CN114282227B - Safety analysis and detection method for intelligent contract of Fabric block chain system - Google Patents
Safety analysis and detection method for intelligent contract of Fabric block chain system Download PDFInfo
- Publication number
- CN114282227B CN114282227B CN202210029433.4A CN202210029433A CN114282227B CN 114282227 B CN114282227 B CN 114282227B CN 202210029433 A CN202210029433 A CN 202210029433A CN 114282227 B CN114282227 B CN 114282227B
- Authority
- CN
- China
- Prior art keywords
- taint
- variable
- intelligent contract
- security
- pointer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 52
- 238000001514 detection method Methods 0.000 title claims abstract description 41
- 239000004744 fabric Substances 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 42
- 238000011161 development Methods 0.000 claims abstract description 17
- 230000008569 process Effects 0.000 claims abstract description 14
- 230000006870 function Effects 0.000 claims description 43
- 238000007781 pre-processing Methods 0.000 claims description 10
- 230000004048 modification Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 239000010865 sewage Substances 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims 1
- 230000008439 repair process Effects 0.000 description 5
- 238000011160 research Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a security analysis and detection method for intelligent contracts of a Fabric blockchain system, which is irrelevant to the development language of the intelligent contracts, realizes the tracking of the generation and propagation processes of security risks on an IR by uniformly converting the intelligent contracts compiled by different development languages into an intermediate language IR and improving a taint analysis method according to the language characteristics of the IR, thereby detecting and identifying whether security vulnerabilities exist. The invention decouples the intelligent contract security analysis of the Fabric blockchain system and the intelligent contract programming language, not only fills the blank of the current Fabric intelligent contract security analysis scheme, but also supports the continuous expansion of new vulnerability types and new intelligent contract programming languages.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a security analysis detection method for intelligent contracts of a Fabric blockchain system.
Background
Fabric is one of the most popular open source blockchain platforms for enterprise-oriented applications today. The intelligent contract is a program running on a blockchain system, defines business logic among network system members and is a digitized form of a traditional contract in the network system. The intelligent contracts written into the block chain system are transparent, traceable and not capable of being tampered in the whole process of storage, reading and execution.
Compared with the traditional application program, the security problem of the intelligent contract mainly has the following two differences:
on one hand, the traditional application program can repair and release a new version in time after discovering an error, but the intelligent contract is immutable after being deployed, namely, the intelligent contract with the leakage is difficult to repair. Therefore, it is critical to strictly verify the correctness and security of the smart contracts prior to deployment.
On the other hand, most blockchain systems such as "etherhouses" tend to write smart contracts in domain-specific languages such as solidity, but in Fabric systems, smart contracts are developed by general purpose programming languages (Go, Java, JavaScript). This greatly reduces the developer's admission thresholds and supports the use of reliable existing tools and libraries based on these programming languages. But due to the lack of restrictions and functionality provided for blockchain features like reliability, most developers are inclined to introduce potential security vulnerabilities due to differences in the operating environment between smart contracts and common applications.
At present, the safety problem of intelligent contracts is outstanding, related research works are mainly focused on an Ethernet platform, and research works and effective technical schemes aiming at the safety of Fabric intelligent contracts are lacked. While general-purpose programming languages typically have their own detection tools to improve code quality, such as govet and golint for the Go language, they are typically used to detect syntax errors in conventional development and are not effective in identifying security issues related to the nature of intelligent contracts. The prior art still lacks an effective technical scheme for security analysis and verification of Fabric intelligent contracts.
