The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Best Practices for Smart Contract Security Hyperledger Fabric. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report aims at providing C-level executives and other stakeholders with an overview of the benefits, challenges, and opportunities for deploying smart contracts within an organization.
Specifically, the paper provides an overview of the hyperledger smart contract ecosystem, the why’s, when’s, and how’s of threat modeling when working with smart contracts, an overview of common vulnerabilities, and guidance on best security practices. It also includes an Accord Project hyperledger fabric and trade finance use case.
“Smart contracts offer some of the highest level of encryption currently available, meaning users can be confident in the security and authenticity of their transactions,” said Hillary Baron, research analyst and program manager, Cloud Security Alliance. “Increasing numbers of enterprises are taking advantage of the myriad benefits smart contracts afford, however, as these contracts become more detailed and robust, the more surface area is exposed to risk. It’s imperative, therefore, that practitioners deploying legal smart contracts should understand the risks associated with their execution.”
Smart contracts, essentially business logic running on a blockchain, can be as simple as a data update or as complex as executing a contract with attached conditions, and can be divided into two types, namely those that:
- install business logic on validators in the network before the network is launched
- deploy business logic as a transaction committed to the blockchain and then called by subsequent transactions. With these on-chain smart contracts, the code that defines the business logic becomes part of the ledger.
After reading the paper, stakeholders, including C-level executives interested in learning more about the corporate benefits of smart contracts and technologists responsible for deploying hyperledger-based smart contract solutions, will have a deeper understanding of the many legal, regulatory, and security considerations that must be considered when using any smart contract.
The Blockchain/Distributed Ledger Working Group works to produce useful content to educate different industries on blockchain and its proper use, as well as define blockchain security and compliance requirements based upon different industries and use cases. Individuals interested in becoming involved in Blockchain/Distributed Ledger future research and initiatives are invited to join the working group.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA’s activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem.