• Publications
  • Influence
Making Smart Contracts Smarter
TLDR
We investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. Expand
  • 818
  • 144
  • PDF
A Secure Sharding Protocol For Open Blockchains
TLDR
We propose a new distributed agreement protocol for permission-less blockchains called ELASTICO, which scales almost linearly with available computation. Expand
  • 495
  • 73
  • PDF
BitBlaze: A New Approach to Computer Security via Binary Analysis
TLDR
In this paper, we give an overview of the BitBlaze project, a new approach to computer security via binary analysis, offering novel and effective solutions, as demonstrated with over a dozen different security applications. Expand
  • 703
  • 53
  • PDF
A Symbolic Execution Framework for JavaScript
TLDR
We propose the first complete symbolic-execution based system for exploring the execution space of JavaScript code using symbolic execution. Expand
  • 413
  • 48
  • PDF
Finding The Greedy, Prodigal, and Suicidal Contracts at Scale
TLDR
We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime. Expand
  • 229
  • 32
  • PDF
Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks
TLDR
We present a systematic technique called data-oriented programming (DOP) to construct expressive non-control data exploits for arbitrary x86 programs and show that such attacks are Turing-complete. Expand
  • 199
  • 32
  • PDF
Panoply: Low-TCB Linux Applications With SGX Enclaves
TLDR
We present a new system called PANOPLY which bridges the gap between the SGX-native abstractions and the standard OS abstractions which feature-rich, commodity Linux applications require. Expand
  • 153
  • 26
  • PDF
On Scaling Decentralized Blockchains - (A Position Paper)
TLDR
We analyze how fundamental and circumstantial bottlenecks in Bitcoin limit the ability of its current peer-to-peer overlay network to support substantially higher throughputs and lower latencies. Expand
  • 414
  • 24
  • PDF
Preventing Page Faults from Telling Your Secrets
TLDR
We show that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many cases. Expand
  • 142
  • 18
  • PDF
Protecting Browsers from Extension Vulnerabilities
TLDR
We analyze 25 popular Firefox extensions and find that 88% of these extensions need less than the full set of available privileges. Expand
  • 168
  • 16
  • PDF