S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts

Smart contracts, as a promising and powerful application on the Ethereum blockchain, have been growing rapidly in the past few years. Since they are highly vulnerable to different forms of attacks, their security becomes a top priority. However, existing security auditing techniques are either limit...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE) s. 814 - 819
Hlavní autori: Liu, Han, Liu, Chao, Zhao, Wenqi, Jiang, Yu, Sun, Jiaguang
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: ACM 01.09.2018
Predmet:
Blockchains
Labeling
language modeling
Metadata
Probability
Security
security auditing
Semantics
Sensitivity
Smart contracts
Software engineering
static semantic labeling
Tokenization
ISSN:2643-1572
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Smart contracts, as a promising and powerful application on the Ethereum blockchain, have been growing rapidly in the past few years. Since they are highly vulnerable to different forms of attacks, their security becomes a top priority. However, existing security auditing techniques are either limited in finding vulnerabilities (rely on pre-defined bug patterns) or very expensive (rely on program analysis), thus are insufficient for Ethereum. To mitigate these limitations, we proposed a novel semantic-aware security auditing technique called S-GRAM for Ethereum. The key insight is a combination of N-gram language modeling and lightweight static semantic labeling, which can learn statistical regularities of contract tokens and capture high-level semantics as well (e.g., flow sensitivity of a transaction). S-GRAM can be used to predict potential vulnerabilities by identifying irregular token sequences and optimize existing in-depth analyzers (e.g., symbolic execution engines, fuzzers etc.). We have implemented S-GRAM for Solidity smart contracts in Ethereum. The evaluation demonstrated the potential of S-GRAM in identifying possible security issues.
ISSN:2643-1572
DOI:10.1145/3238147.3240728