CN112116348B - Access control method for node resources - Google Patents

Abstract

The embodiment of the invention provides an access control method for node resources, which relates to the technical field of blockchain, wherein a first node in a pre-constructed P2P network initiates a call task for an intelligent contract to a second node so that the second node executes the intelligent contract; the second node is a node in the P2P network, on which the intelligent contract is started in advance; before executing the intelligent contract, the second node judges whether the first node has the access right of the calling task and the authorization step state of the access right according to the calling task; when the first node has the access right of the call task, the second node executes or does not execute the intelligent contract according to the authorization step state of the access right, so that dynamic management of access control of data resources can be realized under a distributed and weak trust environment, and excessive consumption of node resources by an intelligent contract is effectively avoided.

Description

Access control method for node resources

Technical Field

The invention relates to the technical field of blockchain, in particular to an access control method for node resources.

Background

Blockchain originates from the middle-smart bitcoin and is essentially a technical solution for collectively maintaining a reliable database by means of decentralization and de-trust. The method relies on a distributed algorithm ingenious in cryptography and mathematics, and enables participants to agree on the internet without any trust center in the condition that a trust relationship cannot be established, and reliable transfer of trust and value is completed. While programs running on blockchains, i.e., smart contracts, provide services for trusted computing by way of a redundant computing scheme. Typical blockchain platforms that provide trusted computing are oriented towards financial scenarios, including ethernet, super ledger, and the like. Trusted computing generally includes four dimensions: availability, reliability, efficiency and security. These typical financial-scenario-oriented blockchains emphasize availability, reliability, and security for digital currency transactions.

With the popularity of cloud computing and large data, most businesses, units and even individuals have large amounts of multidimensional data. The era of bringing the value of these data into play by big data technology has arrived. However, when the generation of data, the storage of data and the use of data involve different entities, the access and use of data is subject to trust issues. For example, a large amount of personal data is currently generated during the use of mobile applications. The producer of these data is the personal and application provider, and the storage is distributed to the personal cell phone and cloud server. For an average user, his data is distributed among the various application providers. When there is a specific big data application that needs to use multidimensional, decentralized data of the same user, a trust problem between the individual participants is encountered: how big data applications prove to users and data providers that their own behavior is expected without revealing data or turning it around twice. To solve the trusted computing problem in big data scenarios we have to deal with the following challenges:

In the distributed environment, various participants provide data resources and computing resources in a big data scene, and in order to ensure the security and privacy of various resources, the access control of the resources is needed. Because of its replicability, the data resource may be out of control once it is in the hands of the data user. Therefore, how to implement access control of data resources in a distributed, weakly trusted environment is a current significant difficulty.

Disclosure of Invention

In view of the foregoing, embodiments of the present invention are presented to provide a method of controlling access to node resources that overcomes or at least partially solves the foregoing problems.

Aiming at the technical problems, the embodiment of the invention discloses a method for controlling access to node resources, which comprises the following steps:

A first node in a pre-constructed P2P network initiates a call task for an intelligent contract to a second node so that the second node executes the intelligent contract; the first node is any node in the P2P network, and the second node is a node in the P2P network, on which the intelligent contract is started in advance;

Before executing the intelligent contract, the second node judges whether the first node has the access right of the calling task and the authorization step state of the access right according to the calling task;

And when the first node has the access right of the calling task, the second node executes or does not execute the intelligent contract according to the authorization step state of the access right.

Further, the second node occupies local resources when executing the intelligent contract, wherein the resources comprise CPU resources, memory resources or input/output resources; the method further comprises the steps of:

in the development process of the intelligent contract, when the contract code of the intelligent contract is compiled into byte codes, a user side in the P2P network inserts monitoring logic aiming at the resource consumption to the positions of a jump instruction and a function call instruction, and sets the upper consumption limit of the resource aiming at the instruction between the jump instruction and the function call instruction;

executing monitoring logic for the consumption of the resource when the second node encounters the jump instruction or the function call instruction during execution of the smart contract to calculate a total consumption of the resource when the smart contract is executed locally;

The second node compares the calculated total consumption of the resource with the upper consumption limit of the resource obtained from the calling task;

And when the total consumption of the resource is greater than the upper consumption limit of the resource, changing the authorization step state of the access authority.

Further, the method further comprises:

aiming at instructions between a jump instruction and a function call instruction, the user side sets the resource unit consumption of each instruction;

Executing monitoring logic for the resource consumption when the second node encounters the jump instruction or the function call instruction to calculate a total consumption of the resource by the intelligence when executing approximately locally, comprising:

The second node calculates the instruction type and the instruction quantity between the two instrumentation points of the jump instruction and the function call instruction;

the second node calculates the total consumption of the resources of the intelligent device when executed locally, based on the calculated instruction type and instruction number and the resource unit consumption of each instruction obtained from the call task.

Further, the input/output resource has a plurality of types, and the method further includes:

In the development process of the intelligent contract, aiming at multiple types of the input and output resources, a user side adds notes of corresponding access rights above contract codes of the intelligent contract and displays the notes so as to declare the multiple types of the input and output resources in advance one by one.

Further, the authorization step state of the access right includes:

1) Sleep state, which indicates that an authorization step has not been generated;

2) Activation state: indicating that the authorization step is requested to be activated, at which time the authorization step has been generated;

3) The valid state indicates that the authorization step starts to be executed, and the protection state of the authorization step changes along with the use of the authorization;

4) Suspension state: indicating that the authorization step is forced to be in a suspended state by the administrator or due to insufficient execution conditions, it may be restored to a valid state, possibly due to the expiration of a life cycle or forced to be in an invalid state by the administrator;

5) Invalid state: indicating that no authorization step is necessary, it may be deleted in the task flow.

