当前位置: X-MOL 学术J. Syst. Archit. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
ConGradetect: Blockchain-based detection of code and identity privacy vulnerabilities in crowdsourcing
Journal of Systems Architecture ( IF 3.7 ) Pub Date : 2020-10-14 , DOI: 10.1016/j.sysarc.2020.101910
Jitao Wang , Guozi Sun , Yu Gu , Kun Liu

At present, various types of code vulnerabilities lead to a huge workload of detection. Although multi-party cooperation detection methods can be applied to improve efficiency, common crowdsourcing models are difficult to guarantee the privacy of code and identity. We design a code and identity privacy vulnerability crowdsourcing detection system ConGradetect. The system is built on a blockchain and solves code privacy issues, identity privacy issues, and reward preemption issues during the crowdsourcing detection process of vulnerabilities. In ConGradetect, users have a dynamic fake identity, which ensures that the identity of the user is not exposed, thereby avoiding the problem of information exposure caused by data accumulation. In the meantime, ConGradetect uses a local code granulation tool to perform off-line code cutting for task publishers, and uses proxy re-encryption to allocate task code blocks to ensure that the complete original code is only known to the code owner. When the task is received, a trusted key conversion is performed using smart contract. Further, we propose a method for anonymous verification of the binding relationship between task anduser to prevent reward preemption and ensure that task performers can obtain corresponding legal benefits. Finally, we run the system on the Ethereum blockchain and test its performance. After testing, the feasibility of ConGradetect is proved.



中文翻译:

ConGradetect:众包中基于区块链的代码和身份隐私漏洞检测

当前,各种类型的代码漏洞导致巨大的检测工作量。尽管可以使用多方合作检测方法来提高效率,但是常见的众包模型很难保证代码和身份的私密性。我们设计了一个代码和身份隐私漏洞众包检测系统ConGradetect。该系统建立在区块链上,解决了在漏洞的众包检测过程中的代码隐私问题,身份隐私问题和奖励抢占问题。在ConGradetect中,用户具有动态的伪造身份,从而确保不暴露用户的身份,从而避免了由于数据累积而导致的信息暴露问题。同时,ConGradetect使用本地代码粒度工具为任务发布者执行离线代码切割,并使用代理重新加密来分配任务代码块,以确保完整的原始代码仅由代码所有者知道。收到任务后,将使用智能合约执行可信密钥转换。此外,我们提出了一种匿名验证任务与用户之间的绑定关系的方法,以防止奖励抢占并确保任务执行者可以获得相应的法律利益。最后,我们在以太坊区块链上运行系统并测试其性能。经过测试,证明了ConGradetect的可行性。使用智能合约执行可信密钥转换。此外,我们提出了一种匿名验证任务与用户之间的绑定关系的方法,以防止奖励抢占并确保任务执行者可以获得相应的法律利益。最后,我们在以太坊区块链上运行系统并测试其性能。经过测试,证明了ConGradetect的可行性。使用智能合约执行可信密钥转换。此外,我们提出了一种匿名验证任务与用户之间的绑定关系的方法,以防止奖励抢占并确保任务执行者可以获得相应的法律利益。最后,我们在以太坊区块链上运行系统并测试其性能。经过测试,证明了ConGradetect的可行性。

更新日期:2020-10-15
down
wechat
bug