Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Wed 29 May 2019 14:50 - 15:10 at Duluth - Security 2 Chair(s): Arie van Deursen

While Ethereum smart contracts enabled a wide range of blockchain applications, they are extremely vulnerable to different forms of security attacks. Due to the fact that transactions to smart contracts commonly involve cryptocurrency transfer, any successful attacks can lead to money loss or even financial disorder. In this paper, we focus on the overflow attacks in Ethereum , mainly because they widely rooted in many smart contracts and comparatively easy to exploit. We have developed EASYFLOW , an overflow detector at Ethereum Virtual Machine level. The key insight behind EASYFLOW is a taint analysis based tracking technique to analyze the propagation of involved taints. Specifically, EASYFLOW can not only divide smart contracts into safe contracts, manifested overflows, well-protected overflows and potential overflows, but also automatically generate transactions to trigger potential overflows. In our preliminary evaluation, EASYFLOW managed to find potentially vulnerable Ethereum contracts with little runtime overhead.

Wed 29 May
Times are displayed in time zone: Eastern Time (US & Canada) change

14:00 - 15:30: Security 2Papers / Demonstrations / Technical Track / Journal-First Papers / New Ideas and Emerging Results at Duluth
Chair(s): Arie van DeursenDelft University of Technology
14:00 - 14:20
The Seven Sins: Security Smells in Infrastructure as Code ScriptsArtifacts AvailableACM SIGSOFT Distinguished Paper AwardTechnical TrackIndustry Program
Technical Track
Akond RahmanNorth Carolina State University, Chris ParninNCSU, Laurie WilliamsNorth Carolina State University
14:20 - 14:40
DifFuzz: Differential Fuzzing for Side-Channel AnalysisArtifacts AvailableArtifacts Evaluated ReusableTechnical Track
Technical Track
Shirin NilizadehUniversity of Texas at Arlington, Yannic NollerHumboldt-Universität zu Berlin, Corina S. PasareanuCarnegie Mellon University Silicon Valley, NASA Ames Research Center
14:40 - 14:50
Detecting Suspicious Package UpdatesIndustry ProgramNIER
New Ideas and Emerging Results
Kalil GarrettGeorgia State University, Gabriel FerreiraCarnegie Mellon University, Limin JiaCarnegie Mellon University, Joshua SunshineCarnegie Mellon University, Christian KaestnerCarnegie Mellon University
14:50 - 15:10
EASYFLOW: Keep Ethereum Away From OverflowDemos
Jianbo GaoPeking University, Han LiuTsinghua University, Chao Liu, Qingshan LiPeking University, Zhi GuanPeking University, Zhong Chen
Pre-print Media Attached
15:10 - 15:20
Automatic feature learning for predicting vulnerable software componentsIndustry ProgramJournal-First
Journal-First Papers
Hoa Khanh DamUniversity of Wollongong, Truyen Tran, Trang PhamDeakin University, Shien Wee NgUniversity of Wollongong, John GrundyMonash University, Aditya Ghose
Link to publication DOI Pre-print
15:20 - 15:30
Discussion Period