As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in b...As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.展开更多
基金supported by the National Key Research and Devel-opment Program of China(2018YFB0803403)Fundamental Research Funds for the Central Universities(FRF-AT-20-11)from the Ministry of Education of China。
文摘As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.