The research on blockchain security standards, including the system-level blockchain security system, is to promote blockchain security standardization from the aspects of data security, consensus security, privacy protection, smart contract security, and content security. Management and use, etc. provide guidance.
From 2019 when the government defined blockchain as an important breakthrough for independent innovation of core technologies, to 2020 when the National Development and Reform Commission incorporated blockchain into the category of new infrastructure, and then to the “14th Five-Year Plan” when blockchain was classified as a key industry in the digital economy, A series of policies have provided positive guiding signals for the development of the blockchain market, and are a booster for blockchain technology from project pilots to commercial promotion.
However, blockchain technology is a double-edged sword, and there are many hidden risks. For example, the security problems of the blockchain system itself are becoming more and more prominent, and security incidents such as data leakage, capital loss, and system operation failures emerge in endlessly. Criminals use the anonymous and borderless features of the blockchain to carry out illegal activities such as money laundering, criminal fund transfer, and bypassing foreign exchange controls, which will have a bad impact on the economy and society and bring huge challenges to supervision. Security is the cornerstone of the entire blockchain industry and is a rigid need of the blockchain industry. We are honored to invite Yang Xia, the founder and CEO of Chengdu Lianan Technology Co., Ltd. (hereinafter referred to as "Chengdu Lianan"), to share with us the corporate story of Chengdu Lianan's protection of blockchain ecological security.
Yang Xia, Founder & CEO of Chengdu Lianan Technology Co., Ltd.
Information Observation Network: We know that Chengdu Lianan has made great achievements in the blockchain security industry. Could you please briefly introduce Chengdu Lianan?
Yang Xia: Well, Chengdu Lianan is a world-leading blockchain security company dedicated to the construction of a blockchain security ecosystem. It is also the first company to apply formal verification technology to blockchain security. It is headquartered in Chengdu, Sichuan. The company was co-founded by professors from the University of Electronic Science and Technology of China. The team members are all professors, post-doctors, doctors and elites from well-known universities at home and abroad who have been engaged in the information security industry for many years. There are nearly 200 team members, and technical personnel account for more than 85%. Branches and offices have been established in Beijing, Shenzhen, Hangzhou, Hainan and other places.
At present, we have cooperated with law enforcement and regulatory agencies such as the Public Security Bureau, the Ministry of Industry and Information Technology, the China Academy of Communications, and the Cyberspace Administration of China, as well as domestic and foreign leading blockchains including AntChain, Tencent Blockchain, WeBank, Wanxiang Blockchain, and Bubi. The company has established in-depth cooperation; provided security audit and defense deployment services for more than 2,000 smart contracts, more than 100 blockchain platforms and landing application systems around the world; The whole chain of combating technical support services has successfully assisted in cracking cases involving tens of billions of dollars.
Information Observation Network: In your opinion, what are the main security risks of the blockchain?
Yang Xia: This risk mainly includes two aspects. One is the danger of the system itself, such as code security risks, security risks in the operation process, and so on. In the field of blockchain, it can also be subject to traditional DDoS attacks, phishing, domain name attacks, etc., while chain platform security includes consensus security, account security, signature security, P2P security, etc. As an executable script based on the blockchain system, smart contracts are more vulnerable to attacks.
The other is financial security risks. Criminals use the anonymity and borderless features of the blockchain to carry out illegal activities such as money laundering, fund transfer, and bypassing foreign exchange controls, which will have a serious impact on the economy and society, and bring huge challenges to supervision.
Information Observation Network: Generally speaking, what are the main aspects of blockchain security research?
Yang Xia: The industry's research on blockchain security focuses on three aspects, one is blockchain security standards research, the second is blockchain lifecycle security research, and the third is blockchain supervision.
The research on blockchain security standards, including the system-level blockchain security system, is to promote blockchain security standardization from the aspects of data security, consensus security, privacy protection, smart contract security, and content security. Management and use, etc. provide guidance.