Further, before the first node initiates a call task for an intelligent contract to the second node, the method further includes:

When any node in the P2P network receives a contract starting request sent by a user side, the node is used as a master node to start the intelligent contract, and a plurality of slave nodes are randomly selected in the P2P network so that the slave nodes start the intelligent contract, wherein the intelligent contract is stored in a preset trusted distributed account book;

after the master node and the slave node start the intelligent contract, a group of public and private keys are generated; the slave node returns the public key in the public and private keys to the master node, and the private key in the public and private keys is stored locally;

The master node stores the public keys returned by all slave nodes and the meta information of the intelligent contract into the trusted distributed ledger, and returns the hash value returned by the trusted distributed ledger as a contract check address to the user side;

a first node in a pre-built P2P network initiates a call task for an intelligent contract to a second node, comprising:

When the first node receives an execution request for the intelligent contract sent by the user side, a call task for the intelligent contract is initiated to all second nodes in the P2P network, wherein the second nodes are the master nodes or the slave nodes;

The method further comprises the steps of:

The second node executes the execution request of the intelligent contract aiming at the call task, and returns a corresponding execution result to the first node according to the state of the intelligent contract, wherein the execution result comprises signatures of all the second nodes in the P2P network based on own private keys;

The first node returns the execution result to the user side according to a preset result statistics strategy;

and the user side acquires the public key from the contract checking address, and verifies the signature in the execution result according to the public key.

Further, the contract initiation request includes a contract code address and an execution mode of the smart contract in the trusted distributed ledger, the execution mode including a single point execution mode or a multi-point execution mode, the method further comprising:

when the user side finishes developing the intelligent contract, the intelligent contract is stored on the trusted distributed account book, and a hash value returned by the trusted distributed account book is used as the contract code address;

the user side generates the contract starting request aiming at the contract code address, and signs the contract starting request by adopting a private key of the user side;

When any node in the P2P network receives a contract starting request sent by a user terminal, the node is used as a master node to start the intelligent contract, a plurality of slave nodes are randomly selected in the P2P network, so that the slave nodes start the intelligent contract, and the method comprises the following steps:

And the master node and the slave node start the intelligent contract according to the contract code address and the execution mode.

Further, the second node executes the execution request of the intelligent contract for the call task, and returns a corresponding execution result to the first node according to the state of the intelligent contract, where the execution result includes signatures of all the second nodes in the P2P network based on self private keys, and the method includes:

when the intelligent contract has no calculation state, the second node directly executes logic of the intelligent contract when executing the execution request, and returns a corresponding execution result to the first node;

When the intelligent contract has a calculation state, the second node keeps the synchronization of the contract states, the synchronization of the contract execution sequences, the synchronization of the contract input data and the synchronization of the contract output data when executing the execution request, and returns a corresponding execution result to the first node.

Further, for synchronization of the contract execution sequence, the method further includes:

The first node sequences the execution requests by adopting a practical Bayesian fault tolerance PBFT algorithm aiming at the received execution requests so as to ensure that all the second nodes in the P2P network execute all the execution requests in sequence by adopting the same sequence;

Wherein, in the PBFT algorithm, each execution request goes through the following stages:

REQUEST: the user end sends an execution request to the first node;

PRE-preparation is prepared in advance: the first node allocates a serial number for the execution request and broadcasts a PRE-PREPARE request to all the second nodes;

preparation has been prepared: after receiving the PRE-PREPARE request, the second node verifies the correctness of the PRE-PREPARE request, if the verification is correct, the second node broadcasts a PREPARE message, and records the PRE-PREPARE request and the PREPARE message into a local log;

Storing COMMIT: if the second node receives more than 2f+1 PREPARE messages which are consistent with the second node and are effective, determining that sequencing is successful, sequentially executing sequenced execution requests of the intelligent contracts locally, signing an execution result through a private key of the second node, and sending the execution result to the first node;

REPLY: after receiving 2f+1 consistent and effective COMMIT messages, the second node locally executes the execution request and sends a REPLY message to the user terminal through the first node; and the user side is used for confirming the execution result returned by the first node when receiving the REPLY message which is consistent and effective by f+1 different nodes.

Further, the result statistics policy is ALL, MOST, or FIRST, and the FIRST node returns the execution result to the client according to a preset result statistics policy, including:

ALL, after waiting for the execution results of ALL the second nodes in the P2P network to return, the first node returns the execution results to the user side, and attaches the public key abbreviations of ALL the second nodes in the P2P network;

MOST, after the first node receives the execution results of more than half of the second nodes in the P2P network, returning the execution results to the user side, and attaching the public key abbreviation of the node which has returned the execution results;

And after the FIRST node receives the execution result returned by the FIRST second node in the P2P network, the FIRST node returns the execution result to the user side, and the public key abbreviation of the FIRST node is attached.

