▼This article is reproduced from " Chengdu Commercial Daily - Red Star News" ; some deletions
▲Chengdu Lianan
At the beginning of 2018, Coincheck in Japan was attacked by hackers. The case was called "the largest virtual currency theft in history" at the time , and the loss was said to exceed 62 billion yen (about 3 billion yuan)!
Recently, the "swipe screen" blockchain has become a hot technology, but this well-known technology is not as safe as imagined, and even when there are loopholes in the system, you can only watch it being attacked. The Chengdu company developed the world's first "one-click" smart contract automatic formal verification tool, which can check code loopholes with one click, and its detection accuracy rate exceeds 97%.
▲Yang Xia
The world's first "one-click" automatic formal verification tool was born in Chengdu
In September of this year, the data released by Chain Finance showed that the cumulative security losses from 2011 to 2019 reached more than 8 billion U.S. dollars. From January to August 2019 alone, the losses caused by blockchain security incidents reached as high as 3.3 billion U.S. dollars.
The outbreak rate of blockchain security incidents is increasing year by year, and the value of cases is also increasing. Today, the country has listed blockchain as one of the key technologies for development. In the future, blockchain technology may be applied to supply chain finance, government affairs systems, judicial systems, Internet of Things and other fields. The security issues of blockchain systems are also will become more prominent, and blockchain security should be given more attention.
"We must see the opportunities for the development of the blockchain, and we must also pay attention to the security of the blockchain. 』 As a professional who has worked in the security industry for 18 years, Yang Xia is more concerned about the security of the blockchain.
In 2016, the first smart contract security breach occurred on the blockchain, resulting in a loss of $52 million. This incident touched Yang Xia, who keenly felt that if the security issue of smart contracts is not resolved, the development of blockchain technology will be seriously affected in the future. She also smelled business opportunities in this, "At that time, there were not many companies in the world that were doing blockchain security. 』
Then Yang Xia began to devote herself to the research of blockchain security. "Because any blockchain application will contain multiple smart contract programs. So, I began to try to solve the security of smart contracts with the formal verification technology that I am good at. 』Yang Xia said that after more than two years of hard work, finally in June 2018, the world's first "one-click" smart contract automatic formal verification tool was born in Chengdu .
▲VaaS operation interface
Formal verification is to "enumerate" every possibility
In March 2018, Yang Xia, as the founder, registered a company specializing in blockchain security—Chengdu Chain Security Technology Co., Ltd. in Chengdu .
Shortly after its establishment, the company launched Beosin-VaaS, the world's first security detection tool for blockchain. It is understood that Beosin-VaaS is the world's first "one-click" smart contract automatic formal verification tool that simultaneously supports multiple chain platforms such as BCOS, ETH, EOS, Fabric, and ONT. Automatic code security detection can accurately locate the location of risky codes and give suggestions for modification. The detection accuracy rate exceeds 97%. More than 20,000 developers around the world have used the VaaS platform.
"This detection tool has a lot to do with my previous work in the security industry. It was developed based on formal verification technology. 』Yang Xia has no essential difference from the security of safety-critical systems in the aerospace field to today’s blockchain security, but the blockchain security faces greater challenges and more complex forms, but its fundamental They are all for the security of the system. Improving the system's own security capabilities and establishing a complete security defense system are what she is best at.
What is formal verification technology?
"To put it simply, it is to exhaustively enumerate all possible problems. 』 According to Yang Xia, formal verification technology was born in the 1970s and 1980s. It is mainly aimed at situations where tests cannot be exhaustive, and uses mathematical means to prove the security and functional correctness of codes.
"Traditional detection methods cannot list and test all possible situations; while formal verification can be exhaustive. It uses mathematical means to establish a mathematical model of the code and prove whether there is any possible security problem. , and ultimately make the code of the blockchain system as flawless as possible to prevent hacking. 』 Yang Xia said that although this technology has existed for decades, it has been widely used in aviation, aerospace, military and other safety-critical fields. But just like artificial intelligence, it still has a lot of room for development in the face of new application areas.
▲Chengdu Lianan Office Area
Blockchain security risks throughout
Expert: Blockchain is not a panacea, it does not have to be used for its own sake
Although there is a "one-click" verification technology, can the security problem of the blockchain be completed only by verifying the code?
Blockchain security risks are present throughout. For example, various loopholes caused by defects in the code itself during the development period will cause fatal security risks in the system after it goes online. "Take the world's most well-known Ethereum chain platform as an example. Its smart contract code is immutable and cannot be modified once deployed. If the smart contract code has a loophole, it can only watch it being attacked. 』Yang Xia said that as blockchain applications enter various fields related to China's national economy and people's livelihood, the loopholes in its key program smart contracts will seriously affect the operation of the system, and even lead to project failure, and all assets and data on the chain will be lost.
In the operation stage, hackers will reduce the availability of the trading platform through DDoS attacks, vulnerability intrusions, etc., and steal accounts and assets. And if there are loopholes in the smart contract, it will seriously affect the entire project, and even cause the project to fail. During the promotion period, in addition to cyber attacks, the platform may also suffer from business fraud such as cash-strapping and phishing fraud such as copycat counterfeiting, which will cause the loss of corporate assets and damage to the reputation.
To this end, Chengdu Lianan has developed a security situational awareness system for blockchain applications, using big data and machine learning methods to monitor transactions on the blockchain, early warning of security incidents, and real-time alarms. The blockchain firewall blocks security incidents in a timely manner to protect the safe operation of the system and the security of user assets.
"At present, the entire blockchain industry is still in the development stage, and there are many uncertainties, so there is no need to use it for its own sake. 』 As an expert in security, Yang Xia believes that the blockchain can accelerate the trust between people, between people and enterprises, and between enterprises and enterprises. In her opinion, blockchain is applicable to logistics, insurance, finance, courts, supply chain and other industries, and to a certain extent can greatly promote the accelerated development of these industries. But in some unnecessary industries, it may bring more risks and cause more troubles.
• The picture is from "Chengdu Commercial Daily - Red Star News"
• Red Star News reporter Yan Yuheng Yan Dan
• Photojournalist Lu Guoying
• Editor Liu Yupeng
• Official account typesetting Zachary
Beosin media matrix (in no particular order)
|
https://www.facebook.com/ BeosinChengdu/ |
|
https://twitter.com/Beosin_com |
|
Telegram https://t.me/LiananTech_cn (Chinese) https://t.me/LiananTech_en (English) |
|
https://weibo.com/u/6566884467 |
|
CSDN blog https://blog.csdn.net/CDLianan |
|
GitHub https://github.com/Lianantech/VCA |
|
Know almost Chengdu Chain Security Technology |
|
Chain News ChainNews Security Column Beosin Chengdu Chain Security |
|
Mars Finance·Safety Column Chengdu Chain Security Technology |
|
Babbitt Security Column Chengdu Chain Security Technology |
|
Chain Node Security Column Chengdu Lianan/Beosin |
|
Beenews Security Column Chengdu Chain Security Technology |
|
Golden Finance·Security Column Chengdu Chain Security Technology |
|
Planet Daily·Safety Column Chengdu Chain Security Technology |
Click "Read the original text"
Immediately visit the official website of "Beosin Chengdu Lian'an"