Disclosure of Invention
In order to solve the defects in the prior art, the invention provides a safety analysis and detection method for the intelligent contract of the Fabric blockchain system, which is irrelevant to the development language, and the method can dig out 6 vulnerabilities which can not be detected by the existing tool in the intelligent contract of the Fabric blockchain system and seriously affect the safety of the intelligent contract, can be applied to the development and deployment stages of the intelligent contract and helps developers to realize safer intelligent contracts.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
a security analysis detection method for intelligent contracts of a Fabric blockchain system uniformly converts/translates intelligent contracts compiled by different development languages into an intermediate language IR, improves the existing taint analysis method according to the characteristics of the IR language, tracks the generation and propagation processes of security risks on the IR, judges whether security vulnerabilities can be caused or not, and finally feeds back detection results and repair suggestions to a user; the method comprises a preprocessing process, a taint analysis process and a result returning process. The method specifically comprises the following steps:
1) preprocessing a source code of the intelligent contract;
in specific implementation, before the development stage or deployment of the intelligent contract, the intelligent contract written by Go Language, Java Language and JavaScript can be uniformly translated into a specific Intermediate Language, namely LLVM IR (Low Level Virtual Machine intermediary Language, hereinafter abbreviated as IR), through a gollvm tool, a jlan tool and a typescript compiler tool, respectively;
because the intermediate language IR enforced by the LLVM project provides a rich set of operational interfaces, it is more convenient to analyze and operate on IR than directly on source code. In addition, the translation into IR eliminates the characteristics of the source language, so that the detection rule of the intelligent contract vulnerability is decoupled from the source language, and the vulnerability detection mechanism can be applied to intelligent contracts written in different programming languages.
2) Performing taint analysis on the IR of the intelligent contract; the method specifically comprises the following steps:
21) initializing a taint variable and a non-taint variable according to safety risks in the intelligent contract;
a source of sewage may be understood as a location where a security risk arises. We classify all the variables in the intelligent contract IR obtained in the previous step into the following five types of taint:
● dirty spot variable, value type variable related to security risk.
● non-tainted variable, value type variable unrelated to security risks.
● dirty point, a pointer to a memory location associated with a security risk.
● non-taint pointer, a pointer to a memory region not associated with a security risk.
● constant C, a definite value.
The security risk of the intelligent contract comes from factors which can cause inconsistent execution results, such as global variable/field declaration, random number function and time stamp function; on the other hand, the intelligent contracts are developed in an irregular mode, such as phantom reading, reading after writing and privacy disclosure, and the factors can cause unexpected operation results of the intelligent contracts. The security risks may not necessarily result in a vulnerability, and therefore, the generation and propagation processes of the risks need to be tracked, whether the risks affect the branches of the intelligent contract or the key operations of reading and writing the account book and the like is judged, and if the key operations of the intelligent contract are affected by the security risks, the security vulnerability exists in the intelligent contract.
If there is some kind of security risk in the intelligent contract IR, then all the constants in the IR are marked as C according to whether the variable of the position is a pointer type, if so, the variable is marked as PS, otherwise, the variable is marked as S, and the variables appearing in other positions in the IR are marked as NS and NPS according to whether the variable is a pointer type definition.
22) Maintaining a taint variable set and a non-taint variable set; determining the taint type of the variable by scanning all instructions (codes in functions and function calls) and the variable thereof in the IR, and updating a taint variable set and a non-taint variable set;
by traversing all instructions in the intelligent contract IR and the variables used by the instructions, determining that the variable type of the variables is one of five types, the propagation of the taint is completed, including the taint propagation of instructions within functions and the taint propagation of function call instructions. Specifically, the stain spreading method is as follows:
(ii) taint propagation of instructions within the function:
A. for non-address operations, a normal operation instruction that will generate a new variable:
a) if the instruction has the taint variable participating in the instruction and the new variable generated by instruction assignment is a value type, the taint type of the generated new variable is identified as the taint variable.
b) If the instruction has a dirty variable involved and the new variable generated by instruction assignment is a pointer type, the dirty type of the generated new variable is identified as a dirty pointer.
c) If the instruction has a dirty pointer involved and the new variable generated by instruction assignment is a value type, the dirty type of the generated new variable is identified as a dirty variable.
d) If the instruction has a dirty pointer involved and the new variable generated by instruction assignment is a pointer type, the dirty type of the generated new variable is identified as a dirty pointer P.
e) And when the instruction does not belong to the condition, the taint type of the variable in the instruction is not changed.
