SANER 2019 Workshops
Workshops of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER)
Powered by
Conference Publishing Consulting

2019 IEEE 2nd International Workshop on Blockchain Oriented Software Engineering (IWBOSE), February 24, 2019, Hangzhou, China

IWBOSE 2019 – Proceedings

Contents - Abstracts - Authors

2019 IEEE 2nd International Workshop on Blockchain Oriented Software Engineering (IWBOSE)

Frontmatter

Title Page


Message from the Chairs
Welcome to the 2nd International Workshop on Blockchain Oriented Software Engineering (IWBOSE2019). The workshop is co-lacated with SANER 2019 and will be held on the 24th of February in Hangzhou, China. The workshop aims at gathering together researchers from the academia and from the industry to focus on the new challenges posed by the new software technology supporting the various Blockchains infrastructure. The Workshop’s goal is to gather together practitioners and researchers to discuss on progresses on the research and on the practical usage of Blockchain technologies and smart contracts, focusing on the application and definition of software engineering principles and practices specific for such software technology, and for the technologies relying on it. Motivations for this workshop are the ever-increasing interest both in the research community and in the industry on Blockchain and smart contracts principles and applications, being the management of cryptocurrencies the most popular topic. These novelties call for specific tools, paradigms, principles, approaches and research to deal with it and for a specific Blockchain Oriented Software Engineering (BOSE).

General Modeling

Potential Risks of Hyperledger Fabric Smart Contracts
Kazuhiro Yamashita, Yoshihide Nomura, Ence Zhou, Bingfeng Pi, and Jun Sun
(Fujitsu Labs, Japan; Fujitsu, China)
Blockchain is a decentralized ledger technology, and it is the technology underlying Bitcoin and Ethereum. The interest in blockchain has been increasing since its emergence. Hyperledger Fabric is one of the permissioned blockchain frameworks. One of the characteristics of Hyperledger Fabric is it utilizes general-purpose programming languages, e.g., Go, Node.js, and Java, to implement smart contracts (called chaincode in Hyperledger Fabric). The advantages of utilizing these languages are already known to potential developers, and development tools might already exist. However, one of the disadvantages is that these languages were not originally designed for writing smart contracts. Hence, there may be risks that developers do not need to consider when using specific languages such as Solidity of Ethereum. Furthermore, even though development tools exist, how many risks are covered by the tools is an open question. In this paper, we focus on Go language and the tools. First, we surveyed what kind of risks are associated with chaincodes are developed using Go language and observed there are 14 potential risks. Then, we investigated how many risks can be covered by Go tools, e.g., golint and gosec, and a vulnerability detection tool for chaincodes called Chaincode Scanner. From our results, we observed that some risks are not covered by the existing tools. Hence, we develop a detection tool to cover risks by static analysis. Finally, in this paper, we describe how to find the risks with our tool and evaluate the usefulness.

Formal Modeling and Verification of a Federated Byzantine Agreement Algorithm for Blockchain Platforms
Junghun Yoo, Youlim Jung, Donghwan ShinORCID logo, Minhyo Bae, and Eunkyoung Jee
(University of Oxford, UK; KAIST, South Korea; University of Luxembourg, Luxembourg; BlockchainOS, South Korea)
A blockchain is a type of distributed ledger that can record transactions between parties in a verifiable and permanent manner. Each node contains its ledger, and the contents of each ledger are maintained to be the same by a consensus algorithm. It is essential to ensure the safety and liveness of the consensus algorithms in blockchain platforms. The Stellar Consensus Protocol (SCP), which is a consensus algorithm for the Stellar cryptocurrency using the blockchain, is utilized for the federated Byzantine agreement. The quorum configuration is one of the essential factors for ensuring the safety and liveness of the SCP; however, it has been rarely studied. In this study, we model the SCP with timed automata and verify the model using a model checking technique, with the purpose of investigating and evaluating the SCP. Through the modeling and verification of the SCP, we could check whether a certain quorum configuration ensures consensus or not, before execution on an actual network. We present several abstraction techniques that help in coping with the extremely large state space of the SCP model in formal verification. The proposed modeling and verification techniques can be utilized for other consensus protocols of various blockchain platforms using the Byzantine agreement.

