Decentralized Vulnerability Disclosure via Permissioned Blockchain: A Secure, Transparent Alternative to Centralized CVE Management

• URL: http://arxiv.org/abs/2505.00480v1
• Date: Thu, 01 May 2025 12:12:08 GMT
• Title: Decentralized Vulnerability Disclosure via Permissioned Blockchain: A Secure, Transparent Alternative to Centralized CVE Management
• Authors: Novruz Amirov, Kemal Bicakci,
• Abstract summary: This paper proposes a decentralized, blockchain-based system for the publication of Common Vulnerabilities and Exposures ( CVEs)<n>The proposed architecture leverages a permissioned blockchain, wherein only authenticated CVE Numbering Authorities (CNAs) are authorized to submit entries.<n>We evaluate the proposed model in comparison with existing practices, highlighting its advantages in transparency, trust decentralization, and auditability.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: This paper proposes a decentralized, blockchain-based system for the publication of Common Vulnerabilities and Exposures (CVEs), aiming to mitigate the limitations of the current centralized model primarily overseen by MITRE. The proposed architecture leverages a permissioned blockchain, wherein only authenticated CVE Numbering Authorities (CNAs) are authorized to submit entries. This ensures controlled write access while preserving public transparency. By incorporating smart contracts, the system supports key features such as embargoed disclosures and decentralized governance. We evaluate the proposed model in comparison with existing practices, highlighting its advantages in transparency, trust decentralization, and auditability. A prototype implementation using Hyperledger Fabric is presented to demonstrate the feasibility of the approach, along with a discussion of its implications for the future of vulnerability disclosure.

Related papers

• A Distributed Blockchain-based Access Control for the Internet of Things [0.0]
  Internet of Things (IoT) environment has become increasingly fertile for malicious users to break the security and privacy of IoT users. To address the distributed IoT environment, blockchain is viewed as a promising data management technology. We propose a decentralised access control and attribute-based access control model for IoT entitled (DBC-ABAC) A proof-of-concept implementation is presented using Hyperledger Fabric.
  arXiv  Detail & Related papers  (2025-03-22T22:36:02Z)
• Data sharing in the metaverse with key abuse resistance based on decentralized CP-ABE [17.462884309974097]
  Ciphertext-policy-based encryption (CP-ABE) is a promising primitive to provide confidentiality and fine-grained access control.<n>Few studies have considered CP-ABE key confidentiality and authority accountability simultaneously.<n>We introduce an open incentive mechanism to encourage honest participation in data sharing.
  arXiv  Detail & Related papers  (2024-12-18T12:06:56Z)
• Protocol Learning, Decentralized Frontier Risk and the No-Off Problem [56.74434512241989]
  We identify a third paradigm - Protocol Learning - where models are trained across decentralized networks of incentivized participants. This approach has the potential to aggregate orders of magnitude more computational resources than any single centralized entity. It also introduces novel challenges: heterogeneous and unreliable nodes, malicious participants, the need for unextractable models to preserve incentives, and complex governance dynamics.
  arXiv  Detail & Related papers  (2024-12-10T19:53:50Z)
• Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
  We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency.<n>Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
  arXiv  Detail & Related papers  (2024-12-07T20:18:36Z)
• Decentralized Credential Status Management: A Paradigm Shift in Digital Trust [0.0]
  Public key infrastructures are essential for Internet security, ensuring robust certificate management and revocation mechanisms. The transition from centralized to decentralized systems presents challenges such as trust distribution and privacy-preserving credential management. This paper explores the evolution of certificate status management from centralized to decentralized frameworks, focusing on blockchain technology and advanced cryptography.
  arXiv  Detail & Related papers  (2024-06-17T13:17:56Z)
• It Takes Two: A Peer-Prediction Solution for Blockchain Verifier's Dilemma [12.663727952216476]
  We develop a Byzantine-robust peer prediction framework towards the design of one-phase Bayesian truthful mechanisms for the decentralized verification games.<n>Our study provides a framework of incentive design for decentralized verification protocols that enhances the security and robustness of the blockchain.
  arXiv  Detail & Related papers  (2024-06-03T21:21:17Z)
• A Novel Endorsement Protocol to Secure BFT-Based Consensus in Permissionless Blockchain [1.3723120574076126]
  BFT-based consensus mechanisms are widely adopted in the permissioned blockchain to meet the high scalability requirements of the network. Sybil attacks are one of the most potential threats when applying BFT-based consensus mechanisms in permissionless blockchain. This paper presents a novel endorsement-based bootstrapping protocol with a signature algorithm that offers a streamlined, scalable identity endorsement and verification process.
  arXiv  Detail & Related papers  (2024-05-04T03:00:33Z)
• Enhancing Trust and Privacy in Distributed Networks: A Comprehensive Survey on Blockchain-based Federated Learning [51.13534069758711]
  Decentralized approaches like blockchain offer a compelling solution by implementing a consensus mechanism among multiple entities. Federated Learning (FL) enables participants to collaboratively train models while safeguarding data privacy. This paper investigates the synergy between blockchain's security features and FL's privacy-preserving model training capabilities.
  arXiv  Detail & Related papers  (2024-03-28T07:08:26Z)
• Graph Attention Network-based Block Propagation with Optimal AoI and Reputation in Web 3.0 [59.94605620983965]
  We design a Graph Attention Network (GAT)-based reliable block propagation optimization framework for blockchain-enabled Web 3.0. To achieve the reliability of block propagation, we introduce a reputation mechanism based on the subjective logic model. Considering that the GAT possesses the excellent ability to process graph-structured data, we utilize the GAT with reinforcement learning to obtain the optimal block propagation trajectory.
  arXiv  Detail & Related papers  (2024-03-20T01:58:38Z)
• Generative AI-enabled Blockchain Networks: Fundamentals, Applications, and Case Study [73.87110604150315]
  Generative Artificial Intelligence (GAI) has emerged as a promising solution to address challenges of blockchain technology. In this paper, we first introduce GAI techniques, outline their applications, and discuss existing solutions for integrating GAI into blockchains.
  arXiv  Detail & Related papers  (2024-01-28T10:46:17Z)
• Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels [77.34726150561087]
  Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks. We give an overview of current solutions that differ in their fundamental values and technological possibilities. We propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment.
  arXiv  Detail & Related papers  (2020-07-03T10:45:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.