Attack Resistant Defense Mechanisms Website

Applications and Security of Blockchain

Overview of Research

Smart contracts are immutable programs on the Blockchain that enforce legal and financial contracts. There are many reported cases of security exploits of smart contracts resulting in millions of dollars in lost coins. In this project, we are developing a variety of tools, including but not limited to combinations of static and symbolic analysis, fuzzing, and verification methods, aimed at detecting security vulnerabilities in smart contracts. We furthur, investigate the possibility of expanding the applications of Blockchain.

Attack Resistant Defense Mechanisms

Overview of Research

Attack resistance is a formal framework to evaluate defense mechanisms like ASLR and cryptographic obfuscation. It ensures that a protected program ((P + D)) is computationally indistinguishable from an ideal program ((IP)), even if both have the same bug. This means attackers cannot exploit vulnerabilities in (P + D) due to the defense mechanism (D). The framework reduces the attacker’s success probability to negligible levels, leveraging security parameters like random seeds. Variants also address practical, weaker attackers, such as SAT-based models.

Some of the projects we are working on include:

  1. Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities
  2. Attack-resistance Defense Mechanism
  3. MPro (formerly known as M-Pro) : Combining Static and Symbolic Analysis for Scalable Testing of Smart Contracts

Publications:

  1. Behkish Nassirzadeh, Albert Heinle, Stefanos Leonardos, Anwar Hasan, and Vijay Ganesh
    CountChain: A Decentralized Oracle Network for Counting Systems
    IEEE International Conference on Blockchain (Part of IEEE Cybermatics Congress), Copenhagen, Denmark, August 19-22, 2024.
    [pdf][bib]

  2. Behkish Nassirzadeh, Albert Heinle, Stefanos Leonardos, Anwar Hasan, and Vijay Ganesh
    AdChain: Decentralized Header Bidding
    The International Conference on Mathematical Research for Blockchain Economy, Springer, Malaga, Spain, July 9 - 11 , 2024,
    [pdf][bib]

  3. Behkish Nassirzadeh, Huaiying Sun, Sebastian Banescu, and Vijay Ganesh
    Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities
    MARBLE 2022 The 3rd International Conference on Mathematical Research for Blockchain Economy, Vilamoura, Portugal, July 12 - 14, 2022.
    [pdf][bib]

  4. William Zhang, Sebastian Banescu, Leodardo Pasos, Steven Stewart, and Vijay Ganesh
    MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract
    The 30th International Symposium on Software Reliability Engineering (ISSRE 2019), Berlin, Germany, Nov 01 , 2019.
    [pdf][bib]

  5. Martin Ochoa, Sebastian Banescu, Cynthia Disenfeld, Gilles Barthe, and Vijay Ganesh
    Reasoning about Probabilistic Defense Mechanisms against Remote Attacks
    The Second IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2017), Paris, France, April 28, 2017.
    [pdf][bib]

  6. Vijay Ganesh, Sebastian Banescu, and Martin Ochoa
    The Meaning of Attack-Resistant Programs
    International Workshop on Programming Languages and Security (PLAS at ECOOP 2015), Prague, Czech Republic, July 6, 2015. Presentation-only at International Workshop on Foundations of Computer Security (FCS at CSF 2015), Verona, Italy, July 13, 2015.
    [pdf][bib]

  7. Vijay Ganesh, Michael Carbin, and Martin Rinard
    Cryptographic Path Hardening: Hiding Vulnerabilities in Software through Cryptography
    Off-the-Beaten-Path Workshop @ POPL 2012, Philadelphia, PA, USA, January 22, 2012.
    [pdf][bib]