Implementing a Microservices System with Blockchain Smart Contracts
Roberto Tonelli, Maria Ilaria Lunesu, Andrea Pinna, Davide Taibi, and Michele Marchesi
(University of Cagliari, Italy; Tampere University of Technology, Finland)
Blockchain technologies and smart contracts are becoming mainstream research fields in computer science and researchers are continuously investigating new frontiers for new applications. Likewise, microservices are getting more and more popular in the latest years thanks to their properties, that allow teams to slice existing information systems into small and independent services that can be developed independently by different teams. A symmetric paradigm applies to smart contracts as well, which represent well defined, usually isolated, executable programs, typically implementing simple and autonomous tasks with a well defined purpose, which can be assumed as services provided by the Contract. In this work we analyze a concrete case study where the microservices architecture environment is replicated and implemented through an equivalent set of smart contracts, showing for the first time the feasibility of implementing a microservices-based system with smart contracts and how the two innovative paradigms match together. Results show that it is possible to implement a simple microservices-based system with smart contracts maintaining the same set of functionalities and results. The result could be highly beneficial in contexts such as smart voting, where not only the data integrity is fundamental but also the source code executed must be trustable

Blockchain Applications

On Comparing Software Quality Metrics of Traditional vs Blockchain-Oriented Software: An Empirical Study
Marco Ortu, Matteo Orrù, and Giuseppe Destefanis
(University of Cagliari, Italy; University of Milano-Bicocca, Italy; Brunel University London, UK)
Driven by the surge of interest generated around blockchain technologies over the last years, a new category of systems, called Blockchain-Oriented Software (BOS), which are strictly tied to Blockchain distributed environment, has become increasingly popular. Yet, there is not a thorough understanding of their structure and behaviour and if and to which extent they differ from traditional software systems. The present work provide a first statistical characterisation of BOS. We analysed and compared 5 C++ open source Blockchain-Oriented and 5 Traditional Java software systems, aiming at detecting potential differences between the two categories of projects, and specifically in the statistical distribution of 10 software metrics. Although, in general, the statistical distributions for Traditional software and Blockchain software show similarities, the distribution of Average Cyclomatic and Ration Comment To Code metrics reveal significant differences in their queue, whereas the Number of Statements metric shows meaningful differences on the double Pareto distribution.

Alternative Fundraising: Success Factors for Blockchain-Based vs. Conventional Crowdfunding
Felix Hartmann, Gloria Grottolo, Xiaofeng Wang, and Maria Ilaria Lunesu
(Free University of Bolzano, Italy; University of Cagliari, Italy)
Blockchain-based crowdfunding is an emerging economic phenomenon and a state-of-the-art strategy to financeventures. It bears similarity to conventional crowdfunding, buthas its own unique characteristics. Therefore the success factorsthat affect the outcome of traditional crowdfunding may have adifferent impact on blockchain-based crowdfunding campaigns. Despite that the number of blockchain-based crowdfundingcampaigns has increased drastically in the past few years, there is a lack of good understanding of what are the success factors for them in comparison to conventional crowdfunding ones. Such understanding is crucial for new ventures or entrepreneurs to design their blockchain-based fundraising initiatives properly and facilitate potential investors to seek main signals and driver sof outstanding projects. Furthermore it could help regulators and market participants to understand how the existing crowdfunding regulatory framework applies to blockchain-based crowdfunding. Due to specific characteristics of blockchain-based crowdfunding, regulatory frameworks may require potential interpretation or re-consideration of requirements to allow an effective application of regulations. To fill this knowledge gaps, we have reviewed a set of relevant literature on success factors for conventional and blockchain-based crowdfunding. The result of this literature review sheds light on the directions for future research and development. The contribution of our work is a better understanding of the distinctions and similarities of blockchain-based crowdfunding compared to traditional crowdfunding.

Presenting Tendermint: Idiosyncrasies, Weaknesses, and Good Practices
Andy Amoordon and Henrique RochaORCID logo
(Inria, France; University of Antwerp, Belgium)
In this paper, we present Tendermint: a Byzantine Fault Tolerant (BFT) application-based blockchain. We show that Tendermint promotes another perception of blockchain programming. Unlike Ethereum which is a blockchain holding many applications, Tendermint proposes to have one application per blockchain. We discuss the idiosyncrasies of Tendermint and how it could, potentially, ease blockchain programming and improve performance. We finish by showing weaknesses of Tendermint, good practices to adopt to hinder security attacks when handling Tendermint nodes, and some potential adjustments in the IBC protocol — an interoperability protocol designed for Tendermint. Our goal is to introduce Tendermint by showing its main characteristics over traditional blockchain platforms such as Bitcoin or Ethereum.

A Privacy-Preserving E-Commerce System Based on the Blockchain Technology
Yiming Jiang, Chenxu Wang, Yawei Wang, and Lang Gao
(Xi'an Jiaotong University, China)
With the increasing popularity of online shopping, privacy concerns in E-commerce are attracting more and more attention. Existing E-commerce models are trapped in a dilemma between the proof of ownership and privacy protection. To address this issue, in this paper we design a privacy-preserving business protocol by employing private smart contracts in the negotiation phase. The protocol allows counterparties make deals without the disclosure of private information such as identities, addresses, and phone numbers. Moreover, we employ the zero-knowledge proof to guarantee the ownership. To understand the feasibility for implementing the proposed model, we also conduct extensive experiments to evaluate the performance of existing blockchain development platforms, Ethereum Quorum and SERO.

proc time: 0.53