Mais conteúdo relacionado Semelhante a Blockchain & Security in Oracle by Emmanuel Abiodun (20) Mais de Vishwas Manral (7) Blockchain & Security in Oracle by Emmanuel Abiodun2. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Blockchain & Security
Emmanuel Abiodun
Blockchain Architect
Oracle Cloud
October 2018
emmanuel.abiodun@oracle.com
www.linkedin.com/in/emmanuel-abiodun/
Nov 2018
3. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, timing, and pricing of any
features or functionality described for Oracle’s products may change and remains at the
sole discretion of Oracle Corporation.
Confidential – Oracle Internal/Restricted/Highly Restricted
4. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Introduction to Oracle Blockchain Cloud Service
State Database Enhancements
Smart Contract Design Best Practices
Some Security Considerations
Q&A
1
2
3
4
5
Confidential – Oracle Internal/Restricted/Highly Restricted 4
5. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Pre-Assembled
Enterprise-Grade
Managed
Plug and Play Integrations
Open
Oracle Blockchain Cloud Service
5
ORACLE
BLOCKCHAIN
CLOUD SERVICE
Oracle’s
Experience and
Expertise
6. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Oracle Blockchain Cloud Platform
6
Container
services
Identity
Management
Services
Events Management
Services
Data
Services
ORACLE CLOUD INFRASTRUCTURE and PAAS SERVICES
ON PREMISES APPS
CONSENSUS
Validates transactions before adding to chain
SMART CONTRACTS
Business logic based on agreements
DISTRIBUTED LEDGER
Whole state data and its history
CONFIDENTIALITY
Permissioned blockchain with private channels
REST API / SDKs for Go, Java, and Javascript
ORACLE BLOCKCHAIN PLATFORM
Hyperledger
Fabric Peers
in Customer
Datacenters or
3rd Party Clouds
External
Members
SCMERP HCM CX
ORACLE SAAS
CRM
OPEN SOURCE HYPERLEDGER FABRIC
3rd Party
SaaS
Custom
Cloud Apps
*
Managed PaaS
7. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Built on Hyperledger Fabric
• Clients submit transactions for endorsement to peers
• Peers call smart contracts aka chaincode to simulate/endorse transactions
• Client submits endorsed transaction to ordering service
• Peers validate and commit transactions
– Verify policies met and versions for multi-version concurrency control (MVCC)
• World state database is a key/value store
– Get by key, key range, or partial composite key
– Optional databases provide rich queries that can query based upon values
Confidential – Oracle Internal/Restricted/Highly Restricted
8. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Hyperledger Fabric Transaction Flow
Client Application
Fabric SDK
Keys
Membership Service
Peers
Endorser
Simulates TX
World
State
Committer
Applies changes
Ordering Service
Certificate
Authority
4.0 - Deliver TX Batch
Validate Signatures
and Authorization
Orders TXs into
batches
according to
consensus3.0 - Submit Endorsed TX
Includes RWset and endorser
signatures
Ledger
5.0 – Writes ledger block
5.1 - Updates State
Oracle Confidential – Under NDA
6.0 – Commit Notification
Smart Contract
(Chaincode)
9. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Oracle State Database Enhancements
• Default state database in Hyperledger Fabric is LevelDB
• Optional database supporting rich queries CouchDB – extremely slow
• Neither supports isolation, snapshots, or local transactions
• Fabric read locks the database for read access during endorsement
• Fabric write locks the database for exclusive access during commitment
• Result: Endorsement and commitment cannot overlap
Hyperledger Fabric
Confidential – Oracle Internal/Restricted/Highly Restricted 9
10. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 10
State Based Enhancements
11. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Oracle State Database Enhancements
• OBCS uses Berkeley Database (BDB) for state database which supports local
transactions and isolation
• SQL layer on top of BDB for rich queries
• Replace database locking with a transaction manager using local txn
• Allows endorsement and commitment to execute in parallel
• Supports SQL SELECT statements and CouchDB queries in rich queries
Confidential – Oracle Internal/Restricted/Highly Restricted
12. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 12
Smart Contract Design Best
Practices
13. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
OABCS Application Design Best Practices
• Start small
• Keep it simple
• Not everything belongs on a ledger
• Workflow is best done in the application, not smart contracts
• L10N I18N
• Pull instead of push
• Determine who you trust and how much you trust them
Confidential – Oracle Internal/Restricted/Highly Restricted
14. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Not Everything Belongs on the Ledger
• Blockchains replicate the ledger – potentially many copies
• For large objects, this dramatically increases storage requirements
• Store what’s absolutely needed and must be shared
• Large objects or PII should be stored off-chain if possible
– Store them elsewhere
– Place hash of object on the ledger as proof
– Mediate off-chain storage access via the blockchain
Confidential – Oracle Internal/Restricted/Highly Restricted
15. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Workflow in the Application, not Smart Contracts
• Ledger records the transactions
• Workflow such as multi-step processes best left to external tools
• Examples:
– Voting to add new member to blockchain network
• the state of the votes is maintained on blockchain
• Acting on the vote is a workflow issue
• Use events to move workflow forward
Confidential – Oracle Internal/Restricted/Highly Restricted
16. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Who Do You Trust and How Much Do You Trust Them?
• This determines many design decisions such as:
• Endorsement policies – who needs to validate transactions
• How confidential is the data?
