[499Block Interview] Chengdu Lianan Technology, exploring the top security guards in the blockchain industry

640?wx_fmt=png

This article is reproduced from 499 Block

Summary

" When you choose a security company, you must look at the founder's background. This is very important, because the founder's background determines the company's values. If you find that a security company is doing evil, you must take up legal weapons. "

640?wx_fmt=jpeg

499Block interview record:

640?wx_fmt=jpeg

640?wx_fmt=png

Vivian：August 28th is Global Women in Blockchain Day. Today, our 499 gas station is honored to invite Dr. Yang Xia, a female entrepreneur in the field of blockchain security.

Yang Xia:Hello everyone, I am Yang Xia, the founder and CEO of Chengdu Lianan Technology. It is a great honor to be a guest at 499 today.

Vivian：So today's interview officially begins. It is divided into five sections.

Yang Xia:Some friends saw that we are recruiting, welcome everyone to join us.

Vivian：As usual, let's first introduce Dr. Yang's background and his relationship with the blockchain industry. May I ask: When did you start to get in touch with cryptocurrency and blockchain? What industry did you work in before entering the blockchain?

Yang Xia:Good evening, everyone. It is a great honor to have the opportunity to share with you. I used to mainly do research on the security of key systems in the military field. I have been engaged in the security field for 18 years. The occurrence of the first security hole in Ethereum in 2016 gradually shifted my interest to the blockchain. The DAO system smart contract security incident caused a loss of more than 50 million US dollars. This incident made me realize that blockchain smart contract security is It is a very critical issue, and technical personnel in this field are also needed to provide some security guarantees. Therefore, starting from the second half of 2016, I gradually started research on blockchain, especially the security of smart contracts. Since 2016, I have tried to use formal verification technology to solve the security problems of smart contracts. Before this, I have been serving safety-critical fields such as aviation and spaceflight. The main research is formal verification, kernel security, trusted computing, mobile terminal security, etc.

Post a section of my personal introduction. Yang Xia, China's top blockchain security company, founder and CEO of Chengdu Lianan Technology, associate professor and postdoctoral fellow at University of Electronic Science and Technology of China. The world's first expert in applying formal verification technology to blockchain security. Engaged in computer security research for 18 years, has been providing formal verification and system security services for the aerospace field. Presided over the research and development of more than 10 national projects. Member of CC International Security Standards, member of CCF Blockchain Special Committee, member of CCF Formal Verification Special Committee. He has published more than 30 academic papers and applied for more than 20 patents. The world's first expert who applied formal verification technology to the blockchain field, took the lead in developing the world's leading automated formal verification of smart contracts for multiple blockchain platforms (such as Eth, EOS, Fabric and other blockchain platforms) Platform VaaS, the platform won the first national small and medium-sized enterprise "SaaS" application innovation and entrepreneurship competition champion. Invited to speak at the Wanxiang Blockchain Global Summit for two consecutive years, invited to participate in blockchain technology conferences held by CSDN, Babbitt Blockchain, etc., and delivered speeches.

Chengdu LianAn Technology led by Yang Xia won the "2018 Top 100 Chinese Blockchain Enterprises List", "2018 Most Professional Security Service Agency", "2019 China Blockchain Security Leader", "Best Blockchain Data Security team".

Vivian：Great Dr. Yang! Knowing that you are a postdoctoral fellow at the University of Electronic Science and Technology of China, what kind of opportunity did you start Chengdu Lianan Technology?

Yang Xia:Although I am a professor at the University of Electronic Science and Technology of China, I have always had a dream of starting a business, and I am constantly trying to start a business, and this is the third time. I hope to transfer my scientific research results to the market and serve the public. Judging from the current situation, it is not uncommon for teachers in colleges and universities to start businesses. Our technology serves the society, which is also a response to the call of the country.

Vivian：Successive entrepreneurs, women's pride.

Yang Xia:Blockchain security is a rigid need of the blockchain and an essential link in the development of the industry. So I started this business. Women also have entrepreneurial dreams. Through our efforts, we can realize our ideals just like men.

As the first team in the world to apply formal verification to the blockchain, we have proved through a large number of experiments that formal verification is very effective in solving smart contract security issues. For example, we found an "unchecked-send" bug in a donation smart contract through a formal verification method.

In September 2017, I was invited to participate in the third Global Blockchain Conference organized by Wanxiang as a guest speaker. At the conference, I talked about "Formal Verification of Smart Contracts", which caused a sensation and widespread attention. Then, I found this job to be very interesting and meaningful, so I persisted in this job.

