区块链技术应用中的安全屏障模式研究综述

doi:10.16265/j.cnki.issn1003-3033.2024.10.1891

摘要/Abstract

摘要：

为弥补区块链技术应用过程中对预防复杂系统安全问题的安全屏障研究关注不足的缺陷,首先,结合区块链技术在工业领域中的安全应用,介绍区块链自身的安全需求及安全屏障理论的支持;其次,从定性和定量视角总结安全屏障模式主要研究模型,并概述软件系统安全分析模型和安全屏障的绩效评估进展;然后,总结区块链技术安全风险相关安全措施的研究现状;最后,在顺应安全屏障模式研究中注重耦合协调的趋势下,立足研究复杂系统耦合协调及其复杂因果机制的定量方法进展,展望区块链技术应用相关的安全屏障模式研究,构建从安全分析、情景构建、系统建模、机制分析、效应评估至实现路径的安全屏障研究框架体系。结果表明: 区块链技术相关安全屏障模式研究应涵盖以蝴蝶结(Bow-Tie)结构模型为核心并衔接工业事故风险评估法(ARAMIS)和耦合视角系统理论事故建模与过程(STAMP)等模型的静态系列图模式;将静态模式转换为贝叶斯网络(BN)并可作动态贝叶斯网络(DBN)分析的动态演化机制研究;以及安全屏障系统的效应评估;而聚焦熵的耦合协调及其非线性因果分析深化该耦合式集成研究体系。

关键词: 区块链, 安全屏障, 耦合协调, 因果关系, 效应评估, 贝叶斯网络(BN)

Abstract:

In the application process of blockchain technology, insufficient attention has been paid to the research on safety barriers that are more suitable for preventing complex system safety problems. To solve this problem, firstly, the safety requirements of blockchain itself and the support of safety barrier theory were introduced, which was combined with the security application of blockchain technology in the industrial field. Then, the main safety barrier models within qualitative and quantitative perspectives were summarized, so were the progress of security analysis model of software system and of performance evaluation of safety barrier. Then, the research status of safety precautions related to security risks of blockchain technology was summarized. Finally, in accordance with the trend of coupling coordination in safety barrier models, a research framework of safety barrier models related to the application of blockchain technology was put forward, which was based on the research progress of quantitative methods studying complex system coupling coordination and complex causal mechanism. It was a framework system including safety analysis, situational construction, system modeling, mechanism analysis, effect assessment and implementation path. The results show that the research on the safety barrier models related to blockchain technology should cover static series diagram pattern with Bow-Tie model as core and ARAMIS(Accidental Risk Assessment Methodology for Industries System) and coupling perspective STAMP (Systems Theoretic Accident Model and Processes) models as integrators, dynamic evolution mechanism research that includes dynamic Bayesian network analysis by transforming the static models into BN, and the effect assessment of safety barrier system. The study on coupling coordination and nonlinear causal analysis focusing on entropy deepen this coupling integration research system.

Key words: blockchain, safety barrier, coupling coordination, causal relationship, effect assessment, Bayesian network (BN)

中图分类号:

刘正刚, 刘晨曦, 阮渊鹏. 区块链技术应用中的安全屏障模式研究综述[J]. 中国安全科学学报, 2024, 34(10): 105-115.

LIU Zhenggang, LIU Chenxi, RUAN Yuanpeng. Review on safety barrier models for blockchain technology applications[J]. China Safety Science Journal, 2024, 34(10): 105-115.

图/表 6

表1

全面的区块链安全风险类别

风险	描述	类型	所涉应用场景
网络攻击	区块链每秒的交易数量有限,此类攻击可能会提交超过区块链能力的交易,导致区块链不可用。用无效的大容量数据淹没节点的入站连接	拒绝服务攻击、边界网关协议劫持、通信流攻击、日蚀攻击、隐秘攻击、域名攻击	设备维护与监控;供应链管理;智能合约的应用(金融服务、版权及知识产权、房地产和租赁、股票及治理)
终端安全	终端可以是异构的也可以是同构的,前者有更多的选择来查找漏洞,后者中的漏洞存在于所有系统中	个人密钥安全、智能合约安全、访问控制、恶意挖矿、51%攻击、女巫攻击	灾害预防和应急响应;身份验证和访问控制;环境监测和数据分析;涉及硬件、软件、网络、数据和操作等多个层面
代码漏洞	由于区块链是分布式网络,漏洞影响广泛,代码一旦部署就无法修改。代码漏洞可能来自任何人都可以编写的智能合约或底层平台代码	交易依赖攻击、时间戳依赖攻击、调用深度攻击、可重入攻击、整数溢出攻击、操作异常攻击、燃料限制、交易延展性攻击、低价操纵、智能合约漏洞、未优化智能合约	智能合约的应用(金融服务、版权及知识产权、房地产和租赁、股票及治理)
数据保护	数据保护依赖于区块链的安全性,而不是数据所有者来提供数据完整性和可用性	中心化问题、后门攻击、单点问题、敏感数据泄露、隐私泄露	信息共享与协作(产品溯源、政府管理、能源管理、医疗卫生、环境保护等);安全审计和合规性;供应链管理
人的因素	日志所有者对其日志的监控、人的监管	日志记录和监控不足、安全配置错误、技术监管缺失	身份验证和访问控制;合规性记录与审计;风险评估和管理