The entire life cycle of the blockchain is mainly divided into two stages: R&D and operation. The design and development stage includes the provision of security assistance tools, vulnerability detection and vulnerability assessment. Scan the blockchain platform, smart contracts, etc. for vulnerabilities, discover and repair vulnerabilities in time, and ensure the delivery of a secure blockchain system. During the system operation stage, in accordance with the concept of defense in depth, abnormal behaviors are detected in time by relying on the abnormal detection mechanism. Typical detection mechanisms include operational monitoring, security situation awareness, and online contract security scanning.
In terms of blockchain supervision, we mainly study the use of blockchain technology to combat new types of cyber-related crimes, so as to assist the regulatory authorities to jointly purify the network environment and the social environment.
Information Observation Network: As the first batch of companies in the world and the top companies specializing in blockchain security in China, how does Chengdu Lianan operate in terms of chain security?
Yang Xia: Chengdu Lianan has been committed to the blockchain security track since its establishment. The self-developed "Lianbian" one-stop blockchain security service platform covers "six major security products", "six major security Services", which can provide comprehensive security services such as security audit, security protection, security testing, security supervision, security warning, security consulting, etc. -Supervision" full life cycle security solutions.
Security products include: virtual currency case intelligent research and judgment platform, smart contract formal verification platform, blockchain detection platform, blockchain security situation awareness platform, blockchain security public opinion platform, and smart contract security development IDE.
Security services include: smart contract security audit services, chain platform security testing services, virtual asset tracking and traceability and investigation and evidence collection services, security public opinion services, security consulting services, and security emergency response services.
Information Observation Network: As we all know, security issues have become an important factor restricting the development of blockchain technology, and the security threats of alliance chains cannot be ignored. What are the security detection methods for smart contracts on alliance chains?
Yang Xia: It is very important to ensure the security and logical correctness of the contract during the development stage and before going online, so it is necessary to adopt corresponding security checks to meet the security requirements.
For the code security of smart contracts, automated/semi-automated security detection can be used to scan the contract code to find security flaws in the code. The current common detection methods can be divided into static scanning, dynamic scanning and formal verification.
Formal verification technology is another verification method for the correctness of smart contracts in addition to static and dynamic scanning. As a mathematical method, formal verification can effectively determine whether a program's code is correct. "Correct" here means that the program works as expected. It is worth mentioning that "formal verification technology" is also one of the core technologies of Chengdu Lianan.
Information Observation Network: "Formal verification technology" is the core technology of Chengdu Lianan, can you briefly introduce it? In addition to formal verification technology, what core technologies does Chengdu Lianan have?
Yang Xia: Formal verification is one of the most stringent methods for code security, and its effects have been verified in aerospace, military and other fields. In the current blockchain and smart contract security business, formal verification is showing great potential. This kind of verification method based on "mathematical reasoning" can accurately prove whether there are security vulnerabilities in the code on the one hand, and can effectively solve the problems that traditional technologies such as testing rely heavily on human experience and cannot be exhaustive.
We are the first blockchain security company in the world to apply this technology to smart contract security audits. At the same time, the Chengdu Lianan team uses multiple technologies such as formal verification and fuzz testing as core technologies to develop a highly automated security system for smart contracts. Detection tools: Smart contract formal verification platform, the automatic detection accuracy of its tools is as high as 97%, which can automatically detect hundreds of security issues in smart contracts with "one-click", and automatically discover known and unknown vulnerabilities and vulnerabilities in smart contracts. Business logic problems, and give professional repair suggestions. While accurately locating the location of the risky code, suggestions for modification are given to help developers improve the security capabilities of smart contracts.
At the same time, we rely on network security, artificial intelligence, blockchain big data and other technologies to create a full-chain and integrated solution of "independent innovation, independent control" to serve the entire blockchain ecosystem. We are not only a contributor to the global blockchain security ecology, but also a leader in the global blockchain ecology.