The embodiment of the invention has the following advantages:

In the embodiment of the invention, a first node in a P2P network initiates a call task aiming at an intelligent contract to a second node so that the second node executes the intelligent contract, the second node judges whether the first node has access authority of the call task and the authorized step state of the access authority aiming at the call task before executing the intelligent contract, when the first node has the access authority of the call task, the second node executes or does not execute the intelligent contract according to the authorized step state of the access authority, thereby realizing the dynamic management of the access control of data resources under a distributed and weak trust environment, ensuring the synchronous and corresponding unification of the user authority and the task execution, preventing an illegal user from accessing a system, allowing an authorized user to legally access the protected resources in the system, and preventing the illegal user from logging in the system and illegally accessing the unauthorized resources in the system;

According to the embodiment of the invention, resources occupied by the intelligent contract when executing, such as CPU resources, memory resources, network resources or input/output resources, are charged, so that when the intelligent contract executes locally, the total consumption of the occupied resources is larger than the upper limit of consumption of the occupied resources of the intelligent contract, the authorized step state of the access authority is changed, excessive consumption of a certain intelligent contract on node resources can be effectively avoided, and normal operation of the node and effective utilization of the node resources are ensured; in the charging process, the embodiment of the invention takes the basic charging unit and adopts the structural reflection form to realize the charging process, thereby effectively improving the charging efficiency.

According to the embodiment of the invention, all activities in the data life cycle are abstracted into development, deployment (starting) and execution of the intelligent contract, and the intelligent contract execution result is checked, so that the trusted computing under the big data scene is realized; in the process, the embodiment of the invention adopts a unique random multipoint execution mode to improve the throughput and the execution efficiency of the trusted computing process, thereby being capable of better supporting the high concurrency and the high throughput data requirement of a big data scene.

Drawings

FIG. 1 is a flow chart of steps of a method for controlling access to node resources according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of classification of smart contracts according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of smart contract execution for random multipoint according to an embodiment of the invention;

FIG. 4 is a schematic diagram of PBFT algorithm;

FIG. 5 is a task authorization state transition diagram of an embodiment of the present invention;

FIG. 6 is a flow chart of steps in a method of monitoring and controlling code runtime based on structural reflection;

FIG. 7 is a flow chart for monitoring CPU consumption based on structural reflection.

Detailed Description

In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.

Aiming at the trusted computing problem in the big data scene, the embodiment of the invention establishes a set of theoretical and trusted computing frames for the big data scene, and the frame system is assumed to jointly form a trusted computing network by a plurality of participants, and comprises the following steps: the data provider, the node provider and the data user have three roles, and the data user uses the data of the data provider through a network formed by the data provider and the node provider. Meanwhile, assume that: (1) There is an extensible, bifluorinated, non-tamperable distributed ledger. (2) Participants participate in the network with an incentive to "maximize their own interests", i.e., the data provider provides valuable data to be rendered; node resource providers obtain a split by providing a computational and non-tamperable ledger; big data application providers benefit by providing data analysis services to data users. (3) attacker rationality. I.e., the attacker has limited computational resources and is "benefit driven" to participate in the network. When there is no profitability, the attacker will stop the attack.

The trusted computing framework of the embodiment of the invention can help a data provider and a data user complete the trusted management of data access and data use without mutual trust. The challenges presented in the background art are addressed primarily by the following innovations: 1) Abstracting each activity in the data life cycle into development, deployment (starting), execution and verification of an intelligent contract, and realizing trusted computing under a big data scene through the intelligent contract; 2) The intelligent contract has the advantages that the various execution modes of the intelligent contract realize the trade-off of correctness and efficiency on the premise of ensuring reliability and availability, and support different trusted computing demands under a big data scene. 3) Access control of multidimensional resources. In the center of intelligent contracts, access control for a variety of resources is proposed.

The trusted execution framework of the embodiment of the invention comprises a contract engine and an access control module. Specifically, the contract engine includes:

1. An intelligent contract executor supporting contract code execution can support access of data sources such as databases and interfaces on one hand, and support intelligent contract language with complete figure on the other hand, so that a data provider can write data access contracts and a big data application provider can write data processing contracts conveniently. 2. A set of random execution mode based on redundant calculation realizes verifiability of an execution result in a relatively non-mutually trusted environment by randomly selecting a plurality of nodes in a network to execute data analysis logic together. 3. A contract editor supporting online editing supports large data application providers and data providers to flexibly develop data access intelligent contracts and data processing intelligent contracts according to needs through the online editor.

And in terms of the access control module, the access control module includes at least task-based node resource access control. For task-based access control of node resources, referring to fig. 1, a flowchart illustrating steps of a method for access control of node resources according to an embodiment of the present invention may include the steps of:

Step S101, a first node in a pre-constructed P2P network initiates a call task for an intelligent contract to a second node so that the second node executes the intelligent contract; the first node is any node in the P2P network, and the second node is a node in the P2P network, on which the intelligent contract is started in advance.

In the embodiment of the invention, each participant (including the data provider, the node provider and the data user) is connected through a P2P network to form a network, and each node in the network corresponds to a common personal computer or virtual machine. The data access intelligent contracts and the data analysis intelligent contracts run on top of nodes in the network.

In order to facilitate understanding of the embodiments of the present invention, before the first node initiates a call task for an intelligent contract to the second node, that is, before a specific access control method is set forth, the embodiments of the present invention first describe a process of developing, starting, executing, and checking an intelligent contract, where the process includes the following parts:

Development of intelligent contracts:

in the development stage, a user can conveniently edit the contract on line by operating the intelligent contract executor and the contract editor, so that the intelligent contract is developed.

