CN107526625B - Java intelligent contract security detection method based on bytecode inspection - Google Patents

Abstract

The invention discloses a Java intelligent contract security detection method based on byte code check, which comprises the steps that firstly, a user compiles an intelligent contract security detection rule, and then a byte code file generated by a compiled Java intelligent contract and a customized intelligent contract security detection rule are sent to an intelligent contract execution engine; after receiving the file, the intelligent contract execution engine dynamically loads a system rule and a user defined rule; and then, running a safety detection program, if the detection fails, returning a result, if the detection succeeds, entering an execution flow, and finally returning an execution result. The invention solves the problem of insufficient safety detection of the traditional intelligent contract, ensures the safety of the virtual machine and data, can avoid improper code compiling of the intelligent contract and improves the running performance of the intelligent contract.

Description

Java intelligent contract security detection method based on bytecode inspection

Technical Field

The invention relates to an intelligent contract technology and a Java virtual machine (hereinafter referred to as JVM) technology, in particular to a Java intelligent contract security detection method based on bytecode inspection.

Background

The intelligent contract was the idea proposed by nissabo in the 1990 s, almost as old as the internet. Because of the lack of a trusted execution environment, the smart contract is not applied to the actual industry, and since the birth of the bit currency, people recognize that the underlying technology blockchain of the bit currency can naturally provide a trusted execution environment for the smart contract. An intelligent contract is an assembly language programmed on a blockchain. Typically one will not write the bytecode itself, but will compile it from a higher level language.

Execution of the code of the intelligent contract is automatic: either the successful execution or all state changes are undone (including information already sent or received from the currently failed contract) which is important because it avoids the case where contracts execute partially. This is particularly important in a blockchain environment, as there is no way to undo the adverse consequences of an execution error.

The JVM is a specification for a computing device, which is an imaginary computer implemented by emulating and simulating various computer functions on an actual computer. The JVM has its own sophisticated hardware architecture, such as processor, stack, registers, etc., and has a corresponding instruction system. The JVM shields information related to a specific operating system platform so that Java programs can be run on a variety of platforms without modification by only generating object codes (bytecodes) that run on the Java virtual machine. The intelligent contract execution engine is based on the JVM design.

If the intelligent contracts are written in the Java language and run using an intelligent contract execution engine, there may be a security breach. Since the intelligent contract execution engine supports functions of network, concurrency, terminal command use and the like, if the written intelligent contract has the operations, security problems can occur or the intelligent contract execution performance is influenced.

Disclosure of Invention

The invention aims to provide a Java intelligent contract security detection method based on bytecode inspection, which can ensure the security of a virtual machine and data and improve the running performance of an intelligent contract and has the following specific technical scheme:

a Java intelligent contract security detection method based on bytecode inspection comprises the following steps:

(1) writing a safety detection rule: the system security rule comprises four modules of an interface, a parent class, a member variable and a member method, and a user can delete the modules in the system security rule or modify the rules in the modules according to self business or company security requirements to obtain a customized intelligent contract security detection rule;

(2) transmitting byte code files generated by the compiled Java intelligent contracts and the intelligent contract security detection rules customized in the step (1) to an intelligent contract execution engine;

(3) the intelligent contract execution engine loads a system security rule and a customized intelligent contract security detection rule;

(4) the intelligent contract execution engine runs a security detection module:

detecting whether an interface used in the intelligent contract meets requirements: acquiring an interface realized by the intelligent contract from the byte code, and judging whether the realized interface meets the requirement or not according to the intelligent contract safety detection rule customized in the step (1);

detecting whether a parent class used in the intelligent contract meets the requirements: acquiring a parent class inherited by the intelligent contract from the byte code, and judging whether the inherited parent class meets the requirement or not according to the intelligent contract security detection rule customized in the step (1);

detecting whether member variables used in the intelligent contract meet requirements: acquiring member variables defined by the intelligent contract from the byte codes, and judging whether field access marks and types of the member variables meet requirements or not according to the intelligent contract security detection rules customized in the step (1);

detecting whether a member method used in the intelligent contract meets the requirement: acquiring a member method defined by the intelligent contract from the byte code, and judging whether the method statement of the member method, the variable type used in the member method, the instruction in the member method and the methods of other classes used in the member method meet the requirements or not according to the intelligent contract security detection rule customized in the step (1);

if the detection fails, a result is returned, if the detection succeeds, the execution flow is entered, and finally, an execution result is returned.

