27 research outputs found
Short Paper: Blockcheck the Typechain
Recent efforts have sought to design new smart contract programming languages that make writing blockchain programs safer. But programs on the blockchain are beholden only to the safety properties enforced by the blockchain itself: even the strictest language-only properties can be rendered moot on a language-oblivious blockchain due to inter-contract interactions. Consequently, while safer languages are a necessity, fully realizing their benefits necessitates a language-aware redesign of the blockchain itself. To this end, we propose that the blockchain be viewed as a typechain: a chain of typed programs-not arbitrary blocks-that are included iff they typecheck against the existing chain. Reaching consensus, or blockchecking, validates typechecking in a byzantine fault-tolerant manner. Safety properties traditionally enforced by a runtime are instead enforced by a type system with the aim of statically capturing smart contract correctness. To provide a robust level of safety, we contend that a typechain must minimally guarantee (1) asset linearity and liveness, (2) physical resource availability, including CPU and memory, (3) exceptionless execution, or no early termination, (4) protocol conformance, or adherence to some state machine, and (5) inter-contract safety, including reentrancy safety. Despite their exacting nature, typechains are extensible, allowing for rich libraries that extend the set of verified properties. We expand on typechain properties and present examples of real-world bugs they prevent
Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets
International audienceBrowser extensions enhance the web experience and have seen great adoption from users in the past decade. At the same time, past research has shown that online trackers can use various techniques to infer the presence of installed extensions and abuse them to track users as well as uncover sensitive information about them. In this work we present a novel extension-fingerprinting vector showing how style modifications from browser extensions can be abused to identify installed extensions. We propose a pipeline that analyzes extensions both statically and dynamically and pinpoints their injected style sheets. Based on these, we craft a set of triggers that uniquely identify browser extensions from the context of the visited page. We analyzed 116K extensions from Chrome's Web Store and report that 6,645 of them inject style sheets on any website that users visit. Our pipeline has created triggers that uniquely identify 4,446 of these extensions, 1,074 (24%) of which could not be fingerprinted with previous techniques. Given the power of this new extension-fingerprinting vector, we propose specific countermeasures against style fingerprinting that have minimal impact on the overall user experience
Token-Modification Adversarial Attacks for Natural Language Processing: A Survey
There are now many adversarial attacks for natural language processing
systems. Of these, a vast majority achieve success by modifying individual
document tokens, which we call here a \textit{token-modification} attack. Each
token-modification attack is defined by a specific combination of fundamental
\textit{components}, such as a constraint on the adversary or a particular
search algorithm. Motivated by this observation, we survey existing
token-modification attacks and extract the components of each. We use an
attack-independent framework to structure our survey which results in an
effective categorisation of the field and an easy comparison of components. We
hope this survey will guide new researchers to this field and spark further
research into the individual attack components.Comment: 8 pages, 1 figur
UniASM: Binary Code Similarity Detection without Fine-tuning
Binary code similarity detection (BCSD) is widely used in various binary
analysis tasks such as vulnerability search, malware detection, clone
detection, and patch analysis. Recent studies have shown that the
learning-based binary code embedding models perform better than the traditional
feature-based approaches. In this paper, we proposed a novel transformer-based
binary code embedding model, named UniASM, to learn representations of the
binary functions. We designed two new training tasks to make the spatial
distribution of the generated vectors more uniform, which can be used directly
in BCSD without any fine-tuning. In addition, we proposed a new tokenization
approach for binary functions, increasing the token's semantic information
while mitigating the out-of-vocabulary (OOV) problem. The experimental results
show that UniASM outperforms state-of-the-art (SOTA) approaches on the
evaluation dataset. We achieved the average scores of recall@1 on
cross-compilers, cross-optimization-levels and cross-obfuscations are 0.72,
0.63, and 0.77, which is higher than existing SOTA baselines. In a real-world
task of known vulnerability searching, UniASM outperforms all the current
baselines.Comment: This work has been submitted to the IEEE for possible publication.