B. For the instructions of the address operation, a Load instruction to read data from a specified address and a Store instruction to Store data from the specified address may be included:
a) when the dirty type of the pointer parameter of the Load instruction is the same, if the read variable is the non-pointer type, the dirty type of the read variable is identified as the dirty type.
b) When the dirty type of the pointer parameter of the Load instruction is the same, if the read variable is the pointer type, the dirty type of the read variable is identified as the dirty type.
c) When the dirty type of the pointer parameter of the Load instruction is the same, if the read variable is the non-pointer type, the dirty type of the read variable is identified as the dirty type.
d) When the dirty type of the pointer parameter of the Load instruction is the same, if the read variable is the pointer type, the dirty type of the read variable is identified as the dirty type.
e) When the dirty type of the pointer parameter of the Store instruction is yes, if the dirty type of the stored value is yes, the dirty type of the pointer parameter is changed to be the dirty type of the stored value.
f) And when the instruction does not belong to the condition, the taint type of the variable in the instruction is not changed.
Secondly, creating a new taint variable set and a new non-taint variable set of the subfunction for taint propagation across functions caused by the function call instruction, and classifying the variables of the subfunction; the method specifically comprises the following steps:
a) and copying the taint type of the global variable to the global variable of the sub-function.
b) The dirty type of the called parameter is made to the sub-function parameter variable.
c) And traversing the IR instruction in the subfunction, and carrying out taint propagation according to the rule of (r) until the set of the taint variables of the subfunction is not changed any more.
d) And copying the dirty type of the global variable of the sub function to the global variable of the current function.
e) And feeding back the stain type of the variable returned by the subfunction to the corresponding variable of the current function.
f) And feeding back the taint characteristic of the parameter with the type being the address in the subfunction to the corresponding variable of the current function.
A set of taint variables and a set of non-taint variables are maintained. The traversal process needs to be executed repeatedly, the taint variable set and the non-taint variable set are updated every time of iteration until the variables in the two sets are stable in a certain taint type and cannot be changed, and iteration is stopped. The above taint propagation method is convergent for a taint set, i.e. all variables change from type to type, so that there is no case that some variables cannot be finally determined for type regardless of iteration.
23) And traversing the instruction (key operation) in the intelligent contract IR again to finish the detection of the key operation in the intelligent contract, and if the key operations such as branching, reading and writing an account book and the like in the intelligent contract are polluted, namely if the key operations use a taint variable S or a taint pointer PS, detecting and identifying that the security vulnerability exists in the intelligent contract.
3) Returning a detection result to the user;
and outputting a detection result report to a user interface, wherein the detection result report comprises the brief description of the detected vulnerability in the intelligent contract, the position of the vulnerability in the program and the corresponding modification suggestion, and counting the detection result.
In specific implementation, the software system designed and realized by the method comprises three modules from bottom to top: the intelligent contract analysis system comprises a preprocessing module for translating the intelligent contract, a taint propagation analysis module with the security analysis core function and a result analysis output module interacting with a user interface. The preprocessing module is used for uniformly translating intelligent contracts compiled by Go language, Java language and JavaScript into an intermediate language IR; the taint propagation analysis module is used for carrying out taint analysis on the IR of the intelligent contract; and the result analysis output module is used for outputting the detection result.
Compared with the prior art, the invention has the following beneficial technical effects:
according to the security analysis method for the intelligent contract of the Fabric blockchain system, provided by the invention, 6 vulnerabilities which can seriously affect the security of the intelligent contract and cannot be covered by the existing code detection tool in the intelligent contract of the Fabric blockchain system can be mined by uniformly translating the intelligent contracts compiled by different programming languages into LLVM IR and carrying out taint analysis on the IR. In addition, the security analysis and the intelligent contract programming language are decoupled, so that the blank of the current security analysis scheme of the Fabric intelligent contract is made up, and the continuous expansion of a new vulnerability type and a new intelligent contract programming language is supported.
Drawings
FIG. 1 is a block flow diagram of the method of the present invention.
Fig. 2 is a flowchart of "read after write" vulnerability detection provided by the embodiment of the present invention.
Detailed Description
The invention will be further described by way of examples, without in any way limiting the scope of the invention, with reference to the accompanying drawings.
The invention provides a safety analysis method for the intelligent contract of the Fabric blockchain system, which is irrelevant to the development language, and makes up for the vacancy of the relevant technical scheme. The method can be applied to the development and deployment phases of the intelligent contract and helps developers to realize safer intelligent contracts.
The method uniformly translates the intelligent contracts compiled by different development languages into the intermediate language IR, finishes the generation and transmission process of the security risk on the IR by using a uniform taint analysis method to judge whether the security risk can cause the security vulnerability, and feeds back the detection result and the repair suggestion to the user. The overall flow is shown in FIG. 1, and the present invention includes a preprocessing process, a taint analysis process, and a return results process. The method specifically comprises the following steps:
1) preprocessing a source code of the intelligent contract;
before the development stage or deployment of the intelligent contracts, the intelligent contracts written by Go language, Java language and JavaScript can be uniformly translated into a specific intermediate language-LLVM IR through a gollvm tool, a JLink tool and a TypeScript compiler tool respectively;
2) performing taint analysis on the IR of the intelligent contract, and specifically comprising the following processes;
21) initializing a taint variable and a non-taint variable according to safety risks in the intelligent contract;
a source of sewage may be understood as a location where a security risk arises. We classified all variables in the intelligent contract IR obtained in the previous step into the following five taint types:
● dirty spot variable, value type variable related to security risk.
● non-tainted variable, value type variable unrelated to security risks.
● dirty point, a pointer to a memory location associated with a security risk.
● non-taint pointer, a pointer to a memory region not associated with a security risk.
● constant, a definite value.
The types of security risks monitored by the present invention are shown in table 1, including: global variable/field declarations; a random number function; a time stamp function; reading a phantom; reading after writing; and (5) privacy disclosure. The key operations include: branching or reading and writing the book; writing an account book operation; reading an account book operation; assigning operation and comparing operation. Sources of detected stains include: a global variable; a return result of the random number function; a return result of the timestamp function; returning results of the range query function; writing a return result of the book function; and returning a result of the privacy query function. Each security risk in table 1 may cause a vulnerability and has a dirty source associated with its characteristic information, if there is a dirty source corresponding to a certain type of security risk in the smart contract IR, the variable at that location is marked as PS or S according to whether it is a pointer type, the variables at other locations in the IR are marked as NPS or NS according to whether they are a pointer type definition, and all constants in the IR are marked as C. The resulting vulnerabilities include: failure of the transaction consensus; writing an account book error; reading an account book error; and (6) revealing privacy data.
Table 1 risk types and corresponding vulnerabilities monitored by the method of the present invention
22) Maintaining a taint variable set and a non-taint variable set; determining the stain type of the variable by scanning all instructions and variables thereof in the IR, and updating a stain variable set and a non-stain variable set;
the propagation of the taint is completed by traversing all the instructions in the intelligent contract IR and the variables used by the instructions, including the taint propagation of the instructions in the function and the taint propagation of the function call instructions.
23) And traversing the instructions in the intelligent contract IR again to complete the detection of the key operations in the intelligent contract, wherein the key operations for converting the security risks into the vulnerabilities are shown in the table 1, and if the key operations in the intelligent contract use a taint variable S or a taint pointer PS, the operations are polluted, which indicates that the security vulnerabilities exist in the intelligent contract.
3) Returning a detection result to the user;
and outputting a detection report to a user interface, wherein the detection report comprises the brief description of the detected loophole in the intelligent contract, the position of the loophole in the program and the corresponding modification suggestion, and counting the detection result.
The following embodiment adopts the security analysis method provided by the present invention to send out a detection process of a "reading ledger error" vulnerability, as shown in fig. 2, the specific steps include:
the method comprises the following steps: translating the intelligent contract program to be detected into an IR instruction file;
step two: traversing the IR instruction, collecting all variables in the IR, adding the variables into a non-taint variable set, and initializing the taint type of the variables into NS or NPS according to the variable type;
step three: judging whether a taint source with the risk of 'read after write' exists in the non-taint variable set: writing a return result of the ledger function PutState calling instruction, if so, executing the step four, otherwise, finishing the execution;
step four: modifying the stain type of the returned result into S, and adding the result variable into a stain variable set;
step five: traversing all instructions in the IR to carry out taint propagation;
step six: after traversing one round, judging whether the taint variable set and the non-taint variable set are updated, if so, jumping to the fifth step, otherwise, executing the seventh step;
step seven: judging whether an account book reading function GetState calling instruction exists in the IR instruction, if so, executing the step eight, otherwise, finishing the execution;
step eight: judging whether the operand of the reading account book function GetState calling instruction is polluted, if so, executing the step nine, otherwise, finishing the execution;
step nine: and finding a bug of 'reading an account book error' in the intelligent contract, and finishing execution after generating bug information.
