Evaluating Countermeasures for Verifying the Integrity of Ethereum Smart Contract Applications

Ji, Suhwan; Kim, Dohyung; Im, Hyeonseung

doi:10.1109/access.2021.3091317

Cited by 11 publications

(12 citation statements)

References 22 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…and evaluate the performance of analysis tools [64,85,87,101,106,111,137,169,227]. All of these surveys focus on Ethereum smart contracts written in Solidity, except the study of Yamashita, Kazuhiro et al [227], which investigates the potential risks of Hyperledger Fabric blockchain.…”

Section: Studymentioning

confidence: 99%

Pre-deployment Analysis of Smart Contracts -- A Survey

Munir¹,

Taha²

2023

Preprint

View full text Add to dashboard Cite

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment.Several patterns about the strengths of different methods emerge through this classification process.CCS Concepts: • General and reference → Surveys and overviews; • Software and its engineering → Automated static analysis; Dynamic analysis; Software verification.

show abstract

Section: Studymentioning

confidence: 99%

Pre-deployment Analysis of Smart Contracts -- A Survey

Munir¹,

Taha²

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…We noticed the following inter-contractual vulnerabilities. Reentrancy vulnerability: The reentrancy vulnerability [69,76,90,101,102,104,109,114,116,117,119,120,122,125,126] describes a vulnerability, where an external callee contract calls back to a function in the caller contract before the caller contract finishes and, thereby, bypasses the due validity. One example of an attack based on the reentrancy vulnerability is the decentralized autonomous organization (DAO) attack [52,69,125].…”

Section: Inter-contractual Vulnerabilitiesmentioning

confidence: 99%

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Pöhn,

Grabatin,

Hommel

2023

Applied Sciences

View full text Add to dashboard Cite

Self-sovereign identity (SSI) is a digital identity management model managed in a decentralized manner. It allows identity owners to manage and store their digital identities in a software wallet, for example, on a smartphone, without relying on centralized providers. This approach tries to enhance the security and privacy of digital identities and, thereby, their owners. With the new eIDAS regulation, elements of SSI, such as the wallet, are being pushed onto the market. However, since the model is relatively new, the security threats are still not fully known. This is shown by a brief security analysis of selected existing SSI wallets. In order to get a picture of the known threats, we systematically analyze and categorize related work in the field of SSI and elements applied by SSI. We then evaluate their application to current SSI systems and identify future work.

show abstract

“…The metric benchmarks that are covered by studies can be classified into seven groups: (1) functional [ 122 ] (in some studies called performance), in which HIoT BC-IdM are evaluated based on the primary functions that the system must perform; (2) security; (3) privacy levels [ 86 , 123 , 124 ]; (4) trust; (5) user experience [ 125 ]; (6) portability and interoperability [ 71 ]; and (7) regulation compliance metrics [ 126 ]. Moreover, some studies, such as [ 127 ], went further and proposed using a tool to evaluate the security countermeasure solutions based on security metrics. Skilled security auditors who are experts in BC-based applications are vital in the security risk management process [ 128 ].…”

Section: Taxonomymentioning

confidence: 99%

“…The risk-contributing factors are classified as privacy- and security-contributing factors. Finally, six types of risk solutions are identified from the literature: (1) novel security risk management frameworks, (2) security risk assessment/risk analysis based on general risk assessment standards, (3) threat models, (4) risk analysis tools as services (static [ 111 ] or dynamic [ 107 ]), (5) solutions proposed to evaluate security risk countermeasures [ 124 , 127 ], and (6) risk penetration testing solutions.…”

Section: Taxonomymentioning

confidence: 99%

“…Fraud and fraud victims classifications are given. [S103]Evaluating Countermeasures for Verifying the Integrity of Ethereum Smart Contract Applications [ 127 ] Review study including evaluation of the effectiveness of Ethereum Smart Contract vulnerability countermeasure solutions. A dynamic analysis tool to verify the integrity of SCs are proposed.…”

Section: Table A1mentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT

Alamri

Crowley

Richardson

2022

Sensors

View full text Add to dashboard Cite

Blockchain (BC) has recently paved the way for developing Decentralized Identity Management (IdM) systems for different information systems. Researchers widely use it to develop decentralized IdM systems for the Health Internet of Things (HIoT). HIoT is considered a vulnerable system that produces and processes sensitive data. BC-based IdM systems have the potential to be more secure and privacy-aware than centralized IdM systems. However, many studies have shown potential security risks to using BC. A Systematic Literature Review (SLR) conducted by the authors on BC-based IdM systems in HIoT systems showed a lack of comprehensive security and risk management frameworks for BC-based IdM systems in HIoT. Conducting a further SLR focusing on risk management and supplemented by Grey Literature (GL), in this paper, a security taxonomy, security framework, and cybersecurity risk management framework for the HIoT BC-IdM systems are identified and proposed. The cybersecurity risk management framework will significantly assist developers, researchers, and organizations in developing a secure BC-based IdM to ensure HIoT users’ data privacy and security.

show abstract

Evaluating Countermeasures for Verifying the Integrity of Ethereum Smart Contract Applications

Cited by 11 publications

References 22 publications

Pre-deployment Analysis of Smart Contracts -- A Survey

Pre-deployment Analysis of Smart Contracts -- A Survey

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT

Contact Info

Product

Resources

About