SlideShare a Scribd company logo

Blockchain & Security in Oracle by Emmanuel Abiodun

Download as PPTX, PDF
Vishwas Manral
Vishwas Manral

The document provides an overview of blockchain and security topics including: 1) Oracle's enhancements to the state database in Hyperledger Fabric such as using Berkeley DB to allow endorsement and commitment to execute in parallel. 2) Best practices for smart contract design such as keeping contracts simple, not storing large objects on-chain, and determining trust models for endorsement policies. 3) Security considerations including privacy, access controls, and ensuring determinism and isolation of smart contracts.

Technology
1 of 32
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Blockchain & Security Emmanuel Abiodun Blockchain Architect Oracle Cloud October 2018 emmanuel.abiodun@oracle.com www.linkedin.com/in/emmanuel-abiodun/ Nov 2018
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction to Oracle Blockchain Cloud Service State Database Enhancements Smart Contract Design Best Practices Some Security Considerations Q&A 1 2 3 4 5 Confidential – Oracle Internal/Restricted/Highly Restricted 4
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Pre-Assembled Enterprise-Grade Managed Plug and Play Integrations Open Oracle Blockchain Cloud Service 5 ORACLE BLOCKCHAIN CLOUD SERVICE Oracle’s Experience and Expertise
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Oracle Blockchain Cloud Platform 6 Container services Identity Management Services Events Management Services Data Services ORACLE CLOUD INFRASTRUCTURE and PAAS SERVICES ON PREMISES APPS CONSENSUS Validates transactions before adding to chain SMART CONTRACTS Business logic based on agreements DISTRIBUTED LEDGER Whole state data and its history CONFIDENTIALITY Permissioned blockchain with private channels REST API / SDKs for Go, Java, and Javascript ORACLE BLOCKCHAIN PLATFORM Hyperledger Fabric Peers in Customer Datacenters or 3rd Party Clouds External Members SCMERP HCM CX ORACLE SAAS CRM OPEN SOURCE HYPERLEDGER FABRIC 3rd Party SaaS Custom Cloud Apps * Managed PaaS
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Built on Hyperledger Fabric • Clients submit transactions for endorsement to peers • Peers call smart contracts aka chaincode to simulate/endorse transactions • Client submits endorsed transaction to ordering service • Peers validate and commit transactions – Verify policies met and versions for multi-version concurrency control (MVCC) • World state database is a key/value store – Get by key, key range, or partial composite key – Optional databases provide rich queries that can query based upon values Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Hyperledger Fabric Transaction Flow Client Application Fabric SDK Keys Membership Service Peers Endorser Simulates TX World State Committer Applies changes Ordering Service Certificate Authority 4.0 - Deliver TX Batch Validate Signatures and Authorization Orders TXs into batches according to consensus3.0 - Submit Endorsed TX Includes RWset and endorser signatures Ledger 5.0 – Writes ledger block 5.1 - Updates State Oracle Confidential – Under NDA 6.0 – Commit Notification Smart Contract (Chaincode)
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Oracle State Database Enhancements • Default state database in Hyperledger Fabric is LevelDB • Optional database supporting rich queries CouchDB – extremely slow • Neither supports isolation, snapshots, or local transactions • Fabric read locks the database for read access during endorsement • Fabric write locks the database for exclusive access during commitment • Result: Endorsement and commitment cannot overlap Hyperledger Fabric Confidential – Oracle Internal/Restricted/Highly Restricted 9
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 10 State Based Enhancements
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Oracle State Database Enhancements • OBCS uses Berkeley Database (BDB) for state database which supports local transactions and isolation • SQL layer on top of BDB for rich queries • Replace database locking with a transaction manager using local txn • Allows endorsement and commitment to execute in parallel • Supports SQL SELECT statements and CouchDB queries in rich queries Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 12 Smart Contract Design Best Practices
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | OABCS Application Design Best Practices • Start small • Keep it simple • Not everything belongs on a ledger • Workflow is best done in the application, not smart contracts • L10N I18N • Pull instead of push • Determine who you trust and how much you trust them Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Not Everything Belongs on the Ledger • Blockchains replicate the ledger – potentially many copies • For large objects, this dramatically increases storage requirements • Store what’s absolutely needed and must be shared • Large objects or PII should be stored off-chain if possible – Store them elsewhere – Place hash of object on the ledger as proof – Mediate off-chain storage access via the blockchain Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Workflow in the Application, not Smart Contracts • Ledger records the transactions • Workflow such as multi-step processes best left to external tools • Examples: – Voting to add new member to blockchain network • the state of the votes is maintained on blockchain • Acting on the vote is a workflow issue • Use events to move workflow forward Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Who Do You Trust and How Much Do You Trust Them? • This determines many design decisions such as: • Endorsement policies – who needs to validate transactions • How confidential is the data? – Peers running outside Oracle cloud can snoop data – By default, any user can read ledger Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Agenda Introduction to Blockchain and Smart Contracts CargoSmart OABCS Application Design Best Practices Hyperledger Fabric Smart Contract best practices Summary and Q&A 1 2 3 4 5 Confidential – Oracle Internal/Restricted/Highly Restricted 17
