BTC Inc
by Giulio Prisco, Apr 12, 2018

Fujitsu Planning Comprehensive, Blockchain-Based Security Solutions


Tokyo

Fujitsu Global, the Japanese informational technology equipment and services giant, announced that it is developing verification and risk assessment technology for Ethereum-based smart contracts.

Using “symbolic execution technology,” Fujitsu researchers have demonstrated the ability to identify bugs in the source code of Ethereum smart contracts, with highly accurate risk detection.

Fujitsu is based in Tokyo and offers a wide range of technology products, solutions and services, with approximately 155,000 employees in more than 100 countries. 

“Because smart contracts are copied to multiple locations and executed in a distributed manner, once a contract has been executed, it cannot easily be stopped, and it cannot be revised even if risks are found in the smart contract,” per the Fujitsu press release.  

For instance, issues with a smart contract led to The DAO hack in 2016, which exploited weaknesses in the Ethereum Virtual Machine (EVM) to transfer $50 million worth of ether into the control of an attacker. 

Researchers from Fujitsu Laboratories and Fujitsu Research and Development Center, two subsidiaries of the Japanese tech giant, located respectively in Kawasaki, Japan, and Beijing, China, announced a new static analysis method for Ethereum smart contracts at the Blockchains and Smart Contracts Workshop 2018 (BSC 2018) in Paris, in a presentation titled “Security Assurance for Smart Contract.”

“Since Ethereum smart contracts hold millions of dollars, their execution correctness is crucial against attacks which aim at stealing the assets,” noted the researchers in their workshop paper. “In this paper, we proposed a security assurance method for smart contract source code to find potential security risks.”

The new static analysis solution for Ethereum smart contracts consists of topological analysis of function invocation relationship, logic risk detection and location.

Based on these features, the Fujitsu team developed a tool called “Security Assurance for Smart Contract” (SASC), which can provide high-quality support. According to the researchers, SASC will soon be published on GitHub as open source software.

An independent review published by a blockchain enthusiast on Medium explores possible security risks for smart contracts and Fujitsu’s SASC solution. 

In November, Ethereum co-founder Vitalik Buterin outlined a vision for the evolution of the Ethereum platform. Among other forthcoming developments, Buterin noted that he expects Ethereum to eventually introduce formal verification for smart contracts. At this moment, however, Ethereum doesn’t support static analysis to filter out bugs and predict the computing resources that a program will require. 

Therefore, the forthcoming open sourcing of SASC represents a significant acceleration in Ethereum development and a step toward full maturity. Smart contract security is a key issue for the adoption of Ethereum and similar blockchain technologies in critical industries.

The Fujitsu press release stated that Fujitsu Laboratories will continue to develop verification technologies, not only for Ethereum but also for Hyperledger Fabric, a blockchain framework project for smart contracts hosted by The Linux Foundation, with the goal of commercialization of this technology during fiscal year 2018.

In addition, besides verification technology for smart contracts, Fujitsu Laboratories plans to also develop a broad range of blockchain technologies for building secure systems. The commitment of a tech giant like Fujitsu is likely to significantly boost the adoption of blockchain technology in the information and communications technology security market.