In specific implementation, the software system designed and realized by the method comprises three modules from bottom to top, wherein the three modules are respectively as follows: the intelligent contract analysis system comprises a preprocessing module for translating the intelligent contract, a taint propagation analysis module with the security analysis core function and a result analysis output module interacting with a user interface.
In conclusion, the security analysis method for the intelligent contract of the Fabric block chain system, provided by the invention, is irrelevant to development languages, the intelligent contracts compiled by different development languages are uniformly translated into the intermediate language IR, the tracking and vulnerability judgment of the security risk in the intelligent contract are completed on the IR by using a uniform taint analysis method, 6 types of security vulnerabilities which cannot be detected by the current similar tools can be covered, and the detection result and the repair suggestion are fed back to a user; the method can be applied to the development and deployment phases of the intelligent contract, and helps developers to realize safer intelligent contracts, thereby making up for the vacancy of related technical schemes.
It is noted that the disclosed embodiments are intended to aid in further understanding of the invention, but those skilled in the art will appreciate that: various alternatives and modifications are possible without departing from the invention and scope of the appended claims. Therefore, the invention should not be limited to the embodiments disclosed, but the scope of the invention is defined by the appended claims.
Claims (9)
1. A security analysis and detection method for intelligent contracts of a Fabric Block Link system is characterized in that the method is independent of the development languages of the intelligent contracts, the generation and transmission processes of security risks on an intermediate language IR are tracked by uniformly converting the intelligent contracts compiled by different development languages into the intermediate language IR and improving a taint analysis method according to the language characteristics of the intermediate language IR, so that whether security holes exist in the intelligent contracts of the Fabric Block Link system or not is detected and identified; the method comprises the following steps:
1) preprocessing a source code of an intelligent contract, uniformly converting the intelligent contract written in different languages into an intermediate language, eliminating the characteristics of the source language of the intelligent contract, and decoupling the vulnerability detection of the intelligent contract from the source language; the intermediate language adopts an intermediate language IR; carrying out unified conversion to obtain an intermediate language IR of the intelligent contract;
2) performing taint analysis on the intermediate language IR of the intelligent contract obtained in the step 1); the method comprises the following steps:
21) initializing a taint variable and a non-taint variable according to safety risks in the intelligent contract;
defining a sewage source as a position for generating safety risks; according to the types of taint, dividing all variables in the intermediate language IR of the obtained intelligent contract into various types, including:
the stain variable is marked as S;
a non-taint variable, denoted NS;
a stain pointer marked as PS;
a non-taint pointer, noted as NPS;
a constant value, denoted as C;
tracking the generation and transmission process of the security risk of the intelligent contract, and judging whether the position of the taint source can influence the key operation of the intelligent contract or not; if the key operation of the intelligent contract is influenced by the security risk, the intelligent contract has security holes; at the moment, according to whether the variable of the position of the taint source is a pointer, if the variable is the pointer, the variable is marked as PS, and if not, the variable is marked as S; marking variables appearing at other positions in the intermediate language IR as NS or NPS according to the fact whether the variables are pointer types or not, and marking all constants in the intermediate language IR as C;
22) maintaining a taint variable set and a non-taint variable set; determining the variable type of the variable and updating a taint variable set and a non-taint variable set by scanning and traversing codes and used variables in function and function call in an intermediate language IR of the intelligent contract; the traversal process is executed repeatedly, the taint variable set and the non-taint variable set are updated every iteration until the taint types of the variables in the two sets are not changed any more, the iteration is stopped, and the taint propagation is completed;
23) traversing the key operation instruction in the intermediate language IR of the intelligent contract again, and identifying that a security vulnerability exists in the intelligent contract if the fact that the key operation in the intelligent contract uses a taint variable S or a taint pointer PS is detected;
through the steps, the security analysis and detection of the intelligent contract of the Fabric block chain system are realized, and the security vulnerability detection result is obtained.