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Hyperledger Fabric Smart Contracts • Smart contracts provide the cross organization business logic • Similar to stored procedures • Executed multiple times • Only thing that update world state • Written in Go, Node.js, and Java Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Smart Contract Mandatory Practice • Deterministic! – Do NOT generate guids, random numbers,… – Do NOT try to the get the time • If needed have client pass in: – guids, random numbers, timestamps,… – Data from external systems • Watch for timeouts Confidential – Oracle Internal/Restricted/Highly Restricted Better than best practices
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Avoid Data Hot Spots or Global Keys • Keys that are read and written frequently – Sequence number – Totals • Likely cause invalidation errors – Especially for larger block sizes • Higher likelihood for MVCC errors – Transactions have to be retried Confidential – Oracle Internal/Restricted/Highly Restricted Performance
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | World State Access • Watch for phantom reads – Standard Fabric rich queries don’t affect RWset – OBCS rich queries are re-executed at validation time • Create indexes for rich queries • Using OBCS – Use rich queries instead of composite keys – Push summaries, calculations, etc., down to database • Average number of marbles owned Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Avoid Off Chain Access • Avoid network connections/interactions if possible! – Potential source of non-determinism • Off chain data – Let client provide the data – Store hash in ledger as proof • Off chain applications – Oracles are fine Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Push vs Pull • Push – smart contract pushes data – Smart contract updating an external application – But will be called multiple times – once for each endorsement • Pull – application pulls data – External application calls smart contract to put data – Can maintain queue in world state – Use a chaincode event to trigger – Receiving application pulls the data from the blockchain Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Circuit Breakers • Emergency stop • Essentially denies all executions until reset • Commonly used to deal with serious bugs or security issues • Controlled by limited parties, e.g. admins Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Side DB Confidential – Oracle Internal/Restricted/Highly Restricted Peer3 Chaincode State hash(k1), hash(secret value) Private State k1, secret value Channel 1 Peers in collection Peer2 Peers not in collection Gossip Chaincode State hash(k1), hash(secret value) Private State k1, secret value Chaincode State hash(k1), hash(secret value) Peer1 Endorsing Committing Endorsing Committing Committing only Private state among subset of peers
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 26 Some Security Considerations
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Privacy and Confidentiality • Only put what’s necessary on the ledger! • All peers get a copy, consider where peers run • Encrypt data or store sensitive data off chain • Choose strong encryption – quantum computing is coming • Use side database feature of Fabric – Only specific peers get private data, hash of key/value recorded in ledger • Soon: Anonymous Authentication and Zero-Knowledge Asset Transfer Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Privacy and Confidentiality • Normally any authorized user has access to ledger • Use Fabric fine grained access control – Prohibit or limit access to query system chaincode and events – Only allow access via invoking smart contracts • Implement fine grained access control in chaincode – Take control of who has access to what – Maintain the access information in chaincode – Field level access control, attribute access control • Use transient data to pass in data to be excluded from the ledger Confidential – Oracle Internal/Restricted/Highly Restricted Keep prying eyes out
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Security • Use static analysis tools • Use SSL/TLS to protect communication • Check everything! – all needed arguments – Injection attacks – Verify identity Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Security • Docker isolation is not enough • Kata containers use in multi-tenancy • Ensure customer can harm only himself • Careful with platform / env secrets Confidential – Oracle Internal/Restricted/Highly Restricted
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 31 Questions?
Blockchain & Security in Oracle by Emmanuel Abiodun

