Detail výsledku

CoinWatch: A Clone-Based Approach for Detecting Vulnerabilities in Cryptocurrencies

HUM, Q.; TAN, W.; TEY, S.; LENUS, L.; HOMOLIAK, I.; LIN, Y.; SUN, J. CoinWatch: A Clone-Based Approach for Detecting Vulnerabilities in Cryptocurrencies. In 3rd IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN (BLOCKCHAIN 2020). Rhodos: Institute of Electrical and Electronics Engineers, 2020. p. 17-25. ISBN: 978-0-7381-0495-9.
Typ
článek ve sborníku konference
Jazyk
anglicky
Autoři
HUM, Q.
TAN, W.
TEY, S.
LENUS, L.
Homoliak Ivan, doc. Ing., Ph.D., UITS (FIT)
LIN, Y.
SUN, J.
Abstrakt

Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin's core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, and we propose CoinWatch (CW). Given a reported vulnerability at the input, CW uses the code evolution analysis and a clone detection technique for indication of cryptocurrencies that might be vulnerable. We applied CW on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.

Klíčová slova

clone detection, cryptocurrencies, security, vulnerability propagation

URL
Rok
2020
Strany
17–25
Sborník
3rd IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN (BLOCKCHAIN 2020)
Konference
IEEE Blockchain
ISBN
978-0-7381-0495-9
Vydavatel
Institute of Electrical and Electronics Engineers
Místo
Rhodos
DOI
10.1109/Blockchain50366.2020.00011
UT WoS
000647642100003
EID Scopus
2-s2.0-85099187822
BibTeX 
@inproceedings{BUT168144,
  author="HUM, Q. and TAN, W. and TEY, S. and LENUS, L. and HOMOLIAK, I. and LIN, Y. and SUN, J.",
  title="CoinWatch: A Clone-Based Approach for Detecting Vulnerabilities in Cryptocurrencies",
  booktitle="3rd IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN (BLOCKCHAIN 2020)",
  year="2020",
  pages="17--25",
  publisher="Institute of Electrical and Electronics Engineers",
  address="Rhodos",
  doi="10.1109/Blockchain50366.2020.00011",
  isbn="978-0-7381-0495-9",
  url="http://dx.doi.org/10.1109/Blockchain50366.2020.00011"
}
Projekty
Spolehlivé, bezpečné a efektivní počítačové systémy, VUT, Vnitřní projekty VUT, FIT-S-20-6427, zahájení: 2020-03-01, ukončení: 2023-02-28, ukončen
Škálovatelné techniky pro analýzu komplexních vlastností počítačových systémů, GAČR, Standardní projekty, GA20-07487S, zahájení: 2020-01-01, ukončení: 2022-12-31, ukončen
Verifikace a validace spolehlivosti a bezpečnosti automatizovaných systémů, EU, Horizon 2020, 8A20009, zahájení: 2020-05-01, ukončení: 2023-07-31, ukončen
Výzkumné skupiny
Výzkumná skupina automatizované analýzy a verifikace - VeriFIT (VZ VERIFIT)
Výzkumná skupina bezpečnosti informačních technologií (VZ Security@FIT)
Pracoviště
Ústav inteligentních systémů (UITS)
Nahoru