First Step Designed for Smart Contract Security
As the blockchain technology has become more widespread, the presence of security-related vulnerabilities has also become increasingly apparent. In particular, with regard to smart contracts, *3 one of a constituent element of services using the blockchain, a cyberattack carried out on any vulnerable programs could lead to major threats or even to actual damage*4 by causing services to behave differently than originally intended.
In response to these issues, NRI Secure has systematized its accumulated knowledge and insights in the form of the “Blockchain Assessment” service. As its first step, NRI Secure will be launching the security assessment service for smart contracts. The service performs assessment from the dual perspectives of static analysis, which carefully analyzes a program, and dynamic analysis, which involves simulating a real attack, in order to identify vulnerabilities.
More assessment menus for other constituent elements of the blockchain will be added in the future. (2 to 4 in the overview diagram). This service is only available in English and Japanese.
NRI Secure continues to provide a variety of products and services for supporting companies and organizations in their information security measures, and to contribute to the creation of a safe information system environment and society on a global scale.
|*1||First-ever in Japan: This is the first security assessment service designed specifically for the blockchain to be provided by a medium- or large-scale security vendor in Japan (according to NRI Secure research).|
|*2||Blockchain technology: A technology which achieves a distributed consensus among its participants and makes it possible to manage audit trails for all transactions, without the intervention of a trusted third party. Given such features as its ability to make falsifying data extremely difficult, its near-zero downtime, its lack of a centralized manager, and its high transaction performance, the blockchain has been lauded for being inexpensive to develop and for its potentially broad application as a way for companies to exchange information. These features have led to expectations that the blockchain can be used not only for cryptocurrencies such as Bitcoin, but as a circulation platform for transactions involving various asset types. Furthermore, this technology is also gaining notice for its potential use in the recording and storage of more common types of contracts, as well as in automatic contract execution.|
|*3||Smart contracts: This refers to contracts which are programmed and can be automatically executed. A smart contract is arranged with the execution conditions and contractual terms prescribed in advance, such that the contract is automatically executed when a transaction occurs matching said conditions. Smart contracts are being considered for use in securities settlements, real property transactions, the sharing economy, and numerous other fields that involve contracts.|
|*4||Actual damage: “The DAO Incident” occurred on June 17, 2016. Funds (virtual currency) held by “The DAO,” a virtual corporation established by a Germany-based venture capital company, were transmitted to a cyber-attacker who had exploited vulnerabilities in The DAO’s smart contract programming code.|
|*5||DApps: This abbreviation stands for Decentralized Applications, and refers to applications that are decentralized and distributed. They are said to enable the use of highly-reliably, low-cost applications via blockchain technology, without the need for a centralized system manager.|
NRI SecureTechnologies is a subsidiary of Nomura Research Institute (NRI) specializing in Cybersecurity, and a leading global provider of next-generation managed security services and security consulting. Established in 2000, NRI SecureTechnologies is focused on delivering high-value security outcomes for our clients with the precision and efficiency that define Japanese quality.
“Blockchain Assessment” Service
- Supported platforms: Ethereum, Hyperledger Fabric
*Additional platforms will be supported at a later time.
- Supported languages: Solidity, Go, Java
*Please contact us regarding any other languages.
- Price: Estimates will be provided on an individual basis.