CN107526625B - Java intelligent contract security detection method based on bytecode inspection - Google Patents
Java intelligent contract security detection method based on bytecode inspection Download PDFInfo
- Publication number
- CN107526625B CN107526625B CN201710585794.6A CN201710585794A CN107526625B CN 107526625 B CN107526625 B CN 107526625B CN 201710585794 A CN201710585794 A CN 201710585794A CN 107526625 B CN107526625 B CN 107526625B
- Authority
- CN
- China
- Prior art keywords
- intelligent contract
- rule
- customized
- security detection
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a Java intelligent contract security detection method based on byte code check, which comprises the steps that firstly, a user compiles an intelligent contract security detection rule, and then a byte code file generated by a compiled Java intelligent contract and a customized intelligent contract security detection rule are sent to an intelligent contract execution engine; after receiving the file, the intelligent contract execution engine dynamically loads a system rule and a user defined rule; and then, running a safety detection program, if the detection fails, returning a result, if the detection succeeds, entering an execution flow, and finally returning an execution result. The invention solves the problem of insufficient safety detection of the traditional intelligent contract, ensures the safety of the virtual machine and data, can avoid improper code compiling of the intelligent contract and improves the running performance of the intelligent contract.
Description
Technical Field
The invention relates to an intelligent contract technology and a Java virtual machine (hereinafter referred to as JVM) technology, in particular to a Java intelligent contract security detection method based on bytecode inspection.
Background
The intelligent contract was the idea proposed by nissabo in the 1990 s, almost as old as the internet. Because of the lack of a trusted execution environment, the smart contract is not applied to the actual industry, and since the birth of the bit currency, people recognize that the underlying technology blockchain of the bit currency can naturally provide a trusted execution environment for the smart contract. An intelligent contract is an assembly language programmed on a blockchain. Typically one will not write the bytecode itself, but will compile it from a higher level language.
Execution of the code of the intelligent contract is automatic: either the successful execution or all state changes are undone (including information already sent or received from the currently failed contract) which is important because it avoids the case where contracts execute partially. This is particularly important in a blockchain environment, as there is no way to undo the adverse consequences of an execution error.
The JVM is a specification for a computing device, which is an imaginary computer implemented by emulating and simulating various computer functions on an actual computer. The JVM has its own sophisticated hardware architecture, such as processor, stack, registers, etc., and has a corresponding instruction system. The JVM shields information related to a specific operating system platform so that Java programs can be run on a variety of platforms without modification by only generating object codes (bytecodes) that run on the Java virtual machine. The intelligent contract execution engine is based on the JVM design.
If the intelligent contracts are written in the Java language and run using an intelligent contract execution engine, there may be a security breach. Since the intelligent contract execution engine supports functions of network, concurrency, terminal command use and the like, if the written intelligent contract has the operations, security problems can occur or the intelligent contract execution performance is influenced.
Disclosure of Invention
The invention aims to provide a Java intelligent contract security detection method based on bytecode inspection, which can ensure the security of a virtual machine and data and improve the running performance of an intelligent contract and has the following specific technical scheme:
a Java intelligent contract security detection method based on bytecode inspection comprises the following steps:
(1) writing a safety detection rule: the system security rule comprises four modules of an interface, a parent class, a member variable and a member method, and a user can delete the modules in the system security rule or modify the rules in the modules according to self business or company security requirements to obtain a customized intelligent contract security detection rule;
(2) transmitting byte code files generated by the compiled Java intelligent contracts and the intelligent contract security detection rules customized in the step (1) to an intelligent contract execution engine;
(3) the intelligent contract execution engine loads a system security rule and a customized intelligent contract security detection rule;
(4) the intelligent contract execution engine runs a security detection module:
detecting whether an interface used in the intelligent contract meets requirements: acquiring an interface realized by the intelligent contract from the byte code, and judging whether the realized interface meets the requirement or not according to the intelligent contract safety detection rule customized in the step (1);
detecting whether a parent class used in the intelligent contract meets the requirements: acquiring a parent class inherited by the intelligent contract from the byte code, and judging whether the inherited parent class meets the requirement or not according to the intelligent contract security detection rule customized in the step (1);
detecting whether member variables used in the intelligent contract meet requirements: acquiring member variables defined by the intelligent contract from the byte codes, and judging whether field access marks and types of the member variables meet requirements or not according to the intelligent contract security detection rules customized in the step (1);
detecting whether a member method used in the intelligent contract meets the requirement: acquiring a member method defined by the intelligent contract from the byte code, and judging whether the method statement of the member method, the variable type used in the member method, the instruction in the member method and the methods of other classes used in the member method meet the requirements or not according to the intelligent contract security detection rule customized in the step (1);
if the detection fails, a result is returned, if the detection succeeds, the execution flow is entered, and finally, an execution result is returned.