The start-up of the smart contract, the start-up procedure comprising the steps of:

Step A1: when any node in the P2P network receives a contract starting request sent by a user side, the node is used as a master node to start the intelligent contract, and a plurality of slave nodes are randomly selected in the P2P network so that the slave nodes start the intelligent contract, wherein the intelligent contract is stored in a preset trusted distributed account book;

Step A2: after the master node and the slave node start the intelligent contract, a group of public and private keys are generated; the slave node returns the public key in the public and private keys to the master node, and the private key in the public and private keys is stored locally;

step A3: and the master node stores the public keys returned by all slave nodes and the meta information of the intelligent contract into the trusted distributed account book, and returns the hash value returned by the trusted distributed account book to the user side as a contract check address.

The contract starting request is obtained in the following manner: when the user side finishes developing the intelligent contract, storing the intelligent contract to the trusted distributed account book, and taking a hash value returned by the trusted distributed account book as the contract code address; and the user side generates the contract starting request aiming at the contract code address, and signs the contract starting request by adopting a private key of the user side. In this process, the user terminal mentioned in the embodiment of the present invention can be understood as a data provider.

The main node is any node randomly selected by the user side in the P2P network, and after receiving the contract starting request, the main node can adopt the Java security class of Oracle Java ^TM Platform and Standard Edition 8 to randomly select the network node. The algorithm employs a cryptographically secure pseudorandom number generator (Cryptographically secure pseudo-random number generator, commonly known as a CSPRNG). Compared with a linear congruence formula adopted by java.lang.Math.random (), the random number generator has additional pseudo-random attribute, can ensure the randomness of the selected nodes, and has higher safety. After a plurality of network nodes are selected and a node list is obtained, the master node distributes contract starting information to all nodes in the node list, namely the slave node pointed by the embodiment of the invention. And the slave node starts the intelligent contract according to the contract starting request, so that the deployment process of the intelligent contract is completed.

Since the user-constructed contract initiation request includes the contract code address and execution mode of the smart contract in the trusted distributed ledger, the execution mode includes a single point execution mode or a multi-point execution mode. Thus, in step A1, the master node and the slave node initiate the smart contract in the execution mode based on the contract code address.

The single-node execution or multi-node synchronous execution is distinguished according to the number of the participating nodes when the intelligent contract runs, and the single-point execution mode and the multi-point execution mode are applicable to different scenes. In the following, the dimensions according to the calculation state of the smart contract and whether there is external data input and output can be classified into four kinds of scenes as shown in fig. 2. External data herein refers to data accessed by way of databases, APIs, files, etc., as opposed to data read directly from a distributed ledger or obtained by invoking other intelligent contracts: the data read from the ledger and retrieved by the smart contract call may implement the same data retrieved multiple times, while the data retrieved by the API call or database may return completely different data for the same query. Therefore, the input and output of the external data can make the intelligence inconsistent in the process of redundant execution, and the logic of the part cannot be executed and verified through a plurality of nodes to realize the verifiability of the returned result, and only the certainty of the data source can be ensured through a signature mode. For the four scenes, the embodiment of the invention realizes the correctness guarantee of the returned result through the following mechanism:

The stateless, intelligent contracts without external data input and output may be data analysis contracts issued by some data users to provide functions, i.e., services, that facilitate other data users to multiplex their algorithms. The intelligent contracts are in a stateless and input-output-free state, so that the execution check of multiple nodes can be realized by only ensuring the consistency of codes executed by all nodes, and the correctness of an output result is ensured.

The stateless, intelligent contract with external data input and output may then be a data access contract issued by a data provider. For the type of contracts with input and output, the correctness of input data cannot be realized through a multi-point verification mode, so that the verifiability of a result source is ensured through the form of signing a returned result.

For a stateful, intelligent contract without external data input and output, which may be a data analysis contract issued by a portion of the data users, the source of the analyzed data may be the data of the data provider obtained by contract invocation. For this type of smart contract, it can guarantee the correctness of the execution of the contract logic by the multi-node execution mode, but it is necessary to achieve state synchronization among "multi-nodes". Embodiments of the present invention use a typical Bayesian fault-tolerant sequencing algorithm to determine the multi-node contract execution order.

For intelligent contracts with states and external data input and output, the intelligent contracts can be split into two intelligent contracts by a simpler code reconstruction mode: logic related to external input and output is written as a 'data access contract', and the rest of stateful code logic completes input and output of data in a contract calling mode through the 'data access contract'. After reconstruction, the "data access contract" may implement redundant execution.

In the embodiment of the invention, in order to facilitate the call of the intelligent contract, the contract address can be identified and analyzed in a distributed mode through identification and analysis technologies such as a digital object system and the like. Wherein the call address of the contract is an identification, and the identification stores information such as the contract checking address. The identity resolution system can be regarded as a cache of account book data, and can improve the efficiency of contract addressing.

Execution of the smart contract:

a first node in a pre-built P2P network initiates a call task for an intelligent contract to a second node, comprising:

Step B1: when the first node receives an execution request for the intelligent contract sent by the user side, a call task for the intelligent contract is initiated to all second nodes in the P2P network, wherein the second nodes are the master nodes or the slave nodes;

Step B2: the second node executes the execution request of the intelligent contract aiming at the call task, and returns a corresponding execution result to the first node according to the state of the intelligent contract, wherein the execution result comprises signatures of all the second nodes in the P2P network based on own private keys;

In the embodiment of the invention, after the random multi-point intelligent contract is started, any node in the P2P network can be used as a first node (request node) to receive the execution request of the user, initiate the multi-point (second node) intelligent contract call, verify the result and return the result to the user. Referring to fig. 3, a schematic diagram of executing a smart contract with random multiple points is shown, in this way, the execution efficiency of the smart contract can be improved on the basis of realizing high concurrency and high availability of the smart contract, so that the high concurrency and high throughput data requirements of a big data scene can be better supported.

