A Security Policy Verification and Validation Platform for Smart Contracts


  • Developing a security policy verification and validation platform for smart contracts
  • Reverse engineering user role models from past transactions
  • Integration with the STACS Mercury trading platform


Existing Solutions and Their Limitations

  • Focusing only on commonly seen low-level programming bugs
  • Based on pre-defined vulnerability patterns
  • Output a lot of false positives
  • Fail to detect high-level design flaws and bugs due to flaws in security policies


Outcomes / Deliverables

  • Design and develop an access-control model recovery algorithm from historical smart contract transaction data
    • Creating a real-world role mining benchmark set
    • Collecting a real-world permission bug benchmark set based on published CVEs
    • Implement the role mining engine and evaluate on the created benchmarks
  • Develop a conformance testing engine for security policy validation
    • Investigating practical information flow policies in the financial domains
    • Integrate testing engine with the STACS blockchain platform
    • Perform evaluation on industrial use cases


Practical Applications and Impact

  • Integrated as a part of a smart contract security analysis pipeline
  • Detecting security policy violations in financial decentralized applications



Keep up to date with what's happening at the Singapore Management University

Newsletter checkboxes