SaTC: CORE: Medium: Self-Adaptive Cyber Risk Management via Machine to Machine Economy Supported by Blockchain and Smart Contracts Technology

SaTC：核心：中：通过区块链和智能合约技术支持的机器对机器经济进行自适应网络风险管理

• 批准号: 2000792
• 负责人: Dragan Boscovic
• 金额: $ 75万
• 依托单位: Arizona State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2000792&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Self; Adaptive

This project advances cybersecurity of large scale blockchain-enabled Internet of Things (IoT) systems via a novel organization of machine to machine (M2M) economy. Blockchain is a decentralized and distributed ledger. The IoT is a system of interconnected computing devices on which the emergence of 5G technology has an accelerating effect. The M2M economy is a collection of machines acting as economic agents that autonomously interact through sequences of transactions. Blockchain technology enables the registry of these transactions whose logic is articulated and coded in the form of smart contracts. These technologies have transformational potential and hold the promise of unprecedented economic growth, but they come with many vulnerabilities. This research contributes to the progress of science, advancement of prosperity and welfare, and securing the national defense through a new mechanism to enable security and cost efficient interactions on M2M platforms. The novel idea is to design market incentives such that services among machines are bought and sold based not only on their cost but also on the cyber-riskiness of the devices providing those services.The project envisions decentralized systems that are self-adapting to cyber-risk and facilitate security and cost efficient interactions on platforms based on blockchain and IoT. The challenges are lack of: (a) real-time market design and self-optimization mechanisms; (b) scalable approaches for real-time attack identification across programs and high-level logics; (c) methods to assess M2M specific attack impact. Responding to these challenges, this project interprets the problem of creating a cyber-secure and economically efficient IoT/blockchain-based ecosystem as one of designing large-scale interconnected markets. Each of these markets has a price adjustment mechanism that may discriminate based on real-time cyber-risk. Collectively, these markets give rise to an overall emergent property of cyber-risks and economic efficiency self-adaptive optimization. Vulnerability assessment is the key to generate cyber-risk and price appropriate adjustments. This project comprehensively assesses M2M specific vulnerabilities by articulating attack graphs, hence contributing to characterizing the cyber-risk of decentralized applications for smart contract platforms. By using tools of random graph theory and percolation theory, the project provides a representative mathematical framework for understanding the cyber-risk of a IoT/blockchain-based ecosystem. Finally, as a showcase, the project applies the proposed mechanism to the use case of large-scale personalized treatment delivery.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目通过一种新的机器对机器（M2M）经济组织推进了大规模区块链支持的物联网（IoT）系统的网络安全。区块链是一个去中心化的分布式账本。物联网是一个相互连接的计算设备系统，5G技术的出现对其产生了加速效应。M2M经济是作为经济主体的机器的集合，它们通过一系列的交易自主地相互作用。区块链技术支持这些交易的注册，这些交易的逻辑以智能合约的形式表达和编码。这些技术具有变革潜力，有望带来前所未有的经济增长，但它们也存在许多脆弱性。本研究通过在M2M平台上实现安全和低成本互动的新机制，为科学进步、繁荣和福利的进步以及国防安全做出贡献。这个新颖的想法是设计市场激励机制，使机器之间的服务买卖不仅基于成本，还基于提供这些服务的设备的网络风险。该项目设想了能够自适应网络风险的分散系统，并在基于区块链和物联网的平台上促进安全和经济高效的交互。面临的挑战是缺乏：(a)实时市场设计和自我优化机制；(b)跨程序和高级逻辑进行实时攻击识别的可扩展方法；(c)评估M2M特定攻击影响的方法。为了应对这些挑战，该项目将创建网络安全和经济高效的物联网/区块链生态系统的问题解释为设计大规模互联市场之一。每个市场都有一个价格调整机制，可以根据实时网络风险进行区分。总的来说，这些市场产生了网络风险和经济效率自适应优化的整体新兴特性。脆弱性评估是产生网络风险和价格适当调整的关键。该项目通过清晰的攻击图全面评估M2M特定漏洞，从而有助于表征智能合约平台分散应用程序的网络风险。通过使用随机图理论和渗透理论的工具，该项目为理解基于物联网/区块链的生态系统的网络风险提供了一个代表性的数学框架。最后，作为展示，该项目将提出的机制应用于大规模个性化治疗交付的用例。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。