表1

图1

图2

表2

安全屏障相关主要研究模型的分析重点与相互关系

模型名称	分析重点	与其他模型的关联
MORT	应用安全分析概念将事故的原因分为管理疏忽漏洞以及假定危险,以便识别安全管理工作的疏忽、失误和管理系统缺陷	在故障树分析逻辑的基础上发展
HAZOP	将分析单元划分为相应的节点,以引导词为主体,结合系统运行操作状态的变动和偏差,以便识别危及系统安全的潜在危险,辨识生产工艺的设计缺陷	—
LOPA	通过分析事故后果的严重性和发生频态参数率,量化评估现有保护措施,以便明确是否需要增加新的措施	一般在定性危害评估(如HAZOP)后应用
AcciMap	将事故影响因素映射到复杂社会技术系统各层次中,用图形分析各影响因素间的交互关系和安全性的变化过程	—
STAMP^*	重点关注整个系统表现,视系统为分层控制结构,每个层级对下一层级施加约束,通过检查每个控制结构层级的失效识别控制缺陷,适用于复杂性和耦合度较高社会技术系统	基于AcciMap模型对社会技术系统的分层进行细化和完善
FRAM	将系统分解为不同功能,认为各功能均具备可变异性,而某一要素正常变动与其他要素变化所产生的聚合效应发生耦合时可能导致共振并引发事故。通过分析系统中各功能模块的紧密耦合来解释复杂社会技术系统事故的致因机制	在传统线性模型基础上,突破事故的线性因果性思维建立非线性安全模型
蝴蝶结结构图Bow-tie	将事故原因和事故导致的后果统一起来,结合故障树与事件树来分析事故的前因后果	集成故障树与事件树
SHIPP	采用故障树表征各安全屏障的因果关系;采用事件树来描述事故从安全状态到灾难性后果的演变过程;基于贝叶斯理论分析现场异常事件数据,以便更新安全屏障失效概率	基于过程事故模型,保留故障树和事件树结合的系统分析方式并增加贝叶斯更新机制
HBA	将层次模型和贝叶斯理论相结合,在数据分组分层构建层次模型后建立相应的基于BN的概率模型	—
DBN^*	在静态BN结构上加入时间属性约束,借助不同时刻节点状态所形成的数据,反映其代表变量的发展变化趋势	—

