Characterizing and Detecting WebAssembly Runtime Bugs

WebAssembly (abbreviated WASM) has emerged as a promising language of the Web and also been used for a wide spectrum of software applications such as mobile applications and desktop applications. These applications, named as WASM applications, commonly run in WASM runtimes. Bugs in WASM runtimes are frequently reported by developers and cause the crash of WASM applications. However, these bugs have not been well studied. To fill in the knowledge gap, we present a systematic study to characterize and detect bugs in WASM runtimes. We first harvest a dataset of 311 real-world bugs from hundreds of related posts on GitHub. Based on the collected high-quality bug reports, we distill 31 bug categories of WASM runtimes and summarize their common fix strategies. Furthermore, we develop a pattern-based bug detection framework to automatically detect bugs in WASM runtimes. We apply the detection framework to seven popular WASM runtimes and successfully uncover 60 bugs that have never been reported previously, among which 13 have been confirmed and 9 have been fixed by runtime developers

Mind the Gap: Trade-Offs between Distributed Ledger Technology Characteristics

When developing peer-to-peer applications on Distributed Ledger Technology (DLT), a crucial decision is the selection of a suitable DLT design (e.g., Ethereum) because it is hard to change the underlying DLT design post hoc. To facilitate the selection of suitable DLT designs, we review DLT characteristics and identify trade-offs between them. Furthermore, we assess how DLT designs account for these trade-offs and we develop archetypes for DLT designs that cater to specific quality requirements. The main purpose of our article is to introduce scientific and practical audiences to the intricacies of DLT designs and to support development of viable applications on DLT

Proof-of-PUF enabled blockchain: concurrent data and device security for internet-of-energy

A detailed review on the technological aspects of Blockchain and Physical Unclonable Functions (PUFs) is presented in this article. It stipulates an emerging concept of Blockchain that integrates hardware security primitives via PUFs to solve bandwidth, integration, scalability, latency, and energy requirements for the Internet-of-Energy (IoE) systems. This hybrid approach, hereinafter termed as PUFChain, provides device and data provenance which records data origins, history of data generation and processing, and clone-proof device identification and authentication, thus possible to track the sources and reasons of any cyber attack. In addition to this, we review the key areas of design, development, and implementation, which will give us the insight on seamless integration with legacy IoE systems, reliability, cyber resilience, and future research challenges

Privacy Preservation & Security Solutions in Blockchain Network

Blockchain has seen exponential progress over the past few years, and today its usage extends well beyond cryptocurrencies. Its features, including openness, transparency, secure communication, difficult falsification, and multi-consensus, have made it one of the most valuable technology in the world. In most open blockchain platforms, any node can access the data on the blockchain, which leads to a potential risk of personal information leakage. So the issue of blockchain privacy and security is particularly prominent and has become an important research topic in the field of blockchain. This dissertation mainly summarizes my research on blockchain privacy and security protection issues throughout recent years. We first summarize the security and privacy vulnerabilities in the mining pools of traditional bitcoin networks and some possible protection measures. We then propose a new type of attack: coin hopping attack, in the case of multiple blockchains under an IoT environment. This attack is only feasible in blockchain-based IoT scenarios, and can significantly reduce the operational efficiency of the entire blockchain network in the long run. We demonstrate the feasibility of this attack by theoretical analysis of four different attack models and propose two possible solutions. We also propose an innovative hybrid blockchain crowdsourcing platform solution to settle the performance bottlenecks and various challenges caused by privacy, scalability, and verification efficiency problems of current blockchain-based crowdsourcing systems. We offer flexible task-based permission control and a zero-knowledge proof mechanism in the implementation of smart contracts to flexibly obtain different levels of privacy protection. By performing several tests on Ethereum and Hyperledger Fabric, EoS.io blockchains, the performance of the proposed platform consensus under different transaction volumes is verified. At last, we also propose further investigation on the topics of the privacy issues when combining AI with blockchain and propose some defense strategies

Blockchain-based Architecture for Secured Cyberattack Signatures and Features Distribution

One effective way of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Despite the increased accuracy of IDSs, distributed or coordinated attacks can still go undetected because of the single vantage point of the IDSs. Due to this reason, there is a need for attack characteristics\u27 exchange among different IDS nodes. Another reason for IDS coordination is that a zero-day attack (an attack without a known signature) experienced in organizations located in different regions is not the same. Collaborative efforts of the participating IDS nodes can stop more attack threats if IDS nodes exchange these attack characteristics among each other. Researchers proposed a cooperative intrusion detection system (CoIDS) to share these attack characteristics effectively. Although this solution enhanced IDS node’s ability to respond to attacks previously identified by cooperating IDSs, malicious activities such as fake data injection, data manipulation or deletion, data integrity, and consistency are problems threatening this approach. In this dissertation, we develop a blockchain-based solution that ensures the integrity and consistency of attack characteristics shared in a cooperative intrusion detection system. The developed architecture achieves this result by continuously monitoring blockchain nodes\u27 behavior to detect and prevent malicious activities from both outsider and insider threats. Apart from this, the architecture facilitates scalable attack characteristics’ exchange among IDS nodes and ensures heterogeneous IDS participation. It is also robust to public IDS nodes joining and leaving the network. The security analysis result shows that the architecture can detect and prevent malicious activities from both outsider and insider attackers, while performance analysis shows scalability with low latency

Sistemas inovadores de segurança em bases de dados

Dissertação de mestrado integrado em Engenharia InformáticaNos dias de hoje, tem-se notado um aumento do número e diversidade de dados digitais que circulam, são tratados, analisados e utilizados à escala global. Os números são significativos, e, por isso, as empresas começam a tomar partido de serviços de terceiros, para beneficiar das vantagens de computação que estes proporcionam. Posto isto, serviços de nuvem disponibilizados pela Amazon, Google ou Microsoft, são utilizados por essas empresas, que procuram garantias não só de disponibilidade mas também de proteção dos seus dados. Como temos observado ao longo dos anos, os serviços de nuvem têm vindo a sofrer imensos ataques, onde falhas de segurança nos servidores de armazenamento acabam por ser responsáveis pela libertação de enormes quantidades de informação confidencial. De modo a resolver as preocupações existentes de aplicações que lidam com dados sensíveis e confiáveis foram propostas várias bases de dados capazes de armazenar e processar dados de forma segura na cloud. Contudo, o maior esforço de investigação encontra-se em desenvolver novos esquemas criptográficos que protegem os dados em texto cifrado de tal modo que as bases de dados consigam processar interrogações como se fosse texto simples. Esta abordagem apesar de eficiente acaba por libertar informação sensível que pode ser utilizada para quebrar a segurança dos sistemas. Para além disso, a investigação existente tem dado prioridade às bases de dados SQL devido à sua grande aplicabilidade. Esta dissertação toma uma abordagem diferente e apresenta uma nova base de dados NoSQL com processamento seguro, TrustNosQL, assente nas propriedades de segurança de hardware confiável. Mais precisamente, este trabalho tem três contribuições principais. O primeiro é uma análise compreensiva do estado da arte atual em base de dados com processamento seguro. Este estudo permite posicionar o sistema apresentado em relação às capacidades e propriedades de segurança dos sistemas existentes. A segunda contribuição é a base de dados NoSQL com processamento seguro, TrustNoSQL, a primeira base de dados NoSQL que processa de forma segura as interrogações utilizando a tecnologia Intel SGX. A última contribuição é uma extensa avaliação do sistema apresentado com uma plataforma de avaliação de base de dados reconhecida pela indústria.In today’s world, there is a notorious increase of digital data that is handled, processed and analyzed at a global scale. To handle this data surge, organizations have started to outsource storage and computation to cloud services. These services can store vast amounts of data and handle thousands of concurrent users at a fraction of the cost of what organizations would have to spend to have the same computational power. Amazon, Google and Microsoft are just some of the cloud market players that over the years gained their clients trust by having highly available and ubiquitous services. However, this trust has been affected by data leaks that compromised organization’s confidential data and individuals’ privacy. To address the concerns of existing applications that deal with sensitive and confidential data, several privacy-aware databases technologies have been proposed to securely outsource storage and computation to the cloud. However, the core research effort has been to develop new cryptographic schemes that protect data in encrypted text, so that databases can process queries as if they were plaintext. Furthermore, most of the research has explored SQL databases due to its wide applicability. In this dissertation we propose a different approach to secure databases by proposing a novel privacy-aware NoSQL Database, TrustNoSQL that leverages secure hardware processing technologies. In detail, this work has three main contributions. The first, is a detailed state-of-the-art of the current privacyaware databases, SQL and NoSQL, and the security guarantees ensured by these systems. The second contribution is the system TrustNoSQL, the first NoSQL privacy-aware database that securely processes queries with Intel SGX. The final contribution is a detailed system evaluation with an industry-standard benchmark