The invention has the beneficial effects that: the Java intelligent contract security detection method based on bytecode inspection allows a user to customize security detection rules according to self requirements, and improves the usability and completeness of the intelligent contract security detection function; meanwhile, the invention acquires class information including class interface, parent class, member variable, member method and other information from byte code after compiling the intelligent contract, thereby avoiding the problem that the code is inconsistent with the byte code caused by methods such as byte code injection and the like when directly reading the intelligent contract source code file. The method is applied to the security detection of the intelligent contract, ensures the security of the virtual machine and data, can avoid improper code compiling of the intelligent contract and improves the running performance of the intelligent contract. The security detection mechanism provided by the invention greatly enhances the security of the virtual machine and ensures the environment for executing the intelligent contract.

Drawings

FIG. 1 is a detailed flow diagram of a smart contract security detection method;

FIG. 2 is a flow diagram of intelligent contract deployment.

Detailed Description

The present invention will be described in detail below with reference to the drawings and specific embodiments, and the objects and effects of the present invention will become more apparent.

As shown in fig. 1, the Java intelligent contract security detection method based on bytecode inspection of the present invention includes the following steps:

(1) writing a safety detection rule: the system security rule comprises four modules of an interface, a parent class, a member variable and a member method, and a user can delete the modules in the system security rule or modify the rules in the modules according to self business or company security requirements to obtain a customized intelligent contract security detection rule;

(2) transmitting byte code files generated by the compiled Java intelligent contracts and the intelligent contract security detection rules customized in the step (1) to an intelligent contract execution engine;

(3) the intelligent contract execution engine loads a system security rule and a customized intelligent contract security detection rule;

(4) the intelligent contract execution engine runs a security detection module:

detecting whether an interface used in the intelligent contract meets requirements: acquiring an interface realized by the intelligent contract from the byte code, and judging whether the realized interface meets the requirement or not according to the intelligent contract safety detection rule customized in the step (1);

detecting whether a parent class used in the intelligent contract meets the requirements: acquiring a parent class inherited by the intelligent contract from the byte code, and judging whether the inherited parent class meets the requirement or not according to the intelligent contract security detection rule customized in the step (1);

detecting whether member variables used in the intelligent contract meet requirements: acquiring member variables defined by the intelligent contract from the byte codes, and judging whether field access marks and types of the member variables meet requirements or not according to the intelligent contract security detection rules customized in the step (1);

detecting whether a member method used in the intelligent contract meets the requirement: acquiring a member method defined by the intelligent contract from the byte code, and judging whether the method statement of the member method, the variable type used in the member method, the instruction in the member method and the methods of other classes used in the member method meet the requirements or not according to the intelligent contract security detection rule customized in the step (1);

if the detection fails, a result is returned, if the detection succeeds, the execution flow is entered, and finally, an execution result is returned.

The following simulates the flow of intelligent contract deployment to illustrate specific embodiments. As shown in fig. 2, first, a user writes an intelligent contract security detection rule; then, sending byte code files generated by the compiled Java intelligent contracts and customized intelligent contract security detection rules to an intelligent contract execution engine; after receiving the file, the intelligent contract execution engine dynamically loads system rules and user-customized security detection; and then the intelligent contract execution engine runs the security detection module, if the detection fails, a result is returned, if the detection succeeds, an execution flow is entered, and finally an execution result is returned.

Claims (1)

1. A Java intelligent contract security detection method based on bytecode inspection is characterized by comprising the following steps:

(1) writing a customized intelligent contract security detection rule: the system security rule comprises four modules of an interface, a parent class, a member variable and a member method, and a user can delete the modules in the system security rule or modify the rules in the modules according to self business or company security requirements to obtain a customized intelligent contract security detection rule;

(2) transmitting byte code files generated by the compiled Java intelligent contracts and the intelligent contract security detection rules customized in the step (1) to an intelligent contract execution engine;

(3) the intelligent contract execution engine loads a system security rule and a customized intelligent contract security detection rule;

(4) the intelligent contract execution engine runs a safety detection module;

detecting whether an interface used in the intelligent contract meets requirements: acquiring an interface realized by the intelligent contract from the byte code, and judging whether the realized interface meets the requirement or not according to the intelligent contract safety detection rule customized in the step (1);

detecting whether a parent class used in the intelligent contract meets the requirements: acquiring a parent class inherited by the intelligent contract from the byte code, and judging whether the inherited parent class meets the requirement or not according to the intelligent contract security detection rule customized in the step (1);

detecting whether member variables used in the intelligent contract meet requirements: acquiring member variables defined by the intelligent contract from the byte codes, and judging whether field access marks and types of the member variables meet requirements or not according to the intelligent contract security detection rules customized in the step (1);

detecting whether a member method used in the intelligent contract meets the requirement: acquiring a member method defined by the intelligent contract from the byte code, and judging whether the method statement of the member method, the variable type used in the member method, the instruction in the member method and the methods of other classes used in the member method meet the requirements or not according to the intelligent contract security detection rule customized in the step (1);

if the detection fails, a result is returned, if the detection succeeds, the execution flow is entered, and finally, an execution result is returned.

Images