S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts

Smart contracts, as a promising and powerful application on the Ethereum blockchain, have been growing rapidly in the past few years. Since they are highly vulnerable to different forms of attacks, their security becomes a top priority. However, existing security auditing techniques are either limit...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE) S. 814 - 819
Hauptverfasser: Liu, Han, Liu, Chao, Zhao, Wenqi, Jiang, Yu, Sun, Jiaguang
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: ACM 01.09.2018
Schlagworte:
Blockchains
Labeling
language modeling
Metadata
Probability
Security
security auditing
Semantics
Sensitivity
Smart contracts
Software engineering
static semantic labeling
Tokenization
ISSN:2643-1572
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Smart contracts, as a promising and powerful application on the Ethereum blockchain, have been growing rapidly in the past few years. Since they are highly vulnerable to different forms of attacks, their security becomes a top priority. However, existing security auditing techniques are either limited in finding vulnerabilities (rely on pre-defined bug patterns) or very expensive (rely on program analysis), thus are insufficient for Ethereum. To mitigate these limitations, we proposed a novel semantic-aware security auditing technique called S-GRAM for Ethereum. The key insight is a combination of N-gram language modeling and lightweight static semantic labeling, which can learn statistical regularities of contract tokens and capture high-level semantics as well (e.g., flow sensitivity of a transaction). S-GRAM can be used to predict potential vulnerabilities by identifying irregular token sequences and optimize existing in-depth analyzers (e.g., symbolic execution engines, fuzzers etc.). We have implemented S-GRAM for Solidity smart contracts in Ethereum. The evaluation demonstrated the potential of S-GRAM in identifying possible security issues.
ISSN:2643-1572
DOI:10.1145/3238147.3240728