表2

图3

图4

参考文献 62

[1]	田水承, 景国勋. 安全管理学[M]. 北京: 机械工业出版社, 2009: 114-115.
[2]	SKLET S. Safety barriers: definition, classification, and performance[J]. Journal of Loss Prevention in the Process Industries, 2006, 19(5): 494-506.
[3]	KANG Jian, ZHANG Jixin, GAO Jiancun. Analysis of the safety barrier function: accidents caused by the failure of safety barriers and quantitative evaluation of their performance[J]. Journal of Loss Prevention in the Process Industries, 2016, 43: 361-371.
[4]	LIU Yiliu. Safety barriers: research advances and new thoughts on theory, engineering and management[J]. Journal of Loss Prevention in the Process Industries, 2020, 67: DOI:10.1016/j.jlp.2020.104260.
[5]	DUIJM N J, GOOSSENS L. Quantifying the influence of safety management on the reliability of safety barriers[J]. Journal of Hazardous Materials, 2006, 130(3): 284-292. pmid: 16107300
[6]	YUAN Shuaiqi, YANG Ming, RENIERS G, et al. Safety barriers in the chemical process industries: a state-of-the-art review on their classification, assessment, and management[J]. Safety Science, 2022, 148: DOI:10.1016/j.ssci.2021.105647.
[7]	张坤, 马力, 徐亚非. 复杂信息系统安全保障体系的研究[J]. 中国管理科学, 2000, 8(增1): 336-346.
	ZHANG Kun, MA Li, XU Yafei. Research for security safeguard system of complex information system[J]. Chinese Journal of Management Science, 2000, 8(S1): 336-346.
[8]	陈光宇, 黄锡滋. 软件可靠性学科发展现状及展望[J]. 电子科技大学学报:社科版, 2002, 4(3): 99-102.
	CHEN Guangyu, HUANG Xizi. Actuality and prospect of development of software reliability subject[J]. Journal of University of Electronic Science and Technology of China: Social Sciences Edition, 2002, 4(3): 99-102.
[9]	NAKAMOTO S. Bitcoin: a peer-to-peer electronic cash system[EB/OL]. (2008-10-31). https://bitcoin.org/bitcoin.pdf.
[10]	曹雪莲, 张建辉, 刘波. 区块链安全、隐私与性能问题研究综述[J]. 计算机集成制造系统, 2021, 27(7): 2078-2094. doi: 10.13196/j.cims.2021.07.022
	CAO Xuelian, ZHANG Jianhui, LIU Bo. Review on security, privacy, and performance issues of blockchain[J]. Computer Integrated Manufacturing Systems, 2021, 27(7): 2078-2094.
[11]	ZUBAYDI H D, VARGA P, MOLNÁR S. Leveraging blockchain technology for ensuring security and privacy aspects in internet of things: a systematic literature review[J]. Sensors, 2023, 23(2): DOI:10.3390/s23020788.
[12]	李晓, 刘正刚. 基于区块链技术的供应链智能治理机制[J]. 中国流通经济, 2017, 31(11): 34-44.
	LI Xiao, LIU Zhenggang. Study on supply chain intelligent governance mechanism based on blockchain technology[J]. China Business and Market, 2017, 31(11): 34-44.
[13]	韩璇, 袁勇, 王飞跃. 区块链安全问题:研究现状与展望[J]. 自动化学报, 2019, 45(1): 206-225.
	HAN Xuan, YUAN Yong, WANG Feiyue. Security problems on blockchain: the state of the art and future trends[J]. Acta Automatica Sinica, 2019, 45(1): 206-225.
[14]	LO S K, XU Xiwei, STAPLES M, et al. Reliability analysis for blockchain oracles[J]. Computers & Electrical Engineering, 2020, 83: DOI:10.1016/j.compeleceng.2020.106582.
[15]	AL-JAROODI J, MOHAMED N. Blockchain in Industries: a survey[J]. IEEE Access, 2019, 7: 36 500-36 515.
[16]	LENG Jiewu, YE Shide, ZHOU Man, et al. Blockchain-secured smart manufacturing in industry 4.0: a survey[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2020, 51(1): 237-252.
[17]	HUANG Junqin, KONG Linghe, CHEN Guihai, et al. Towards secure industrial IoT: blockchain system with credit-based consensus mechanism[J]. IEEE Transactions on Industrial Informatics, 2019, 15(6): 3680-3689.
[18]	VIRIYASITAVAT W, XU Lida, BI Zhuming, et al. Blockchain-based business process management (BPM) framework for service composition in industry 4.0[J]. Journal of Intelligent Manufacturing, 2020, 31(7): 1737-1748.
[19]	FRAGA-LAMAS P, FERNÁNDEZ-CARAMÉS T M, DA CRUZ A M R, et al. An overview of blockchain for industry 5.0: towards human-centric, sustainable and resilient applications[J]. IEEE Access, 2024, 12: 116 162-116 201.
[20]	HOWARD P. Mapping the OWASP top ten to blockchain[J]. Procedia Computer Science, 2020,177: 613-617.
[21]	QIAO Weiliang, HUANG Enze, GUO Hongtongyang, et al. Barriers involved in the safety management systems: a systematic review of literature[J]. International Journal of Environmental Research and Public Health, 2022, 19(15): DOI: 10.3390/ijerph19159512.
