VDABSys: A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection

Jinfu Chen; Qiaowei Feng; Saihua Cai; Dengzhou Shi; Dave Towey; Yuhao Chen; Dongjie Wang

doi:10.1007/978-3-031-64948-6_15

VDABSys: A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection

Jinfu Chen, Qiaowei Feng, Saihua Cai, Dengzhou Shi, Dave Towey, Yuhao Chen, Dongjie Wang

School of Computer Science

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

Abstract

Blockchain technology is a popular solution for secure transactions in untrusted networks. However, with the growing number of blockchain applications, how to ensure the security of the blockchain system itself has become an urgent problem. In this paper, we propose a novel security-testing framework for blockchain systems based on a vulnerability-detection model. Our study involves an analysis and comparison with existing software-vulnerability analysis methods. Our framework first addresses each factor that impacts the security of the blockchain system, with a vulnerability attack graph being constructed using model-checking to describe the complete exploitation process of system vulnerabilities. Reliability Theory is used to quantitatively assess the vulnerability attack graph of the blockchain system, thereby providing a theoretical basis for evaluating its security. Finally, we verify the effectiveness and feasibility of the proposed security-testing framework for blockchain systems on an e-voting election blockchain system. The results from our extensive experiments show that our proposed method outperforms other formal-verification-based methods for detecting blockchain vulnerabilities, and also provides a scientific and reliable assessment of blockchain system security.

Original language	English
Title of host publication	Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings
Editors	Haixin Duan, Mourad Debbabi, Xavier de Carné de Carnavalet, Xiapu Luo, Man Ho Allen Au, Xiaojiang Du
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	287-305
Number of pages	19
ISBN (Print)	9783031649479
DOIs	https://doi.org/10.1007/978-3-031-64948-6_15
Publication status	Published - 2025
Event	19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023 - Hong Kong, China Duration: 19 Oct 2023 → 21 Oct 2023

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	567 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023
Country/Territory	China
City	Hong Kong
Period	19/10/23 → 21/10/23

Keywords

Blockchain system
Formal theory
Reliability theory
Vulnerability attack graph
Vulnerability detection model

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-031-64948-6_15

Cite this

Chen, J., Feng, Q., Cai, S., Shi, D., Towey, D., Chen, Y., & Wang, D. (2025). VDABSys: A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection. In H. Duan, M. Debbabi, X. de Carné de Carnavalet, X. Luo, M. H. A. Au, & X. Du (Eds.), Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings (pp. 287-305). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 567 LNICST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-64948-6_15

Chen, Jinfu ; Feng, Qiaowei ; Cai, Saihua et al. / VDABSys : A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection. Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. editor / Haixin Duan ; Mourad Debbabi ; Xavier de Carné de Carnavalet ; Xiapu Luo ; Man Ho Allen Au ; Xiaojiang Du. Springer Science and Business Media Deutschland GmbH, 2025. pp. 287-305 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{02a7857fd0624eab91ce833a3238d5ef,

title = "VDABSys: A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection",

abstract = "Blockchain technology is a popular solution for secure transactions in untrusted networks. However, with the growing number of blockchain applications, how to ensure the security of the blockchain system itself has become an urgent problem. In this paper, we propose a novel security-testing framework for blockchain systems based on a vulnerability-detection model. Our study involves an analysis and comparison with existing software-vulnerability analysis methods. Our framework first addresses each factor that impacts the security of the blockchain system, with a vulnerability attack graph being constructed using model-checking to describe the complete exploitation process of system vulnerabilities. Reliability Theory is used to quantitatively assess the vulnerability attack graph of the blockchain system, thereby providing a theoretical basis for evaluating its security. Finally, we verify the effectiveness and feasibility of the proposed security-testing framework for blockchain systems on an e-voting election blockchain system. The results from our extensive experiments show that our proposed method outperforms other formal-verification-based methods for detecting blockchain vulnerabilities, and also provides a scientific and reliable assessment of blockchain system security.",

keywords = "Blockchain system, Formal theory, Reliability theory, Vulnerability attack graph, Vulnerability detection model",

author = "Jinfu Chen and Qiaowei Feng and Saihua Cai and Dengzhou Shi and Dave Towey and Yuhao Chen and Dongjie Wang",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2025.; 19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023 ; Conference date: 19-10-2023 Through 21-10-2023",

year = "2025",

doi = "10.1007/978-3-031-64948-6_15",

language = "English",

isbn = "9783031649479",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "287--305",

