@inproceedings{lekssays2022malrec,
title={MalRec: A Blockchain-based Malware Recovery Framework for Internet of Things},
author={Lekssays, Ahmed and Sirigu, Giorgia and Carminati, Barbara and Ferrari, Elena},
booktitle={Proceedings of the 17th International Conference on Availability, Reliability and Security},
pages={1--8},
year={2022}
}
- Install docker
- Install docker-compose
- Install golang 1.14+ and add it to your PATH
- Install npm and add it to your path
- Go to project directory
cd malrec
- Run the command:
./system.sh up
- To display other options:
./system.sh
- Go to project directory
cd malrec
- Run
$ export CORE_PEER_TLS_ENABLED=true \
export CORE_PEER_LOCALMSPID='Org1MSP' \
export CORE_PEER_TLS_ROOTCERT_FILE=$(pwd)/network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt \
export CORE_PEER_MSPCONFIGPATH=$(pwd)/network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp \
export CORE_PEER_ADDRESS=0.0.0.0:1151 \
export FABRIC_CFG_PATH=$(pwd)/network/config/ \
export ORDERER_CA=$(pwd)/network/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem \
export ORDERER_ADDRESS=0.0.0.0:7050 \
export ORDERER_HOSTNAME=orderer.example.com
$ peer chaincode invoke -o 0.0.0.0:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA -C mychannel -n policy --peerAddresses $CORE_PEER_ADDRESS --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"function":"CreatePolicy","Args":["peer0.org1.example.com_policy", "3","1", "1", "1024"]}'
$ peer chaincode invoke -o 0.0.0.0:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA -C mychannel -n backup --peerAddresses $CORE_PEER_ADDRESS --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"function":"CreateBackup","Args":["BACKUP_52892114", "peer0.org1.example.com","QmdXYvmSEXrA9EoFBDQJRqrYiBLF6UB5o5M3pBSM4xJMuH", "https://drive.google.com/zerer;https://s3.amazonaws.com/bucketmalrec/ahsdlsdps;https://peer0.org1.example.com/hsqfhqsfaz", "some signature", "600"]}'
$ peer chaincode query -o 0.0.0.0:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA -C mychannel -n backup --peerAddresses $CORE_PEER_ADDRESS --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"function":"QueryBackup","Args":["BACKUP_52892114"]}'
$ peer chaincode query -o 0.0.0.0:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA -C mychannel -n backup --peerAddresses $CORE_PEER_ADDRESS --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"function":"QueryBackupsByDeviceID","Args":["peer0.org1.example.com"]}'
$ peer chaincode query -o 0.0.0.0:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA -C mychannel -n backup --peerAddresses $CORE_PEER_ADDRESS --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"function":"QueryBackupsByTimestamps","Args":["peer0.org1.example.com", "1621522261", "1621522261"]}'
Adding a malware will automatically invalidate the backups of the corresponding device in the infection period. It perfoms a range query with timestamps where end_timestamp = current_timestamp
and start_timestamp = end_timestamp - period
. period
is added as an argument to the query which denotes the estimated duration of infection in seconds (e.g., 600s in the example below).
$ peer chaincode invoke -o 0.0.0.0:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile $ORDERER_CA -C mychannel -n malware --peerAddresses $CORE_PEER_ADDRESS --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"function":"CreateMalware","Args":["MALWARE_52892114", "600","peer0.org1.example.com", "some checksum"]}'
- Go to caliper directory:
$ cd caliper
- Initialize a project:
$ npm init -y
- Install caliper:
$ npm install --only=prod @hyperledger/caliper-cli@0.4.0
- Bind it:
$ npx caliper bind --caliper-bind-sut fabric:2.1 --caliper-bind-cwd ./
- To test queryBackup run:
$ npx caliper launch manager --caliper-workspace ./ --caliper-networkconfig networkConfig.yaml --caliper-benchconfig benchmarks/queryBackup.yaml --caliper-fabric-gateway-enabled --caliper-flow-only-test
- To test queryBackupsByDeviceID run:
$ npx caliper launch manager --caliper-workspace ./ --caliper-networkconfig networkConfig.yaml --caliper-benchconfig benchmarks/queryBackupsByDeviceID.yaml --caliper-fabric-gateway-enabled --caliper-flow-only-test
- To test queryBackupsByTimestamps run:
$ npx caliper launch manager --caliper-workspace ./ --caliper-networkconfig networkConfig.yaml --caliper-benchconfig benchmarks/queryBackupsByTimestamps.yaml --caliper-fabric-gateway-enabled --caliper-flow-only-test
- Check
caliper/report.html
for the results of the tests.
Prometheus is enabled in the project as a monitoring framework. In addition, Grafana is added for better visualization. You can access Prometheus at: http://0.0.0.0:9090
and Grafana at http://0.0.0.0:3000
.