[22]	BOLBOT V, THEOTOKATOS G, BUJORIANU L M, et al. Vulnerabilities and safety assurance methods in cyber-physical systems: a comprehensive review[J]. Reliability Engineering & System Safety, 2019, 182: 179-193.
[23]	TANTAWY A, ABDELWAHED S, ERRADI A. Cyber LOPA: an integrated approach for the design of dependable and secure cyber-physical systems[J]. IEEE Transactions on Reliability, 2022, 71(2): 1075-1091.
[24]	LACITY M C. Addressing key challenges to making enterprise blockchain applications a reality[J]. MIS Quarterly Executive, 2018, 17(3): 201-222.
[25]	LENG Jiewu, ZHOU Man, ZHAO J L, et al. Blockchain security: a survey of techniques and research directions[J]. IEEE Transactions on Services Computing, 2022, 15(4): 2490-2510.
[26]	HEINRICH H W, PETERSEN D, ROOS N. Industrial accident prevention:a safety management approach (5^th edition)[M]. New York: McGraw-Hill, 1980: 68-74.
[27]	REASON J. Human error[M]. Cambridge: Cambridge University Press, 1990: 119-124.
[28]	KUJATH M F, AMYOTTE P R, KHAN F I. A conceptual offshore oil and gas process accident model[J]. Journal of Loss Prevention in the Process Industries, 2010, 23(2): 323-330.
[29]	姜伟, 佟瑞鹏, 傅贵. 安全科学与工程导论[M]. 北京: 中国劳动社会保障出版社, 2015: 54-58.
[30]	傅贵. 安全管理学:事故预防的行为控制方法[M]. 北京: 科学出版社, 2013: 247-262.
[31]	RASMUSSEN J. Risk management in a dynamic society: a modelling problem[J]. Safety Science, 1997, 27(2/3): 183-213.
[32]	LEVESON N. A new accident model for engineering safer systems[J]. Safety Science, 2004, 42(4): 237-270.
[33]	周荣义, 李石林, 刘何清. HAZOP分析中LOPA的应用研究[J]. 中国安全科学学报, 2010, 20(7): 76-81.
	ZHOU Rongyi, LI Shilin, LIU Heqing. Study on application of LOPA in HAZOP[J]. China Safety Science Journal, 2010, 20(7): 76-81.
[34]	MARKOWSKI A S, KOTYNIA A. "Bow-tie" model in layer of protection analysis[J]. Process Safety and Environmental Protection, 2011, 89(4): 205-213.
[35]	SALVI O, DEBRAY B. A global view on ARAMIS, a risk assessment methodology for industries in the framework of the SEVESO II directive[J]. Journal of Hazardous Materials, 2006, 130(3): 187-199. pmid: 16236437
[36]	DE DIANOUS V, FIÉVEZ C. ARAMIS project: a more explicit demonstration of risk control through the use of bow-tie diagrams and the evaluation of safety barrier performance[J]. Journal of Hazardous Materials, 2006, 130(3): 220-233. pmid: 16107301
[37]	RATHNAYAKA S, KHAN F, AMYOTTE P. SHIPP methodology: predictive accident modeling approach. Part II. validation with case study[J]. Process Safety and Environmental Protection, 2011, 89(2): 75-88.
[38]	ZHAO Rongyong, LIU Qiong, WANG Yan, et al. Dynamic crowd accident-risk assessment based on internal energy and information entropy for large-scale crowd flow considering COVID-19 epidemic[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(10): 17 466-17 478.
[39]	JIANG Shengyu, CHEN Guoming, ZHU Yuan, et al. Real-time risk assessment of explosion on offshore platform using Bayesian network and CFD[J]. Journal of Loss Prevention in the Process Industries, 2021, 72: DOI: 10.1016/j.jlp.2021.104518.
[40]	刘书杰, 李相方, 周悦, 等. 基于贝叶斯-LOPA方法的深水钻井安全屏障可靠性分析[J]. 中国安全生产科学技术, 2014, 10(9): 187-191.
	LIU Shujie, LI Xiangfang, ZHOU Yue, et al. Reliability analysis on safety barriers of deep-water drilling based on Bayesian-LOPA method[J]. Journal of Safety Science and Technology, 2014, 10(9): 187-191.
[41]	BADREDDINE A, BEN AMOR N. A Bayesian approach to construct bow tie diagrams for risk evaluation[J]. Process Safety and Environmental Protection, 2013, 91(3): 159-171.
[42]	KHAKZAD N, KHAN F, AMYOTTE P. Dynamic safety analysis of process systems by mapping bow-tie into Bayesian network[J]. Process Safety and Environmental Protection, 2013, 91(1): 46-53.
[43]	ZENG Tao, CHEN Guohua, YANG Yunfeng, et al. Developing an advanced dynamic risk analysis method for fire-related domino effects[J]. Process Safety and Environmental Protection, 2020, 134: 149-160.