editor = "Haixin Duan and Mourad Debbabi and {de Carn{\'e} de Carnavalet}, Xavier and Xiapu Luo and Au, {Man Ho Allen} and Xiaojiang Du",

booktitle = "Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings",

address = "Germany",

}

Chen, J, Feng, Q, Cai, S, Shi, D, Towey, D, Chen, Y & Wang, D 2025, VDABSys: A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection. in H Duan, M Debbabi, X de Carné de Carnavalet, X Luo, MHA Au & X Du (eds), Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 567 LNICST, Springer Science and Business Media Deutschland GmbH, pp. 287-305, 19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023, Hong Kong, China, 19/10/23. https://doi.org/10.1007/978-3-031-64948-6_15

VDABSys: A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection. / Chen, Jinfu; Feng, Qiaowei; Cai, Saihua et al.
Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. ed. / Haixin Duan; Mourad Debbabi; Xavier de Carné de Carnavalet; Xiapu Luo; Man Ho Allen Au; Xiaojiang Du. Springer Science and Business Media Deutschland GmbH, 2025. p. 287-305 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 567 LNICST).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - VDABSys

T2 - 19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023

AU - Chen, Jinfu

AU - Feng, Qiaowei

AU - Cai, Saihua

AU - Shi, Dengzhou

AU - Towey, Dave

AU - Chen, Yuhao

AU - Wang, Dongjie

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2025.

PY - 2025

Y1 - 2025

N2 - Blockchain technology is a popular solution for secure transactions in untrusted networks. However, with the growing number of blockchain applications, how to ensure the security of the blockchain system itself has become an urgent problem. In this paper, we propose a novel security-testing framework for blockchain systems based on a vulnerability-detection model. Our study involves an analysis and comparison with existing software-vulnerability analysis methods. Our framework first addresses each factor that impacts the security of the blockchain system, with a vulnerability attack graph being constructed using model-checking to describe the complete exploitation process of system vulnerabilities. Reliability Theory is used to quantitatively assess the vulnerability attack graph of the blockchain system, thereby providing a theoretical basis for evaluating its security. Finally, we verify the effectiveness and feasibility of the proposed security-testing framework for blockchain systems on an e-voting election blockchain system. The results from our extensive experiments show that our proposed method outperforms other formal-verification-based methods for detecting blockchain vulnerabilities, and also provides a scientific and reliable assessment of blockchain system security.

AB - Blockchain technology is a popular solution for secure transactions in untrusted networks. However, with the growing number of blockchain applications, how to ensure the security of the blockchain system itself has become an urgent problem. In this paper, we propose a novel security-testing framework for blockchain systems based on a vulnerability-detection model. Our study involves an analysis and comparison with existing software-vulnerability analysis methods. Our framework first addresses each factor that impacts the security of the blockchain system, with a vulnerability attack graph being constructed using model-checking to describe the complete exploitation process of system vulnerabilities. Reliability Theory is used to quantitatively assess the vulnerability attack graph of the blockchain system, thereby providing a theoretical basis for evaluating its security. Finally, we verify the effectiveness and feasibility of the proposed security-testing framework for blockchain systems on an e-voting election blockchain system. The results from our extensive experiments show that our proposed method outperforms other formal-verification-based methods for detecting blockchain vulnerabilities, and also provides a scientific and reliable assessment of blockchain system security.

KW - Blockchain system

KW - Formal theory

KW - Reliability theory

KW - Vulnerability attack graph

KW - Vulnerability detection model

UR - http://www.scopus.com/inward/record.url?scp=85207532043&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-64948-6_15

DO - 10.1007/978-3-031-64948-6_15

M3 - Conference contribution

AN - SCOPUS:85207532043

SN - 9783031649479

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 287

EP - 305

BT - Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings

A2 - Duan, Haixin

A2 - Debbabi, Mourad

A2 - de Carné de Carnavalet, Xavier

A2 - Luo, Xiapu

A2 - Au, Man Ho Allen

A2 - Du, Xiaojiang

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 19 October 2023 through 21 October 2023

ER -

Chen J, Feng Q, Cai S, Shi D, Towey D, Chen Y et al. VDABSys: A Novel Security-Testing Framework for Blockchain Systems Based on Vulnerability detection. In Duan H, Debbabi M, de Carné de Carnavalet X, Luo X, Au MHA, Du X, editors, Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 287-305. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-031-64948-6_15