Objectives

• Developing a security policy verification and validation platform for smart contracts
• Reverse engineering user role models from past transactions
• Integration with the STACS Mercury trading platform

Existing Solutions and Their Limitations

• Focusing only on commonly seen low-level programming bugs
• Based on pre-defined vulnerability patterns
• Output a lot of false positives
• Fail to detect high-level design flaws and bugs due to flaws in security policies

Outcomes / Deliverables

• Design and develop an access-control model recovery algorithm from historical smart contract transaction data
  • Creating a real-world role mining benchmark set
  • Collecting a real-world permission bug benchmark set based on published CVEs
  • Implement the role mining engine and evaluate on the created benchmarks
• Develop a conformance testing engine for security policy validation
  • Investigating practical information flow policies in the financial domains
  • Integrate testing engine with the STACS blockchain platform
  • Perform evaluation on industrial use cases

Practical Applications and Impact

• Integrated as a part of a smart contract security analysis pipeline
• Detecting security policy violations in financial decentralized applications