– Peers running outside Oracle cloud can snoop data
– By default, any user can read ledger
Confidential – Oracle Internal/Restricted/Highly Restricted
17. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Agenda
Introduction to Blockchain and Smart Contracts
CargoSmart
OABCS Application Design Best Practices
Hyperledger Fabric Smart Contract best practices
Summary and Q&A
1
2
3
4
5
Confidential – Oracle Internal/Restricted/Highly Restricted 17
18. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Hyperledger Fabric Smart Contracts
• Smart contracts provide the cross organization business logic
• Similar to stored procedures
• Executed multiple times
• Only thing that update world state
• Written in Go, Node.js, and Java
Confidential – Oracle Internal/Restricted/Highly Restricted
19. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Smart Contract Mandatory Practice
• Deterministic!
– Do NOT generate guids, random numbers,…
– Do NOT try to the get the time
• If needed have client pass in:
– guids, random numbers, timestamps,…
– Data from external systems
• Watch for timeouts
Confidential – Oracle Internal/Restricted/Highly Restricted
Better than best practices
20. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Avoid Data Hot Spots or Global Keys
• Keys that are read and written frequently
– Sequence number
– Totals
• Likely cause invalidation errors
– Especially for larger block sizes
• Higher likelihood for MVCC errors
– Transactions have to be retried
Confidential – Oracle Internal/Restricted/Highly Restricted
Performance
21. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
World State Access
• Watch for phantom reads
– Standard Fabric rich queries don’t affect RWset
– OBCS rich queries are re-executed at validation time
• Create indexes for rich queries
• Using OBCS
– Use rich queries instead of composite keys
– Push summaries, calculations, etc., down to database
• Average number of marbles owned
Confidential – Oracle Internal/Restricted/Highly Restricted
22. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Avoid Off Chain Access
• Avoid network connections/interactions if possible!
– Potential source of non-determinism
• Off chain data
– Let client provide the data
– Store hash in ledger as proof
• Off chain applications
– Oracles are fine
Confidential – Oracle Internal/Restricted/Highly Restricted
23. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Push vs Pull
• Push – smart contract pushes data
– Smart contract updating an external application
– But will be called multiple times – once for each endorsement
• Pull – application pulls data
– External application calls smart contract to put data
– Can maintain queue in world state
– Use a chaincode event to trigger
– Receiving application pulls the data from the blockchain
Confidential – Oracle Internal/Restricted/Highly Restricted
24. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Circuit Breakers
• Emergency stop
• Essentially denies all executions until reset
• Commonly used to deal with serious bugs or security issues
• Controlled by limited parties, e.g. admins
Confidential – Oracle Internal/Restricted/Highly Restricted
25. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Side DB
Confidential – Oracle Internal/Restricted/Highly Restricted
Peer3
Chaincode State
hash(k1), hash(secret value)
Private State
k1, secret value
Channel 1
Peers in collection
Peer2
Peers not in collection
Gossip
Chaincode State
hash(k1), hash(secret value)
Private State
k1, secret value
Chaincode State
hash(k1), hash(secret value)
Peer1
Endorsing
Committing
Endorsing
Committing
Committing
only
Private state among subset of peers
26. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 26
Some Security Considerations
27. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Privacy and Confidentiality
• Only put what’s necessary on the ledger!
• All peers get a copy, consider where peers run
• Encrypt data or store sensitive data off chain
• Choose strong encryption – quantum computing is coming
• Use side database feature of Fabric
– Only specific peers get private data, hash of key/value recorded in ledger
• Soon: Anonymous Authentication and Zero-Knowledge Asset Transfer
Confidential – Oracle Internal/Restricted/Highly Restricted
28. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Privacy and Confidentiality
• Normally any authorized user has access to ledger
• Use Fabric fine grained access control
– Prohibit or limit access to query system chaincode and events
– Only allow access via invoking smart contracts
• Implement fine grained access control in chaincode
– Take control of who has access to what
– Maintain the access information in chaincode
– Field level access control, attribute access control
• Use transient data to pass in data to be excluded from the ledger
Confidential – Oracle Internal/Restricted/Highly Restricted
Keep prying eyes out
29. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Security
• Use static analysis tools
• Use SSL/TLS to protect communication
• Check everything!
– all needed arguments
– Injection attacks
– Verify identity
Confidential – Oracle Internal/Restricted/Highly Restricted
30. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Security
• Docker isolation is not enough
• Kata containers use in multi-tenancy
• Ensure customer can harm only himself
• Careful with platform / env secrets
Confidential – Oracle Internal/Restricted/Highly Restricted
31. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 31
Questions?
Notas do Editor Pre-assembled – Hyperledger Fabric blockchain network components, identity mgmt., event mgmt., container lifecycle mgmt., object store, and all infrastructure dependencies
Open - Built on open-source Hyperledger fabric software from the Linux Foundation, interconnects with non-Oracle HL Fabric instances, supports REST APIs and Fabric client SDKs
Plug and play integration – OIC adapters for Oracle and 3rd party apps with diverse systems of record and REST APIs
Enterprise-grade - Improved resilience with HA, 99.95% availability SLA, enhanced security, & continuous ledger backup
Autonomous - Industry’s 1st and only autonomous blockchain cloud service
Expertise and Experience – Experience building blockchain solutions for many industries that leverage our deep industry expertise & partners trained on Oracle blockchain