Методы защиты децентрализованных автономных организаций от системных отказов и атак

В статье обсуждаются технология блокчейнов, децентрализованные автономные организации, смарт-контракты и их устойчивость к атакам и сбоям. Из-за того, что такая форма организаций является экспериментальной, их участники часто сталкиваются с проблемами атак на организацию, последствиями неправильно написанных правил и мошенничества. Задача создания децентрализованных автономных организаций, которые устойчивы к отказам и атакам, и исследование причин этих проблем стало актуальным для проектировщиков и разработчиков программного обеспечения. В статье исследуются алгоритмы атак и предлагаются методы обеспечения устойчивости децентрализованных автономных организаций для атак на основе анализа подпроцессов пограничных событий и журналов с использованием методов Process Mining. Методы, которые необходимо разработать, должны оперативно выявлять и предотвращать несоответствия между предполагаемым и фактическим поведением смарт-контрактов, которые приводят к таким ошибкам в функционировании, как пустые транзакции, увеличенное время обработки блоков и т. д.

блокчейн, децентрализованные автономные организации, анализ процессов, смарт-контракт, security

1. Williams J. The Seconomics (Security-Economics) Vulnerabilities of Decentralized Autonomous Organizations. Lecture Notes in Computer Science, vol. 10476, 2017, pp. 171-179.

2. Atzei N., Bartoletti M., Cimoli T. A survey of attacks on Ethereum smart contracts (SoK). In Proc. of the International Conference on Principles of Security and Trust, 2017, pp. 164-186.

3. Mehar M. et al. Understanding a Revolutionary and Flawed Grand Experiment in Blockchain: The DAO Attack. Available at SSRN: https://ssrn.com/abstract=3014782, accessed 29.05.2018.

4. DuPont Q. Experiments in algorithmic governance: A history and ethnography of “The DAO,” a failed decentralized autonomous organization. In Bitcoin and Beyond: Cryptocurrencies, Blockchains and Global Governance, Routledge, 2017, 212 p.

5. Nikolic I. et al. Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. arXiv preprint arXiv:1802.06038, 2018.

6. Grossman S. et al. Online detection of effectively callback free objects with applications to smart contracts. Proceedings of the ACM on Programming Languages, vol. 2, issue POPL, article 48, 2017, 20 p.

7. Gurfinkel A. et al. The SeaHorn verification framework. In Proc. of the International Conference on Computer Aided Verification, 2015, pp. 343-361.

8. Bhargavan K. et al. Formal verification of smart contracts. In Proc. of the ACM Workshop on Programming Languages and Analysis for Security, 2016, pp. 91-96.

9. Delmolino K. et al. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In Proc. of the International Conference on Financial Cryptography and Data Security, 2016, pp. 79-94.

10. Wüst K., Gervais A. Ethereum Eclipse Attacks. Report, ETH Zurich Research Collection, 2016, 7 p.

11. Chen T. et al. An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks. In Proc. of the International Conference on Information Security Practice and Experience, 2017, pp. 3-24.

12. Luu L. et al. Making smart contracts smarter. In Proc. of the ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 254-269.

13. Dhillon V., Metcalf D., Hooper M. The DAO Hacked. In Blockchain Enabled Applications, Apress. Berkeley, CA, 2017, pp. 67-78.

14. Mayer H. ECDSA security in bitcoin and ethereum: a research survey. CoinFabrik, 2016. Available at https://blog.coinfabrik.com/wp-content/uploads/2016/06/ECDSA-Security-in-Bitcoin-and-Ethereum-a-Research-Survey.pdf, accessed 29.05.2018.

15. Marcus Y., Heilman E., Goldberg S. Low-Resource Eclipse Attacks on Ethereum’s Peer-to-Peer Network. IACR Cryptology ePrint Archive, Available at https://eprint.iacr.org/2018/236.pdf, accessed 29.05.2018.

16. Dika A. Ethereum Smart Contracts: Security Vulnerabilities and Security Tools, Master’s thesis, NTNU, 2017.

17. Wöhrer M., Zdun U. Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity. In Proc. of the International Workshop on Blockchain Oriented Software Engineering (IWBOSE), 2018, 8 p.

18. Biryukov A., Khovratovich D., Tikhomirov S. Findel: Secure Derivative Contracts for Ethereum. In Proc. of the International Conference on Financial Cryptography and Data Security, 2017, pp. 453-467.

19. Ross S. A. The economic theory of agency: The principal's problem. The American Economic Review, vol. 63, №. 2, 1973, pp. 134-139.

20. Eisenhardt K. M. Agency theory: An assessment and review. Academy of management review, vol. 14, № 1, 1989, pp, 57-74.

21. Gale D., Hellwig M. Incentive-compatible debt contracts: The one-period problem. The Review of Economic Studies, vol. 52, №. 4, 1985, pp. 647-663.

22. Bolton P., Dewatripont M. Contract theory. MIT press, 2005, 744 p.

23. Edelman B., Ostrovsky M., Schwarz M. Internet advertising and the generalized second-price auction: Selling billions of dollars’ worth of keywords. American economic review, vol. 97, №. 1, 2007, pp. 242-259.

24. Roth A. E., Ockenfels A. Last-minute bidding and the rules for ending second-price auctions: Evidence from eBay and Amazon auctions on the Internet. American economic review, vol. 92, №. 4, 2002, pp. 1093-1103.

25. Greenstein S. How the internet became commercial: Innovation, privatization, and the birth of a new network. Princeton University Press, 2015, 488 p.

26. Moeen M., Agarwal R. Incubation of an industry: Heterogeneous knowledge bases and modes of value capture. Strategic Management Journal, vol. 38, №. 3, 2017, pp. 566-587.

27. Handy C. Trust and the virtual organization. Harvard business review, vol. 73, №. 3, 1995, pp. 40-51.

28. Markus M. L., Agres B. M. C. E. What makes a virtual organization work? MIT Sloan Management Review, vol. 42, №. 1. 2000, 16 p.

29. Szabo N. The idea of smart contracts. Nick Szabo’s Papers and Concise Tutorials. Available at http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_idea.html, accessed 29.05.2018.

30. Nakamoto S. Bitcoin: A peer-to-peer electronic cash system. 2008. Available at https://bitcoin.org/bitcoin.pdf, accessed 29.05.2018.

31. Haber S., Stornetta W. S. How to time-stamp a digital document. In Proc. of the Conference on the Theory and Application of Cryptography, 1990, pp. 437-455.

32. Massias H., Avila X. S., Quisquater J. J. Design of a secure timestamping service with minimal trust requirement. In Proc. of the 20th Symposium on Information Theory in the Benelux, 1999, pp. 79-86.

33. Merkle R. C. Protocols for public key cryptosystems. In Proc. of the IEEE Symposium on Security and Privacy, 1980, pp. 122-122.

34. Katz J. et al. Handbook of applied cryptography. CRC press, 1996, 810 p.

35. Özsu M. T., Valduriez P. Principles of distributed database systems. Springer Science & Business Media, 2011, 846 p.

36. Bernstein P. A., Hadzilacos V., Goodman N. Concurrency control and recovery in database systems. 1987. Available at https://www.microsoft.com/en-us/research/wp-content/uploads/2016/05/ccontrol.zip, accessed 29.05.2018.