Titulo Estágio
Vulnerability Prevention in Blockchain Smart Contracts
Local do Estágio
DEI-FCTUC
Enquadramento
Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects and vulnerabilities in these contracts has notably been the cause of failures, including severe security problems. The most promising approach for building more secure blockchain systems is to prevent smart contracts to be shipped with vulnerabilities.
Objetivo
In this work, we aim to build a knowledge base regarding the most frequent software fault and vulnerabilities in smart contracts as well as the common and possible security attacks to blockchain systems, in particular to smart contracts (e.g., integer overflow). A deep analysis of these data will let us to define smart contract security best practices which will help developers to avoid leaving such vulnerabilities in the code. We also aim to build an attack injector to exploit high-risk vulnerabilities (i.e., frequently appearing in the code and frequently exploited by attacker) allowing us to detect and remove the frequent and more serious vulnerabilities from smart contract code. This will also let us to measure the effectiveness of defined best practices.
Plano de Trabalhos - Semestre 1
[Some tasks might overlap; M=Month]
T1 (M1): Knowledge transfer and state of the art review on blockchain systems, smart contract, security vulnerabilities, security).
T2 (M2): Collect data regarding the reported vulnerabilities and attacks to smart contracts.
T3 (M3-M4): Analysis of the collected data and build fault and attack models
T4 (M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
[Some tasks might overlap; M=Month]
T5 (M6-M7): Implementation of a fault injection tool and an attack injector for smart contracts.
T1 (M7): Plan the experiments for testing the tool and collecting representative list of smart contracts.
T2 (M8): Definition of smart contract security best practices.
T3 (M9): Perform the tests.
T4 (M10): Writing the thesis.
T5 Write a research paper and submission to a related international conference.
Condições
The selected student will be integrated in the Software and Systems Engineering group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and necessary computer resources will be provided.
Observações
Please contact the advisor for any question or clarification needed.
Orientador
Naghmeh Ivaki, Nuno Laranjeiro
naghmeh@dei.uc.pt 📩