一种基于时间自动机的安全智能合约生成方法

doi:10.19678/j.issn.1000-3428.0066982

摘要/Abstract

摘要：

区块链是一种去中心化的计算范式，在诸多领域具有良好的应用前景。智能合约是区块链应用的关键，然而，智能合约的安全问题时有发生，有些甚至造成重大的经济损失。为了避免智能合约在设计开发阶段出现由逻辑不严谨或错误逻辑所造成的安全漏洞，提出一种基于时间自动机模型的安全智能合约生成方法。相较于直接编写合约代码，该方法通过将证明为正确的模型转换为可执行的智能合约代码，有效解决在智能合约开发设计阶段所存在的安全性问题。利用UPPAAL工具将人类可理解的文本合约建模为时间自动机并通过模型验证来确保模型的安全性和可靠性。通过对智能合约的正式定义建立时间自动机与智能合约的映射规则，根据相应的映射规则，时间自动机被转换为模块化的Solidity智能合约代码。设计一个具体的商品预售活动案例进行分析，结果表明，通过所提方法生成的商品预售合约的Solidity代码可成功编译并部署在以太坊测试网络中。

关键词: 区块链, 智能合约, 时间自动机, UPPAAL工具, 模型验证, 映射规则

Abstract:

Blockchain is a decentralized computing paradigm with promising application prospects in many fields. Smart contracts are the key to blockchain applications; however, security issues with smart contracts often occur, occasionally leading to significant economic losses. In this study, a secure smart contract generation method based on timed automata model is proposed to prevent security vulnerabilities caused by imprecise or erroneous logic at the design and development stage of smart contracts. Compared to directly writing a contract code, this method effectively resolves the security issues that occur during the development and design phase of smart contracts by converting the proven correct model into executable smart contract code. The UPPAAL tool is used to model human-understandable text contracts as timed automata, thereby ensuring the security and reliability of the model through model validation.By formally defining smart contracts, mapping rules between timed automata and smart contracts are established; based on the corresponding mapping rules, timed automata are converted into modular Solidity smart contract codes. A specific case of the product pre-sale activity is designed and analyzed, and the results show that the Solidity code of the product pre-sale contract generated by the proposed method can be successfully compiled and deployed in the Ethereum testing network.

Key words: blockchain, smart contract, Timed Automata(TA), UPPAAL tool, model verification, mapping rule

刘阳, 张圣杰. 一种基于时间自动机的安全智能合约生成方法[J]. 计算机工程, 2023, 49(9): 137-143, 157.

Yang LIU, Shengjie ZHANG. A Secure Smart Contract Generation Method Based on Timed Automata[J]. Computer Engineering, 2023, 49(9): 137-143, 157.

http://www.ecice06.com/CN/Y2023/V49/I9/137

图/表 7

图1 安全智能合约生成的工作流框架

Fig.1 Workflow framework for secure smart contract generation

图2 基于UPPAAL的时间自动机建模流程

Fig.2 UPPAAL-based timed automata modeling process

图3 时间自动机网络

Fig.3 Timed automata network

图4 模型参数的全局声明

Fig.4 Global declaration of model parameters

图5 预售合约的时间自动机模型

Fig.5 Timed automata model for pre-sale contract

图6 验证结果

Fig.6 Verification results

参考文献 27

1	SZABO N. Smart contracts: building blocks for digital markets[EB/OL]. [2023-01-05]. http://www.truevaluemetrics.org/DBpdfs/BlockChain/Nick-Szabo-Smart-Contracts-Building-Blocks-for-Digital-Markets-1996-14591.pdf.
2	BUTERIN V. A next-generation smart contract and decentralized application platform[EB/OL]. [2023-01-05]. https://people.cs.georgetown.edu/~clay/classes/fall2017/835/papers/Etherium.pdf.
3	MEHAR M I , SHIER C L , GIAMBATTISTA A , et al. Understanding a revolutionary and flawed grand experiment in blockchain. Journal of Cases on Information Technology, 2019, 21 (1): 19- 32. doi: 10.4018/JCIT.2019010102
4	AGGARWAL S, KUMAR N. Attacks on blockchain[EB/OL]. [2023-01-05]. https://www.sciencedirect.com/science/article/abs/pii/S0065245820300759?via%3Dihub.
5	胡甜媛, 李泽成, 李必信, 等. 智能合约的合约安全和隐私安全研究综述. 计算机学报, 2021, 44 (12): 2485- 2514. URL
	HU T Y , LI Z C , LI B X , et al. Contractual security and privacy security of smart contract: a system mapping study. Chinese Journal of Computers, 2021, 44 (12): 2485- 2514. URL
6	TOLMACH P , LI Y , LIN S W , et al. A survey of smart contract formal specification and verification. ACM Computing Surveys, 2021, 54 (7): 1- 38.
7	AZZOPARDI S, ELLUL J, PACE G J. Monitoring smart contracts: ContractLarva and open challenges beyond[EB/OL]. [2023-01-05]. https://link.springer.com/chapter/10.1007/978-3-030-03769-7_8.
8	ABRAHAM M, JEVITHA K P. Runtime verification and vulnerability testing of smart contracts[EB/OL]. [2023-01-05]. https://link.springer.com/chapter/10.1007/978-981-13-9942-8_32.
9	MOSSBERG M, MANZANO F, HENNENFENT E, et al. Manticore: a user-friendly symbolic execution framework for binaries and smart contracts[C]//Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering. Washington D.C., USA: IEEE Press, 2020: 1186-1189.
10	王小兵, 杨潇钰, 舒新峰, 等. 面向MSVL的智能合约形式化验证. 软件学报, 2021, 32 (6): 1849- 1866. URL
	WANG X B , YANG X Y , SHU X F , et al. Formal verification of smart contract based on MSVL. Journal of Software, 2021, 32 (6): 1849- 1866. URL
11	TSANKOV P, DAN A, DRACHSLER-COHEN D, et al. Securify: practical security analysis of smart contracts[C]//Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2018: 67-82.
12	AMANI S, BÉGEL M, BORTIN M, et al. Towards verifying Ethereum smart contract bytecode in Isabelle/HOL[C]//Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. New York, USA: ACM Press, 2018: 66-77.
13	ABDELLATIF T, BROUSMICHE K L. Formal verification of smart contracts based on users and blockchain behaviors models[C]//Proceedings of the 9th IFIP International Conference on New Technologies, Mobility and Security. Washington D.C., USA: IEEE Press, 2018: 1-5.
14	GARFATTA I, KLAI K, GRAÏET M, et al. Blockchain-based business processes: a solidity-to-CPN formal verification approach[EB/OL]. [2023-01-05]. https://link.springer.com/chapter/10.1007/978-3-030-76352-7_7.
15	GARCÍA-BAÑUELOS L, PONOMAREV A, DUMAS M, et al. Optimized execution of business processes on blockchain[EB/OL]. [2023-01-05]. https://arxiv.org/abs/1612.03152.
16	NAKAMURA H, MIYAMOTO K, KUDO M. Inter-organizational business processes managed by blockchain[EB/OL]. [2023-01-05]. https://link.springer.com/chapter/10.1007/978-3-030-02922-7_1.
17	LIU C G , BODORIK P , JUTLA D . Automating smart contract generation on blockchains using multi-modal modeling. Journal of Advances in Information Technology, 2022, 13 (3): 213- 223.
18	TATEISHI T , YOSHIHAMA S , SATO N , et al. Automatic smart contract generation using controlled natural language and template. IBM Journal of Research and Development, 2019, 63 (2/3): 1- 6.
19	朱岩, 秦博涵, 陈娥, 等. 一种高级智能合约转化方法及竞买合约设计与实现. 计算机学报, 2021, 44 (3): 652- 668. URL
	ZHU Y , QIN B H , CHEN E , et al. An advanced smart contract conversion and its design and implementation for auction contract. Chinese Journal of Computers, 2021, 44 (3): 652- 668. URL
20	CHOUDHURY O, RUDOLPH N, SYLLA I, et al. Auto-generation of smart contracts from domain-specific ontologies and semantic rules[C]//Proceedings of IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data. Washington D.C., USA: IEEE Press, 2019: 963-970.
21	QASSE I, MISHRA S, HAMDAQA M. iContractBot: a chatbot for smart contracts' specification and code generation[C]//Proceedings of IEEE/ACM International Workshop on Bots in Software Engineering. Washington D.C., USA: IEEE Press, 2021: 35-38.
22	MAVRIDOU A, LASZKA A, STACHTIARI E, et al. VeriSolid: correct-by-design smart contracts for Ethereum[EB/OL]. [2023-01-05]. https://arxiv.org/abs/1901.01292.
23	MAVRIDOU A, LASZKA A. Designing secure Ethereum smart contracts: a finite state machine based approach[EB/OL]. [2023-01-05]. https://link.springer.com/chapter/10.1007/978-3-662-58387-6_28.
24	ZUPAN N, KASINATHAN P, CUELLAR J, et al. Secure smart contract generation based on Petri Nets[EB/OL]. [2023-01-05]. https://link.springer.com/chapter/10.1007/978-981-15-1137-0_4.
25	ALUR R. Timed automata[EB/OL]. [2023-01-05]. https://link.springer.com/content/pdf/10.1007/3-540-48683-6_3.pdf.
26	赵颖琪, 朱雪阳, 李广元, 等. 智能合约的时间约束模式及其形式化验证. 软件学报, 2022, 33 (8): 2875- 2895. URL
	ZHAO Y Q , ZHU X Y , LI G Y , et al. Time constraint patterns of smart contracts and their formal verification. Journal of Software, 2022, 33 (8): 2875- 2895. URL
27	PARK W S, LEE H, CHOI J Y. Formal modeling of smart contract-based trading system[C]//Proceedings of the 23rd International Conference on Advanced Communication Technology. Washington D.C., USA: IEEE Press, 2021: 48-52.

[1]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链数据形成与隐私威胁[J]. 计算机工程, 2023, 49(8): 1-12.
[2]	陈福安, 柳毅. 基于区块链的V2G无证书环签密隐私保护方案[J]. 计算机工程, 2023, 49(6): 34-41,52.
[3]	潘雪, 袁凌云, 黄敏敏. 基于区块链和域信任度的物联网跨域信任评估模型[J]. 计算机工程, 2023, 49(5): 181-190.
[4]	高健博, 张家硕, 李青山, 陈钟. RegLang监管合约规则冲突检测方法[J]. 计算机工程, 2023, 49(5): 12-21,28.
[5]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链隐私保护机制研究[J]. 计算机工程, 2023, 49(4): 1-13.
[6]	黄金荣, 刘百祥, 张亮, 张展鹏. 基于智能合约和非同质化代币的去中心化匿名身份认证模型[J]. 计算机工程, 2023, 49(4): 14-22.
[7]	白首圳, 陈美娟. 面向工业互联网的区块链分层分片研究[J]. 计算机工程, 2023, 49(3): 58-66,79.
[8]	杨俊明, 尹超, 杨铮. 基于激励驱动的轻量级隐私保护位置证明协议[J]. 计算机工程, 2023, 49(3): 151-160.
[9]	田秀霞, 杨明夷. 家庭物联网中基于智能合约的访问控制机制[J]. 计算机工程, 2023, 49(3): 18-28.
[10]	刘泽坤, 王峰, 贾海蓉. 结合动态信用机制的PBFT算法优化方案[J]. 计算机工程, 2023, 49(2): 191-198.
[11]	苏瑞国, 阳建, 秦继伟, 武晓雄, 贾振红. 基于物联网区块链的轻量级共识算法研究[J]. 计算机工程, 2023, 49(2): 175-180.
[12]	孙林昆, 蒋文保, 郭阳楠, 李春强. 基于密码累加器的无状态区块链性能优化[J]. 计算机工程, 2023, 49(2): 46-53.
[13]	冉玲琴, 彭长根, 许德权, 吴宁博. 基于区块链技术架构的隐私泄露风险评估方法[J]. 计算机工程, 2023, 49(1): 146-153.
[14]	李尤慧子, 俞海涛, 殷昱煜, 高洪皓. 基于超级账本的集群联邦优化模型[J]. 计算机工程, 2023, 49(1): 22-30.
[15]	陈凯, 徐成, 刘宏哲, 代松银. 基于区块链的危险驾驶地图数据评估模型[J]. 计算机工程, 2022, 48(8): 160-165,172.

选择文件类型/文献管理软件名称

选择包含的内容