Potential Risk Detection System of Hyperledger Fabric Smart Contract based on Static Analysis

Lv, Penghui; Wang, Yu; Wang, Yazhe; Han, Wei; Zhou, Qihui

doi:10.1109/iscc53001.2021.9631249

Cited by 13 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For the general, native consortial smart contract development context, although there are some generally known risks, fault forecasting is hindered by the lack of statistical insight into faults and their effects, and tooling is limited and largely experimental. Speciőcally, for Hyperledger Fabric, there are some static code analysis tools [80] [44] [57] [52] [62] [79] and hybrid dynamic and static analysis has been proposed [50]. Fuzzing [27] has been also introduced.…”

Section: The Challenge Of Dependable Consortial Smart Contractsmentioning

confidence: 99%

Practical runtime verification of cross-organizational smart contracts

Kangogo,

Péter,

Klenik

et al. 2024

Preprint

View full text Add to dashboard Cite

Smart contracts in blockchains often implement critical functionality; consequently, their development time software fault detection, removal, and avoidance have been the target of intensive research. However, the applicability of runtime dependability mechanisms to smart contracts has not been explored systematically, mainly due to the transaction pricing models of public blockchains. In this paper, we propose a novel and practical runtime verification approach for Hyperledger Fabric, the leading cross-organizational blockchain platform, as an error detection facility for fault tolerance mechanisms; building on the proposition that, in contrast to the public setting, cross-organizational blockchains have ample computational headroom for their systematic use. We introduce a smart contract entity framework architecture with reusable domain models and encapsulated runtime verification. We describe Hypernate, our open-source implementation of the approach for Java smart contracts, which uses the Java Modelling Language for requirement specification and integrates the OpenJML verification tool. We demonstrate and evaluate the approach on a Fabric implementation of the TPC-C benchmark.

show abstract

Section: The Challenge Of Dependable Consortial Smart Contractsmentioning

confidence: 99%

Practical runtime verification of cross-organizational smart contracts

Kangogo,

Péter,

Klenik

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Security threats in assets can also be categorized as on-chain threats found in secondary assets, such as SC, consensus, DID, and off-chain threats in secondary assets, such as IPFS [ 106 ], cloud servers, sensors, and APIs. SC assets are prevalent in the literature [ 107 , 108 , 109 , 110 , 111 ]; and finally, (6) the functionality defect. According to findings from [ 4 ], some HIoT BC-IdM solutions lack some of the main functions of an IdM system, such as identity provisioning/de-provisioning and IdM life-cycle control.…”

Section: Taxonomymentioning

confidence: 99%

“…The risk-contributing factors are classified as privacy- and security-contributing factors. Finally, six types of risk solutions are identified from the literature: (1) novel security risk management frameworks, (2) security risk assessment/risk analysis based on general risk assessment standards, (3) threat models, (4) risk analysis tools as services (static [ 111 ] or dynamic [ 107 ]), (5) solutions proposed to evaluate security risk countermeasures [ 124 , 127 ], and (6) risk penetration testing solutions.…”

Section: Taxonomymentioning

confidence: 99%

“… [S95] Security Challenges and Opportunities for Smart Contracts in Internet of Things: A Survey [ 110 ] Survey study and a threat model using STRIDE approach, showing security issues (inherited vulnerabilities–programming vulnerabilities–Attacks on SC), security audits for programming vulnerabilities (signature matching–formal verification–symbolic execution), and countermeasures. [S96] Potential Risk Detection System of Hyperledger Fabric Smart Contract based on Static Analysis [ 111 ] Risk analysis and transaction flows showing 16 potential security risks in SCs divided into three types of risks (non-determinism risk–logical security risk–privacy data security risk). [S97] Blockchain Application in Healthcare Industry: Attacks and Countermeasures [ 113 ] Review study identifying eight Attacks on BC applications in healthcare, as well as countermeasures.…”

Section: Table A1mentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT

Alamri

Crowley

Richardson

2022

Sensors

View full text Add to dashboard Cite

Blockchain (BC) has recently paved the way for developing Decentralized Identity Management (IdM) systems for different information systems. Researchers widely use it to develop decentralized IdM systems for the Health Internet of Things (HIoT). HIoT is considered a vulnerable system that produces and processes sensitive data. BC-based IdM systems have the potential to be more secure and privacy-aware than centralized IdM systems. However, many studies have shown potential security risks to using BC. A Systematic Literature Review (SLR) conducted by the authors on BC-based IdM systems in HIoT systems showed a lack of comprehensive security and risk management frameworks for BC-based IdM systems in HIoT. Conducting a further SLR focusing on risk management and supplemented by Grey Literature (GL), in this paper, a security taxonomy, security framework, and cybersecurity risk management framework for the HIoT BC-IdM systems are identified and proposed. The cybersecurity risk management framework will significantly assist developers, researchers, and organizations in developing a secure BC-based IdM to ensure HIoT users’ data privacy and security.

show abstract

Fabric Smart Contract Read-After-Write Risk Detection Method Based on Key Methods and Call Chains

Ren¹,

Qin²

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Potential Risk Detection System of Hyperledger Fabric Smart Contract based on Static Analysis

Cited by 13 publications

References 10 publications

Practical runtime verification of cross-organizational smart contracts

Practical runtime verification of cross-organizational smart contracts

Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT

Fabric Smart Contract Read-After-Write Risk Detection Method Based on Key Methods and Call Chains

Contact Info

Product

Resources

About