現今越來越多大型企業、政府單位都開始佈置區塊鏈應用，藉由區塊鏈透明可追蹤、不可竄改等特性，解決企業的痛點。而區塊鏈一般以參與方作為主要的分類方式，可以區分為公有區塊鏈及私有區塊鏈，在公有區塊鏈因其共識演算法的限制，其交易吞吐量低且交易處理時間長，導致使用成本高昂，因此企業通常會採用私有區塊鏈做為解決方案。
組織在使用私有區塊鏈應用時，會對於私有區塊鏈有資安風險的疑慮，然而目前並沒有一個成熟的私有區塊鏈風險評估準則。因此本研究提出一個考量節點相關性的私有區塊鏈資安風險評估框架，以私有區塊鏈的可用性與完整性作為風險評估指標，用來評估私有區塊鏈的可持續營運性。除此之外相較於公有區塊鏈，私有區塊鏈的節點數目較少，且唯有經過許可的使用者才能參與，因此在評估私有區塊鏈風險時，節點間的相關性也是重要的一環，必須將私有區塊鏈各個節點間的相關性納入風險評估中，才能使評估結果更加貼近現實。

Nowadays, more and more enterprises have applied the blockchain technology
into their products or services. Thanks to the traceability and immutability of
blockchain technology, the properties help them solving the pain points of
enterprises. Blockchain technology generally use participants as the main
classification method, which can be divided into permissionless blockchain and
permissioned blockchain.However, due to the limitation of its consensus algorithm,
the permissionless blockchain has low transaction volume and long processing time,
resulting in performance bottlenecks. Therefore, enterprises use permissioned
blockchain as a solution.
When organizations use permissioned blockchain applications, they will have
doubts about the security risks of permissioned blockchain. However, to the best of
our knowledge, there is no widely acceptably permissioned blockchain risk
assessment criteria. Therefore, this study proposed a permissioned blockchain
security risk assessment framework that considers node correlations. First, the
availability and integrity of permissioned blockchain are used as risk assessment
indicators to assess the sustainable operation of permissioned blockchain.
Furthermore, compared to permissionless blockchain, permissioned blockchain have fewer nodes, and only authorized users can participate. Therefore, the correlation
between each node of the permissioned blockchain must be included in the risk assessment to make the assessment result closer to reality.

英文參考文獻
[1] VUKOLIĆ, Marko. Rethinking permissioned blockchains. In： Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts. 2017. p. 3-7.
[2] DINH, Tien Tuan Anh, et al. Blockbench： A framework for analyzing private blockchains. In： Proceedings of the 2017 ACM International Conference on Management of Data. 2017. p. 1085-1100.
[3] HAO, Yue, et al. Performance analysis of consensus algorithm in private blockchain. In： 2018 IEEE Intelligent Vehicles Symposium (IV). IEEE, 2018. p. 280-285.
[4] MOUBARAK, Joanna; FILIOL, Eric; CHAMOUN, Maroun. On blockchain security and relevant attacks. In： 2018 IEEE Middle East and North Africa Communications Conference (MENACOMM). IEEE, 2018. p. 1-6.
[5] SAAD, Muhammad, et al. Exploring the attack surface of blockchain： A systematic overview. arXiv preprint arXiv：1904.03487, 2019.
[6] ZHENG, Zibin, et al. Blockchain challenges and opportunities： A survey. International Journal of Web and Grid Services, 2018, 14.4： 352-375.
[7] NAKAMOTO, Satoshi. Bitcoin: A peer-to-peer electronic cash system. Manubot, 2019.
[8] ZHENG, Zibin, et al. Blockchain challenges and opportunities: A survey. International Journal of Web and Grid Services, 2018, 14.4: 352-375.
[9] LIN, Iuon-Chang; LIAO, Tzu-Chun. A survey of blockchain security issues and challenges. IJ Network Security, 2017, 19.5： 653-659.
[10] VOKERLA, Rahul Rao, et al. An Overview of Blockchain Applications and Attacks. In： 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN). IEEE, 2019. p. 1-6.
[11] STEPHEN, Remya; ALEX, Aneena. A Review on BlockChain Security. In： IOP Conference Series： Materials Science and Engineering. IOP Publishing, 2018. p. 012030.
[12] TOSH, Deepak K., et al. Security implications of blockchain cloud with analysis of block withholding attack. In： 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID). IEEE, 2017. p. 458-467.
[13] SAYEED, Sarwar; MARCO-GISBERT, Hector. Assessing blockchain consensus and security mechanisms against the 51% attack. Applied Sciences, 2019, 9.9： 1788.
[14] ISMAIL, Leila, et al. Towards a Blockchain Deployment at UAE University： Performance Evaluation and Blockchain Taxonomy. In： Proceedings of the 2019 International Conference on Blockchain Technology. 2019. p. 30-38.
[15] ZHANG, Rui; XUE, Rui; LIU, Ling. Security and privacy on blockchain. ACM Computing Surveys (CSUR), 2019, 52.3： 1-34.
[16] KOLB, John, et al. Core Concepts, Challenges, and Future Directions in Blockchain： A Centralized Tutorial. ACM Computing Surveys (CSUR), 2020, 53.1： 1-39.
[17] BAZARI, Aditya Shyam, et al. Node Criticality Assessment in a Blockchain Network. In： Proceedings of the 2nd Workshop on Blockchain-enabled Networked Sensor. 2019. p. 22-27.
[18] MOHAN, C. State of public and private blockchains： Myths and reality. In： Proceedings of the 2019 International Conference on Management of Data. 2019. p. 404-411.
[19] FOURNIER, Gregory; PETRILLO, Fabio. Challenges and solutions on architecting blockchain systems. In： Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering. IBM Corp., 2018. p. 293-300.
[20] GRAY, Jim; SIEWIOREK, Daniel P.. . High-availability computer systems. Computer, 1991, 24.9: 39-48.
[21] GUEGAN, Dominique. Public blockchain versus private blockhain. 2017.
[22] ZHENG, Zibin, et al. An overview of blockchain technology： Architecture, consensus, and future trends. In： 2017 IEEE international congress on big data (BigData congress). IEEE, 2017. p. 557-564.
中文參考文獻
[23] S.-C. Cha,”私有區塊鏈應用安全需求”. 國立台灣科技大學資通安全研究與教學中心