News.EOS.WiKi Bilingual News & Info Of EOS

#BuiltOnEOSIO:FireWall.X降低APP攻击风险/#BuiltOnEOSIO: FireWall.X Mitigates the Risk of Attacks for Apps

#


译文/Translated:

对大多数而言,“防火墙(Firewall)”是一个不受欢迎的词汇,它暗含着审查、禁止访问和线上自由的缩减。而对于EOSIO开发人员而言,FireWall.X却是一款有用的工具,而非一道网络难题,因为该平台开始保护在EOSIO之上构建的智能合约,使之免受恶意入侵和网络威胁的侵害,从而有助于EOS整体生态系统的健康发展。我们与SlowMist Technology Co.的产品经理Zhong Qifu探讨了“世界上首款智能合约防火墙”如何保卫所有EOS应用的安全。

您如何描述这一项目?


Where did your initial idea come from?

Zhong Qifu:FireWall.X是一款为智能合约打造的强大且实用的防火墙,它也是世界上首款用于智能合约的防火墙。与操作系统使用的用以控制网络流量的传统防火墙类似,FireWall.X也能够控制内联操作,阻止未授权操作访问智能合约。而与oracle技术联用也有利于风险管理,防止黑客盗窃智能合约中的账户信息。对于开发人员而言,FireWall.X让他们的开发过程变得更加简便,因为他们需要做的仅仅只是将智能合约的安全执行文件输入他们自身的代码中,此后他们便能够创建一个更具防御性,抵御网络攻击的智能合约,所有一切都不用花费一分钱。

您最初如何想到这个创意的?

Zhong Qifu:2018年下半年,我们对入侵智能合约的不同方式进行了一些研究,而后发现这方面问题的主要痛点和挑战在于智能合约的安全防御。我们进行了许多的集体讨论,其中一次会议中,我们团队的一位网络安全研究员提出了FireWall.X的建议,这就自然引导我们创建了这个项目。我们团队的专家们也主攻网络安全技术,这也是为什么我们选择首先关注这一方面。

您能介绍一下您的团队吗?是什么让您的团队如此出众?

Zhong Qifu:我们团队在网络完全方面有着深远的知识和背景。团队中众多成员都来自技术巨头,例如:谷歌、微软、W3C、腾讯、阿里巴巴和百度等,他们的部分项目成就在Black Hat Briefings(全世界最著名的信息安全大会)上获得了表彰。目前为止,我们提供了众多以EOS为基础的去中心化交易、钱包,并为智能合约开发人员提供安全审核服务。我们的客户包括WhaleEx、Newdex、Chaince、MORE.TOP Wallet、MEET.ONE等。2018年6月,公共网络推出时,我们团队编辑了一本名为“EOS BP节点安全检查清单”的指南,旨在为社区成员提供智能合约安全支持。接下来的九月,我们利用自身智能合约安全审核的经验,打造了“最佳实践”指南,用以确保EOS智能合约的安全实施。

项目目前处于哪一阶段,您有什么发展计划吗?

Zhong Qifu:目前,FireWall.X的完整功能包括恶意账户筛查、黑名单和白名单管理、统计分析、活动日志以及恶意转账探测。这些都在一个便于用户使用的平台上供以开发人员使用。未来我们将推出实时的统计数据面板,并结合一款链下分析工具提供风险管理功能。简单而言,这些功能和工具能让app及时封锁攻击,以此降低用户的财务损失。

您为何选用区块链技术,又为何选定了EOSIO?

Zhong Qifu:区块链技术非常棒,它拥有不可模仿和责任等优势,这便确保了过程中不会出现数据损害。区块链也可以改进身份验证和数据授权,大幅度提升威胁情报分享的效率。这也是我们项目的特点,因为它的重点在于抵御网络攻击。至于选择EOSIO,是因为它速度快且易于使用。自公共网络推出以来,我们持续见证了EOSIO协议之上构建了越来越多的app,这让我们对EOSIO生态系统有着很高的期待。

自FireWall X推行才三个月的时间,但我们已经收到了很多来自EOS社区成员的正向反馈。目前为止,我们已使用FireWall.X成功获得了23个项目。目前,我们在为众多app提供保护,使其免于遭受网络攻击,并已经成功封锁了大量的智能合约入侵活动。

更多FireWall.X的信息请访问:https://FireWallx.io/index-en.html

持续关注EOSIO亮点系列故事,我们将重点讲述在我们平台之上构建的真实且非凡的项目。若您也有项目想要与我们分享,请发送邮件至:spotlight@block.one