[44]	RASPOTNIG C H, OPDAHL A. Comparing risk identification techniques for safety and security requirement[J]. Journal of System Software, 2013, 86(4): 1124-1151.
[45]	VYAS P, MITTAL R K. The application of SFTA and SFMEA approaches during software development process: an analytical review[J]. International Journal of Critical Computer-Based Systems, 2015, 6(1): 29-49.
[46]	LANDUCCI G, ARGENTI F, SPADONI G, et al. Domino effect frequency assessment: the role of safety barriers[J]. Journal of Loss Prevention in the Process Industries, 2016, 44: 706-717.
[47]	张新梅, 韩丹丹, 陈晨. 安全屏障绩效评估在装置风险控制中的应用研究[J]. 中国安全科学学报, 2014, 24(11): 96-101.
	ZHANG Xinmei, HAN Dandan, CHEN Chen. Study on application of safety barrier performance evaluation to installation risk control[J]. China Safety Science Journal, 2014, 24(11): 96-101.
[48]	KALANTARNIA M, KHAN F, HAWBOLDT K. Dynamic risk assessment using failure assessment and Bayesian theory[J]. Journal of Loss Prevention in the Process Industries, 2009, 22(5): 600-606.
[49]	DIMAIO F, SCAPINELLO O, ZIO E, et al. Accounting for safety barriers degradation in the risk assessment of oil and gas systems by multistate Bayesian networks[J]. Reliability Engineering and System Safety, 2021, 216(3): DOI: 10.1016/j.ress.2021.107943.
[50]	周荣义, 钟岸, 任竟舟, 等. 安全系统安全完整性等级确定方法比较研究[J]. 中国安全生产科学技术, 2014, 10(3): 67-73.
	ZHOU Rongyi, ZHONG An, REN Jingzhou, et al. Comparative study on determining methods for safety integrity level of safety system[J]. Journal of Safety Science and Technology, 2014, 10(3): 67-73.
[51]	SHU Yidan, ZHAO Jinsong. A simplified Markov-based approach for safety integrity level verification[J]. Journal of Loss Prevention in the Process Industries, 2014, 29: DOI:10.1016/j.jlp.2014.03.013.
[52]	SAUSER B, VERMA D, RAMIREZ-MARQUEZ J, et al. From TRL to SRL: the concept of systems readiness levels[C]. Proceeding of Conference on Systems Engineering Research, 2006: 1-10.
[53]	AHMADJEE S, MERA-GOMEZ C, BAHSOON R, et al. A study on blockchain architecture design decisions and their security attacks and threats[J]. ACM transaction on Software Engineering and Methodology, 2022, 31(2): 1-45.
[54]	FENG Shaohan, WANG Wenbo, XIONG Zehui, et al. On cyber risk management of blockchain networks: a game theoretic approach[J]. IEEE Transactions on Services Computing, 2021, 14(5): 1492-1504.
[55]	钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述[J]. 软件学报, 2022, 33(8): 3059-3085.
	QIAN Peng, LIU Zhenguang, HE Qinming, et al. Smart contract vulnerability detection technique: a survey[J]. Journal of Software, 2022, 33(8): 3059-3085.
[56]	董伟良, 刘哲, 刘逵, 等. 智能合约漏洞检测技术综述[J]. 软件学报, 2024, 35(1): 38-62.
	DONG Weiliang, LIU Zhe, LIU Kui, et al. Survey on vulnerability detection technology of smart contracts[J]. Journal of Software, 2024, 35(1): 38-62.
[57]	康海燕, 邓婕. 区块链数据隐私保护研究综述[J]. 山东大学学报:理学版, 2021, 56(5): 92-110.
	KANG Haiyan, DENG Jie. Survey on blockchain data privacy protection[J]. Journal of Shandong University: Natural Science, 2021, 56(5): 92-110.
[58]	梁秀波, 吴俊涵, 赵昱, 等. 区块链数据安全管理和隐私保护技术研究综述[J]. 浙江大学学报:工学版, 2022, 56(1): 1-15.
	LIANG Xiubo, WU Junhan, ZHAO Yu, et al. Review of blockchain data security management and privacy protection technology research[J]. Journal of Zhejiang University: Engineering Science, 2022, 56(1): 1-15.
[59]	YANG Lu. The blockchain: state-of-the-art and research challenges[J]. Journal of Industrial Information Integration, 2019, 15: 80-90. doi: 10.1016/j.jii.2019.04.002
[60]	SHANNON C E. A mathematical theory of communication[J]. Bell System Technical Journal, 1948, 27(4): 379-423.
[61]	RUNGE J, HEITZIG J, MARWAN N, et al. Quantifying causal coupling strength: a lag-specific measure for multivariate time series related to transfer entropy[J]. Physical Review E Statistical Nonlinear & Soft Matter Physics, 2012, 86(6): 1-15.
[62]	SINGH A, SAINI B S, SINGH D. Multiscale joint symbolic transfer entropy for quantification of causal interactions between heart rate and blood pressure variability under postural stress[J]. Fluctuation and Noise Letters, 2015, 14(3): DOI: 10.1142/S0219477515500315.