84 research outputs found
Managed Blockchain Based Cryptocurrencies with Consensus Enforced Rules and Transparency
Blockchain based cryptocurrencies are usually unmanaged, distributed,
consensus-based systems in which no single entity has control. Managed
cryptocurrencies can be implemented using private blockchains but are
fundamentally different as the owners have complete control to do arbitrary
activity without transparency (since they control the mining). In this work we
explore a hybrid approach where a managed cryptocurrency is maintained through
distributed consensus based methods. The currency administrator can perform
ongoing management functions while the consensus methods enforce the rules of
the cryptocurrency and provide transparency for all management actions. This
enables the introduction of money management features common in fiat currencies
but where the managing entity cannot perform arbitrary actions and transparency
is enforced. We thus eliminate the need for users to trust the currency
administrator but also to enable the administrator to manage the
cryptocurrency. We demonstrate how to implement our approach through modest
modifications to the implicit Bitcoin specification, however, our approach can
be applied to most any blockchain based cryptocurrency using a variety of
consensus methods.Comment: 10 pages, 17th IEEE International Conference On Trust, Security And
Privacy In Computing And Communication
Measurements of the Most Significant Software Security Weaknesses
In this work, we provide a metric to calculate the most significant software
security weaknesses as defined by an aggregate metric of the frequency,
exploitability, and impact of related vulnerabilities. The Common Weakness
Enumeration (CWE) is a well-known and used list of software security
weaknesses. The CWE community publishes such an aggregate metric to calculate
the `Most Dangerous Software Errors'. However, we find that the published
equation highly biases frequency and almost ignores exploitability and impact
in generating top lists of varying sizes. This is due to the differences in the
distributions of the component metric values. To mitigate this, we linearize
the frequency distribution using a double log function. We then propose a
variety of other improvements, provide top lists of the most significant CWEs
for 2019, provide an analysis of the identified software security weaknesses,
and compare them against previously published top lists.Comment: 12 page
- …