2. The method as claimed in claim 1, wherein the security analysis and detection result report of the Fabric blockchain system intelligent contract includes a brief description of the detected vulnerabilities in the intelligent contract, the locations of the detected vulnerabilities, and corresponding modification opinions and detection result statistics; the security analysis detection results report may be output to a user interface.
3. The method for analyzing and detecting the security of the intelligent contract of the Fabric blockchain system as claimed in claim 1, wherein step 1) preprocesses the source code of the intelligent contract, and specifically, before the development stage or deployment of the intelligent contract, the intelligent contract written in Go language, Java language and JavaScript is converted into the intermediate language IR through a gollvm application tool, a JLang application tool and a typescript compiler application tool, respectively, so as to obtain the intermediate language IR of the intelligent contract.
4. The method for security analysis and detection of a Fabric blockchain system intelligent contract of claim 1, wherein the step 21) defines the variable types as:
a. the taint variable S is a variable of a value type related to the safety risk;
b. the non-taint variable NS is a variable of value type independent of security risk;
c. the taint pointer PS is a pointer of a memory area related to security risks;
d. the non-taint pointer NPS is a pointer of a memory area irrelevant to the security risk;
e. the constant C is a definite value.
5. A method for security analysis and detection of a Fabric blockchain system intelligent contract as claimed in claim 1 wherein in step 22) the method of taint propagation of intra-function instructions and taint propagation of function call instructions includes:
(ii) taint propagation of instructions within the function:
A. for non-address operations, a normal operation instruction of a new variable is generated:
a) if the instruction has the taint variable S, and the final assignment of the instruction is a value type, identifying the type of the generated new variable as the taint variable S;
b) if the instruction has the taint variable S, and the final assignment of the instruction is a pointer, identifying the type of the generated new variable as a taint pointer PS;
c) if the instruction has the taint pointer PS to participate in and the final assignment of the instruction is the pointer, identifying the type of the generated new variable as the taint pointer PS;
d) when operands involved by the instruction are not all constants, if the final assignment of the instruction is not a pointer, the type of the generated new variable is identified as a non-tainted variable NS; if the final assignment of the instruction is a pointer, identifying the type of the generated new variable as a non-taint pointer NPS;
e) if the operands of the instruction are all constants, identifying the type of the generated new variable as a constant C;
B. for the instructions of the address operation, a Load instruction for reading data from a specified address and a Store instruction for storing data from the specified address may be included; judging and identifying the memory pointers which once store the taint data as taint data related to taint information; the taint data comprises taint variables and/or taint pointers;
secondly, creating a new taint variable set and a new non-taint variable set of the subfunction for taint propagation across functions caused by the function call instruction, and classifying the variables of the subfunction; the method specifically comprises the following steps:
a) copying the taint type of the global variable to the global variable of the subfunction;
b) copying the stain type of the called parameter to a parameter variable of the subfunction;
c) executing a taint propagation algorithm in the subfunction until the taint variable set of the subfunction is not changed any more;
d) copying the taint type of the global variable of the subfunction to the global variable of the current function;
e) feeding back the stain type of the variable returned by the subfunction to the corresponding variable of the current function;
f) and feeding back the taint characteristic of the parameter with the type being the address in the subfunction to the corresponding variable of the current function.
6. The method for security analysis and detection of Fabric blockchain system intelligent contracts according to claim 1, wherein in step 23), the key operations comprise: branching or reading and writing the book; writing an account book operation; reading an account book operation; performing assignment operation; and (5) comparing operation.
7. The method for security analysis and detection of Fabric blockchain system intelligent contracts of claim 1, wherein the security risk types include: global variable/field declarations; a random number function; a time stamp function; reading a phantom; reading after writing; privacy disclosure; the stain source includes: a global variable; a return result of the random number function; return results of the timestamp function; returning results of the range query function; writing a return result of the book function; and returning a result of the privacy query function.
8. A method for security analysis and detection of a Fabric blockchain system intelligence contract as claimed in claim 1, wherein the detected security vulnerabilities include: failure of the transaction consensus; writing an account book error; reading an account book error; and (5) revealing private data.
