I made a contribution to the ISO/TC 307 meeting in London (May 2018) which gave birth to the SECM study period in security group (WG2), the subject not being taken into account in other working groups. So it was the lack of equivalent work in the technical committee ISO/TC 307 that initially encouraged me in this initiative, with a co-leader : Patrick Curry.The objective is to link a conceptual approach (security models) to the pragmatic requirement of governance related to consensus algorithms. This need is commun to the European perspective (CEN-Cenelec white paper) and good practices specific to ISO standardization. On the one hand, the study period is created to support the already existing work the technical committee ISO/TC 307 : DTR23245 ( Security risks, threats and vulnerabilities), WG1 working group (terminology, architecture) and WG5 working group (governance).On the other hand, this can lead to the creation of a NWIP based on the results of the study period.
Here are the topics I developed in the report :- security model : safety and liveness parametersI chose this model developed in different academic works for its simplicity in its formulation.- A-indulgent, B-indulgent :This model is an interpretation and an extension of the safety / liveness parameters approach.The issue today is to validate in practice the relevance of these models from the field of distributed computing with the recent Natakomo consensus algorithms such as PoW.- Computational approach - shutdown problem - governabilityThis objective of this part is to open questions about a possible consensus security model in phase of shutdown : the end of the blockchain project, with governance (or risk analysis) objectives. Measurable PKI :cf attached files : - presentation slides : ISO-TC307-WG02_N61_SECM study presentation Dublin 28 May 2019.- report : ISO-TC307-WG02_N57_Study SECM - 2nd report after 12 months.
- Tuesday May 28 from 09:00 to 10:30 and from 15:30 to 17:00 : Participation to the DTR23245 ( Security risks, threats and vulnerabilities) comments reviewA review of DTR23245 comments with Shin'ichiro Matsuo was done concerning the comments related to the consensus algorithms. It seems necessary to insist on the convergence between the models developed in the reports and the list of known vulnerabilities.- Tuesday May 28 from 11 : 00 12: 30 participation in the joint session WG 1 & WG 2- Tuesday May 28 from 13 :30 15 :00 Presentation of the SECM study period report.There were 15 people present, including Shi’richino Matsuo, the editor of the DTR23245. The presentation was made jointly by Patrick Curry and myself. - Wednesday May 29 from 13:30 to 15:00. Participation in joint session WG 2 & WG 5 - identity & governance – consensus.I intervene during the session on the theme of the governance of consensus algorithms, and I explained to Roman Beck, the convenor of the WG5 (Governance) the question of the shutdown and the need to consider the behavior of the consensus algorithm at the end of the blockchain life cycle, according to my contribution.- Wednesday May 29 from 15 :30 – 17 :00 : WG2 plenary : presentation of the SECM study period recommendations : request for a second extension of the study period.- Thursday May 30 from 15 :30 to 17 :00 : Participation to the WG2 final plenary.
The report and the presentation in support to the existing work was an objective of the study period.A second extension of the study period was accepted at the Dublin meeting. However, objectives must be defined with the team.At a minimum, better integration of the work of the SECM study period with the work of the other working groups concerned : - review all the comments of the DTR23245 and use of the content developed in the report to give interpretations- review of the WG1 comments ( terminology, architecture, taxonomie) and use of the content developed in the report to provide interpretationsIf possible, the objective of the publication of a document (TR, TS or IS) concerning the technical aspects of governance or the risk approach of consensus algorithms interpreted using consensus models.There is a need to mature the link between the models developed and the industrial needs in matter of good practices : a questioning concerning the objectives and its industrials interests will be necessary at the beginning of the second extension. A call with the SECM team is expected soon and I do not wish to engage more at this stage. The maturity of the actors will be taken into account.Beyond that, it is necessary to extend the study to new contributors.