Security by Design in ShieldCure
Hello, this is the ShieldCure team.
Today, we would like to introduce Security by Design to be applied to ShieldCure MainNet, together with Role-Based Access Control (RBAC), as purpose of System Security.
When it comes to existing products or services, it was most process of security vulnerability solution to release prototype or Minimum Functional Product (MVP) first, then collects market feedback, and internally modify or complement its function. ‘Hackathon’ would be an example herein in which is often held in the variety of blockchain projects.
However, a user or an operator detects all security vulnerabilities and fails to predict issues, due to increasing number of security system failures in the age of IoT where every physical device is connected to network.
It is important to upgrade a fundamental system to build a security solution pursuant to a cyber attack which is getting advanced and diverse. However, the new security concept is designed to be a s secure as possible from the start — the services or products’ initial stage of architecture and configuration. That is “Security by Design”.
Security by Design, as literally means, is referring to security design built in from start of planning of system development. The possibility of potential security issues is minimized by predicting and preventing potential vulnerability, in this approach that considers safety and Easy-to Use from the start of design of products or services, other than the existing method where develops first and then implement a complementary measure. This could accordingly lead to reduce the security costs and times.
In order to apply Security by Design, it is essential to determine the necessarily required Security Technologies first, and then security experts, as well as to mathematically verify a security design being applied to every level of stages.
In order to help you to have clear understanding about Security by Design, let us use the example of building a house. In the existing approach to security design, the house is build first. In this approach, it must rain and then subsequently leak for us to determine where it’s leaking. Then we go back and fill in and repair the leaks. However, if we build the house using Security by Design, we expect the corner of the bricks to be weak before we even stack the bricks. In other words, we prepare for potential accidents beforehand by implementing methods such as waterproofing.
Then whey does ShieldCure intend to apply Security by Design? In initial analysis stage, it is important to proceed a design and implementation plan for a reliable block most of all, because, in terms of features of blockchain, it is difficult to modify and destroy blocks once designed.
If a hacking occurs, it needs to modify and complement in a decentralized method by reaching into a consensus inside the blockchain. This leads to decrease a reliability of protocol and being very cumbersome. In the DAO hacking case, we have already experienced how the case is resolved through a hard fork. Therefore, in order to solve this security issues of the blockchain, it would be more reasonable to prevent security risks by analyzing the multiple security risks from the start.
Also a differential security is essential factors, because ShieldCure handles sensitive information such as personal information on the future platform. Security by Design is the one of ShieldCure’s core philosophy to be going first as purpose to improve scalability, and keep integrity and transparency of the blockchain.
Finally, let us take a look at how Security by Design applies to ShieldCure MainNet.
Considering the risk analysis in the MainNet environment, it is necessarily required to provide the fundamental policy (for exmaple, AML, Double-Spending prevention, prevention & precaution against Dpos privority nodes’ unity, etc.) in the Governance Rule. This naturally reaches to a consensus, through a smart contract. Also, this minimizes risks of disclosure of block information arising from Separation of Duty and Least of Privilege. In terms of other potential risk, it is scheduled to apply Role-Based Access Control (RBAC).
For the further details of RBAC and Security by Design, please be advised to refer to the White Paper, or Tech Report to be issued in the upcoming days.
Thanks.
“KEEP YOUR IDENTITY, SHIELDCURE”