The invention has the beneficial effects that: the Java intelligent contract security detection method based on bytecode inspection allows a user to customize security detection rules according to self requirements, and improves the usability and completeness of the intelligent contract security detection function; meanwhile, the invention acquires class information including class interface, parent class, member variable, member method and other information from byte code after compiling the intelligent contract, thereby avoiding the problem that the code is inconsistent with the byte code caused by methods such as byte code injection and the like when directly reading the intelligent contract source code file. The method is applied to the security detection of the intelligent contract, ensures the security of the virtual machine and data, can avoid improper code compiling of the intelligent contract and improves the running performance of the intelligent contract. The security detection mechanism provided by the invention greatly enhances the security of the virtual machine and ensures the environment for executing the intelligent contract.
Drawings
FIG. 1 is a detailed flow diagram of a smart contract security detection method;
FIG. 2 is a flow diagram of intelligent contract deployment.
Detailed Description
The present invention will be described in detail below with reference to the drawings and specific embodiments, and the objects and effects of the present invention will become more apparent.
As shown in fig. 1, the Java intelligent contract security detection method based on bytecode inspection of the present invention includes the following steps:
(1) writing a safety detection rule: the system security rule comprises four modules of an interface, a parent class, a member variable and a member method, and a user can delete the modules in the system security rule or modify the rules in the modules according to self business or company security requirements to obtain a customized intelligent contract security detection rule;
(2) transmitting byte code files generated by the compiled Java intelligent contracts and the intelligent contract security detection rules customized in the step (1) to an intelligent contract execution engine;
(3) the intelligent contract execution engine loads a system security rule and a customized intelligent contract security detection rule;
(4) the intelligent contract execution engine runs a security detection module:
detecting whether an interface used in the intelligent contract meets requirements: acquiring an interface realized by the intelligent contract from the byte code, and judging whether the realized interface meets the requirement or not according to the intelligent contract safety detection rule customized in the step (1);
detecting whether a parent class used in the intelligent contract meets the requirements: acquiring a parent class inherited by the intelligent contract from the byte code, and judging whether the inherited parent class meets the requirement or not according to the intelligent contract security detection rule customized in the step (1);
detecting whether member variables used in the intelligent contract meet requirements: acquiring member variables defined by the intelligent contract from the byte codes, and judging whether field access marks and types of the member variables meet requirements or not according to the intelligent contract security detection rules customized in the step (1);
detecting whether a member method used in the intelligent contract meets the requirement: acquiring a member method defined by the intelligent contract from the byte code, and judging whether the method statement of the member method, the variable type used in the member method, the instruction in the member method and the methods of other classes used in the member method meet the requirements or not according to the intelligent contract security detection rule customized in the step (1);
if the detection fails, a result is returned, if the detection succeeds, the execution flow is entered, and finally, an execution result is returned.
The following simulates the flow of intelligent contract deployment to illustrate specific embodiments. As shown in fig. 2, first, a user writes an intelligent contract security detection rule; then, sending byte code files generated by the compiled Java intelligent contracts and customized intelligent contract security detection rules to an intelligent contract execution engine; after receiving the file, the intelligent contract execution engine dynamically loads system rules and user-customized security detection; and then the intelligent contract execution engine runs the security detection module, if the detection fails, a result is returned, if the detection succeeds, an execution flow is entered, and finally an execution result is returned.