开发者关系团队

免责声明

Block.one是一件软件公司,其制作的EOSIO软件是一个免费的开源性协议。除了其他事务之外,此软件也能让使用人员推出各种功能的区块链或去中心化应用程序。更多信息请访问以下链接查询: https://github.com/eosio。Block.one不为任何想要在即将实施或落成的任一EOSIO平台之上担任区块制作者的人员提供财务支持。

Block.one不会推出任何基于EOSIO软件的初始公共区块链。第三方、社区和/或想要成为区块制作者的人将独立承担责任,以各自所选的方式启用和实施带有其所选功能并提供其所选服务的EOSIO。Block.one不为任何人启用或实施特定功能或提供特定服务提供保证,也不保证该EOSIO软件的启用和执行的方式。

即便在文章中有所提及,也不代表Block.one支持任一第三方或其产品/服务。无论文章中是直接使用或合并引用,Block.one都不对任何关联内容或第三方提供的内容信息负责。

请注意,此处的陈述是对Block.one愿景的描述,并不构成对任何事物的保证。虽然我们会努力实现这一愿景,但Block.one有独立裁量权,可单独决定其各个方面的改变。我们将其称之为“前瞻性陈述”,这包括本文件中的陈述,而非对历史事实的陈述,例如Block.one商务战略、计划、前进、发展及目标等的陈述。这些陈述仅为预测,并反映了Block.one当前的信念以及对未来时间的期盼;它们是基于假设而进行的陈述,随时受到风险、不确定性以及变化的影响。

我们处于一个快速变化的环境当中。新的风险时有发生。由于这些风险和不确定性,请务必注意,不要依赖前瞻性陈述。部分因素可能导致实质性后果,使业绩或事件实质性区别于前瞻性陈述内容,这些因素包括且不限于:市场波动、资本的支出可使用性、融资、员工、产品验收、新产品或技术的商业成功、竞争、政府管制和法律以及普通经济、市场或商业条件。

所有陈述仅自首次发表之后开始生效,并且Block.one无责任并且明确地免责于更新或替代性陈述,无论其是作为新信息的结果、后续事件或其他性质存在。无论是普通内容或是针对特定场景或执行的内容,皆不构成技术、金融、投资、法务或其他性质的建议。请在执行或使用本文件的任何信息之前咨询相关领域的专家。

此间陈述的意见或信息由其作者单独所有,并非必然地反映出Block.one或其他Block.one员工的立场、观点或建议。

原文/Original:

To most people, the word ‘firewall’ is an unwelcome term, implying censorship, lack of access, and the curtailment of online freedom. For EOSIO developers, however, FireWall.X is more likely to be a helpful tool rather than a cyber obstacle, because the platform sets out to protect smart contracts built on EOSIO from malicious hacks and cyber threats, in turn contributing to the health of the overall EOS ecosystem. We spoke to Zhong Qifu, Product Manager at SlowMist Technology Co. (the company behind FireWall.X), about how “the world’s first firewall for smart contracts” intends to be the security guardian of all EOS applications.

How would you describe your project?

Zhong Qifu: FireWall.X is a powerful and practical firewall for smart contracts — it is also the world’s first firewall for smart contracts. Similar to traditional firewalls for operating systems which control network traffic, FireWall.X can also execute control over inline actions and prevent unauthorized access to smart contracts. Used in combination with oracle technology, there is the added benefit of risk management, which will help prevent hackers from obtaining any account information contained in smart contracts. For developers, FireWall.X makes their development process a lot easier, since all they need to do is to directly import our smart contract security enforcement document into their own code, after which they will be able to create a smart contract that is more resistant against cyber attacks — all at zero cost.

Where did your initial idea come from?

Zhong Qifu: In the latter half of 2018, we conducted some research into the many different ways one could carry out smart contract hacks, and discovered some of the major pain points and challenges surrounding the safety precautions of smart contracts. Following one of our many brainstorming sessions, a cybersecurity researcher on our team proposed the idea of FireWall.X, which naturally led us to the creation of this project. Our team’s expertise also lies mainly in cybersecurity technology, which is why we chose to focus on this aspect in the first place.

Can you introduce your team and tell us what makes it special?

Zhong Qifu: Our team possesses deep expertise and experience in cybersecurity-related matters. Many of our members have worked at eminent tech corporations such as Google, Microsoft, W3C, Tencent, Alibaba, Baidu etc., and some of their project achievements have been featured at the Black Hat Briefings — one of the most well-attended information security conferences in the world. So far, we have provided many EOS-based decentralized exchanges, wallets, and smart contract developers with security audits. Our clients include WhaleEx, Newdex, Chaince, MORE.TOP Wallet, MEET.ONE etc. When the public network launched in June 2018, our team compiled a guide titled “EOS BP Nodes Security Checklist”, aimed at providing community members with smart contract security support. In the following September, we utilized our experience in carrying out smart contract security audits to create a ‘Best Practice’ guide on ensuring the secure implementation of EOS smart contracts.

