Biblio

In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.

Most security software tools try to detect malicious components by cryptographic hashes, signatures or based on their behavior. The former, is a widely adopted approach based on Integrity Measurement Architecture (IMA) enabling appraisal and attestation of system components. The latter, however, may induce a very long time until misbehavior of a component leads to a successful detection. Another approach is a Dynamic Runtime Attestation (DRA) based on the comparison of binary code loaded in the memory and well-known references. Since DRA is a complex approach, involving multiple related components and often complex attestation strategies, a flexible and extensible architecture is needed. In a cooperation project an architecture was designed and a Proof of Concept (PoC) successfully developed and evaluated. To achieve needed flexibility and extensibility, the implementation facilitates central components providing attestation strategies (guidelines). These guidelines define and implement the necessary steps for all relevant attestation operations, i.e. measurement, reference generation and verification.

Researchers interested in security often wish to introduce new primitives into a language. Extensible languages hold promise in such scenarios, but only if the extension mechanism is sufficiently safe and expressive. This paper describes several modifications to an extensible language motivated by end-to-end security concerns.