Titulo Estágio
Building Secure Smart Contracts
Áreas de especialidade
Engenharia de Software
Engenharia de Software
Local do Estágio
DEI-CISUC
Enquadramento
Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects and vulnerabilities in these contracts has notably been the cause of failures, including severe security problems. Although there are several tools (e.g., formal verification tools) to detect defects in smart contracts, smart contracts are still deployed with bugs and security vulnerabilities, which is quite problematic in the blockchain environment, as it is not easy, if possible, in some blockchain implementations, to fix the bugs and redeploy the contracts. Thus, it is quite important to help developers to implement secure and bug-free smart contracts in the first place. To do it is required to first study and understand the smart contract-specific faults and vulnerabilities and to emulate (or inject) security attacks exploiting these vulnerabilities. This requires i) building a knowledge base regarding the common and possible security attacks to smart contracts, ii) building the attack injector, iii) building a representative (and relatively complete) fault model, iv) using software fault injection techniques to evaluate the effectiveness of attack injector.
Objetivo
The objectives of this internship are:
i) building a knowledge base regarding the common and possible security attacks to smart contracts, ii) building the attack injector, iii) building a representative (and relatively complete) fault model, iv) using software fault injection techniques to evaluate the effectiveness of attack injector.
Plano de Trabalhos - Semestre 1
[Some tasks might overlap; M=Month]
T1 (M1): Knowledge transfer and state of the art review on blockchain systems, smart contract, security vulnerabilities, security).
T2 (M2): Collect data regarding the reported vulnerabilities and attacks to smart contracts.
T3 (M3-M4): Analysis of the collected data and build fault and attack models
T4 (M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
[Some tasks might overlap; M=Month]
T5 (M6): Implementation (Improvement and extension of an existing prototype) of a fault injection tool.
T6 (M7): Implementation (Improvement and extension of an existing prototype) of an attack injector for smart contracts.
T7 (M8-M9): Plan the experiments for testing the tool, collecting a representative list of smart contracts, and perform the tests.
T8 (M10): Definition of smart contract security best practices.
T9 (M11): Writing the thesis.
T10 Write a research paper and submission to a related international conference.
Condições
The student will be integrated in the Software and Systems Engineering (SSE) group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and necessary computer resources will be provided.
Please contact the advisors for any question or clarification needed.
Observações
Advisors: Naghmeh Ivaki (naghmeh@dei.uc.pt), Nuno Laranjeiro (cnl@dei.uc.pt)
Orientador
Naghmeh Ivaki, Nuno Laranjeiro
naghmeh@dei.uc.pt 📩