9. The intelligent contract vulnerability detection system of the blockchain system realized by the security analysis detection method of the Fabric blockchain system intelligent contract of claim 1, wherein the system module comprises: the system comprises a preprocessing module, a stain propagation analysis module and a result analysis output module; wherein,
the preprocessing module is used for uniformly converting intelligent contracts compiled by Go language, Java language and JavaScript into an intermediate language IR;
the taint propagation analysis module is used for carrying out taint analysis on the intermediate language IR of the intelligent contract;
and the result analysis output module is used for outputting the detection result of the security vulnerability.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210029433.4A CN114282227B (en) | 2022-01-12 | 2022-01-12 | Safety analysis and detection method for intelligent contract of Fabric block chain system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210029433.4A CN114282227B (en) | 2022-01-12 | 2022-01-12 | Safety analysis and detection method for intelligent contract of Fabric block chain system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114282227A CN114282227A (en) | 2022-04-05 |
| CN114282227B true CN114282227B (en) | 2022-08-26 |
Family
ID=80880842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210029433.4A Active CN114282227B (en) | 2022-01-12 | 2022-01-12 | Safety analysis and detection method for intelligent contract of Fabric block chain system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114282227B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115391789A (en) * | 2022-09-14 | 2022-11-25 | 杭州安碣信息安全科技有限公司 | Intelligent analysis method and device for Rust intelligent contract |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110399730B (en) * | 2019-07-24 | 2021-05-04 | 上海交通大学 | Method, system and medium for checking intelligent contract vulnerability |
| CN110659494A (en) * | 2019-09-27 | 2020-01-07 | 重庆邮电大学 | Extensible intelligent contract vulnerability detection method |
| CN113254945A (en) * | 2021-06-08 | 2021-08-13 | 中国人民解放军国防科技大学 | Static detection method, system and medium for web vulnerability based on taint analysis |
-
2022
- 2022-01-12 CN CN202210029433.4A patent/CN114282227B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN114282227A (en) | 2022-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112100054B (en) | Data management and control oriented program static analysis method and system | |
| Feist et al. | Slither: a static analysis framework for smart contracts | |
| US7484205B2 (en) | Preprocessor-based source code instrumentation | |
| US8464207B2 (en) | System and method for tracking software changes | |
| US8352921B2 (en) | Static analysis defect detection in the presence of virtual function calls | |
| CN113497809B (en) | MIPS framework vulnerability mining method based on control flow and data flow analysis | |
| JP2023545140A (en) | Methods and systems for supporting smart contracts in blockchain networks | |
| CN105808369B (en) | A kind of memory leakage detecting method based on semiology analysis | |
| Brandstätter et al. | Characterizing efficiency optimizations in solidity smart contracts | |
| CN110554954B (en) | Test case selection method combining static dependency and dynamic execution rule | |
| CN114996126B (en) | Vulnerability detection method and system for EOSIO intelligent contracts | |
| CN110162474B (en) | Intelligent contract reentry vulnerability detection method based on abstract syntax tree | |
| Khoo et al. | Mixing type checking and symbolic execution | |
| US7441237B2 (en) | System and method for extending a compiler through a composer | |
| CN115408689A (en) | Method and system for detecting and repairing reentry vulnerability | |
| CN114282227B (en) | Safety analysis and detection method for intelligent contract of Fabric block chain system | |
| CN114047928B (en) | Intelligent contract formal verification method and system suitable for combined transaction | |
| Jeong et al. | Utopia: Automatic generation of fuzz driver using unit tests | |
| CN114153451A (en) | Method for analyzing memory security in C code by using data flow analysis algorithm | |
| Ko et al. | Weakly sensitive analysis for JavaScript object‐manipulating programs | |
| CN117555523A (en) | Control flow construction method and system based on auxiliary program execution feedback | |
| CN114924767A (en) | Kernel data type dynamic expansion hot patch method based on alignment holes | |
| CN115310095A (en) | Block chain intelligent contract mixed formal verification method and system | |
| Lim et al. | Automatically localizing dynamic code generation bugs in jit compiler back-end | |
| Jiang et al. | APP-Miner: Detecting API Misuses via Automatically Mining API Path Patterns |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |