150 likes | 174 Views
Learn why Rubidex Blockchain System is superior to Corda for businesses due to Corda's problematic features like JVM vulnerabilities, which cause security risks and privilege elevation techniques. Rubidex, a closed-source system, provides robust security measures to protect against outside attacks.
E N D
Rubidex versus Corda Why the Rubidex Blockchain System is the better solution for businesses
Corda’s Problematic Features • Open source • Corda runs on the Java Virtual machine (JVM) • JVM was created for developing programs in a heterogeneous network-wide environment. • It was developed to be used in embedded systems equipped with a minimum amount of memory. • Has been open to attacks and exploits since day one. • Successful attacks against the Java Virtual Machine circumvents Java language security or invokes potentially harmful operation (for applets).
Corda’s Problematic Features JVM is prone to outside attacks: There are three main attack techniques: through type confusion, through class spoofing, through bad implementation of system classes. • Type Confusion (gets rid of security measures): • In a result of type confusion attack, Java language security can be circumvented - private, public and protected access is no more important. • Type confusion attacks are possible since there are no runtime checks done for getfield/putfield instructions with regard to the types of their arguments.
Corda’s Problematic Features JBM has poor implementation of class structure: bad definition of access to classes, methods or variables, the possibility to extend some security relevant classes or methods, depends on proper object initialization, the possibility to create partially uninitialized instances of objects (for example, through cloning), no protection against serialization/deserialization, use of inner classes. storing secrets in code, returning references to internal objects containing some sensitive data, instead of the copy, internally storing the original contents of user data instead of the copy, comparing classes by names instead of class objects, too complex implementation.
Corda’s Problematic Features Privilege elevation techniques: Privilege elevation techniques are applied after conducting successful attack on JVM Their goal is to bypass applet sandbox restrictions Type confusion condition is usually required to elevate privileges of the applet code Privilege elevation is accomplished by modifying system objects holding privilege information As a result, the code of the user applet class can be seen as fully trusted by the applet Security Manager
Corda’s Problematic Features • Unpublished history of problems with JVM: • About 20+ security vulnerabilities in JVM implementations since 1996 • Most of them affected web browsers • Details of the most serious ones have never been published, so far... • Bytecode Verifier vulnerabilities that lead to type confusion attack
Corda’s Problematic Features • Long published history of problems with JVM: • Java Primary Cause of 91 Percent of Attacks: Cisco - Cisco's 2014 Annual Security Report points the blame at Oracle's Java for being a leading cause of security woes. • Computerworld reports that [Java contains a vulnerability that] allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system. • Heimdal Security quotes: “Why Java Vulnerabilities Are One of Your Biggest Security Problems (This software used by millions is one of the key targets for cyber criminals)” • Kaspersky Labs quotes: “the development of Java began when malicious attacks through vulnerabilities were virtually non-existent. As a result, software developers in general – not just those working on Java – could not anticipate this potential security risk, and the software was not built with security in mind.”
Corda’s Problematic Features • Result: • Problems with necessary code classes allow Java and therefore Java Virtual Machine to be open to exploits, hacks and problems. • Choosing any form of Java as a basis for blockchain is a security nightmare from the first minute and cannot be fixed because the security vulnerabilities are built into the code classes of a very old and outdated language. • Features of the blockchain don’t matter if the underlying system is completely flawed at the code level.
Why Rubidex is Better • Closed Source • No one has access to the code so no one can change it but us. The code is heavily encrypted, so it is virtually unreadable. • Changes can be made near instantly and does not rely on a committee to decide or unpaid developers to make said changes ‘whenever’. • Total control over the security of the entire blockchain system.
Why Rubidex is Better • As secure as we can possibly make it • While no language is safe from outside attacks, we have taken every possible measure to secure the blockchain from any outside attacks: • Encrypted server (256-bit level encryption). • Hardened server with no access to directories and outside ddos (distributed denial of service) attacks. • Encrypted front end and sync system. • End-to-end encrypted tunnel between blockchain and front end nodes. • No access to any part of our code - totally unreadable even in hex editors and decompilers.
Why Rubidex is Better • Customizable for any use case • RubiPrime can be configured for any possible use case, such as: • Automotive • Hospitality • Medical • Restaurants • Supply Chains • Insurance • Financial • etc...
Why Rubidex is Better • 100% scalable • The Rubidex Blockchain System writes very small files (depending on data) and can span across hard drives. • Average size of file is 3kb-128kb • Limited only by hard drive space • Can span across multiple drives as they become filled with blocks
Why Rubidex is Better • Sync’s faster than any other blockchain • No wait to get started • No large downloading of blocks to fill up your hard drives • Patent-Pending Instaload technology • Average wait time is under 10 seconds - in most cases it’s pretty much instant • Hyper aware of last block through the entire blockchain system. • RubiSync keeps blockchain synced, re-orders blocks when necessary and ensures all nodes have all blocks. It also self-heals in case of deleted blocks.
Why Rubidex is Better • Permissions-based • Size of business does not matter - nodes can be a few or many. • User-group based paradigm for multiple permissions across the blockchain • Admin • Human Resources • Sales • etc... • Geography does not matter - different departments across different locations can utilize the same blockchain • Manufacturing • Distribution • Logistics
Next Steps • What can Rubidex create for you? • RubiStorm - our very smart people brainstorm with you to create whatever you require. • Solutions - we implement our plan to make your custom blockchain system a reality • Outstanding customer support - we have an attitude of gratitude and care for every customer equally.