Secure Smart Contract Generation Based on Petri Nets

Existing blockchain and smart contract development ecosystems do not support to design, develop, and verify secure smart contracts before deploying them. Recent attacks (see DAO hack [5]) on insecure smart contracts have caused a lot of financial loss—to avoid such issues in the future, we need better methods for creating secure smart contracts before deploying them in a blockchain. In this chapter, we present a method and a prototype tool to generate secure smart contracts based on Petri Nets. Our method allows to design and generate a secure smart contract template that can be deployed on a supported blockchain platform (e.g. Ethereum) with very little additional effort. One of the main advantages that our method brings into the smart contract development ecosystem is introducing a formal way to visually model, simulate, and verify business logic/workflows prior to the smart contract code generation. Modeling the smart contracts via Petri Nets helps the developers to minimize the logical errors—by verifying certain Petri Net properties such as deadlocks—during the modeling stage itself. Furthermore, our approach presents a technology-independent way to import and export the modeled use-case logic which can be translated into different smart contract language later.

[1]  Olivia Choudhury,et al.  Auto-Generation of Smart Contracts from Domain-Specific Ontologies and Semantic Rules , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[2]  Andrea Pinna,et al.  A Petri Nets Model for Blockchain Analysis , 2017, Comput. J..

[3]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[4]  Aleksander Berentsen Aleksander Berentsen Recommends “Bitcoin: A Peer-to-Peer Electronic Cash System” by Satoshi Nakamoto , 2019, 21st Century Economics.

[5]  Wil M. P. van der Aalst,et al.  Fundamentals of control flow in workflows , 2003, Acta Informatica.

[6]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[7]  Aron Laszka,et al.  Tool Demonstration: FSolidM for Designing Secure Ethereum Smart Contracts , 2018, POST.

[8]  Takaaki Tateishi,et al.  Automatic smart contract generation using controlled natural language and template , 2019, IBM J. Res. Dev..

[9]  Hiroaki Nakamura,et al.  Inter-organizational Business Processes Managed by Blockchain , 2018, WISE.

[10]  Marlon Dumas,et al.  Optimized Execution of Business Processes on Blockchain , 2016, BPM.

[11]  Jorge Cuéllar,et al.  Securing Emergent IoT Applications , 2018, SETSS.

[12]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[13]  Aron Laszka,et al.  Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach , 2017, Financial Cryptography.

[14]  Thomas Freytag,et al.  WoPeD - An Educational Tool for Workflow Nets , 2014, BPM.

[15]  Jorge Cuéllar,et al.  Workflow-Aware Security of Integrated Mobility Services , 2018, ESORICS.

[16]  Wil M.P. van der Aalst,et al.  YAWL: yet another workflow language , 2005, Inf. Syst..

[17]  Vijayalakshmi Atluri,et al.  A Petri net based safety analysis of workflow authorization models^1 , 2000 .

[18]  Wil M. P. van der Aalst,et al.  The Application of Petri Nets to Workflow Management , 1998, J. Circuits Syst. Comput..

[19]  Melanie Swan,et al.  Blockchain: Blueprint for a New Economy , 2015 .

[20]  Arvind Narayanan,et al.  Bitcoin and Cryptocurrency Technologies - A Comprehensive Introduction , 2016 .

[21]  Ekkart Kindler,et al.  The Petri Net Markup Language , 2003, Petri Net Technology for Communication-Based Systems.

[22]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[23]  Kjeld Høyer Mortensen Automatic Code Generation Method Based on Coloured Petri Net Models Applied on an Access Control System , 2000, ICATPN.

[24]  C. A. Petri Communication with automata , 1966 .

[25]  Jorge Cuéllar,et al.  Securing the Integrity of Workflows in IoT , 2018, EWSN.

[26]  David Metcalf,et al.  The DAO Hacked , 2021, Blockchain Enabled Applications.

[27]  Nazir Ahmad Zafar,et al.  Transformation of Activity Diagram into Coloured Petri Nets Using Weighted Directed Graph , 2016, 2016 International Conference on Frontiers of Information Technology (FIT).

[28]  Stephan Philippi,et al.  Automatic code generation from high-level Petri-Nets for model driven systems engineering , 2006, J. Syst. Softw..

[29]  Vijayalakshmi Atluri,et al.  An Authorization Model for Workflows , 1996, ESORICS.

[30]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[31]  Abhishek Dubey,et al.  VeriSolid: Correct-by-Design Smart Contracts for Ethereum , 2019, Financial Cryptography.

[32]  Lars Michael Kristensen,et al.  Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems , 2007, International Journal on Software Tools for Technology Transfer.

[33]  Konstantin Knorr,et al.  Dynamic access control through Petri net workflows , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[34]  Moe Thandar Wynn,et al.  Soundness of workflow nets: classification, decidability, and analysis , 2011, Formal Aspects of Computing.