Copyright may be transferred without notice, after which this version may no
longer be accessibl
What is Meant by Permissionless Blockchains?
The term permissionless has established itself within the context of blockchain and distributed ledger research to characterize protocols and systems that exhibit similar properties to Bitcoin. However, the notion of what is meant by permissionlessness is often vague or left implicit within the various literature, rendering it imprecise and hard to compare. We hereby shed light onto this topic by revising research that either incorporates or defines the term permissionless and systematically expose the properties and characteristics that its utilization intends to capture. Based on this review, we highlight current shortcomings and blind spots within the available definitions. In particular, the ability to freely perform transactions between users is often not adequately incorporated and different actor roles are left unspecified. Furthermore, the topics of privacy and governance appear to be largely overlooked
LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains
Security and privacy issues with centralized exchange services have motivated the design of atomic swap protocols for decentralized trading across currencies. These protocols follow a standard blueprint similar to the 2-phase commit in databases: (i) both users first lock their coins under a certain (cryptographic) condition and a timeout; (ii-a) the coins are swapped if the condition is fulfilled; or (ii-b) coins are released after the timeout. The quest for these protocols is to minimize the requirements from the scripting language supported by the swapped coins, thereby supporting a larger range of cryptocurrencies. The recently proposed universal atomic swap protocol [IEEE S&P’22] demonstrates how to swap coins whose scripting language only supports the verification of a digital signature on a transaction. However, the timeout functionality is cryptographically simulated with verifiable timelock puzzles, a computationally expensive primitive that hinders its use in battery-constrained devices such as mobile phones. In this state of affairs, we question whether the 2-phase commit paradigm is necessary for atomic swaps in the first place. In other words, is it possible to design a secure atomic swap protocol where the timeout is not used by (at least one of the two) users?
In this work, we present LightSwap, the first secure atomic swap protocol that does not require the timeout functionality (not even in the form of a cryptographic puzzle) by one of the two users. LightSwap is thus better suited for scenarios where a user, running an instance of LightSwap on her mobile phone, wants to exchange coins with an online exchange service running an instance of LightSwap on a computer. We show how LightSwap can be used to swap Bitcoin and Monero, an interesting use case since Monero does not provide any scripting functionality support other than linkable ring signature verification
BaseSAFE: Baseband SAnitized Fuzzing through Emulation
Rogue base stations are an effective attack vector. Cellular basebands
represent a critical part of the smartphone's security: they parse large
amounts of data even before authentication. They can, therefore, grant an
attacker a very stealthy way to gather information about calls placed and even
to escalate to the main operating system, over-the-air. In this paper, we
discuss a novel cellular fuzzing framework that aims to help security
researchers find critical bugs in cellular basebands and similar embedded
systems. BaseSAFE allows partial rehosting of cellular basebands for fast
instrumented fuzzing off-device, even for closed-source firmware blobs.
BaseSAFE's sanitizing drop-in allocator, enables spotting heap-based
buffer-overflows quickly. Using our proof-of-concept harness, we fuzzed various
parsers of the Nucleus RTOS-based MediaTek cellular baseband that are
accessible from rogue base stations. The emulator instrumentation is highly
optimized, reaching hundreds of executions per second on each core for our
complex test case, around 15k test-cases per second in total. Furthermore, we
discuss attack vectors for baseband modems. To the best of our knowledge, this
is the first use of emulation-based fuzzing for security testing of commercial
cellular basebands. Most of the tooling and approaches of BaseSAFE are also
applicable for other low-level kernels and firmware. Using BaseSAFE, we were
able to find memory corruptions including heap out-of-bounds writes using our
proof-of-concept fuzzing harness in the MediaTek cellular baseband. BaseSAFE,
the harness, and a large collection of LTE signaling message test cases will be
released open-source upon publication of this paper