首页|Security challenges and defense approaches for blockchain-based services from a full-stack architecture perspective

Security challenges and defense approaches for blockchain-based services from a full-stack architecture perspective

扫码查看
原文链接
  • NETL
  • NSTL
  • 万方数据
As an advantageous technique and service,the blockchain has shown great development and application pros-pects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive atten-tion.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security archi-tecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.

Security and privacyBlockchain-based servicesFull stackArchitecture perspectiveCase and experimental studyFormal verification

Hongsong Chen、Xietian Luo、Lei Shi、Yongrui Cao、Yongpeng Zhang

展开 >

Department of Computer Science,University of Science and Technology Beijing(USTB),Beijing,100083,China

Beijing Key Laboratory of Knowledge Engineering for Materials Science,Beijing,100083,China

国家重点研发计划Fundamental Research Funds for the Central Universities from the Ministry of Education of China

2018YFB0803403FRF-AT-20-11

2023

10.1016/j.bcra.2023.100135

区块链研究(英文)

区块链研究(英文)

EI
ISSN:
年,卷(期):2023.4(3)
  • 72