| 物联网应用中访问控制智能合约的形式化验证 |
| |
| 引用本文: | 包玉龙,朱雪阳,张文辉,孙鹏飞,赵颖琪.物联网应用中访问控制智能合约的形式化验证[J].计算机应用,2021,41(4):930-938. |
| |
| 作者姓名: | 包玉龙 朱雪阳 张文辉 孙鹏飞 赵颖琪 |
| |
| 作者单位: | 1. 计算机科学国家重点实验室(中国科学院软件研究所), 北京 100190;2. 中国科学院大学, 北京 100049 |
| |
| 基金项目: | 国家自然科学基金资助项目 |
| |
| 摘 要: | 蓝牙、WiFi等网络技术的进步推动物联网(IoT)的发展,然而IoT在方便了人们生活的同时也存在严重的安全隐患。若无安全的访问控制,非法接入IoT的访问可能给用户带来各方面的损失。传统的访问控制方法需要一个可信任的中心节点,不适合节点分散的IoT环境。区块链及智能合约的出现为IoT应用的访问控制提供了更有效的解决方案,但用一般测试方法难以保证实现IoT应用的访问控制智能合约的正确性。针对这个问题,提出一种利用模型检测工具Verds对访问控制智能合约进行形式化验证从而保障合约正确性的方法。该方法利用状态迁移系统定义Solidity智能合约的语义,应用计算树逻辑(CTL)公式描述所要验证的性质,并对智能合约交互及用户行为进行建模,从而形成Verds的输入模型及所要验证性质,然后利用Verds验证待测性质的正确性。方法核心是Solidity合约子集到Verds输入模型的转换。对两个IoT资源访问控制智能合约的实验结果表明,该方法可以对访问控制合约的典型场景及期望性质进行验证,提升了智能合约的可靠性。
|
| 关 键 词: | 物联网 访问控制 智能合约 形式化验证 模型检测 |
| 收稿时间: | 2020-11-09 |
| 修稿时间: | 2020-12-15 |
Formal verification of smart contract for access control in IoT applications |
| |
| BAO Yulong,ZHU Xueyang,ZHANG Wenhui,SUN Pengfei,ZHAO Yingqi.Formal verification of smart contract for access control in IoT applications[J].journal of Computer Applications,2021,41(4):930-938. |
| |
| Authors: | BAO Yulong ZHU Xueyang ZHANG Wenhui SUN Pengfei ZHAO Yingqi |
| |
| Affiliation: | 1. State Key Laboratory of Computer Science (Institute of Software, Chinese Academy of Sciences), Beijing 100190, China;2. University of Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | The advancement of network technologies such as bluetooth and WiFi has promoted the development of the Internet of Things(IoT). IoT facilitates people's lives, but there are also serious security issues in it. Without secure access control, illegal access of IoT may bring losses to users in many aspects. Traditional access control methods usually rely on a trusted central node, which is not suitable for an IoT environment with nodes distributed. The blockchain technology and smart contracts provide a more effective solution for access control in IoT applications. However, it is difficult to ensure the correctness of smart contracts used for access control in IoT applications by using general test methods. To solve this problem, a method was proposed to formally verify the correctness of smart contracts for access control by using model checking tool Verds. In the method, the state transition system was used to define the semantics of the Solidity smart contract, the Computation Tree Logic(CTL) formula was used to describe the properties to be verified, and the smart contract interaction and user behavior were modelled to form the input model of Verds and the properties to be verified. And then Verds was used to verify whether the properties to be verified are correct. The core of this method is the translation from a subset of Solidity to the input model of Verds. Experimental results on two smart contracts for access control of IoT source show that the proposed method can be used to verify some typical scenarios and expected properties of access control contracts, thereby improving the reliability of smart contracts. |
| |
| Keywords: | Internet of Things (IoT) access control smart contract formal verification model checking |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