As described above, for a random multi-point smart contract, the execution flow thereof differs according to whether the smart contract has a calculation state or not. In actual implementation, step B2 may include the following implementation manner:

when the intelligent contract has no calculation state, the second node directly executes logic of the intelligent contract when executing the execution request, and returns a corresponding execution result to the first node;

When the intelligent contract has a calculation state, the second node keeps the synchronization of the contract states, the synchronization of the contract execution sequences, the synchronization of the contract input data and the synchronization of the contract output data when executing the execution request, and returns a corresponding execution result to the first node.

The calculation state refers to a state data such as a global variable and dynamic external data, in which the execution result of the smart contract is related to not only the input parameter of the execution, but also execution time, previous execution, external data, and the like. In contrast, stateless means that the execution result of the smart contract is related to only the input parameters of the execution, and is independent of execution time, previous execution, external data, and the like, that is, the contract does not contain state data such as global variables and dynamic external data. Thus, execution in different states may achieve different results.

Wherein, maintaining synchronization of contract states means that all second nodes need to ensure synchronization of the intelligent contract states when executing the same intelligent contract. The synchronization method can refer to the prior related art, and is not described herein because it is not an important point of implementation of the present invention.

And aiming at the synchronization of the contract execution sequence, the first node sequences the execution requests by adopting a practical Bayesian fault tolerance PBFT algorithm aiming at the received execution requests so as to ensure that all the second nodes in the P2P network execute all the execution requests in sequence by adopting the same sequence.

PBFT is a state machine replica replication algorithm, where all replicas operate in a view (view) rotation, and the master node determines by view number and node number set:

p=v mod|r| formula (1);

where v is the view number, |R| is the number of nodes, and p is the master node number. Within one view, the flow of PBFT algorithm is shown in FIG. 4. In the PBFT algorithm, each execution request may go through the following phases:

REQUEST: the user end sends an execution request to the first node;

PRE-preparation is prepared in advance: the first node allocates a serial number for the execution request and broadcasts a PRE-PREPARE request to all the second nodes;

preparation has been prepared: after receiving the PRE-PREPARE request, the second node verifies the correctness of the PRE-PREPARE request, if the verification is correct, the second node broadcasts a PREPARE message, and records the PRE-PREPARE request and the PREPARE message into a local log;

Storing COMMIT: if the second node receives more than 2f+1 PREPARE messages which are consistent with the second node and are effective, determining that sequencing is successful, sequentially executing sequenced execution requests of the intelligent contracts locally, signing an execution result through a private key of the second node, and sending the execution result to the first node;

REPLY: after receiving 2f+1 consistent and effective COMMIT messages, the second node locally executes the execution request and sends a REPLY message to the user terminal through the first node; and the user side is used for confirming the execution result returned by the first node when receiving the REPLY message which is consistent and effective by f+1 different nodes.

The synchronization of contract input data and contract output data is achieved by other intelligent cancellation, so that redundant calls can be de-duplicated in corresponding intelligent contracts, real external input and output are only generated once, and results are returned, thereby ensuring that all random nodes (second nodes) use the same data, and avoiding the problem of redundant reading and writing of data.

Verification of intelligent contract execution results:

Step C1: the first node returns the execution result to the user side according to a preset result statistics strategy;

Step C2: and the user side acquires the public key from the contract checking address, and verifies the signature in the execution result according to the public key.

In order to meet the high concurrency and high throughput data requirements of a big data age, the trusted contract engine of the embodiment of the invention adopts a random multipoint intelligent contract execution mode to improve the execution efficiency on the premise of keeping higher safety and reliability, and the selected node number can be configured by a user according to the requirements. In order to further meet the trade-off of two mutually exclusive factors of correctness and execution efficiency, the random multipoint intelligent contract execution mode also adopts a configurable execution result statistical strategy to meet specific requirements of different types of contracts and users with different requirements.

The result statistics strategies mentioned in the embodiment of the present invention may be classified as ALL, MOST or FIRST, and under the corresponding result statistics strategies, the implementation manner of step C1 is different, which is specifically as follows:

ALL, after waiting for the execution results of ALL the second nodes in the P2P network to return, the first node returns the execution results to the user side, and attaches the public key abbreviations of ALL the second nodes in the P2P network;

MOST, after the first node receives the execution results of more than half of the second nodes in the P2P network, returning the execution results to the user side, and attaching the public key abbreviation of the node which has returned the execution results;

And after the FIRST node receives the execution result returned by the FIRST second node in the P2P network, the FIRST node returns the execution result to the user side, and the public key abbreviation of the FIRST node is attached.

After receiving the execution result, the user side of the embodiment of the invention can obtain the corresponding public key from the contract checking address through the public key abbreviation, and the private key in the public and private keys is only owned by the node and is used for data signature; and all nodes of the public key are owned for checking the trustworthiness of the data. Therefore, the node cannot disguise other nodes to send messages so as to interfere with statistics of results, and therefore verifiability of the execution results in a relatively non-mutually trusted environment can be achieved while execution efficiency is guaranteed.

Based on the above-described development, starting, execution, and verification processes of the smart contract, an access control method according to an embodiment of the present invention will be described in detail.

The explanation of the nouns in step S101 is described in detail herein with reference to the foregoing.

It should be noted that the access control may be divided into three parts, i.e., authentication (Authentication), authorization (Authorization), and Verification (Verification) (Sandhu, 1994). The identity authentication is the basis for realizing the system protection, and based on the identity authentication, the system can identify the legitimacy of the user; while authorization is the right that the system administrator grants access to a particular resource to an authenticated user; and the authentication is to authenticate again for a legitimate user whether it can access a particular resource. Generally, access control consists of three main elements, host, object, and policy:

a Subject (Subject) is an entity, typically a user, accessing the system, and may be other systems or subsystems;

An Object (Object) is an entity that is accessed and is also a resource that the system needs to protect. Such as files, database tables, CPU resources, etc.;

Policies (access control policies, or permissions) are a set of operational behavior rules that represent certain authorized behaviors, i.e., policies with which a subject user is allowed to access a guest resource;

The realization of access control realizes the identity authentication, authorization and verification, specifically 1) the illegal user is prevented from accessing the system; 2) Allowing authorized users to log in the system and legally accessing protected resources in the system; 3) And after the legal user logs in the system, illegal access to unauthorized resources in the system is prevented, wherein the illegal access means that the user has no corresponding access right to the protected resources.

Step S102, before executing the intelligent contract, the second node judges whether the first node has the access right of the calling task and the authorization step state of the access right according to the calling task;

Step S103, when the first node has the access right of the call task, the second node executes or does not execute the smart contract according to the authorized step state of the access right.

In the steps S102 to S103, since the second node occupies a local resource when executing the smart contract, the resource may include a CPU resource, a memory resource, a network resource, and an input/output resource; therefore, in the embodiment of the invention, each time the intelligent contract is called, each task is executed as a host accesses the object by using the relevant access authority, and the second node can decide to execute or not execute certain intelligent contracts according to the condition of the second node. The basic idea of the implementation is to dynamically judge whether to grant access rights or not through the subject and the object as well as the currently executed task and the state of the task, i.e. whether to grant the rights or not can be changed along with the change of the context of executing the task. The authorization of the method is timeliness, and the user only has the access authority required by the specific task when executing the specific task, so that the user authority and the task are synchronous and unified correspondingly. When a task is executed, a certain right can be automatically recovered when the right is not needed. The embodiment of the invention is designed according to the state and the difference of each task, so that the authority can be dynamically managed.

The authorization step state of the access right in the embodiment of the invention comprises the following steps:

1) Sleep state, which indicates that an authorization step has not been generated;

2) Activation state: indicating that the authorization step is requested to be activated, at which time the authorization step has been generated;

3) The valid state indicates that the authorization step starts to be executed, and the protection state of the authorization step changes along with the use of the authorization;

4) Suspension state: indicating that the authorization step is forced to be in a suspended state by the administrator or due to insufficient execution conditions, it may be restored to a valid state, possibly due to the expiration of a life cycle or forced to be in an invalid state by the administrator;

5) Invalid state: indicating that no authorization step is necessary, it may be deleted in the task flow. Referring to FIG. 5, a task authorization state transition diagram is shown for an embodiment of the present invention.

The specific implementation of the access control according to the embodiment of the invention is described in terms of dimensions such as CPU, memory, network, etc. The embodiment of the invention adopts a monitoring and control method for realizing code operation based on structural reflection, and referring to FIG. 6, a step flow chart of the method is shown, and the method comprises the following steps:

Step S601, in the development process of the smart contract, when the contract code of the smart contract is compiled into a byte code, a user terminal in the P2P network posts a monitoring logic for the resource consumption to the positions of a jump instruction and a function call instruction, and uses all instructions between two post points as a basic block to determine the unit consumption of the basic block occupying the resource and the upper consumption limit of the smart contract occupying the resource;

The implementation manner of determining the unit consumption of the basic block occupying the resource and the intelligent contract occupying the upper consumption limit of the resource is as follows:

the user side determines the instruction types and the instruction quantity between the two instrumentation points of the jump instruction and the function call instruction, and defines the consumption of each instruction type occupying the resource;

and the user side uses all instructions between two pile inserting points as a basic block according to the instruction quantity and the consumption of the resources occupied by each instruction type, and determines the unit consumption of the resources occupied by the basic block and the upper consumption limit of the resources occupied by the intelligent contract.

Step S602, in the process of executing the intelligent contract, when the second node encounters a jump instruction or a function call instruction, executing monitoring logic for the resource consumption, and calculating a total consumption of the resource occupied by the intelligent contract when executing locally according to the unit consumption of the resource occupied by the basic block;

The implementation manner of occupying the total consumption of the resources when the intelligent complex is executed locally is as follows: and when the second node encounters a jump instruction or a function call instruction, executing monitoring logic aiming at the resource consumption, and calculating the total consumption of the resources when the intelligent complex is executed locally according to the counted number of the basic blocks and the unit consumption of the resources occupied by the basic blocks.

Step S603, the second node obtains the upper consumption limit of the resource occupied by the smart contract from the call task, and compares the total consumption of the resource occupied by the smart contract when the smart contract is executed locally with the upper consumption limit of the resource occupied by the smart contract;

Step S604, changing the authorization status of the access right when the total consumption of the resources occupied by the intelligent contract when the intelligent contract is executed locally is greater than the upper consumption limit of the resources occupied by the intelligent contract.

