Availability and Downloads

Download DLT Ontology:N-Triples TTL
Download Knowledge Graph:N-Triples TTL
License: https://creativecommons.org/licenses/by/4.0/
Ressource DOI: 10.5281/zenodo.6497619

Ontology Concepts and Relations

In the below picture the core concepts of the ontology are displayed:
Example vulnerability and attack on a DLT system

Ontology Metrics

Ontologies
1
Triples
571
Classes
115
Properties
15
Object Properties
14

Abstract

Distributed ledger systems have become more prominent and successful in recent years, with a focus on blockchains and cryptocurrency. This has led to various misunderstandings about both the technology itself and its capabilities, as in many cases these two became synonymous and other applications are often overlooked. Therefore, as a whole, the view of distributed ledger technology beyond blockchains and cryptocurrencies is very limited. Existing vocabularies and ontologies often focus on single aspects of the technology, or in some cases even just on one product. This potentially leads to other types of distributed ledgers and their possible use cases being neglected. This knowledge graph builds on an ontology for distributed ledger technologies, which includes concepts to model security aspects such as technical threats and vulnerabilities of distributed ledger systems, application domains, as well as relevant standards and regulations.

Competency Questions

We validate and evaluate the ontology by providing SPARQL queries to answer a set of compentency questions. The competency questions are grouped into three main categories:
  • T - Technology and Security involves questions regarding the components of a DLT system, as well as technical threats and vulnerabilities of systems and components.
  • I - Industry and Application involves questions about applications, business sectors, and use cases of DLT systems.
  • S - Standardization and Regulation involves questions about standards, technical controls, standardization organizations, and relevant laws.
PREFIX : <https://w3id.org/DLTOntology#>
T1
Which components are part of the distributed ledger system?
SELECT ?component ?dltsystem WHERE {
  ?dltsystem a :DLTSystem ;
      :hasComponent ?component .
}
T2
Which technical threats have to be considered regarding the consensus algorithm of the system?
SELECT ?threat WHERE {
  ?threat :threatens [ a :ConsensusAlgorithm ]
}
T3
What are known smart contract vulnerabilities?
SELECT ?vulnerability WHERE {
  ?vulnerability a :SmartContractVulnerability .
}
T4
What are the data structures of the system?
SELECT ?dltsystem ?datastructure WHERE {
  ?dltsystem a :DLTSystem ;
    :hasComponent ?datastructure .
  ?datastructure a :DataStructure .
}
T5
Which types of DLT attacks could be used against a system or its components?
SELECT ?component ?vulnerability WHERE {
  ?component :hasVulnerability ?vulnerability .
}
I1
Which use cases can be realised with distributed ledger technology?
SELECT ?dltsystem ?usecase WHERE {
  ?dltsystem :isSpecializedFor ?usecase .
}
I2
Which industries could use distributed ledger systems?
SELECT ?industry ?dltsystem WHERE {
  ?industry a :IndustryInitiative ;
    :comesFrom ?businessSector .
  ?dltsystem :isUsedFor ?businessSector .
}
I3
Which distributed ledger systems are used for public transportation and smart cars?
SELECT ?dltsystem WHERE {
  ?dltsystem :isUsedFor [ a :PublicTransportation ] .
  ?dltsystem :isUsedFor [ a :SmartCars ] .
}
I4
Which types of record keeping could be realized with distributed ledger technology?
SELECT ?dltsystem ?usecase WHERE {
  ?dltsystem :isSpecializedFor ?usecase .
  ?usecase  a :RecordKeeping .
}
S1
Which standardization organizations are active in regards to distributed ledger technology?
SELECT ?stdorga ?standard WHERE {
  ?stdorga a :StandardizationOrganization ;
            :creates ?standard .
  ?dltsystem :compliantTo ?standard .
}
S2
Which normative references do exists for distributed ledger systems?
SELECT ?standard ?dltsystem WHERE {
  ?dltsystem :compliantTo ?standard .
  ?standard a :NormativeStandard .
}
S3
Which industry standards do exist?
SELECT ?standard WHERE {
  ?standard a :IndustryStandard .
}
S4
What are relevant laws in regards to distributed ledger systems?
SELECT ?law ?dltsystem WHERE {
  ?dltsystem :isRegulatedBy ?law .
  ?law a :Law .
}
S5
What are organizational controls and mitigations for a distributed ledger system and/or component?
SELECT ?control ?dltsystem WHERE {
  ?control :controls ?dltsystem ; 
           a :OrganizationalControl .
}
SELECT ?mitigation ?component WHERE {
  ?mitigation :mitigates ?component ; 
           a :DLTComponent .
}
S6
Is there an industry initiative that directs and regulates the used distributed ledger system?
SELECT ?initiative ?dltsystem WHERE {
  ?dltsystem :isCompliantTo ?standard .
  ?initiative a :IndustryInitiative ;
    :creates ?standard .
}

Knowledge Graph

The Knowledge Graph uses the DLT Ontology, and consists named entities from three sectors: (i) standards and legal authorities, (ii) technical details, vulnerabilities and security aspects, and (iii) use cases and business sectors. Two example scenarios are used to illustrate these contents.

The following table lists the number of entities for the core classes:

Triples Std. Std.Org. Comp. UseC. B.Sec. Vuln. Attack
746 18 8 9 55 9 7 11
Example 1 - Vulnerabilities and Attacks

Example No. 1 models the connection of vulnerabilities and attacks on a distributed ledger system on the basis of the infamous DAO attack on the Ethereum blockchain. The DAO (Decentralized Autonomous Organization) was an open-source project running on Ethereum, maintained by a smart contract, and served as a venture capital fund. An attacker was able to siphon off a large sum of the invested capital due to an existing vulnerability.

Example vulnerability and attack on a DLT system

We model DAO as a Smart Contract, which is a component of the Ethereum system. In our example, Ethereum also has a Blockchain and a Proof-of-Work consensus algorithm as components. The DAO Smart Contract has a vulnerability (modeled as "SmartContractVulnerability"); which has been be exploited by the DAO attack (modeled as "SmartContractcAttack").

Example 2 - Use case, business sector and DLT standard

Example No. 2 is a scenario in which a distributed ledger system is used in the medical field. Traditional blockchains have issues with scalability and transaction fees. Using a directed acyclic graph can overcome many shortcomings of a regular blockchain. Using such a system to keep track of patient data, adhering to regulations becomes exceptionally important. Besides the General Data Protection Regulation there are specialized laws and standardisation for the medical field, for example the ISO 22857.

Example of an use case, business sector and standard for an DLT system

We model this example scenario as a DLT System which has a directed acyclic graph (DAG) component. The DAG in this example is regulated by the GDPR, and compliant to the ISO standard.