Recommended

Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle Developers
 
20190404 Blockchain GIG #2 Oracle Mark発表資料
20190404 Blockchain GIG #2 Oracle Mark発表資料 20190404 Blockchain GIG #2 Oracle Mark発表資料
20190404 Blockchain GIG #2 Oracle Mark発表資料
オラクルエンジニア通信
 
Oracle goldegate microservice
Oracle goldegate microserviceOracle goldegate microservice
Oracle goldegate microservice
Mojtaba Khandan
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Digital Transformation EXPO Event Series
 
Securing APIs with Open Policy Agent
Securing APIs with Open Policy AgentSecuring APIs with Open Policy Agent
Securing APIs with Open Policy Agent
Nordic APIs
 
Oracle Autonomous Data Warehouse Cloud Webex - with Demo
Oracle Autonomous Data Warehouse Cloud Webex - with DemoOracle Autonomous Data Warehouse Cloud Webex - with Demo
Oracle Autonomous Data Warehouse Cloud Webex - with Demo
Islam Gohar
 
Oracle ADWC
Oracle ADWCOracle ADWC
Oracle ADWC
graviton12
 
Autonomous Data Warehouse
Autonomous Data WarehouseAutonomous Data Warehouse
Autonomous Data Warehouse
MarketingArrowECS_CZ
 

Recommended

Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle Developers
 
20190404 Blockchain GIG #2 Oracle Mark発表資料
20190404 Blockchain GIG #2 Oracle Mark発表資料 20190404 Blockchain GIG #2 Oracle Mark発表資料
20190404 Blockchain GIG #2 Oracle Mark発表資料
オラクルエンジニア通信
 
Oracle goldegate microservice
Oracle goldegate microserviceOracle goldegate microservice
Oracle goldegate microservice
Mojtaba Khandan
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Digital Transformation EXPO Event Series
 
Securing APIs with Open Policy Agent
Securing APIs with Open Policy AgentSecuring APIs with Open Policy Agent
Securing APIs with Open Policy Agent
Nordic APIs
 
Oracle Autonomous Data Warehouse Cloud Webex - with Demo
Oracle Autonomous Data Warehouse Cloud Webex - with DemoOracle Autonomous Data Warehouse Cloud Webex - with Demo
Oracle Autonomous Data Warehouse Cloud Webex - with Demo
Islam Gohar
 
Oracle ADWC
Oracle ADWCOracle ADWC
Oracle ADWC
graviton12
 
Autonomous Data Warehouse
Autonomous Data WarehouseAutonomous Data Warehouse
Autonomous Data Warehouse
MarketingArrowECS_CZ
 
Oracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringOracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance Monitoring
MarketingArrowECS_CZ
 
DevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, ChainhausDevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, Chainhaus
R3
 
Fast Data Overview for Data Science Maryland Meetup
Fast Data Overview for Data Science Maryland MeetupFast Data Overview for Data Science Maryland Meetup
Fast Data Overview for Data Science Maryland Meetup
C. Scyphers
 
20191010 Blockchain GIG#5_oracle
20191010 Blockchain GIG#5_oracle20191010 Blockchain GIG#5_oracle
20191010 Blockchain GIG#5_oracle
オラクルエンジニア通信
 
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Sandesh Rao
 
Flash session -goldengate--lht1053-lon
Flash session -goldengate--lht1053-lonFlash session -goldengate--lht1053-lon
Flash session -goldengate--lht1053-lon
Jeffrey T. Pollock
 
DevDay: Mike Hearn Keynote, R3
DevDay: Mike Hearn Keynote, R3DevDay: Mike Hearn Keynote, R3
DevDay: Mike Hearn Keynote, R3
R3
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
MarketingArrowECS_CZ
 
Klarna Tech Talk - Mind the Data!
Klarna Tech Talk - Mind the Data!Klarna Tech Talk - Mind the Data!
Klarna Tech Talk - Mind the Data!
Jeffrey T. Pollock
 
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
Sandesh Rao
 
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB
 
Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...
DataWorks Summit
 
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RACNZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
Sandesh Rao
 
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
Lucas Jellema
 
2009.10.22 S308460 Cloud Data Services
2009.10.22 S308460 Cloud Data Services2009.10.22 S308460 Cloud Data Services
2009.10.22 S308460 Cloud Data Services
Jeffrey T. Pollock
 
Building a data-driven authorization framework
Building a data-driven authorization frameworkBuilding a data-driven authorization framework
Building a data-driven authorization framework
DataWorks Summit
 
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
DataWorks Summit
 
Apache Atlas. Data Governance for Hadoop. Strata London 2015
Apache Atlas. Data Governance for Hadoop. Strata London 2015Apache Atlas. Data Governance for Hadoop. Strata London 2015
Apache Atlas. Data Governance for Hadoop. Strata London 2015
Sean Roberts
 
The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...
Big Data Spain
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Georgi Kodinov
 
blockchain workshop - blockchain and oabcs - solutions
blockchain workshop - blockchain and oabcs - solutionsblockchain workshop - blockchain and oabcs - solutions
blockchain workshop - blockchain and oabcs - solutions
Juarez Junior
 
Blockchain, Hyperledger and the Oracle Blockchain Platform
Blockchain, Hyperledger and the Oracle Blockchain PlatformBlockchain, Hyperledger and the Oracle Blockchain Platform
Blockchain, Hyperledger and the Oracle Blockchain Platform
Juarez Junior
 

More Related Content

What's hot

Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Sandesh Rao
 
Klarna Tech Talk - Mind the Data!
Klarna Tech Talk - Mind the Data!Klarna Tech Talk - Mind the Data!
Klarna Tech Talk - Mind the Data!
Jeffrey T. Pollock
 
Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...
DataWorks Summit
 
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RACNZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
Sandesh Rao
 
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
Lucas Jellema
 
Building a data-driven authorization framework
Building a data-driven authorization frameworkBuilding a data-driven authorization framework
Building a data-driven authorization framework
DataWorks Summit
 
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
DataWorks Summit
 
Apache Atlas. Data Governance for Hadoop. Strata London 2015
Apache Atlas. Data Governance for Hadoop. Strata London 2015Apache Atlas. Data Governance for Hadoop. Strata London 2015
Apache Atlas. Data Governance for Hadoop. Strata London 2015
Sean Roberts
 

What's hot (20)

Oracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringOracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance Monitoring
 
DevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, ChainhausDevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, Chainhaus
 
Fast Data Overview for Data Science Maryland Meetup
Fast Data Overview for Data Science Maryland MeetupFast Data Overview for Data Science Maryland Meetup
Fast Data Overview for Data Science Maryland Meetup
 
20191010 Blockchain GIG#5_oracle
20191010 Blockchain GIG#5_oracle20191010 Blockchain GIG#5_oracle
20191010 Blockchain GIG#5_oracle
 
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
Introducing New AI Ops Innovations in Oracle 19c Autonomous Health Framework ...
 
Flash session -goldengate--lht1053-lon
Flash session -goldengate--lht1053-lonFlash session -goldengate--lht1053-lon
Flash session -goldengate--lht1053-lon
 
DevDay: Mike Hearn Keynote, R3
DevDay: Mike Hearn Keynote, R3DevDay: Mike Hearn Keynote, R3
DevDay: Mike Hearn Keynote, R3
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Klarna Tech Talk - Mind the Data!
Klarna Tech Talk - Mind the Data!Klarna Tech Talk - Mind the Data!
Klarna Tech Talk - Mind the Data!
 
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
 
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
MongoDB World 2018: A Journey to the Cloud with Fraud Detection, Transactions...
 
Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...
 
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RACNZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
NZOUG-GroundBreakers-2018 - Troubleshooting and Diagnosing 18c RAC
 
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - Custom Application Develo...
 
2009.10.22 S308460 Cloud Data Services
2009.10.22 S308460 Cloud Data Services2009.10.22 S308460 Cloud Data Services
2009.10.22 S308460 Cloud Data Services
 
Building a data-driven authorization framework
Building a data-driven authorization frameworkBuilding a data-driven authorization framework
Building a data-driven authorization framework
 
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
O2’s Financial Data Hub: going beyond IFRS compliance to support digital tran...
 
Apache Atlas. Data Governance for Hadoop. Strata London 2015
Apache Atlas. Data Governance for Hadoop. Strata London 2015Apache Atlas. Data Governance for Hadoop. Strata London 2015
Apache Atlas. Data Governance for Hadoop. Strata London 2015
 
The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 

Similar to Blockchain & Security in Oracle by Emmanuel Abiodun

Similar to Blockchain & Security in Oracle by Emmanuel Abiodun (20)

blockchain workshop - blockchain and oabcs - solutions
blockchain workshop - blockchain and oabcs - solutionsblockchain workshop - blockchain and oabcs - solutions
blockchain workshop - blockchain and oabcs - solutions
 
Blockchain, Hyperledger and the Oracle Blockchain Platform
Blockchain, Hyperledger and the Oracle Blockchain PlatformBlockchain, Hyperledger and the Oracle Blockchain Platform
Blockchain, Hyperledger and the Oracle Blockchain Platform
 
Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018
 
How to Build a Decentralized Blockchain App with the Oracle Blockchain Platform
How to Build a Decentralized Blockchain App with the Oracle Blockchain PlatformHow to Build a Decentralized Blockchain App with the Oracle Blockchain Platform
How to Build a Decentralized Blockchain App with the Oracle Blockchain Platform
 
Oracle Blockchain Experience Day
Oracle Blockchain Experience DayOracle Blockchain Experience Day
Oracle Blockchain Experience Day
 
blockchain workshop - hyperledger and oabcs - technical
blockchain workshop - hyperledger and oabcs - technicalblockchain workshop - hyperledger and oabcs - technical
blockchain workshop - hyperledger and oabcs - technical
 
Oracle Blockchain Cloud Service
Oracle Blockchain Cloud ServiceOracle Blockchain Cloud Service
Oracle Blockchain Cloud Service
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain Platform
 
Serverless patterns
Serverless patternsServerless patterns
Serverless patterns
 
ADW Topic.pdf
ADW Topic.pdfADW Topic.pdf
ADW Topic.pdf
 
Public hyperledger meetup sf may 2018
Public hyperledger meetup sf may 2018Public hyperledger meetup sf may 2018
Public hyperledger meetup sf may 2018
 
Blockchain in government and the public sector
Blockchain in government and the public sectorBlockchain in government and the public sector
Blockchain in government and the public sector
 
Blockchain in Retail :Omnichannel retailers can now compete and beat Amazon!
Blockchain in Retail :Omnichannel retailers can now compete and beat Amazon!Blockchain in Retail :Omnichannel retailers can now compete and beat Amazon!
Blockchain in Retail :Omnichannel retailers can now compete and beat Amazon!
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
 
Stream based Data Integration
Stream based Data IntegrationStream based Data Integration
Stream based Data Integration
 
Episode 1: Transition to Iaas
Episode 1: Transition to IaasEpisode 1: Transition to Iaas
Episode 1: Transition to Iaas
 
Oracle NoSQL Database -- Big Data Bellevue Meetup - 02-18-15
Oracle NoSQL Database -- Big Data Bellevue Meetup - 02-18-15Oracle NoSQL Database -- Big Data Bellevue Meetup - 02-18-15
Oracle NoSQL Database -- Big Data Bellevue Meetup - 02-18-15
 
CSPA Keynote: BLOCKCHAIN for Enterprise
CSPA Keynote: BLOCKCHAIN for EnterpriseCSPA Keynote: BLOCKCHAIN for Enterprise
CSPA Keynote: BLOCKCHAIN for Enterprise
 
Oracle Modern AppDev Approach to Cloud & Container Native App
Oracle Modern AppDev Approach to Cloud & Container Native AppOracle Modern AppDev Approach to Cloud & Container Native App
Oracle Modern AppDev Approach to Cloud & Container Native App
 
ODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investiceODA Right to use program - Optimalizace IT investice
ODA Right to use program - Optimalizace IT investice
 

More from Vishwas Manral

More from Vishwas Manral (7)

Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SV
 
0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Docker security microservices
Docker security microservicesDocker security microservices
Docker security microservices
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 

Blockchain & Security in Oracle by Emmanuel Abiodun

  • 1.
  • 2. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Blockchain & Security Emmanuel Abiodun Blockchain Architect Oracle Cloud October 2018 emmanuel.abiodun@oracle.com www.linkedin.com/in/emmanuel-abiodun/ Nov 2018
  • 3. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. Confidential – Oracle Internal/Restricted/Highly Restricted
  • 4. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction to Oracle Blockchain Cloud Service State Database Enhancements Smart Contract Design Best Practices Some Security Considerations Q&A 1 2 3 4 5 Confidential – Oracle Internal/Restricted/Highly Restricted 4
  • 5. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Pre-Assembled Enterprise-Grade Managed Plug and Play Integrations Open Oracle Blockchain Cloud Service 5 ORACLE BLOCKCHAIN CLOUD SERVICE Oracle’s Experience and Expertise
  • 6. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Oracle Blockchain Cloud Platform 6 Container services Identity Management Services Events Management Services Data Services ORACLE CLOUD INFRASTRUCTURE and PAAS SERVICES ON PREMISES APPS CONSENSUS Validates transactions before adding to chain SMART CONTRACTS Business logic based on agreements DISTRIBUTED LEDGER Whole state data and its history CONFIDENTIALITY Permissioned blockchain with private channels REST API / SDKs for Go, Java, and Javascript ORACLE BLOCKCHAIN PLATFORM Hyperledger Fabric Peers in Customer Datacenters or 3rd Party Clouds External Members SCMERP HCM CX ORACLE SAAS CRM OPEN SOURCE HYPERLEDGER FABRIC 3rd Party SaaS Custom Cloud Apps * Managed PaaS
  • 7. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Built on Hyperledger Fabric • Clients submit transactions for endorsement to peers • Peers call smart contracts aka chaincode to simulate/endorse transactions • Client submits endorsed transaction to ordering service • Peers validate and commit transactions – Verify policies met and versions for multi-version concurrency control (MVCC) • World state database is a key/value store – Get by key, key range, or partial composite key – Optional databases provide rich queries that can query based upon values Confidential – Oracle Internal/Restricted/Highly Restricted
  • 8. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Hyperledger Fabric Transaction Flow Client Application Fabric SDK Keys Membership Service Peers Endorser Simulates TX World State Committer Applies changes Ordering Service Certificate Authority 4.0 - Deliver TX Batch Validate Signatures and Authorization Orders TXs into batches according to consensus3.0 - Submit Endorsed TX Includes RWset and endorser signatures Ledger 5.0 – Writes ledger block 5.1 - Updates State Oracle Confidential – Under NDA 6.0 – Commit Notification Smart Contract (Chaincode)
  • 9. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Oracle State Database Enhancements • Default state database in Hyperledger Fabric is LevelDB • Optional database supporting rich queries CouchDB – extremely slow • Neither supports isolation, snapshots, or local transactions • Fabric read locks the database for read access during endorsement • Fabric write locks the database for exclusive access during commitment • Result: Endorsement and commitment cannot overlap Hyperledger Fabric Confidential – Oracle Internal/Restricted/Highly Restricted 9
  • 10. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 10 State Based Enhancements
  • 11. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Oracle State Database Enhancements • OBCS uses Berkeley Database (BDB) for state database which supports local transactions and isolation • SQL layer on top of BDB for rich queries • Replace database locking with a transaction manager using local txn • Allows endorsement and commitment to execute in parallel • Supports SQL SELECT statements and CouchDB queries in rich queries Confidential – Oracle Internal/Restricted/Highly Restricted
  • 12. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 12 Smart Contract Design Best Practices
  • 13. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | OABCS Application Design Best Practices • Start small • Keep it simple • Not everything belongs on a ledger • Workflow is best done in the application, not smart contracts • L10N I18N • Pull instead of push • Determine who you trust and how much you trust them Confidential – Oracle Internal/Restricted/Highly Restricted
  • 14. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Not Everything Belongs on the Ledger • Blockchains replicate the ledger – potentially many copies • For large objects, this dramatically increases storage requirements • Store what’s absolutely needed and must be shared • Large objects or PII should be stored off-chain if possible – Store them elsewhere – Place hash of object on the ledger as proof – Mediate off-chain storage access via the blockchain Confidential – Oracle Internal/Restricted/Highly Restricted
  • 15. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Workflow in the Application, not Smart Contracts • Ledger records the transactions • Workflow such as multi-step processes best left to external tools • Examples: – Voting to add new member to blockchain network • the state of the votes is maintained on blockchain • Acting on the vote is a workflow issue • Use events to move workflow forward Confidential – Oracle Internal/Restricted/Highly Restricted
  • 16. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Who Do You Trust and How Much Do You Trust Them? • This determines many design decisions such as: • Endorsement policies – who needs to validate transactions • How confidential is the data? – Peers running outside Oracle cloud can snoop data – By default, any user can read ledger Confidential – Oracle Internal/Restricted/Highly Restricted
  • 17. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Agenda Introduction to Blockchain and Smart Contracts CargoSmart OABCS Application Design Best Practices Hyperledger Fabric Smart Contract best practices Summary and Q&A 1 2 3 4 5 Confidential – Oracle Internal/Restricted/Highly Restricted 17
  • 18. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Hyperledger Fabric Smart Contracts • Smart contracts provide the cross organization business logic • Similar to stored procedures • Executed multiple times • Only thing that update world state • Written in Go, Node.js, and Java Confidential – Oracle Internal/Restricted/Highly Restricted
  • 19. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Smart Contract Mandatory Practice • Deterministic! – Do NOT generate guids, random numbers,… – Do NOT try to the get the time • If needed have client pass in: – guids, random numbers, timestamps,… – Data from external systems • Watch for timeouts Confidential – Oracle Internal/Restricted/Highly Restricted Better than best practices
  • 20. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Avoid Data Hot Spots or Global Keys • Keys that are read and written frequently – Sequence number – Totals • Likely cause invalidation errors – Especially for larger block sizes • Higher likelihood for MVCC errors – Transactions have to be retried Confidential – Oracle Internal/Restricted/Highly Restricted Performance
  • 21. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | World State Access • Watch for phantom reads – Standard Fabric rich queries don’t affect RWset – OBCS rich queries are re-executed at validation time • Create indexes for rich queries • Using OBCS – Use rich queries instead of composite keys – Push summaries, calculations, etc., down to database • Average number of marbles owned Confidential – Oracle Internal/Restricted/Highly Restricted
  • 22. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Avoid Off Chain Access • Avoid network connections/interactions if possible! – Potential source of non-determinism • Off chain data – Let client provide the data – Store hash in ledger as proof • Off chain applications – Oracles are fine Confidential – Oracle Internal/Restricted/Highly Restricted
  • 23. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Push vs Pull • Push – smart contract pushes data – Smart contract updating an external application – But will be called multiple times – once for each endorsement • Pull – application pulls data – External application calls smart contract to put data – Can maintain queue in world state – Use a chaincode event to trigger – Receiving application pulls the data from the blockchain Confidential – Oracle Internal/Restricted/Highly Restricted
  • 24. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Circuit Breakers • Emergency stop • Essentially denies all executions until reset • Commonly used to deal with serious bugs or security issues • Controlled by limited parties, e.g. admins Confidential – Oracle Internal/Restricted/Highly Restricted
  • 25. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Side DB Confidential – Oracle Internal/Restricted/Highly Restricted Peer3 Chaincode State hash(k1), hash(secret value) Private State k1, secret value Channel 1 Peers in collection Peer2 Peers not in collection Gossip Chaincode State hash(k1), hash(secret value) Private State k1, secret value Chaincode State hash(k1), hash(secret value) Peer1 Endorsing Committing Endorsing Committing Committing only Private state among subset of peers
  • 26. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 26 Some Security Considerations
  • 27. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Privacy and Confidentiality • Only put what’s necessary on the ledger! • All peers get a copy, consider where peers run • Encrypt data or store sensitive data off chain • Choose strong encryption – quantum computing is coming • Use side database feature of Fabric – Only specific peers get private data, hash of key/value recorded in ledger • Soon: Anonymous Authentication and Zero-Knowledge Asset Transfer Confidential – Oracle Internal/Restricted/Highly Restricted
  • 28. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Privacy and Confidentiality • Normally any authorized user has access to ledger • Use Fabric fine grained access control – Prohibit or limit access to query system chaincode and events – Only allow access via invoking smart contracts • Implement fine grained access control in chaincode – Take control of who has access to what – Maintain the access information in chaincode – Field level access control, attribute access control • Use transient data to pass in data to be excluded from the ledger Confidential – Oracle Internal/Restricted/Highly Restricted Keep prying eyes out
  • 29. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Security • Use static analysis tools • Use SSL/TLS to protect communication • Check everything! – all needed arguments – Injection attacks – Verify identity Confidential – Oracle Internal/Restricted/Highly Restricted
  • 30. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Security • Docker isolation is not enough • Kata containers use in multi-tenancy • Ensure customer can harm only himself • Careful with platform / env secrets Confidential – Oracle Internal/Restricted/Highly Restricted
  • 31. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 31 Questions?

Editor's Notes

  1. Pre-assembled – Hyperledger Fabric blockchain network components, identity mgmt., event mgmt., container lifecycle mgmt., object store, and all infrastructure dependencies Open - Built on open-source Hyperledger fabric software from the Linux Foundation, interconnects with non-Oracle HL Fabric instances, supports REST APIs and Fabric client SDKs Plug and play integration – OIC adapters for Oracle and 3rd party apps with diverse systems of record and REST APIs Enterprise-grade - Improved resilience with HA, 99.95% availability SLA, enhanced security, & continuous ledger backup Autonomous - Industry’s 1st and only autonomous blockchain cloud service Expertise and Experience – Experience building blockchain solutions for many industries that leverage our deep industry expertise & partners trained on Oracle blockchain