In the development of the intelligent contract according to the embodiment of the invention, through the analysis of the inventor, no other jump instruction exists between two instrumentation points of the jump instruction and the function call instruction, so the inventor proposes a mode of taking a basic block as a charging unit, and the calculation process is realized in a structural reflection mode. In the implementation of the embodiment of the present invention, the charging rules of different types of instructions are shown in table 1.

Table 1: charging rules for different types of instructions

/>

In addition to the basic blocks, specific are: the CPU is controlled by calculating basic instructions, the memory is controlled by instructions such as new-Instance invoke-dyn: SETELEMENT, the network resources or input/output I/O resources are controlled by instructions such as invoke-dyn: executeContract/invoke-dyn: mySQLUtilxxx, and the corresponding external resources are executeContract/MySQLUtil.

For the monitoring and control method for implementing code running based on structure reflection, taking CPU resources as an example, referring to fig. 7, a flow for monitoring CPU consumption based on structure reflection is shown.

Because the problems of blocking and the like can occur when the I/O resources are used, the embodiment of the invention classifies the I/O resources into different types such as Http/MySQL/MongoDB/RocksDB/File and the like according to the types of the data resources, realizes the access control of the I/O tool classes through notes, and realizes the specific access control by adding notes@permission. In the development process of the intelligent contract, aiming at multiple types of the input and output resources, a user side adds notes of corresponding access rights above contract codes of the intelligent contract and displays the notes so as to declare the multiple types of the input and output resources in advance one by one. In the smart contract executor, there are two different implementations for each I/O tool class: one supports true external I/O, the other is to throw an "unauthorized" exception.

In summary, by the method provided by the embodiment of the invention, the access control of the data resource can be realized in a distributed and weak trust environment, and the trusted computing in a big data scene can be realized. In the process, the embodiment of the invention adopts a unique random multipoint execution mode to improve the throughput and the execution efficiency of the trusted computing process, thereby being capable of better supporting the high concurrency and the high throughput data requirement of a big data scene.

It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.

In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.

It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or terminal device that comprises the element.

The foregoing describes in detail a method for controlling access to node resources, and specific examples are applied to illustrate the principles and embodiments of the present invention, where the foregoing examples are only for helping to understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (9)

1. A method of controlling access to a node resource, the method comprising:

A first node in a pre-constructed P2P network initiates a call task for an intelligent contract to a second node so that the second node executes the intelligent contract; the first node is any node in the P2P network, and the second node is a node in the P2P network, on which the intelligent contract is started in advance;

Before executing the intelligent contract, the second node judges whether the first node has the access right of the calling task and the authorization step state of the access right according to the calling task;

When the first node has the access right of the calling task, the second node executes or does not execute the intelligent contract according to the authorization step state of the access right;

the second node occupies local resources when executing the intelligent contract, wherein the resources comprise CPU resources, memory resources, network resources or input/output resources; the method further comprises the steps of:

In the development process of the intelligent contract, when the contract code of the intelligent contract is compiled into byte codes, a user side in the P2P network inserts monitoring logic aiming at the resource consumption into the positions of a jump instruction and a function call instruction, and determines the unit consumption of the resource occupied by the basic block and the upper consumption limit of the resource occupied by the intelligent contract by taking all the instructions between two inserting points as a basic block;

executing monitoring logic for the resource consumption when the second node encounters a jump instruction or a function call instruction in the execution process of the intelligent contract, and calculating the total consumption of the resource occupied by the intelligent contract when the intelligent contract is executed locally according to the unit consumption of the resource occupied by the basic block;

the second node obtains the upper consumption limit of the resources occupied by the intelligent contract from the invoking task, and compares the total consumption of the resources occupied by the intelligent contract when the intelligent contract is executed locally with the upper consumption limit of the resources occupied by the intelligent contract;

and when the intelligent contract is executed locally, the total consumption of the resources is larger than the upper consumption limit of the resources occupied by the intelligent contract, and the authorization step state of the access authority is changed.

2. The method of claim 1, wherein the client uses the space between two stake points

An instruction is used as a basic block, and determining the unit consumption of the basic block occupying the resource and the consumption upper limit of the intelligent contract occupying the resource comprises the following steps:

the user side determines the instruction types and the instruction quantity between the two instrumentation points of the jump instruction and the function call instruction, and defines the consumption of each instruction type occupying the resource;

The user side uses all instructions between two pile inserting points as a basic block according to the instruction quantity and the consumption of the resources occupied by each instruction type, and determines the unit consumption of the resources occupied by the basic block and the upper consumption limit of the resources occupied by the intelligent contract;

When the second node encounters a jump instruction or a function call instruction, executing monitoring logic for the resource consumption, and calculating the total consumption of the resource occupied by the intelligent when the intelligent is executed locally according to the unit consumption of the resource occupied by the basic block, wherein the monitoring logic comprises the following steps:

And when the second node encounters a jump instruction or a function call instruction, executing monitoring logic aiming at the resource consumption, and calculating the total consumption of the resources when the intelligent complex is executed locally according to the counted number of the basic blocks and the unit consumption of the resources occupied by the basic blocks.

3. The method of claim 1, wherein the input-output resources are of multiple types, the method further comprising:

In the development process of the intelligent contract, aiming at multiple types of the input and output resources, a user side adds notes of corresponding access rights above contract codes of the intelligent contract and displays the notes so as to declare the multiple types of the input and output resources in advance one by one.

