Objectives
- Developing a security policy verification and validation platform for smart contracts
- Reverse engineering user role models from past transactions
- Integration with the STACS Mercury trading platform
Existing Solutions and Their Limitations
- Focusing only on commonly seen low-level programming bugs
- Based on pre-defined vulnerability patterns
- Output a lot of false positives
- Fail to detect high-level design flaws and bugs due to flaws in security policies
Outcomes / Deliverables
- Design and develop an access-control model recovery algorithm from historical smart contract transaction data
- Creating a real-world role mining benchmark set
- Collecting a real-world permission bug benchmark set based on published CVEs
- Implement the role mining engine and evaluate on the created benchmarks
- Develop a conformance testing engine for security policy validation
- Investigating practical information flow policies in the financial domains
- Integrate testing engine with the STACS blockchain platform
- Perform evaluation on industrial use cases
Practical Applications and Impact
- Integrated as a part of a smart contract security analysis pipeline
- Detecting security policy violations in financial decentralized applications
SUBSCRIBE TO OUR NEWSLETTER
Keep up to date with what's happening at the Singapore Management University