Information Technology Observation Network: We mentioned above that the security threats of the alliance chain cannot be ignored. What security problems does the alliance chain face?
Yang Xia: Alliance chain security issues exist all the time, and the security challenges we face are very severe. At present, the development of the alliance chain is still in the early stage. The ecological security system of the alliance chain is not strong enough, and a large number of risks are still unknown. If the attacker is targeted, the result will be very serious.
The security of the alliance chain is the top priority of the development of the industry, which has attracted great attention from the industry. In September 2021, the First Research Institute of the Ministry of Public Security, the Institute of Information Engineering of the Chinese Academy of Sciences and other units jointly issued the team standard "Consortium Blockchain Security Technical Requirements", which mainly elaborates the security architecture of the Alliance Blockchain, mainly It also proposes alliance blockchain system security, alliance blockchain security system construction, alliance blockchain supervision and audit security, and alliance blockchain operating environment security assessment rules. Among them, the alliance blockchain supervision and audit security mainly includes: self-audit, third-party audit and third-party supervision.
Therefore, in this context, the security audit work before the alliance chain goes online is particularly important. It is necessary to kill all unknown security risks in the cradle, and avoid unacceptable results due to the convenience of the picture.
Information Observation Network: In the industry field, what honors and awards has Chengdu Lianan won so far? What are the visions for the future?
Yang Xia: The company has received multiple rounds of investment from well-known institutions such as Qianhai Fund of Funds, Lenovo Venture Capital, Fosun High-Tech, Cheng Venture Capital, and Ren Zixing. It is the unit of the "Network Security Technology Application Pilot Demonstration Project" of the Ministry of Industry and Information Technology, the technical support unit of the CNVD National Blockchain Security Vulnerability Platform, the main technical cooperation unit of the China Academy of Information and Communications Technology's blockchain security detection, and the "National Blockchain Innovation Application of the Central Network Information Office". Participating units of the pilot project, the main technical cooperation unit of the "Blockchain Security Technology Testing Center" of the National Internet Emergency Center, the supporting unit of the Sichuan Provincial Blockchain Security Engineering Technology Research Center, Sichuan Provincial Blockchain Infrastructure - Shuxin Chain Security Testing And access test support unit. And as the governing unit and deputy leader of the security group of the Trusted Blockchain Alliance of the China Academy of Information and Communications Technology, a member of the National Information Security Standardization Technical Committee, an executive director of the Blockchain Application Branch of the China Federation of Logistics and Purchasing, and a member of the Beijing Financial Technology Industry Alliance Members of multiple blockchain-related industry associations, such as the governing unit of the Sichuan Provincial Blockchain Association, and the vice-chairman unit of the Sichuan Internet Industry Federation. Participated in the writing of a number of national blockchain security technology standards and white papers, undertaken a number of national, provincial and ministerial projects, and has applied for more than 30 software invention patents and software copyrights relying on technological advantages.
Based on the company's strength and industry recognition, the company won the key cultivation enterprises of Chengdu's new economy "Double Hundred Project", the TOP100 list of national hard technology enterprise stars, the excellent case of China's industrial blockchain (2021), and the 2020 China Blockchain Top 100 enterprises, the first prize of the 2020 Golden Panda Global Blockchain Innovation and Entrepreneurship Competition, the 2020 Excellent Blockchain Enterprise in Sichuan Province, the 2020 China Blockchain Technology Innovation Typical Enterprise, the 2020 First People's Network Content Technology Innovation and Entrepreneurship Competition National Finals "Entrepreneurship Popularity Award", China's blockchain security leader and many other honors.
However, there is a long way to go, and I will search up and down. We will continue to work hard, with the mission of "making the blockchain ecosystem more secure" and the vision of "becoming the world's number one blockchain security company", and continue to work hard. Create a blockchain security supervision technology and security system to escort the safe development of the blockchain ecology.