Skip to search formSkip to main contentSkip to account menu

Making Smart Contracts Smarter

This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
View on ACM (opens in a new tab)

A Secure Sharding Protocol For Open Blockchains

ELASTICO is the first candidate for a secure sharding protocol with presence of byzantine adversaries, and scalability experiments on Amazon EC2 with up to $1, 600$ nodes confirm ELASTICO's theoretical scaling properties.
View on ACM (opens in a new tab)

BitBlaze: A New Approach to Computer Security via Binary Analysis

An overview of the BitBlaze project, a new approach to computer security via binary analysis that focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems.
View via Publisher (opens in a new tab)

A Symbolic Execution Framework for JavaScript

This paper builds an automatic end-to-end tool, Kudzu, and applies it to the problem of finding client-side code injection vulnerabilities, and designs a new language of string constraints and implements a solver for it.
View on IEEE (opens in a new tab)

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale

Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits.
View on ACM (opens in a new tab)

Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks

This paper builds 3 end-to-end attacks to bypass randomization defenses without leaking addresses, to run a network bot which takes commands from the attacker, and to alter the memory permissions, demonstrating how the expressiveness offered by DOP significantly empowers the attacker.
View on IEEE (opens in a new tab)

Auror: defending against poisoning attacks in collaborative deep learning systems

This paper investigates the setting of indirect collaborative deep learning --- a form of practical deep learning wherein users submit masked features rather than direct data, and proposes Auror, a system that detects malicious users and generates an accurate model.
View on ACM (opens in a new tab)

Panoply: Low-TCB Linux Applications With SGX Enclaves

A new system called PANOPLY is presented which bridges the gap between the SGX-native abstractions and the standard OS abstractions which feature-rich, commodity Linux applications require and enables much stronger security in 4 real-world applications — including Tor, OpenSSL, and web services — which can base security on hardware-root of trust.
View via Publisher (opens in a new tab)

On Scaling Decentralized Blockchains - (A Position Paper)

The results suggest that reparameterization of block size and intervals should be viewed only as a first increment toward achieving next-generation, high-load blockchain protocols, and major advances will additionally require a basic rethinking of technical approaches.
View via Publisher (opens in a new tab)

Preventing Page Faults from Telling Your Secrets

This paper shows that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many case-studies.
View on ACM (opens in a new tab)
...
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)