(3.236.6.6) 您好!臺灣時間:2021/04/22 18:13
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:李尚韋
研究生(外文):Shang-Wei Li
論文名稱:智慧合約安全檢測工具之評比框架
論文名稱(外文):A Comparative Framework for Smart Contract Security Inspection Tools
指導教授:吳宗成吳宗成引用關係查士朝查士朝引用關係
指導教授(外文):Tzong-Chen WuShi-Cho Cha
口試委員:吳宗成查士朝羅乃維
口試委員(外文):Tzong-Chen WuShi-Cho ChaNai-Wei Lo
口試日期:2019-07-18
學位類別:碩士
校院名稱:國立臺灣科技大學
系所名稱:資訊管理系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2019
畢業學年度:107
語文別:中文
論文頁數:61
中文關鍵詞:區塊鏈智慧合約漏洞評鑑系統層級分析法
外文關鍵詞:BlockchainSmart ContractCommon Vulnerability Scoring SystemAnalytic Hierarchy Process
相關次數:
  • 被引用被引用:0
  • 點閱點閱:105
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
智慧合約為區塊鏈技術的特點之一,佈署至區塊鏈的合約將自動執行,然而,一旦佈署完成的智慧合約因安全漏洞而受到攻擊,區塊鏈仍會繼續執行智慧合約,很難從區塊鏈中撤回,因此,智慧合約佈署至區塊鏈前的程式碼檢測顯得更為重要,許多組織和研究人員提出智慧合約檢測工具,因此,我們需要一個基準來評量智慧合約檢測工具的有效性。本文提出一個智慧合約檢測工具的比較框架,這框架是基於漏洞評鑑系統(CVSS)來評估智慧合約漏洞的風險指標,此外,本研究採用層級分析法(AHP)邀集領域專家評比權重,依照專家經驗決定漏洞指標嚴重性,透過風險指標與權重來計算各智慧合約漏洞風險值。本研究進一步的蒐集了數個不同類別的智慧合約樣本,並將各智慧合約樣本放進智慧合約檢測工具實測,因此,我們可以透過智慧合約檢測工具是否可以檢測出智慧合約漏洞來評比工具的檢測成果。
Smart contracts have been one of major features of the blockchain technologies. Once people deploy their smart contracts on a blockchain, the blockchain can enforce the faithful execution of the smart contracts. However, even the smart contracts are vulnerable and under attacks, the blockchain still faithfully execute the attacks on the smart contracts. Moreover, it is very hard to withdraw a vulnerable smart contract from a blockchain once it is deployed. Therefore, finding vulnerabilities in smart contracts before they are deployed has been brought to the spotlight recently. In this case, several organizations and researchers have proposed their smart contract inspection tools. Therefore, people need benchmarks to evaluate the effectiveness of the inspection tools. In light of this, this thesis proposes a comparative framework for smart contract security inspection tools. The framework defines the metrics to evaluate risks of smart contract vulnerabilities based on the Common Vulnerability Scoring System (CVSS). In addition, this thesis uses the Analytic Hierarchy Process (AHP) method to determine weights of the metrics from the opinions of experts. Consequently, this thesis can calculate a vulnerable smart contract with the metrics and weights of the metrics. This thesis further collects several smart contracts in different categories and feed the contracts to the inspection tools. For the very sake of that, we can compare inspection tools by whether the tools can identify risky vulnerabilities.
摘要 I
Abstract II
章節目錄 III
圖目錄 V
表目錄 VII
第一章 緒論 1
1.1 研究背景與動機 1
1.2 研究目的與貢獻 2
1.3 問題情境 3
1.4 論文架構 4
1.5 研究框架 4
第二章 文獻探討 6
2.1 智慧合約 6
2.2 漏洞評鑑系統(CVSS) 7
2.3 層級分析法(AHP) 7
2.4 智慧合約常見漏洞 11
2.4.1 函數可重入 11
2.4.2 算術問題 13
2.4.3 阻斷式服務 15
2.4.4 可預測的隨機數 16
2.4.5 時間操控 17
2.4.6 存取控制 18
2.5 智慧合約檢測工具介紹 20
第三章 基於風險之比較框架 24
3.1 智慧合約漏洞基準 24
3.2 層級分析法(AHP)之問卷及實作 30
3.3 常見智慧合約漏洞評比 42
3.4 智慧合約檢測平台實測 49
第四章 結論與未來發展 50
參考文獻 51

[1] Atzori, M. (2015). Blockchain technology and decentralized governance: Is the state still necessary?. Available at SSRN 2709713.
[2] Gatteschi, V., Lamberti, F., Demartini, C., Pranteda, C., & Santamaría, V. (2018). To blockchain or not to blockchain: That is the question. IT Professional, 20(2), 62-74.
[3] Madeira, A. (2019, March 12). The Dao, the Hack, the Soft Fork and the Hard Fork. Retrieved July 5, 2019, from https://www.cryptocompare.com/coins/guides/the-dao-the-hack-the-soft-fork-and-the-hard-fork/
[4] Mell, P., Kent, K. A., & Romanosky, S. (2007). The common vulnerability scoring system (CVSS) and its applicability to federal agency systems. US Department of Commerce, National Institute of Standards and Technology.
[5] United States Computer Emergency Readiness Team (US-CERT). (2006). US-CERT Vulnerability Note Field Descriptions. Retrieved July 2, 2019, from http://www.kb.cert.org/vuls/html/fieldhelp
[6] Saaty, R. W. (1987). The analytic hierarchy process—what it is and how it is used. Mathematical modelling, 9(3-5), 161-176.
[7] NCC Group. (2019). Decentralized Application Security Project. Retrieved June 10, 2019, from http://dasp.co
[8] Mohanta, B. K., Panda, S. S., & Jena, D. (2018, July). An overview of smart contract and use cases in blockchain technology. In 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-4). IEEE.
[9] Ambisafe. (2018). Smart Contracts: 10 Use Cases for Business. In Smart Contracts: 10 Use Cases for Business. Retrieved July 15, 2019, from https://ambisafe.com/blog/smart-contracts-10-use-cases-business/
[10] E. Foundation. (2018, May 21) Ethereum’s white paper. Retrieved June 15, 2019, from https://github.com/ethereum/wiki/wiki/White-Paper
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