Later, we received angel investment from Fenbushi Capital. Under the leadership and support of Xiao Feng and Shen Bo, two blockchain seniors, I established Chengdu Lianan Technology Co., Ltd. on March 29, 2018, specializing in blockchain Research and development of security technology and full ecological services. In May 2018, it became the first batch of security partners of Huobi and OK. In April 2018, it was the first company in the world to discover a security loophole in the EOS smart contract. Later, we provided security services for leading exchanges such as Manbi. Along the way, thank my friends for their support and help. thank you all.

Vivian：Impressive! Thank you for your answer! It seems that Chengdu Lianan has established and cooperated with several leading exchanges, and has also been recognized by the market.

Yang Xia:Yes, we have established partnerships with nearly 100 exchanges around the world and provide them with annual security services. We have discovered dozens of security vulnerabilities exclusively.

Vivian：Escorting hundreds of exchanges, we are quite familiar with the brand of Chengdu Lianan Technology. Today, please come and give us a detailed introduction to Chengdu Lianan’s achievements in the field of blockchain security. What are the core security products and services?

Yang Xia:Okay, let me waste everyone's time and introduce our security products and services. We have always attached great importance to the research and development of security products. Over the past year, we have developed a number of security products and established a complete security defense system:

Achievements in the security field:

Chengdu Lianan Technology is the earliest company in the world specializing in blockchain security, and it is also the first company in the world to apply formal verification technology to the field of blockchain security. Through the security audit and defense deployment of more than 1,000 smart contracts, nearly 50 public chains and wallets, and nearly 100 exchanges around the world, we have accumulated rich experience in security attack and defense in the blockchain field, and developed a number of dedicated Security products for multiple mainstream blockchain platforms. Apply for 12 software invention patents and copyrights. We have independently discovered and announced many common high-risk security vulnerabilities, which have received widespread attention and recognition from the industry. And participated in the writing of blockchain security standards organized by the Ministry of Industry and Information Technology, and cooperated with hundreds of blockchain ecosystems including Ant Financial, WeBank, Wanxiang Group, Huobi, OKEx, ONT, Celer, Bubi Blockchain, etc. Partners have established a deep cooperative relationship.

Core Security Products:

We have established a complete security system covering the entire life cycle of the blockchain system, covering the entire life cycle of the blockchain system, including "security design and development, code automatic security monitoring based on formal verification, and runtime security monitoring and protection". Specific products include smart contract development tool (Beosin-IDE), one-click smart contract security detection platform based on formal verification (Beosin-VaaS), blockchain security situational awareness (Beosin-Eagle Eye), EOS firewall Beosin-Firewall (EOS), on-chain asset traceability and tracking system, and security public opinion system (Beosin-OSINT) and other security products.

Our product platform https://beosin.com/#/, everyone is welcome to visit and use our free services.

Our first blockbuster product, a "one-click" smart contract security detection platform (Beosin-VaaS) based on formal verification: adopts a formal verification engine with our own intellectual property rights, providing smart contracts and blockchain applications The "military-grade" formal verification service can automatically detect 28 major security issues of smart contracts with "one-click". More than 20,000 users. Smart contract security detection accuracy is the highest in the world, reaching 97%. At present, it has supported multiple mainstream blockchain platforms such as ETH, EOS, Fabric, Ant Blockchain BaaS platform, and ONT.

The second product, Chengdu Lianan, provides developers with an integrated development environment for smart contracts. It provides powerful tools for the entire process from creating, editing, compiling, debugging, and deploying smart contracts. It enables developers to avoid the cumbersome steps of using official development tools and improve development efficiency. This product has more than 300,000 user visits and is currently the most widely used EOS application development tool. We developed this product because many EOS users told us that there are no useful development tools on the market. We think that if the development tools are easy to use, the development threshold will be lowered, and security problems will be greatly reduced.

There are development tools and security detection tools for formal verification, but how to ensure runtime security? So we developed the blockchain security situation awareness Beosin-Eagle Eye. Situational awareness and security management platform for DApp and exchange-specific transaction risks and security threats. Provide users with comprehensive and timely situation awareness, security early warning, alarm and response capabilities, and provide common operation monitoring functions such as active user statistics and daily income statistics. Our Eagle Eye system has already covered the mainstream chain, and all good DAPPs have entered our platform, and we have obtained 24-hour uninterrupted monitoring from our Eagle Eye system to prevent projects from being stolen. Have you noticed that more and more projects are being stolen now? Less, because the main projects are settled in our Eagle Eye.

Vivian：Sure enough, it is the best choice for the project party.