Claims (1)
1. A Java intelligent contract security detection method based on bytecode inspection is characterized by comprising the following steps:
(1) writing a customized intelligent contract security detection rule: the system security rule comprises four modules of an interface, a parent class, a member variable and a member method, and a user can delete the modules in the system security rule or modify the rules in the modules according to self business or company security requirements to obtain a customized intelligent contract security detection rule;
(2) transmitting byte code files generated by the compiled Java intelligent contracts and the intelligent contract security detection rules customized in the step (1) to an intelligent contract execution engine;
(3) the intelligent contract execution engine loads a system security rule and a customized intelligent contract security detection rule;
(4) the intelligent contract execution engine runs a safety detection module;
detecting whether an interface used in the intelligent contract meets requirements: acquiring an interface realized by the intelligent contract from the byte code, and judging whether the realized interface meets the requirement or not according to the intelligent contract safety detection rule customized in the step (1);
detecting whether a parent class used in the intelligent contract meets the requirements: acquiring a parent class inherited by the intelligent contract from the byte code, and judging whether the inherited parent class meets the requirement or not according to the intelligent contract security detection rule customized in the step (1);
detecting whether member variables used in the intelligent contract meet requirements: acquiring member variables defined by the intelligent contract from the byte codes, and judging whether field access marks and types of the member variables meet requirements or not according to the intelligent contract security detection rules customized in the step (1);
detecting whether a member method used in the intelligent contract meets the requirement: acquiring a member method defined by the intelligent contract from the byte code, and judging whether the method statement of the member method, the variable type used in the member method, the instruction in the member method and the methods of other classes used in the member method meet the requirements or not according to the intelligent contract security detection rule customized in the step (1);
if the detection fails, a result is returned, if the detection succeeds, the execution flow is entered, and finally, an execution result is returned.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710585794.6A CN107526625B (en) | 2017-07-18 | 2017-07-18 | Java intelligent contract security detection method based on bytecode inspection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710585794.6A CN107526625B (en) | 2017-07-18 | 2017-07-18 | Java intelligent contract security detection method based on bytecode inspection |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107526625A CN107526625A (en) | 2017-12-29 |
CN107526625B true CN107526625B (en) | 2020-08-21 |
Family
ID=60749139
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710585794.6A Active CN107526625B (en) | 2017-07-18 | 2017-07-18 | Java intelligent contract security detection method based on bytecode inspection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107526625B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115658542B (en) * | 2022-11-11 | 2023-09-19 | 南京掌御信息科技有限公司 | Code cipher algorithm type identification and parameter misuse detection method and system |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108304307B (en) * | 2018-01-24 | 2022-03-04 | 深圳圣马歌科技有限公司 | Performance detection method of intelligent contract on block chain |
CN108509958A (en) * | 2018-03-30 | 2018-09-07 | 北京金山安全软件有限公司 | Defect type detection method, defect type detection device, electronic equipment and medium |
CN108985066B (en) * | 2018-05-25 | 2021-09-28 | 北京金山安全软件有限公司 | Intelligent contract security vulnerability detection method, device, terminal and storage medium |
CN108960830B (en) * | 2018-07-16 | 2022-07-15 | 百度在线网络技术(北京)有限公司 | Intelligent contract deployment method, device, equipment and storage medium |
CN109063477B (en) * | 2018-07-18 | 2021-04-20 | 成都链安科技有限公司 | Automatic intelligent contract code defect detection system and method |
CN109800175B (en) * | 2019-02-20 | 2020-08-11 | 河海大学 | Ether house intelligent contract reentry vulnerability detection method based on code instrumentation |
CN112445691B (en) * | 2020-12-02 | 2024-05-28 | 中国建设银行股份有限公司 | Non-invasive intelligent contract performance detection method and device |
