Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts

Hajdu, Ákos; Ivaki, Naghmeh; Kocsis, Imre; Klenik, Attila; Gönczy, László; Laranjeiro, Nuno; Madeira, Henrique; Pataricza, András

doi:10.1109/access.2020.3032239

Cited by 11 publications

(8 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bouichou et al [100] enumerate the issues as privacy and control, storage accessibility, logic, compiler, authentication, cryptography, initiation, wrong attribution of names, arithmetic, useless code, user interface, time constraint, and requirement violation. Sharma and Shak [72] and Snegireva [77] summarize them as faults and vulnerabilities, whereas Hajdu et al [128] map vulnerabilities to common weakness enumerations (CWEs). These can have different reasons and occur at different places, such as contracts, programming languages, or implementation.…”

Section: Application Layermentioning

confidence: 99%

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Pöhn,

Grabatin,

Hommel

2023

Applied Sciences

View full text Add to dashboard Cite

Self-sovereign identity (SSI) is a digital identity management model managed in a decentralized manner. It allows identity owners to manage and store their digital identities in a software wallet, for example, on a smartphone, without relying on centralized providers. This approach tries to enhance the security and privacy of digital identities and, thereby, their owners. With the new eIDAS regulation, elements of SSI, such as the wallet, are being pushed onto the market. However, since the model is relatively new, the security threats are still not fully known. This is shown by a brief security analysis of selected existing SSI wallets. In order to get a picture of the known threats, we systematically analyze and categorize related work in the field of SSI and elements applied by SSI. We then evaluate their application to current SSI systems and identify future work.

show abstract

Section: Application Layermentioning

confidence: 99%

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Pöhn,

Grabatin,

Hommel

2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…The data processing workload is the framework for understanding the performance of private blockchains. Common software failures and blockchain-specific software failures [12] (e.g., the need for a transaction sender) affect the reliability and integrity of the Smart Contract Index and observations of absolute reliability.…”

Section: Related Workmentioning

confidence: 99%

Linear Elliptical Curve Digital Signature (LECDS) With Blockchain Approach for Enhanced Security on Cloud Server

Sowmiya

Poovammal

Ramana³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Cloud computing is a continuously evolving technology that can enhance agility, availability, collaboration and scalability of data. Blockchain has a secure, immutable ledger which maintains all the transactions along with the timestamp. The blockchain framework and cloud computing technology jointly provides different ways of computational cost reduction. The existing methods help to identify the anonymous documents which are given in the form of requests from the cloud server. If the anonymized document requests are from the authorized users, then cloud provides better security and hence documents are not available for unauthorized users. But the main issue is access rights available for authorized users on sensitive data of the owner. To maintain the privacy the sensitive data are hidden using cryptographic techniques even for authorized users. The method adopted is Linear Elliptical Curve Digital Signature (LECDS) with Hyperledger blockchain, to prevent private data loss. The Linear regression method is used to classify the user information into two classes namely sensitive and non-sensitive. The nonsensitive data is encrypted using RSA and sensitive data is encrypted using LECC method. Modified Spider optimization search Algorithm (MSOA) is used to verify the integrity of outsourced data and search user query information in a cloud server. The hyper ledger blockchain verifies the user policy to create a private network through which the user communicates the cloud. In the analysis of the proposed method, the results are evaluated using various performance metrics such as security, throughput, classification accuracy and error rate.

show abstract

“…Fu et al [26] designed EVMFuzzer, a framework that generates seed contracts via a set of predefined mutators to find security bugs in different EVM implementations. Hajdu et al [28] proposed an approach that assesses the behavior of permissioned blockchain systems by injecting faults into smart contracts. Wang et al [52] invented ContraMaster, an oraclesupported fuzzing tool that detects exploitable vulnerabilities in smart contracts.…”

Section: Related Work a Blockchain Dependabilitymentioning

confidence: 99%

Chaos Engineering of Ethereum Blockchain Clients

Zhang¹,

Ron²,

Baudry³

et al. 2021

Preprint

View full text Add to dashboard Cite

The Ethereum blockchain is the operational backbone of major decentralized finance platforms. As such, it is expected to be exceptionally reliable. In this paper, we present CHAOSETH, a chaos engineering tool for resilience assessment of Ethereum clients. CHAOSETH operates in the following manner: First, it monitors Ethereum clients to determine their normal behavior. Then, it injects system call invocation errors into the Ethereum clients and observes the resulting behavior under perturbation. Finally, CHAOSETH compares the behavior recorded before, during, and after perturbation to assess the impact of the injected system call invocation errors. The experiments are performed on the two most popular Ethereum client implementations: GoEthereum and OpenEthereum. We experiment with 22 different types of system call invocation errors. We assess their impact on the Ethereum clients with respect to 15 applicationlevel metrics. Our results reveal a broad spectrum of resilience characteristics of Ethereum clients in the presence of system call invocation errors, ranging from direct crashes to full resilience. The experiments clearly demonstrate the feasibility of applying chaos engineering principles to blockchains.

show abstract

Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts

Cited by 11 publications

References 37 publications

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Linear Elliptical Curve Digital Signature (LECDS) With Blockchain Approach for Enhanced Security on Cloud Server

Chaos Engineering of Ethereum Blockchain Clients

Contact Info

Product

Resources

About