Yang Xia:Just monitoring is not enough, if a security problem is discovered, the system must be automatically blocked. So we developed a security firewall. 1. Beosin-Firewall (EOS) provides security protection for DApp smart contracts on the EOS chain, preventing smart contracts from transferring funds to malicious accounts, hacker accounts and other abnormal users. At present, our Eagle Eye is mainly targeting mainstream chain platforms such as EOS, ETH, and TRON. In the future, we will continue to support new and good chain platforms in the industry. In addition, in order to catch all security incidents in one go, we will provide you with more security intelligence. We have also developed a security public opinion system (Beosin-OSINT). In short, we have established a one-stop security service platform. As long as there are issues related to blockchain security, we can solve them all in one go.

Our product platform https://beosin.com/#/, welcome to visit. In terms of security services, we can provide project parties with full ecological security audit services, including smart contracts, blockchain underlying chain platforms, transactions Exchanges, wallets, DApps, etc., and provide a full range of security service systems such as fund traceability and anti-money laundering services.

Vivian：Therefore, Chengdu Lianan can not only provide a development environment and tools, but also complete security monitoring and automatic blocking. The real one-stop service!

Yang Xia:Yes, our ideal is to provide you with one-stop security services and solutions.

Vivian：Then I would like to ask a question from the perspective of the project party. What kind of help can Chengdu Lianan's current security business system provide for blockchain project parties and partners?

Yang Xia:We have always attached great importance to ecological construction and cooperated with all parties. In terms of ecological construction, we have already made plans and layouts. Fully cooperate and communicate closely with all walks of life in the blockchain field, and build a blockchain security ecosystem with everyone. For example, including trading platforms, public chains, alliance chains, project parties, etc. All leading and cutting-edge companies in the blockchain field have cooperated with us.

Vivian：Ok, thanks for your answer. As far as I know, Chengdu Lianan is a low-key team. It is currently the head of the blockchain security company and has the largest number of people. What are the goals and messages for the future development direction?

Yang Xia:Our goal is to be the most professional blockchain security company, with the mission of "holding the shield of security and preventing loopholes", promoting the establishment of blockchain security norms, escorting the industry, and making the blockchain ecology safer .

Message: Blockchain is the future. May this future be as bright and beautiful as we expect, and hope that the blockchain industry will continue to develop in a healthy and stable manner.

Vivian：Here, I would like to ask a question of my own. Now there are many blockchain security companies in the market, including domestic and foreign ones. As you mentioned just now, I have heard other security companies talk about the concept of formal verification. May I ask how Chengdu Lianan wins among so many companies? What is the reason why customers choose Chengdu Lianan?

Yang Xia:As the first company in the world to apply formal verification to the blockchain, we have been focusing on industrializing this high-threshold technology and providing substantial services for the blockchain field. Because the magic weapon for our victory is that we have deep technical accumulation and focus on automating formal verification. This is the difference between us and other companies that talk about formal verification. The reason why customers choose us, I think, should be: we are more professional, serious and efficient.

Vivian：These three words seem simple, but they actually contain the foundation of the enterprise.

Yang Xia:It is also the user's evaluation of us.

Vivian：In this nascent industry, those three words matter. I saw that your WeChat name (recruitment) was placed in a conspicuous position, so I couldn't help being curious. How is the current team situation of Chengdu Lianan Technology? What are the requirements for the company's talents?

Yang Xia:We are currently hiring. Although we are the largest company specializing in blockchain security in China, due to business development needs, we have been recruiting excellent partners to join us, including technical, new media operations, business and other positions.

Vivian：Then tell us about the composition of our current team and the needs of new recruiting positions.

Yang Xia:At present, it has a professional security team of nearly 60 people, about 80% of whom are technical research and development posts. Most of the members are graduates from well-known universities at home and abroad, including experts who have been engaged in formal verification for a long time and white hats with more than 10 years of security experience. Members come from professors from well-known universities, experienced senior technical personnel with doctoral degrees and master's degrees, and elites who have worked in well-known companies such as Alibaba and Huawei. Our job requirements include: head of new media operation (1 person), business manager of Beijing branch (3~5 people), working location, Beijing or Chengdu. Blockchain Security Engineer (Chengdu), Reverse Engineer (Security Lab), several, work location, Chengdu. Our business is busy, in order to reduce the queuing time of users, welcome everyone to join us. Our team is very young, the technical department is all handsome guys, and I am the only female white hat.

640?wx_fmt=png

This was taken when Mr. Xiao Feng came to inspect the company. There are many handsome guys, right?

Vivian：It was mentioned just now that I plan to come to Beijing to expand the market. What is the strategic significance of Chengdu Lianan's establishment of a branch in Beijing? What is the full name of the company's Beijing branch? What is the current plan?

Yang Xia:The establishment of the branch aims to better provide professional technical support to blockchain project parties and promote the rapid and sound development of the blockchain field. We have many clients in Beijing. The full name of our company's Beijing branch is "Chengdu Lianan (Beijing Branch)". The branch will inherit the concept and purpose of the Chengdu headquarters, focus on the ecological security of the blockchain, never stop the pace, and continuously improve the quality of service. The Beijing branch will jointly protect the security of the entire blockchain ecosystem under the unified management of the Chengdu headquarters.

Vivian：At present, many people confuse Chengdu Lianan and Beijing Lianan, thinking that they are your branches. Are they related to you?

Yang Xia:Many people ask me this question. Today I will take this opportunity to answer it carefully. First of all, I declare that Beijing Lianan has nothing to do with us. They are not our affiliates or subsidiaries. Friends who want to cooperate with us, you must recognize it clearly. The full name of our company is "Chengdu Lian'an Technology Co., Ltd.", the brand name is "Beosin Chengdu Lian'an", and the date of establishment of the company is March 29, 2018. Headquartered in Chengdu, Sichuan Province. Our Chengdu Lianan Technology Co., Ltd. was jointly founded by Professor Yang Xia, Guo Wensheng, and Gao Ziyang. Our company has recently established a branch in Beijing. We will use Chengdu Lianan (Beijing Branch) later. Please don't get confused, go to the wrong door.

Vivian：Talked so much about the history, current situation and future planning of Chengdu Lianan. So for this industry, what security problems do you think currently exist in the blockchain industry, and what are the solutions? After all the questions, it's time for everyone to ask questions!

Yang Xia:The field of blockchain security can only be said to have just started. 80% of the blockchain systems we have seen have security issues. Security is a big concept. Theft based on system security vulnerabilities, crimes using digital currency, money laundering, and running away are all emerging security issues in the blockchain field. . The core solutions are: 1. Enhance safety awareness, 2. Establish a safety team or cooperate with safety companies, 3. Strengthen industry safety supervision, 4. Establish industry safety standards. Establishing a complete security defense system is what we have been doing all the time. It is very important to prevent problems before they happen. Don't think of security solutions only after security loss. Because lost assets can no longer be found, the blockchain field involves a large amount of asset security, so everyone should pay attention to security. Let the bad guys have no chance to do evil.

Yang Xiao:Compared with SlowMist Technology, what are your strengths and weaknesses? What are the differences in the business and development directions of your two teams?

Yang Xia:Well, Slow Mist is our good partner. We and SlowMist were both established last March. As the two oldest blockchain security companies in China, we and SlowMist both provide security services for the blockchain field. We each have our own strengths. They are good at attacking, we are good at defending. They are mainly white hats, and our team is mainly composed of formal verification experts and white hats.

Ya Ruo:How to prevent rogue companies in the security field from doing evil?

Yang Xia:This question is very good. There are indeed such security companies. I suggest that you take up legal weapons. I know some security personnel, facing huge temptations, instantly change from white hats to black hats or collect protection fees, etc. These people lack professional ethics, so when you choose a security company, you must look at the background of the founder , this is very important, because the founder's background determines the company's values. If security companies are found to be doing evil, everyone must take up legal weapons. But there are also people who favor something in between. Our company is based on protection. Establish a complete defense system for everyone, so that black hats have no chance to attack. Formal verification is currently the best method on the market to make code free of security holes. It turns out that this technology is mainly used in aviation, aerospace, military and other fields.

Ya Ruo:How to obtain evidence and protect rights when encountering rogue companies? If you encounter this level of operation, it is quite realistic.

Yang Xia:If you encounter such a problem later, let us help you obtain evidence. We have a way. The industry needs to be cleaned up. Let me tell you a story. A few days ago, an investor called me and asked about the difference between me and a certain security company, and said that a certain company charged protection fees from the project party. When asked whether we are in this business, I immediately replied that our vision is to make the blockchain more secure, and we are to protect everyone's system security. We use our technology to prevent customers' assets from being stolen. We only charge a certain service fee according to the workload, and never charge protection fees. Help you solve security problems. Promote the safe development of the industry. This is our principle and philosophy. In our audit project, the security problems we find will be communicated to our partners without reservation, and we will sign a non-disclosure agreement with them. In fact, we discovered a major security threat to a wallet a few months ago, but if the PR comes out, it will affect So painful that we have chosen to seal this bug permanently. Get in touch with related projects. Problem solved.

Yang Xiao:If the team grows stronger and has more people, how can we ensure that everyone in the team is a pure white hat?

Yang Xia:The company's system is very important. We hire lawyers all the time to give us law lessons, and most of us are self-bred, so we can keep them pure forever.

Vivian：Thank you Mr. Yang for your wonderful and detailed sharing. For security issues, look for Chengdu Lianan!

640?wx_fmt=png