| Blockchain,as an emerging technology,has received more and more attention,and has become an effective technical architecture for implementing rights management and data consistency in a distributed network where nodes do not trust each other.It is widely used in finance,internet of things and other fields.The application of blockchain technology also generates a large number of security problems.Due to the particularity of the application field,the outbreak of security problems often brings inestimable economic losses.Therefore,how to efficiently and accurately detect blockchain platforms and applications security is a subject worthy of study.The application ecology surrounding the blockchain technology is becoming larger and larger.In the foreseeable future,the applications built on the blockchain will grow explosively.Human-based security detection methods cannot fully meet the security detection needs of the blockchain ecosystem,so people's calls for automated detection solutions are getting higher and higher.The data flow in the blockchain system is regular and easy to classify and extract,the automated security detection scheme can also provide accuracy that is not inferior to manual detection.Based on the above considerations,this article studies and implements automated security detection methods for the blockchain base layer and smart contract layer.Aiming at the basic layer of the blockchain,this thesis takes the Eos blockchain platform as the research object,and proposes an automated security detection method based on fuzzy testing.Based on the transaction model and data processing process of the blockchain system,this thesis designs a targeted semi-random test case construction method,and judges whether the blockchain has security loopholes by monitoring and comparing the state changes of the blockchain nodes during the execution of test cases.Aiming at the smart contract layer of the blockchain,this thesis takes EVM and WASM as the research object,and proposes a method for automated security detection of smart contract bytecode using symbolic execution technology.This thesis develops a complete symbolic execution virtual machine for smart contract bytecode,optimizes the symbolic execution process based on the blockchain mechanism and bytecode characteristics,improves the coverage of effective branches,and reduces symbolic execution time.At the same time,this thesis designs and implements a method to automatically determine whether there are loopholes by solving symbolic expressions and a method that uses symbolic descriptions to simulate memory allocation and data storage to track data changes during the execution of smart contracts and automatically determine whether there are security loopholes.Finally,from the test results,the automated security detection method proposed in this thesis can accurately detect the security loopholes in the blockchain with little or no human intervention.This achievement provides great help for the security inspection of the blockchain system,which is undoubtedly of great significance in the current situation where the effectiveness of blockchain security tools is not strong. |
PDF Full Text Request