Threat Modeling a Health Web3 DApp

Ricardo Gomes; Daniela Dinis; João Oliveira; Marisa Maximiano; Vítor Távora; Carlos Machado Antunes; Manuel Dias; Ricardo Correia Bezerra

doi:10.34624/jdmi.v8i19.40187

Threat Modeling a Health Web3 DApp

Ricardo Gomes School of Technology and Management, Polytechnic of Leiria, Leiria, Portugal http://orcid.org/0000-0002-0438-9119
Daniela Dinis School of Technology and Management, Polytechnic of Leiria, Leiria, Portugal https://orcid.org/0009-0004-2541-2463
João Oliveira School of Technology and Management, Polytechnic of Leiria, Leiria, Portugal https://orcid.org/0009-0005-9903-5223
Marisa Maximiano School of Technology and Management, CIIC, Polytechnic of Leiria, Leiria, Portugal https://orcid.org/0000-0002-1212-7864
Vítor Távora School of Technology and Management, Polytechnic of Leiria, Leiria, Portugal https://orcid.org/0009-0004-0404-9378
Carlos Machado Antunes School of Technology and Management, Polytechnic of Leiria, Leiria, Portugal https://orcid.org/0009-0005-7010-4328
Manuel Dias BioGHP, Lisboa, Portugal http://orcid.org/0009-0000-1830-6479
Ricardo Correia Bezerra BioGHP, Lisboa, Portugal http://orcid.org/0009-0005-1237-6632

DOI: https://doi.org/10.34624/jdmi.v8i19.40187

Keywords: Blockchain, Healthcare, Threat Modeling

Abstract

The healthcare sector increasingly explores Distributed Ledger Technology (DLT) and Health Web 3.0 Decentralized Applications (DApps) as promising solutions for patient-centric data management, data sovereignty, and privacy-preserving systems. Despite significant research at the intersection of blockchain and healthcare, current efforts predominantly address isolated technical challenges—focusing narrowly on specific mechanisms such as confidentiality, privacy, or individual smart contract vulnerabilities. Even cybersecurity assessments typically examine discrete attack vectors rather than comprehensive threat landscapes. This fragmented approach limits our ability to build trustworthy systems and delays real-world adoption, as stakeholders lack frameworks to holistically evaluate security posture.
This study addresses this gap by conducting a comprehensive threat modeling analysis of Health Web 3.0 DApps, taking into account the complex and interconnected security challenges inherent in blockchain-based healthcare systems. We employ a multi-framework approach integrating LINDDUN threat modeling methodology, OWASP Top 10 Smart Contract Vulnerabilities catalog, and Threat Dragon analytical tool to systematically identify, categorize, and evaluate security risks across the entire application stack. Our analysis maps threats spanning smart contract design flaws, cross-chain interaction vulnerabilities, decentralized identity management weaknesses, unauthorized data access risks, and denial-of-service attack vectors.
The primary contribution of this work is demonstrating the critical importance and practical value of holistic threat modeling in blockchain healthcare systems. Our findings reveal interdependencies between seemingly isolated vulnerabilities and show how comprehensive security assessment enhances data privacy protection, smart contract integrity, and overall application resilience. This research provides stakeholders with a systematic methodology for deriving trust in blockchain healthcare solutions, advancing both regulatory compliance and user confidence in decentralized medical data management systems.

Downloads

Download data is not yet available.

Published

2025-12-09

Issue

Vol 8 No 19 (2025): Web3

Section

Articles

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who publish in the JDMI agree to the following terms:

Authors retain copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons BY-NC-ND 4.0. This licensing allows others to share the work with no changes and acknowledgement of the work's authorship and initial publication in this journal, but not for commercial use.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after publication, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

Copyrights to illustrations published in the journal remain with their current copyright holders.

It is the author's responsibility to obtain permission to quote from copyright sources.

Any fees required to obtain illustrations or to secure copyright permissions are the responsibility of authors.

Additional Information

All correspondence concerning contributions, books and other review material should be sent to: deca-jdmi@ua.pt