Font Size: a A A

Rresearch On Vulnerability Detection Technology Of Smart Contracts In Permissioned Blockchain

Posted on:2023-09-29Degree:MasterType:Thesis
Country:ChinaCandidate:J W JiangFull Text:PDF
GTID:2568306914472144Subject:Cyberspace security
Abstract/Summary:PDF Full Text Request
With the development and popularity of blockchain technology,more and more smart contract applications are built on the blockchain platform.Because Hyperledger Fabric,which represents the platform of federation chain,is more prominent than permissionless blockchain platform in efficiency and extensibility,it has become the main platform for many smart contract applications such as government and business.Different from the traditional application running on a single node to obtain the result,as a distributed application,smart contract usually needs to run on multiple nodes at the same time,and the final result is recognized only when the result is consistent.Otherwise,the smart contract fails to run and cannot provide services to users.At the same time,due to the lack of understanding of the smart contract operation logic,developers are difficult to understand the correct semantics of the Fabric smart contract API when writing business logic.As a result,the execution logic of smart contract is different from the actual business logic,causing a lot of losses.However,there are few research and detection tools for the security vulnerability of smart contracts in permissioned blockchain.Therefore,it is necessary to study the security vulnerability detection technology for smart contracts in permissioned blockchain,which is represented by Fabric platform.In this paper,the Fabric platform in the permissioned blockchain is taken as the research object to study and analyze the possible security vulnerabilities of the Fabric smart contract.Aiming at the vulnerability detection requirements of the Fabric platform in different scenarios,a Fabric smart contract security vulnerability detection scheme combining dynamic detection and static detection is designed.It automatically and efficiently analyzes security vulnerabilities in Fabric smart contracts to help developers and users discover security vulnerabilities in smart contracts and avoid losses caused by vulnerabilities.The main work of this paper is as follows:1.Research the security vulnerabilities of the current Fabric smart contract and analyze their causes.This paper summarizes and classifies 12 Fabric smart contract security vulnerabilities,including misuse of global variables,misuse of external Web services and misuse of external Web services,and discusses the causes and possible hazards of these vulnerabilities according to three categories:internal inconsistency vulnerability,external inconsistency vulnerability and Fabric API usage specification vulnerability.2.Proposed a Fabric smart contract security vulnerability detection scheme based on dynamic and static combination.In order to ensure the comprehensiveness of test results,reduce missing reports,accurately reproduce vulnerabilities,and reduce false positives,this paper proposes static detection scheme based on static taint analysis and dynamic detection scheme based on code piling,and establishes the overall detection thinking according to the above three categories of vulnerabilities and each category.At the same time,the corresponding detection rules are designed according to the causes of specific security vulnerabilities in each category.3.Based on the proposed Fabric smart contract security vulnerability detection scheme,a Fabric smart contract security vulnerability detection system is designed and implemented.The design and implementation of each module in the system are introduced,and two engineering optimization are earried out for the traditional static taint analysis method,namely,function pruning of standard library and concurrent implementation of stain analysis,which improves the detection efficiency.For dynamic analysis method,a sandbox environment is constructed to simulate execution,which simplifies the pre-requirements of operation environment and improves operation efficiency.Finally,the system is compared with the open source detection tool for specific detection results,which greatly improves the types of supported detection vulnerabilities and the false positive rate,false negative rate and accuracy rate of detection vulnerabilities.
Keywords/Search Tags:Permissioned Blockchain, Hyperledger Fabric, smart contract, security vulnerability
PDF Full Text Request
Related items