4. The method of claim 1, wherein the authorization step status of the access rights comprises:

1) Sleep state, which indicates that an authorization step has not been generated;

2) Activation state: indicating that the authorization step is requested to be activated, at which time the authorization step has been generated;

3) The valid state indicates that the authorization step starts to be executed, and the protection state of the authorization step changes along with the use of the authorization;

4) Suspension state: indicating that the authorization step is forced to be in a suspended state by the administrator or due to insufficient execution conditions, it may be restored to a valid state, possibly due to the expiration of a life cycle or forced to be in an invalid state by the administrator;

5) Invalid state: indicating that no authorization step is necessary, it may be deleted in the task flow.

5. The method of claim 1, wherein before the first node initiates a call task for a smart contract to the second node, the method further comprises:

When any node in the P2P network receives a contract starting request sent by a user side, the node is used as a master node to start the intelligent contract, and a plurality of slave nodes are randomly selected in the P2P network so that the slave nodes start the intelligent contract, wherein the intelligent contract is stored in a preset trusted distributed account book; after the master node and the slave node start the intelligent contract, a group of public and private keys are generated; the slave node returns the public key in the public and private keys to the master node, and the private key in the public and private keys is stored locally;

The master node stores the public keys returned by all slave nodes and the meta information of the intelligent contract into the trusted distributed ledger, and returns the hash value returned by the trusted distributed ledger as a contract check address to the user side;

a first node in a pre-built P2P network initiates a call task for an intelligent contract to a second node, comprising:

When the first node receives an execution request for the intelligent contract sent by the user side, a call task for the intelligent contract is initiated to all second nodes in the P2P network, wherein the second nodes are the master nodes or the slave nodes;

The method further comprises the steps of:

The second node executes the execution request of the intelligent contract aiming at the call task, and returns a corresponding execution result to the first node according to the state of the intelligent contract, wherein the execution result comprises signatures of all the second nodes in the P2P network based on own private keys;

The first node returns the execution result to the user side according to a preset result statistics strategy;

and the user side acquires the public key from the contract checking address, and verifies the signature in the execution result according to the public key.

6. The method of claim 5, wherein the contract initiation request includes a contract code address and an execution mode of the smart contract in the trusted distributed ledger, the execution mode including a single point execution mode or a multi-point execution mode, the method further comprising:

when the user side finishes developing the intelligent contract, the intelligent contract is stored on the trusted distributed account book, and a hash value returned by the trusted distributed account book is used as the contract code address;

the user side generates the contract starting request aiming at the contract code address, and signs the contract starting request by adopting a private key of the user side;

When any node in the P2P network receives a contract starting request sent by a user terminal, the node is used as a master node to start the intelligent contract, a plurality of slave nodes are randomly selected in the P2P network, so that the slave nodes start the intelligent contract, and the method comprises the following steps:

And the master node and the slave node start the intelligent contract according to the contract code address and the execution mode.

7. The method according to claim 5, wherein the second node executes the execution request of the smart contract for the call task, and returns a corresponding execution result to the first node according to the state of the smart contract, where the execution result includes signatures of all the second nodes in the P2P network based on self private keys, and the method includes:

when the intelligent contract has no calculation state, the second node directly executes logic of the intelligent contract when executing the execution request, and returns a corresponding execution result to the first node;

When the intelligent contract has a calculation state, the second node keeps the synchronization of the contract states, the synchronization of the contract execution sequences, the synchronization of the contract input data and the synchronization of the contract output data when executing the execution request, and returns a corresponding execution result to the first node.

8. The method of claim 7, wherein synchronizing of sequences is performed for the contracts, the method further comprising:

The first node sequences the execution requests by adopting a practical Bayesian fault tolerance PBFT algorithm aiming at the received execution requests so as to ensure that all the second nodes in the P2P network execute all the execution requests in sequence by adopting the same sequence;

Wherein, in the PBFT algorithm, each execution request goes through the following stages:

REQUEST: the user end sends an execution request to the first node;

PRE-preparation is prepared in advance: the first node allocates a serial number for the execution request and broadcasts a PRE-PREPARE request to all the second nodes;

preparation has been prepared: after receiving the PRE-PREPARE request, the second node verifies the correctness of the PRE-PREPARE request, if the verification is correct, the second node broadcasts a PREPARE message, and records the PRE-PREPARE request and the PREPARE message into a local log;

Storing COMMIT: if the second node receives more than 2+1 PREPARE messages which are consistent with the second node and are effective, determining that sequencing is successful, sequentially executing sequenced execution requests of the intelligent contracts locally, signing an execution result through a private key of the second node, and sending the execution result to the first node;

REPLY: after receiving 2+1 consistent and effective COMMIT messages, the second node locally executes the execution request and sends a REPLY message to the user terminal through the first node; and the user side is used for confirming the execution result returned by the first node when receiving the REPLY message which is consistent and effective by f+1 different nodes.

9. The method of claim 5, wherein the result statistics policy is ALL, MOST, or FIRST, and the FIRST node returns the execution result to the client according to a preset result statistics policy, including:

ALL, after waiting for the execution results of ALL the second nodes in the P2P network to return, the first node returns the execution results to the user side, and attaches the public key abbreviations of ALL the second nodes in the P2P network;

MOST, after the first node receives the execution results of more than half of the second nodes in the P2P network, returning the execution results to the user side, and attaching the public key abbreviation of the node which has returned the execution results;

And after the FIRST node receives the execution result returned by the FIRST second node in the P2P network, the FIRST node returns the execution result to the user side, and the public key abbreviation of the FIRST node is attached.