Hongsong Chen , Xietian Luo , Lei Shi , Yongrui Cao , Yongpeng Zhang
{"title":"从全栈架构的角度看基于区块链的服务的安全挑战和防御方法","authors":"Hongsong Chen , Xietian Luo , Lei Shi , Yongrui Cao , Yongpeng Zhang","doi":"10.1016/j.bcra.2023.100135","DOIUrl":null,"url":null,"abstract":"<div><p>As an advantageous technique and service, the blockchain has shown great development and application prospects. However, its security has also met great challenges, and many security vulnerabilities and attack issues in blockchain-based services have emerged. Recently, security issues of blockchain have attracted extensive attention. However, there is still a lack of blockchain security research from a full-stack architecture perspective, as well as representative quantitative experimental reproduction and analysis. We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective. Meanwhile, we propose a formal definition of the full-stack security architecture for blockchain-based services, and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective. We use ConCert to conduct a smart contract formal verification experiment by property-based testing. The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures (CVE) and China Nation Vulnerability Database (CNVD) are selected and enumerated. Additionally, three real contract-layer real attack events are reproduced by an experimental approach. Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study, the security problems and defense techniques are analyzed and researched. At last, the future research directions are proposed.</p></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"4 3","pages":"Article 100135"},"PeriodicalIF":6.9000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Security challenges and defense approaches for blockchain-based services from a full-stack architecture perspective\",\"authors\":\"Hongsong Chen , Xietian Luo , Lei Shi , Yongrui Cao , Yongpeng Zhang\",\"doi\":\"10.1016/j.bcra.2023.100135\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>As an advantageous technique and service, the blockchain has shown great development and application prospects. However, its security has also met great challenges, and many security vulnerabilities and attack issues in blockchain-based services have emerged. Recently, security issues of blockchain have attracted extensive attention. However, there is still a lack of blockchain security research from a full-stack architecture perspective, as well as representative quantitative experimental reproduction and analysis. We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective. Meanwhile, we propose a formal definition of the full-stack security architecture for blockchain-based services, and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective. We use ConCert to conduct a smart contract formal verification experiment by property-based testing. The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures (CVE) and China Nation Vulnerability Database (CNVD) are selected and enumerated. Additionally, three real contract-layer real attack events are reproduced by an experimental approach. Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study, the security problems and defense techniques are analyzed and researched. At last, the future research directions are proposed.</p></div>\",\"PeriodicalId\":53141,\"journal\":{\"name\":\"Blockchain-Research and Applications\",\"volume\":\"4 3\",\"pages\":\"Article 100135\"},\"PeriodicalIF\":6.9000,\"publicationDate\":\"2023-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Blockchain-Research and Applications\",\"FirstCategoryId\":\"1093\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2096720923000106\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Blockchain-Research and Applications","FirstCategoryId":"1093","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2096720923000106","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 2
摘要
区块链作为一项优势技术和服务,显示出巨大的发展和应用前景。然而,其安全性也遇到了很大的挑战,基于区块链的服务中出现了许多安全漏洞和攻击问题。最近,区块链的安全问题引起了广泛关注。然而,目前还缺乏全栈架构视角下的区块链安全研究,以及有代表性的定量实验再现与分析。我们的目标是提供一个安全架构,从全栈架构的角度解决区块链服务中的安全风险。同时,我们提出了基于区块链服务的全栈安全架构的正式定义,并从全栈安全的角度提出了安全问题和防御解决方案的正式表达。我们使用ConCert通过基于属性的测试进行智能合约形式化验证实验。选取并列举了CVE (Common vulnerabilities and Exposures)和CNVD (China national Vulnerability Database)中区块链服务的安全漏洞。此外,通过实验方法再现了三个真实的合约层真实攻击事件。以阿里巴巴的区块链服务和Hyperledger Fabric中的身份混合器为例,分析和研究了安全问题和防御技术。最后,提出了今后的研究方向。
Security challenges and defense approaches for blockchain-based services from a full-stack architecture perspective
As an advantageous technique and service, the blockchain has shown great development and application prospects. However, its security has also met great challenges, and many security vulnerabilities and attack issues in blockchain-based services have emerged. Recently, security issues of blockchain have attracted extensive attention. However, there is still a lack of blockchain security research from a full-stack architecture perspective, as well as representative quantitative experimental reproduction and analysis. We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective. Meanwhile, we propose a formal definition of the full-stack security architecture for blockchain-based services, and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective. We use ConCert to conduct a smart contract formal verification experiment by property-based testing. The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures (CVE) and China Nation Vulnerability Database (CNVD) are selected and enumerated. Additionally, three real contract-layer real attack events are reproduced by an experimental approach. Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study, the security problems and defense techniques are analyzed and researched. At last, the future research directions are proposed.
期刊介绍:
Blockchain: Research and Applications is an international, peer reviewed journal for researchers, engineers, and practitioners to present the latest advances and innovations in blockchain research. The journal publishes theoretical and applied papers in established and emerging areas of blockchain research to shape the future of blockchain technology.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
