1. 当前位置:
  2. 首页 >
  3. 地方标准 >
  4. DB43/T 1839-2020

DB43/T 1839-2020 区块链合约安全技术测评标准

DB43/T 1839-2020 Blockchain contract security technology evaluation standards

湖南省地方标准 简体中文 现行 页数:26页 | 格式:PDF

基本信息

标准号
DB43/T 1839-2020
标准类型
湖南省地方标准
标准状态
现行
中国标准分类号(CCS)
L70/84 信息处理技术
国际标准分类号(ICS)
35.240 信息技术应用
发布日期
2020-09-30
实施日期
2020-12-30
发布单位/组织
湖南省市场监督管理局
归口单位
-
适用范围
-

发布历史

文前页预览

DB43/T 1839-2020 区块链合约安全技术测评标准-第1页
DB43/T 1839-2020 区块链合约安全技术测评标准-第2页
DB43/T 1839-2020 区块链合约安全技术测评标准-第3页
DB43/T 1839-2020 区块链合约安全技术测评标准-第4页
DB43/T 1839-2020 区块链合约安全技术测评标准-第5页
DB43/T 1839-2020 区块链合约安全技术测评标准-第6页
DB43/T 1839-2020 区块链合约安全技术测评标准-第7页

研制信息

起草单位:
起草人:
出版信息:
页数:26页 | 字数:- | 开本: -

内容描述

ICS35.240

L70

DB43

湖南省地方标准

DB43/T1839—2020

信息安全技术

区块链合约安全技术测评要求

Informationsecuritytechnology-Evaluationrequirements

forblockchaincontractsecuritytechnology

2020-09-30发布2020-12-30实施

湖南省市场监督管理局发布

DB43/T1839—2020

目次

前言························································································································································Ⅲ

1范围····················································································································································1

2规范性引用文件·································································································································1

3术语和定义········································································································································1

4等级测评概述·····································································································································2

4.1等级测评方法·····························································································································2

4.2单项测评·····································································································································2

5第一级测评要求·································································································································2

5.1合约可终止性测评要求··············································································································2

5.2合约确定性测评要求··················································································································3

5.3合约可审计性测评要求··············································································································3

5.4合约常用漏洞防护测评要求······································································································4

6第二级测评要求·································································································································5

6.1合约可终止性测评要求··············································································································5

6.2合约确定性测评要求··················································································································6

6.3合约可审计性测评要求··············································································································7

6.4合约常用漏洞防护测评要求······································································································7

7第三级测评要求·································································································································9

7.1合约可终止性测评要求··············································································································9

7.2合约确定性测评要求················································································································10

7.3合约可审计性测评要求············································································································11

7.4合约常用漏洞防护测评要求····································································································11

8第四级测评要求·······························································································································14

8.1合约可终止性测评要求············································································································14

8.2合约确定性测评要求················································································································15

8.3合约可审计性测评要求············································································································15

8.4合约常用漏洞防护测评要求····································································································16

9测评结论··········································································································································18

9.1风险分析和评价·······················································································································18

9.2等级测评结论···························································································································18

参考文献················································································································································20

