Michael Rodler scite author profile

Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible runtime overhead. As a by-product, we develop three advanced reentrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools.

show abstract

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Rodler¹,

Li²,

Karame³

et al. 2018

Preprint

View full text Add to dashboard Cite

ANANAS - A Framework for Analyzing Android Applications

Eder

Rodler

Vymazal

et al. 2013

View full text Add to dashboard Cite

Control Behavior Integrity for Distributed Cyber-Physical Systems

Adepu

Brasser

García

et al. 2020

View full text Add to dashboard Cite

Cyber-physical control systems, such as industrial control systems (ICS), are increasingly targeted by cyberattacks. Such attacks can potentially cause tremendous damage, affect critical infrastructure or even jeopardize human life when the system does not behave as intended. Cyberattacks, however, are not new and decades of security research have developed plenty of solutions to thwart them. Unfortunately, many of these solutions cannot be easily applied to safety-critical cyber-physical systems. Further, the attack surface of ICS is quite different from what can be commonly assumed in classical IT systems.We present SCADMAN, a system with the goal to preserve the Control Behavior Integrity (CBI) of distributed cyber-physical systems. By observing the system-wide behavior, the correctness of individual controllers in the system can be verified. This allows SCADMAN to detect a wide range of attacks against controllers, like programmable logic controller (PLCs), including malware attacks, code-reuse and data-only attacks. We implemented and evaluated SCADMAN based on a real-world water treatment testbed for research and training on ICS security. Our results show that we can detect a wide range of attacks-including attacks that have previously been undetectable by typical state estimation techniques-while causing no false-positive warning for nominal threshold values.

show abstract

My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers

Paaßen

Surminski

Rodler

et al. 2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Michael Rodler

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

ANANAS - A Framework for Analyzing Android Applications

Control Behavior Integrity for Distributed Cyber-Physical Systems

My Fuzzer Beats Them All! Developing a Framework for Fair Evaluation and Comparison of Fuzzers

Contact Info

Product

Resources

About