CN112685049B (en) * | 2021-01-22 | 2024-02-13 | 大连高德瑞信科技有限公司 | JAVA byte code compiling method |
CN112860385A (en) * | 2021-03-23 | 2021-05-28 | 无锡井通网络科技有限公司 | Pluggable intelligent contract virtual machine system and intelligent contract calling method |
CN113835972B (en) * | 2021-11-26 | 2022-03-08 | 南京金宁汇科技有限公司 | ASM-based alliance chain intelligent contract resource consumption detection method and device |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017072753A1 (en) * | 2015-10-25 | 2017-05-04 | Symcotech Ltd | System and method for performing ticketing transaction for a public transportation vehicle |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8381297B2 (en) * | 2005-12-13 | 2013-02-19 | Yoggie Security Systems Ltd. | System and method for providing network security to mobile devices |
CN103955635B (en) * | 2014-04-04 | 2017-02-15 | 北京深思数盾科技股份有限公司 | Method and system for protecting .NET executable program |
CN104063318A (en) * | 2014-06-24 | 2014-09-24 | 湘潭大学 | Rapid Android application similarity detection method |
CN105991731A (en) * | 2015-02-13 | 2016-10-05 | 中兴通讯股份有限公司 | Method for obtaining information, intelligent terminal and server side |
US20170140408A1 (en) * | 2015-11-16 | 2017-05-18 | Bank Of America Corporation | Transparent self-managing rewards program using blockchain and smart contracts |
CN106446689A (en) * | 2016-09-02 | 2017-02-22 | 中科信息安全共性技术国家工程研究中心有限公司 | Method for performing automated security detection on android application |
-
2017
- 2017-07-18 CN CN201710585794.6A patent/CN107526625B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017072753A1 (en) * | 2015-10-25 | 2017-05-04 | Symcotech Ltd | System and method for performing ticketing transaction for a public transportation vehicle |
Non-Patent Citations (1)
Title |
---|
Formal Verification of Smart Contracts:short paper;K Bhargavan ET AL;《ACM Workshop,2016》;20161231;全文 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115658542B (en) * | 2022-11-11 | 2023-09-19 | 南京掌御信息科技有限公司 | Code cipher algorithm type identification and parameter misuse detection method and system |
Also Published As
Publication number | Publication date |
---|---|
CN107526625A (en) | 2017-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107526625B (en) | Java intelligent contract security detection method based on bytecode inspection | |
CN108027722B (en) | Dynamically updating applications in compilation and deployment | |
US12008386B2 (en) | Conservative class preloading for real time java execution | |
US9785456B2 (en) | Metadata-driven dynamic specialization | |
Sen et al. | Jalangi: A selective record-replay and dynamic analysis framework for JavaScript | |
US10331425B2 (en) | Automated source code adaption to inject features between platform versions | |
EP2939111A1 (en) | Extending a development environment | |
US7941792B2 (en) | System and method for compiling program code ahead of time | |
CN100492387C (en) | Method and system for software protected development based on Keil C51 | |
US20160246622A1 (en) | Method and system for implementing invocation stubs for the application programming interfaces embedding with function overload resolution for dynamic computer programming languages | |
Sui et al. | On the soundness of call graph construction in the presence of dynamic language features-a benchmark and tool evaluation | |
US20150067653A1 (en) | Automatic generation of analysis-equivalent application constructs | |
US8788884B2 (en) | Automatic correction of program logic | |
Spear et al. | Solving the starting problem: device drivers as self-describing artifacts | |
CN111768183A (en) | Method for executing intelligent contract, block chain node and storage medium | |
CN113282487A (en) | Programming language debugging method and device and terminal equipment | |
KR102341137B1 (en) | Code converting method based on intermediate language and electronic device including the same | |
CN111770202B (en) | Method for executing intelligent contract, block chain node and storage medium | |
Jain et al. | Sklee: A dynamic symbolic analysis tool for ethereum smart contracts (tool paper) | |
US20040031025A1 (en) | Formal verification in particular of a secure virtual machine | |
Hathhorn et al. | Dealing with C's original sin | |
Hlopko et al. | On the integration of Smalltalk and Java: practical experience with STX: LIBJAVA | |
US11886589B2 (en) | Process wrapping method for evading anti-analysis of native codes, recording medium and device for performing the method | |
Staniloiu et al. | Safer Linux Kernel Modules Using the D Programming Language | |
Kwon et al. | Translation Validation for JIT Compiler in the V8 JavaScript Engine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |