Research On Security Testing Method Of Blockchain System Based On Vulnerability Model

After 12 years of rapid development since the publication of Satoshi Nakamoto’s Bitcoin white paper in 2008,blockchain technology has slowly become one of the most high-frequency solutions to solve the problems of data storage security,transmission security,and property security of peer-to-peer transactions.As blockchain technology is widely used in various industries,its software architecture has become more complex,and with it comes a series of security issues,such as witch attacks,double flower attacks,and selfish mining,which have brought huge losses to the industry and users,so how to solve blockchain system security issues has become a direction worth studying.Model testing is a powerful tool to guarantee the reliability of software,and plays an important role in the fields of aviation software,medical devices,autonomous driving and other fields with high demand for software security.In this thesis,we adopt the model testing method to test the security of blockchain system.In this thesis,firstly,for the characteristics of distributed arrangement and high cohesion between modules of blockchain system,on the basis of traditional distributed system vulnerability model,we further construct vulnerability model considering network protocol,smart contract,data structure,consensus mechanism and other modules in blockchain platform,and then conduct model testing based on vulnerability model,and generate vulnerability attack graph of blockchain platform according to the output result,and draw on The thesis also draws on software reliability-related methods to achieve a scientific numerical assessment of the security of blockchain systems.Meanwhile,based on the main research results of this thesis,a blockchain platform security testing and evaluation system is designed and implemented.The main work of this thesis is as follows.1.A vulnerability model for blockchain systems based on a formal approach is proposed.The construction algorithm of the vulnerability model is given based on Unified Modeling Language(UML),a traditional formal tool for software engineering,and the feasibility of the model is verified by example analysis,providing theoretical guidance for blockchain system security testing research and a basis for the implementation of a security testing framework for blockchain systems based on the vulnerability model.2.A testing framework based on the vulnerability model of blockchain system is proposed,which is both based on the method of model detection for security testing of blockchain system and generates the vulnerability attack graph of blockchain system through the testing results,and draws on the relevant methods of software reliability theory to quantitatively analyze the system security based on the constructed vulnerability attack graph,which realizes the scientific and accurate assessment of the security of blockchain system.3.Designed and implemented the Blockchain Platform Security Test and Evaluation System.After repeated tests,the test results of this system for experimental objects are consistent with our experimental data,and this system has good interactive pages and easy operability,which greatly simplifies the operation difficulty of formal verification and reduces the learning cost.