Provas de Coerência Transacional para Smart Contracts em Blockhains

Blockchain technology is an emergent topic based on decentralization and immutability, enabling mutually untrusting parties to fairly exchange assets without the need of a central authority. Recently, the addition of blockchain programs, known as smart contracts, enabled the technology to expand upon a variety of industry sectors, already known to traditional software. Many organizations and corporates saw a growth opportunity, extending their businesses into this domain — now, though, with the blockchain twist. However, the inclusion of computation exposed a weak link in the overall blockchain security, due to carrying not only traditional software bugs, but also never before seen ones. That way, smart contracts, especially valuable ones, became enticing for hackers to exploit, which resulted in a set of tragedies where funds were stolen, among other consequences. Soon after, smart contract security became a most valuable topic of research among blockchain platforms. The Tezos blockchain is a relatively new platform whose stance values security by construct infrastructure, in consequence of the past incidents. While many smart contract security solutions were devised over the years, these have not been properly adapted nor adopted for the average developer in the community. Due to various reasons, but for one, seamless integration with the smart contract development processes is one of them. This dissertation approaches the blockchain security problem through an indirect approach, providing the developer with better accessibility and conditions for working on one of Tezos’s state-of-the-art security tools. Although it is unorthodox, it is hoped for the solution to inspire and appeal other blockchain communities by shedding some light in this unknown direction.A tecnologia blockchain é um tópico emergente baseado na descentralização e imutabilidade, permitindo que entidades desconhecidas e não confiáveis consigam trocar bens e valores digitais de forma justa sem necessitarem uma entidade central. Recentemente, a adição de programas na blockchain, designados de smart contracts, permitiu que tal se expandisse sobre uma variedade de sectores industriais já explorada por programas tradicionais. Contudo, muitas empresas viram uma oportunidade de negócio bastante lucrativa, estendendo o seu negócio para este ambiente, agora incutindo as regras da blockchain. Embora oportunidades lucrativas tenham aparecido, problemas relativos aos programas tradicionais, bem como outros novos ainda não descobertos, também. Os smart contracts revelaram-se como um elo mais fraco para a segurança da blockchain e, tendo estes a capacidade de reter bastante valor monetário, tornaram-se um alvo aliciante para hackers. Não muito depois, notícias espalharam-se pela internet a anunciar crimes por entidades anónimas — roubo e congelamento de fundos, entre outras consequências, na blockchain. Após o primeiro grande incidente, a segurança na blockchain começou a ser um tópico bastante estudado por peritos e investigadores das várias comunidades. A blockchain da Tezos é uma plataforma relativamente recente, com uma postura relativa à segurança bastante madura, resultado dos incidentes passados. Enquanto várias soluções foram alcançadas para a segurança de smart contracts, estas não seriam ainda bem incorporadas pela comunidade, ou pelo menos para o engenheiro de contratos comum. Existem várias razões, porém, acessibilidade nos vários aspetos das ferramentas de segurança é uma delas. O trabalho realizado por esta dissertação passa por solucionar este problema, mais especificamente, solucionar o problema para uma ferramenta de segurança de programas na blockchain da Tezos. Este tipo de solução não é comum na literatura, contudo, espera-se que o trabalho realizado sirva de inspiração para que as comunidades possa explorar esta vertente mais indireta de segurança na blockchain

Composition and Declassification in Possibilistic Information Flow Security

Formal methods for security can rule out whole classes of security vulnerabilities, but applying them in practice remains challenging. This thesis develops formal verification techniques for information flow security that combine the expressivity and scalability strengths of existing frameworks. It builds upon Bounded Deducibility (BD) Security, which allows specifying and verifying fine-grained policies about what information may flow when to whom. Our main technical result is a compositionality theorem for BD Security, providing scalability by allowing us to verify security properties of a large system by verifying smaller components. Its practical utility is illustrated by a case study of verifying confidentiality properties of a distributed social media platform. Moreover, we discuss its use for the modular development of secure workflow systems, and for the security-preserving enforcement of safety and security properties other than information flow control

Data assurance in opaque computations

The chess endgame is increasingly being seen through the lens of, and therefore effectively defined by, a data ‘model’ of itself. It is vital that such models are clearly faithful to the reality they purport to represent. This paper examines that issue and systems engineering responses to it, using the chess endgame as the exemplar scenario. A structured survey has been carried out of the intrinsic challenges and complexity of creating endgame data by reviewing the past pattern of errors during work in progress, surfacing in publications and occurring after the data was generated. Specific measures are proposed to counter observed classes of error-risk, including a preliminary survey of techniques for using state-of-the-art verification tools to generate EGTs that are correct by construction. The approach may be applied generically beyond the game domain

KEVM: A Complete Semantics of the Ethereum Virtual Machine

A developing field of interest for the distributed systems and applied cryptography community is that of smart contracts: self-executing financial instruments that synchronize their state, often through a blockchain. One such smart contract system that has seen widespread practical adoption is Ethereum, which has grown to secure approximately 30 billion USD of currency value and in excess of 300,000 daily transactions. Unfortunately, the rise of these technologies has been marred by a repeated series of security vulnerabilities and high pro file contract failures. To address these failures, the Ethereum community has turned to formal verification and program analysis which show great promise due to the computational simplicity and bounded-time execution inherent to smart contracts. Despite this, no fully formal, rigorous, comprehensive, and executable semantics of the EVM (Ethereum Virtual Machine) currently exists, leaving a lack of rigor on which to base such tools. In this work, we present KEVM, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed. We create this semantics in a framework for executable semantics, the K framework. We show that our semantics not only passes the official 40,683-test stress test suite for EVM implementations, but also reveals ambiguities and potential sources of error in the existing on-paper formalization of EVM semantics on which our work is based. These properties make KEVM an ideal formal reference implementation against which other implementations can be evaluated. We proceed to argue for a semantics-first formal verification approach for EVM contracts, and demonstrate its practicality by using KEVM to verify practically important properties over the arithmetic operation of an example smart contract and the correct operation of a token transfer function in a second contract. We show that our approach is feasible and not computationally restrictive. We hope that our work serves as the base for the development of a wide range of useful formally derived tools for Ethereum, including model checkers, certified compilers, and program equivalence checkers.Ope

NASA Work Breakdown Structure (WBS) Handbook

The purpose of this document is to provide program/project teams necessary instruction and guidance in the best practices for Work Breakdown Structure (WBS) and WBS dictionary development and use for project implementation and management control. This handbook can be used for all types of NASA projects and work activities including research, development, construction, test and evaluation, and operations. The products of these work efforts may be hardware, software, data, or service elements (alone or in combination). The aim of this document is to assist project teams in the development of effective work breakdown structures that provide a framework of common reference for all project elements

Raziel: Private and Verifiable Smart Contracts on Blockchains

Raziel combines secure multi-party computation and proof-carrying code to provide privacy, correctness and verifiability guarantees for smart contracts on blockchains. Effectively solving DAO and Gyges attacks, this paper describes an implementation and presents examples to demonstrate its practical viability (e.g., private and verifiable crowdfundings and investment funds). Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e., Proof-Carrying Code certificates) to prove the validity of smart contracts to third parties before their execution without revealing anything else. Finally, we show how miners could get rewarded for generating pre-processing data for secure multi-party computation.Comment: Support: cothority/ByzCoin/OmniLedge