I

DB43/T1839—2020

II

DB43/T1839—2020

前言

本文件按照GB/T1.1—2020给出的规则起草。

本文件由中共湖南省委网络安全和信息化委员会办公室提出。

本文件由湖南省区块链和分布式记账技术标准化技术委员会(筹)归口。

本文件起草单位:湖南链信安科技有限公司、湖南天河国云科技有限公司、湖南省东方区块链安全

技术检测中心、湖南省人民政府发展研究中心、湖南天河云链科技有限公司。

本文件主要起草人:陈昕、谭林、杨征、梁亮、聂璐璐、梁琪、李财、聂朗、汪武、尹海波、黄帅、

柳兴、郭慧、殷新文、丁雅琪、沈浪、张祥、宋姝、姜载乐、刘齐平、郑婷婷、胡钦、邹曼瑜等。

III

DB43/T1839—2020

IV

DB43/T1839—2020

信息安全技术区块链合约安全技术测评要求

1范围

本文件规定了区块链合约安全技术测评指标要求。包括第一级、第二级、第三级和第四级区块链合

约安全技术测评要求。

本文件适用于测评机构对区块链合约安全进行的测评工作,也适用于区块链技术开发者参考使用。

2规范性引用文件

下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中,注日期的引用文件,仅

该日期对应的版本适用于本文件;不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。

GB/T25069—2010信息安全技术术语

GB/T28458—2012信息安全技术安全漏洞标识与描述规范

3术语和定义

GB/T25069—2010、GB/T28458—2012界定的下列术语和定义适用于本文件。

3.1

智能合约smartcontracts

由事件驱动的、具有状态的、运行在可复制的共享区块链数据账本上的一段计算机代码,是现实世

界中合约和规则的算法实现。

3.2

函数可重入functionreentrant

某函数被调用,没有执行完成,又一次被调用。

3.3

整数溢出lntegeroverflow

整数溢出漏洞包括上溢和下溢,上溢时指已经达到类型能表示的最大值后,再增加的话就会溢出,

从一个很大的值变为0,下溢是指已经是类型能表示的最小值,继续减小的话,就会变成一个很大的值。

3.4

安全审计securityaudit

对信息系统的各种事件及行为实行监测、信息采集、分析,并针对特定事件及行为采取相应的动作。

[GB/T25069—2010]

3.5

安全漏洞vulnerability

计算机信息系统在需求、设计、实现、配置、运行等过程中,有意或无意产生的缺陷。这些缺陷以

不同形式存在于计算机信息系统的各个层次和环节之中,一旦被恶意主体所利用,就会对计算机信息系

统的安全造成损害,从而影响计算机信息系统的正常运行。

[GB/T28458—2012]

1

DB43/T1839—2020

4等级测评概述

4.1等级测评方法

等级测评实施的基本方法是针对待定的测评对象,采用相关的测评手段,遵从一定的测评规程,获

取需要的证据数据,给出是否达到特定级别安全保护能力的评判。

本标准中针对每一个要求项的测评就构成一个单项测评,针对某个要求项的所有具体测评内容构成

测评实施。根据调研结果,分析等级保护对象的业务流程和数据流,确定测评工作范围。结合等级保护

对象的安全级别进行综合分析,测评对象可以根据类别加以描述,包括合约可终止性、合约确定性、合

约可审计性、合约常用漏洞防护。

本标准账中每个级别测评要求都包括合约可终止性测评要求、合约确定性测评要求、合约可审计性

测评要求、合约常用漏洞防护测评要求四部分内容。

4.2单项测评

单项测评是针对各安全要求项的测评,支持测评结果的可重复性和可再现性。本标准中单项测评包

括测评指标、测评对象、测评实施和测评判定结果构成。

5第一级测评要求

5.1合约可终止性测评要求

5.1.1合约状态机

该测评单元包括以下要求:

a)测评指标:合约应具有一种合适的确保合约不同状态暴露不同功能的状态机。

b)测评对象:合约状态机。

c)测评实施包括以下内容:

1)是否支持合约的生命周期需要经历的所有阶段;

2)是否支持合约的所有阶段的所有方法;

3)阶段转换是否明确定义并对所有人公开;

4)状态与状态之间的更新反应时间是否不超过1秒。

d)测评判定:如果以上测评实施内容均为肯定,则符合本测评单元指标要求,否则不符合或部分

符合本测评单元指标要求。

5.1.2合约资源控制

该测评单元包括以下要求:

a)测评指标:合约应具有有效的资源管理模式保证合约可终止。

b)测评对象:合约资源控制。

c)测评实施包括以下内容:

1)是否具有线性逻辑,资源必须且只能被使用一次;

2)是否能够对资源进行合理的调配和部署;

3)资源是否可以在有限时间内被释放。

2

DB43/T1839—2020

d)测评判定:如果以上测评实施内容均为肯定,则符合本测评单元指标要求,否则不符合或部分

符合本测评

定制服务

    推荐标准

    相似标准推荐

    更多>