GB/T 43575-2023 PDF English
Search result: GB/T 43575-2023 English: PDF (GB/T43575-2023)
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
| GB/T 43575-2023 | English | 320 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Blockchain and distributed ledger technology - System testing specification
| Valid |
PDF Preview: GB/T 43575-2023
GB/T 43575-2023: PDF in English (GBT 43575-2023) GB/T 43575-2023
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.240
CCS L 70
Blockchain and distributed ledger technology -- System
testing specification
ISSUED ON: DECEMBER 28, 2023
IMPLEMENTED ON: APRIL 01, 2024
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of China.
Table of Contents
Foreword ... 3
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 7
5 Test principles and categories ... 7
5.1 Principles ... 7
5.2 Categories ... 8
6 Test requirements ... 8
6.1 Requirements for function test ... 8
6.2 Performance test requirements ... 11
6.3 Security test requirements ... 12
6.4 Requirements for reliability test ... 14
7 Test procedures ... 14
7.1 Overview ... 14
7.2 Requirements analysis ... 15
7.3 Planning and design ... 15
7.4 Test execution ... 16
7.5 Summary and improvement ... 17
7.6 Test management ... 17
8 Test methods ... 17
8.1 Function test ... 17
8.2 Performance test ... 18
8.3 Security test ... 18
8.4 Reliability test ... 19
Annex A (normative) List of function tests and performance tests for blockchain
systems ... 20
A.1 Function test ... 20
A.2 Performance test ... 23
Bibliography ... 25
Blockchain and distributed ledger technology -- System
testing specification
1 Scope
This document establishes the testing principles for blockchain systems. It specifies the
requirements for function, performance, security, and reliability tests. It also describes
the corresponding test methods.
This document is applicable to: providing a reference for third-party evaluation
agencies or other relevant agencies to conduct blockchain system testing; providing an
internal testing basis for blockchain system builders; providing a basis for blockchain
system users to conduct system selection and acceptance; providing technical support
for the supervision work of industry regulatory authorities.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GB/T 11457-2006, Information technology -- Software engineering terminology
GB/T 22239-2019, Information security technology -- Baseline for classified
protection of cybersecurity
GB/T 25069-2022, Information security techniques -- Terminology
GB/T 29835.1-2013, Efficiency of system and software -- Part 1: Indicator system
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GB/T 11457-
2006, GB/T 25069-2022 as well as the followings apply.
3.1 peer-to-peer network
A computer network that contains only nodes with equivalent control and operation
capabilities.
[Source: GB/T 5271.18-2008, 2.18.04.05, modified]
b) It has node management functions such as node server information query, node
service startup and shutdown control, node service configuration, node network
status monitoring, node authorization management, etc.
c) It has the book application functions such as publishing and interacting with
content on the blockchain system, setting multi-signature permission control for
specific transaction processing, and executing contract logic based on smart
contract functional components.
6.1.4 Core functional layer
Core functional layer testing requirements include but are not limited to:
a) It shall have consensus mechanism functions such as multi-node consensus
confirmation, independent node submission and record information validity
verification, consensus mechanism fault tolerance, and consensus mechanism
scalability;
b) It shall have account book record functions such as persistent storage of account
book records, multiple nodes with complete data records, custom account book
permissions, and node data consistency;
c) It shall have digital signature functions such as signing and signature verification;
d) It shall have timing service functions such as unified account book records, timing
fault tolerance, and third-party timing services;
e) It is recommended to have encryption algorithm functions such as international
mainstream encryption algorithms, international mainstream commercial
encryption algorithms, privacy protection algorithms, and key management;
f) It is recommended to have summary algorithm functions such as international
mainstream commercial secret summary algorithm, commercial secret summary
algorithm, and system summary algorithm verification;
g) It is recommended to have functions such as formal verification of smart contracts,
contract virtual machines, interaction between external system data and smart
contracts, tamper-proofing of smart contracts, access control of smart contracts,
smart contract upgrades, and writing contracts into ledgers.
6.1.5 Infrastructure layer
Infrastructure layer testing requirements shall include but not be limited to:
a) It has peer-to-peer network functions such as secure communication between
nodes, node multicast function, and node dynamic management;
b) It has the functions of node data writing, querying and node stable storage;
authorization, monitoring, and auditing of management members.
6.3.3 Service interface layer
Service interface layer security testing requirements include but are not limited to:
a) It shall have reasonable encryption algorithm and authentication mechanism;
b) It shall have a privacy protection mechanism. It is advisable to adopt technologies
such as homomorphic encryption and zero-knowledge proof;
c) It shall have a mechanism for encrypting storage and transmission block data, and
it is advisable to use the national encryption algorithm;
d) It shall have an identity authentication mechanism. It shall use digital certificates
and electronic signature technologies.
