• Publications
  • Influence
Making Smart Contracts Smarter
TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
A Secure Sharding Protocol For Open Blockchains
TLDR
ELASTICO is the first candidate for a secure sharding protocol with presence of byzantine adversaries, and scalability experiments on Amazon EC2 with up to $1, 600$ nodes confirm ELASTICO's theoretical scaling properties.
BitBlaze: A New Approach to Computer Security via Binary Analysis
TLDR
An overview of the BitBlaze project, a new approach to computer security via binary analysis that focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems.
A Symbolic Execution Framework for JavaScript
TLDR
This paper builds an automatic end-to-end tool, Kudzu, and applies it to the problem of finding client-side code injection vulnerabilities, and designs a new language of string constraints and implements a solver for it.
Finding The Greedy, Prodigal, and Suicidal Contracts at Scale
TLDR
Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits.
Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks
TLDR
This paper builds 3 end-to-end attacks to bypass randomization defenses without leaking addresses, to run a network bot which takes commands from the attacker, and to alter the memory permissions, demonstrating how the expressiveness offered by DOP significantly empowers the attacker.
Panoply: Low-TCB Linux Applications With SGX Enclaves
TLDR
A new system called PANOPLY is presented which bridges the gap between the SGX-native abstractions and the standard OS abstractions which feature-rich, commodity Linux applications require and enables much stronger security in 4 real-world applications — including Tor, OpenSSL, and web services — which can base security on hardware-root of trust.
On Scaling Decentralized Blockchains - (A Position Paper)
TLDR
The results suggest that reparameterization of block size and intervals should be viewed only as a first increment toward achieving next-generation, high-load blockchain protocols, and major advances will additionally require a basic rethinking of technical approaches.
Auror: defending against poisoning attacks in collaborative deep learning systems
TLDR
This paper investigates the setting of indirect collaborative deep learning --- a form of practical deep learning wherein users submit masked features rather than direct data, and proposes Auror, a system that detects malicious users and generates an accurate model.
Preventing Page Faults from Telling Your Secrets
TLDR
This paper shows that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many case-studies.
...
1
2
3
4
5
...