What stage is the project at and what are your plans for scaling up?

Zhong Qifu: At present, some of the fully functioning features of FireWall.X include malicious account screening, blacklist and whitelist management, statistical analysis, activity logging, as well as malicious transfer detection. These are all provided on a user-friendly platform for developers. Down the line, we will be launching a real-time statistical panel, as well as introducing risk management features in combination with an off-chain analysis tool. In a nutshell, these features and tools would enable apps to block off attacks in a timely manner, thus reducing the financial loss of users.

Why did you decide to use blockchain technology, and specifically EOSIO?

Zhong Qifu: Blockchain technology is superior in that it offers the benefits of immutability and accountability, which ensure that no data can be tampered with in the process. Blockchain can also improve identity verification and data authorization, which helps massively with elevating the efficiency of threat intelligence sharing. This is especially pertinent to our project, as it is centered on preventing cyber attacks. As for choosing to build on EOSIO, that’s because it is fast and easy to use. Since the launch of the public network, we have continuously seen a growing number of apps developing on the EOSIO protocol — this gives us high hopes for the EOSIO ecosystem.

It has only been three months since FireWall.X has gone live, but we have already seen lots of positive responses to our project among members of the EOS community. So far, we have managed to get 23 projects on board with implementing FireWall.X. As of now, we have successfully blocked off a large volume of smart contract hacks, in the process protecting many apps from cyber attacks.

More information on FireWall.X available on https://FireWallx.io/index-en.html


Stay tuned to our EOSIO Spotlight series where we’ll highlight some of the truly exceptional projects being built on our platform. If you have a project you’d like to share with us, please email spotlight@block.one.

-Developer Relations team


Disclaimer

Block.one is a software company that is producing the EOSIO software as a free, open-source protocol. This software may, among other things, enable those who deploy it to launch a blockchain, or decentralized applications with various features. For more information, please visit https://github.com/eosio. Block.one does not provide financial support to anyone seeking to become a block producer on any version of the EOSIO platform that may be adopted or implemented.

Block.one will not be launching any of the initial public blockchains based on the EOSIO software. It will be the sole responsibility of third parties, the community, and/or those who wish to become block producers, to adopt and implement EOSIO in the manner they choose, with the features they choose, and/or providing the services they choose. Block.one does not guarantee that anyone will adopt or implement such features, or provide such services, or that the EOSIO software will be adopted and implemented in any way.

Block.one does not endorse any third party or its products or services, even if they are mentioned herein. Block.one is not responsible for any linked content or content provided by third parties, whether used directly or incorporated into this document.

Please note that the statements herein are an expression of Block.one’s vision, not a guarantee of anything. While we will try to make that vision come true, all aspects of it are subject to change in all respects at Block.one’s sole discretion. We call these “forward looking statements”, which includes statements in this document, other than statements of historical facts, such as statements regarding Block.one’s business strategy, plans, prospects, developments and objectives. These statements are only predictions and reflect Block.one’s current beliefs and expectations with respect to future events; they are based on assumptions and are subject to risk, uncertainties and change at any time.

We operate in a rapidly changing environment. New risks emerge from time to time. Given these risks and uncertainties, you are cautioned not to rely on these forward-looking statements. Actual results, performance or events may differ materially from what is predicted in the forward-looking statements. Some of the factors that could cause actual results, performance or events to differ materially from the forward-looking statements include, without limitation: market volatility; continued availability of capital, financing and personnel; product acceptance; the commercial success of any new products or technologies; competition; government regulation and laws; and general economic, market or business conditions.

All statements are valid only as of the date of first posting and Block.one is under no obligation to, and expressly disclaims any obligation to, update or alter any statements, whether as a result of new information, subsequent events or otherwise. Nothing herein constitutes technological, financial, investment, legal or other advice, either in general or with regard to any particular situation or implementation. Please consult with experts in appropriate areas before implementing or utilizing anything contained in this document.

The ideas and information expressed herein are solely those of the author and do not necessarily reflect the positions, views or advice of Block.one or any other employee of Block.one.

原文链接/Original URL:

https://medium.com/@eosio/builtoneosio-firewall-x-mitigates-the-risk-of-attacks-for-apps-5ead07941b7c

About the author

By user
News.EOS.WiKi Bilingual News & Info Of EOS

Recent Posts