EASYFLOW: Keep Ethereum Away From Overflow (ICSE 2019 - Demonstrations) - International Conference on Software Engineering 2019 in Montreal, Canada

Blogs (1) >>

Sat 25 - Fri 31 May 2019 Montreal, QC, Canada

Who

Jianbo Gao, Han Liu, Chao Liu, Qingshan Li, Zhi Guan, Zhong Chen

Track

ICSE 2019 Demonstrations

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Wed 29 May 2019 14:50 - 15:10 at Duluth - Security 2 Chair(s): Arie van Deursen

Abstract

While Ethereum smart contracts enabled a wide range of blockchain applications, they are extremely vulnerable to different forms of security attacks. Due to the fact that transactions to smart contracts commonly involve cryptocurrency transfer, any successful attacks can lead to money loss or even financial disorder. In this paper, we focus on the overflow attacks in Ethereum , mainly because they widely rooted in many smart contracts and comparatively easy to exploit. We have developed EASYFLOW , an overflow detector at Ethereum Virtual Machine level. The key insight behind EASYFLOW is a taint analysis based tracking technique to analyze the propagation of involved taints. Specifically, EASYFLOW can not only divide smart contracts into safe contracts, manifested overflows, well-protected overflows and potential overflows, but also automatically generate transactions to trigger potential overflows. In our preliminary evaluation, EASYFLOW managed to find potentially vulnerable Ethereum contracts with little runtime overhead.

Link to Preprint

https://arxiv.org/abs/1811.03814

Jianbo Gao

Peking University

Han Liu

Tsinghua University

China

Chao Liu

Qingshan Li

Peking University

Zhi Guan

Peking University

Zhong Chen

Link to Video

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Wed 29 May
Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30	Security 2Demonstrations / Technical Track / Papers / Journal-First Papers / New Ideas and Emerging Results at Duluth Chair(s): Arie van Deursen Delft University of Technology

14:00 20m Talk		The Seven Sins: Security Smells in Infrastructure as Code ScriptsTechnical TrackIndustry Program Technical Track Akond Rahman North Carolina State University, Chris Parnin NCSU, Laurie Williams North Carolina State University Pre-print
14:20 20m Talk		DifFuzz: Differential Fuzzing for Side-Channel AnalysisTechnical Track Technical Track Shirin Nilizadeh University of Texas at Arlington, Yannic Noller Humboldt-Universität zu Berlin, Corina S. Pasareanu Carnegie Mellon University Silicon Valley, NASA Ames Research Center Pre-print
14:40 10m Talk		Detecting Suspicious Package UpdatesIndustry ProgramNIER New Ideas and Emerging Results Kalil Garrett Georgia State University, Gabriel Ferreira Carnegie Mellon University, Limin Jia Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University, Christian Kästner Carnegie Mellon University Pre-print
14:50 20m Talk		EASYFLOW: Keep Ethereum Away From OverflowDemos Demonstrations Jianbo Gao Peking University, Han Liu Tsinghua University, Chao Liu , Qingshan Li Peking University, Zhi Guan Peking University, Zhong Chen Pre-print Media Attached
15:10 10m Talk		Automatic feature learning for predicting vulnerable software componentsIndustry ProgramJournal-First Journal-First Papers Hoa Khanh Dam University of Wollongong, Truyen Tran , Trang Pham Deakin University, Shien Wee Ng University of Wollongong, John Grundy Monash University, Aditya Ghose Link to publication DOI Pre-print
15:20 10m Talk		Discussion Period Papers