CPC G06F 21/54 (2013.01) [G06Q 20/3678 (2013.01); G06Q 20/405 (2013.01); H04L 9/0637 (2013.01)] | 17 Claims |
1. A method comprising:
detecting, in a kernel for smart contract execution on a blockchain, a function call by one or more methods of a smart contract on the blockchain;
adding the function call to a function call stack for the smart contract;
checking the function call stack against a set of function level permissions control rules, the set of function level permissions control rules including at least one selected from the following: a resource identifier based permissions control rule, a data based permissions control rule, and a metric based permissions control rule, wherein the function call stack is checked against the set of function level permissions control rules by at least one selected from the following: checking a resource identifier value relating to the function call stack against the resource identifier based permissions control rule, checking a data value included in the function call stack against the data based permissions control rule, and checking a metric collected from the function call stack against the metric based permissions control rule; and
blocking execution of the function call based on determining one or more selected from the following: the resource identifier value relating to the function call stack is not permitted under the resource identifier based permissions control rule, the data value included in the sequence of function calls is not permitted under the data based permissions control rules, and the metric collected from the function call stack is not permitted under the metric based permissions control rule.
|