6.3.4 Core function layer
The security test content of the core functional layer includes but is not limited to:
a) A consensus mechanism with high fault tolerance shall be provided;
b) It shall be able to resist double-spending attacks, replay attacks, fork attacks,
bribery attacks, computing power attacks, etc.
c) It is advisable to have two or more consensus mechanisms;
d) It shall have Turing-complete, verifiable and auditable smart contracts, external
query and call operations;
e) Smart contracts shall be able to prevent attacks such as logic errors, function errors,
integer overflows, and vulnerabilities in virtual machines and operating
environments;
f) It is recommended to support national encryption algorithms such as SM2, SM3,
and SM4.
6.3.5 Infrastructure Layer
The security test content of the infrastructure layer shall include but not be limited to:
a) It has a P2P network security mechanism to prevent DDoS, witch, solar eclipse
and other attacks;
b) It has a hardware device security mechanism to prevent attacks such as DNS
pollution, routing broadcasts, Trojan viruses, etc.
6.4 Requirements for reliability test
The reliability test content shall include but not be limited to:
a) Meet the node reliability requirements, including the completeness of basic
transactions of new nodes, consistency of ledger information, etc., support node
access configuration and multi-node consensus completeness;
b) Meet the transaction execution reliability requirements, including the success rate
and stability of load account query, load block query, load basic transaction query,
load basic transaction, etc.;
c) Comply with the reliability requirements of encryption technology, including key
management schemes, data privacy protection, transaction information
encryption, etc.;
d) Comply with the reliability requirements of smart contracts, including
completeness of change records, consensus on contract content upgrades, external
data interaction, and tamper-proofing of contract content;
e) Comply with the requirements for easy recovery of the blockchain system,
including node recovery capability, node storage recoverability, performance
guarantee after blockchain system recovery, and recovery time meeting preset
requirements;
f) Meet the fault tolerance requirements of blockchain systems, including consensus
reliability, maximum time failure, and tolerance for malicious nodes.
7 Test procedures
7.1 Overview
The system test procedure mainly includes but is not limited to demand analysis,
planning and design, environment configuration, test execution, summary and
improvement, and test management, see Figure 2.
h) Create a test record, including but not limited to the test case identification, test
result description and defects found;
i) If necessary, regression testing can be performed.
7.5 Summary and improvement
The main activities in the summary and improvement phase include but are not limited
to:
a) Analyze and summarize the test report and the problems found during the test;
b) Evaluate the design and implementation of the tested system based on the
differences and formulate system improvement suggestions;
c) Improve and optimize the tested system.
7.6 Test management
The main activities of the test management phase include but are not limited to:
a) Implement process management, including but not limited to test process
management, test personnel management, test activity management and test
resource management. See 6.1 of GB/T 8566-2022 for test activity management
requirements. See 6.2 of GB/T 8566-2022 for test resource management
requirements;
b) Test configuration management: For tests organized and implemented by the
system developer, the test work products shall be included in the project
configuration management. For software tests organized and implemented by the
test organization, a configuration management library shall be established to
include the tested objects and test work products in the configuration management.
For configuration management requirements, see GB/T 20158-2006;
c) Test review management mainly includes but is not limited to: Review of test
plans and test cases before test execution. Review of test results and test reports
after test execution.
8 Test methods
8.1 Function test
8.1.1 Black box test
The methods of black-box testing of blockchain systems include but are not limited to:
DESIGNING test cases with reference to the functional view of GB/T 42752-2023,
USING black-box testing technology to design test cases covering the functional
implementation of blockchain systems, CONDUCTING quality tests on all functions
of the blockchain system from aspects such as the correctness, integrity, and security of
the functional implementation, and COMPARING the function test results with the
functional requirements in the standard to evaluate whether the functions of the
blockchain system meet the indicator requirements in the standard.
8.1.2 White box test
White box test methods include but are not limited to:
a) Give priority to using automated testing tools for static structural analysis;
b) Based on the results of static analysis, further confirm the results of static analysis
by code inspection and dynamic testing to improve test efficiency and accuracy;
c) Use multiple coverage standards to measure code coverage.
8.2 Performance test
8.2.1 Load test
Load test methods include but are not limited to:
a) Continue to increase the pressure on the system under test until the performance
index exceeds the predetermined index or the use of certain resources has reached
saturation. Find the processing limit of the system;
b) Determine the test environment. The business pressure and typical scenarios of
the system under test need to be considered to make the test results meaningful to
the business;
c) Determine the performance capacity of the system and coordinate performance
tuning.
8.2.2 Concurrency test
By simulating concurrent access by users, test the maximum number of concurrent
users that the blockchain system can generate.
8.3 Security test
Security test methods shall include but are not limited to:
a) Use security scanning tools to scan the system;
......
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|