Making Smart Contracts Smarter
- Loi Luu, D. Chu, Hrishi Olickel, P. Saxena, Aquinas Hobor
- Computer ScienceIACR Cryptology ePrint Archive
- 24 October 2016
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
A Secure Sharding Protocol For Open Blockchains
- Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, S. Gilbert, P. Saxena
- Computer Science, MathematicsConference on Computer and Communications…
- 24 October 2016
ELASTICO is the first candidate for a secure sharding protocol with presence of byzantine adversaries, and scalability experiments on Amazon EC2 with up to $1, 600$ nodes confirm ELASTICO's theoretical scaling properties.
BitBlaze: A New Approach to Computer Security via Binary Analysis
- D. Song, David Brumley, P. Saxena
- Computer ScienceInternational Conferences on Information Science…
- 16 December 2008
An overview of the BitBlaze project, a new approach to computer security via binary analysis that focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems.
A Symbolic Execution Framework for JavaScript
- P. Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, D. Song
- Computer ScienceIEEE Symposium on Security and Privacy
- 16 May 2010
This paper builds an automatic end-to-end tool, Kudzu, and applies it to the problem of finding client-side code injection vulnerabilities, and designs a new language of string constraints and implements a solver for it.
Finding The Greedy, Prodigal, and Suicidal Contracts at Scale
- I. Nikolic, Aashish Kolluri, Ilya Sergey, P. Saxena, Aquinas Hobor
- Computer ScienceAsia-Pacific Computer Systems Architecture…
- 16 February 2018
Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits.
Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks
- Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, P. Saxena, Zhenkai Liang
- Computer ScienceIEEE Symposium on Security and Privacy
- 22 May 2016
This paper builds 3 end-to-end attacks to bypass randomization defenses without leaking addresses, to run a network bot which takes commands from the attacker, and to alter the memory permissions, demonstrating how the expressiveness offered by DOP significantly empowers the attacker.
Auror: defending against poisoning attacks in collaborative deep learning systems
- Shiqi Shen, Shruti Tople, P. Saxena
- Computer ScienceAsia-Pacific Computer Systems Architecture…
- 5 December 2016
This paper investigates the setting of indirect collaborative deep learning --- a form of practical deep learning wherein users submit masked features rather than direct data, and proposes Auror, a system that detects malicious users and generates an accurate model.
Panoply: Low-TCB Linux Applications With SGX Enclaves
- Shweta Shinde, Dat Le Tien, Shruti Tople, P. Saxena
- Computer ScienceNetwork and Distributed System Security Symposium
- 1 March 2017
A new system called PANOPLY is presented which bridges the gap between the SGX-native abstractions and the standard OS abstractions which feature-rich, commodity Linux applications require and enables much stronger security in 4 real-world applications — including Tor, OpenSSL, and web services — which can base security on hardware-root of trust.
On Scaling Decentralized Blockchains - (A Position Paper)
- Kyle Croman, Christian Decker, Roger Wattenhofer
- Computer ScienceFinancial Cryptography Workshops
- 22 February 2016
The results suggest that reparameterization of block size and intervals should be viewed only as a first increment toward achieving next-generation, high-load blockchain protocols, and major advances will additionally require a basic rethinking of technical approaches.
Preventing Page Faults from Telling Your Secrets
- Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, P. Saxena
- Computer Science, MathematicsACM Asia Conference on Computer and…
- 30 May 2016
This paper shows that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many case-studies.
...
...