmitted to the blockchain network,
The above verification information is,
In a third node constituting the blockchain network, it is generated through verification of the validity of the generation of the evaluation information obtained through the blockchain network based on the predetermined evaluation criteria, and transmitted to the blockchain network. become,
When the validity of the generation of the evaluation information is verified, it is decided to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network, and
The predetermined evaluation criteria are,
In the case of work information regarding the preparation of mitigation measures included in the results of the threat modeling, it is based on the voting results of a plurality of nodes included in the blockchain network,
method.
A threat modeling method performed by a third node constituting a blockchain network,
Obtaining evaluation information generated through evaluation of the results of threat modeling based on predetermined evaluation criteria through the blockchain network;
generating verification information through verification of the validity of the generation of the assessment information based on the predetermined evaluation criteria; and
Transmitting the verification information to the blockchain network;
Including,
The result of the above threat modeling is,
In a first node constituting the blockchain network, in response to a task request containing data obtained through the blockchain network, generated through execution based on the data, and transmitted to the blockchain network,
The above evaluation information is,
In a second node constituting the blockchain network, it is generated through evaluation of the results obtained through the blockchain network based on the predetermined evaluation criteria, and transmitted to the blockchain network,
When the validity of the generation of the evaluation information is verified, it is decided to pay compensation corresponding to the evaluation information to the first node by a smart contract stored on the blockchain network, and
The predetermined evaluation criteria are,
In the case of work information regarding the preparation of mitigation measures included in the results of the threat modeling, it is based on the voting results of a plurality of nodes included in the blockchain network,
method.

Images