2022-04-22 Meeting Minutes

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Welcome and Introductions

Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.

Attendees

Arun .S.M.

Arnaud J LE HORS

Danno Ferrin

Peter Somogyvari

Hart Montgomery

Announcements

Agenda

  • Welcome
  • Cover the threats
  • Open Agenda

Next Meeting

Future Topics

Notes

  1. Add game based definitions to the whitepaper.
  2. Scenario: Using blockchain as an immutable record keeper
    1. Security: Protection at the access level.
    2. Read access: Query from all the nodes and get the majority result.
    3. Game: Adversary modifying the state, can blockchain recover in a given timeframe.
  3. Projects to put security guarantees.
    1. Misunderstanding could lead to data loss.
  4. Confidentiality & Privacy:
    1. Pseudonymity: Otherwise one can know what transactions are sent by which parties. Anonymity will make it hard, i.e. somebody can still search through network traffic.
    2. Ask projects to define privacy and confidentiality.
    3. Define the terms (ex: zcash defines privacy clearly).
  5. Form a working group for security.
  6. Task force can focus on vulnerability disclosure process.
  7. Games around: consensus, networking, block data, state data.

Action items

  • Checklist for members to follow while reporting vulnerabilities.
  • Questionnaire to report vulnerability  ~ calculate CVE score. Danno Ferrin
  • Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
  • Propose to break the task force activities into multiple work streams. Hart Montgomery Mic Bowman
  • Define threats in each of the defined category, bring it up for discussion. Action: Everyone

Recordings