16 research outputs found
Reap the Harvest on Blockchain: A Survey of Yield Farming Protocols
Yield farming represents an immensely popular asset management activity in
decentralized finance (DeFi). It involves supplying, borrowing, or staking
crypto assets to earn an income in forms of transaction fees, interest, or
participation rewards at different DeFi marketplaces. In this systematic
survey, we present yield farming protocols as an aggregation-layer constituent
of the wider DeFi ecosystem that interact with primitive-layer protocols such
as decentralized exchanges (DEXs) and protocols for loanable funds (PLFs). We
examine the yield farming mechanism by first studying the operations encoded in
the yield farming smart contracts, and then performing stylized, parameterized
simulations on various yield farming strategies. We conduct a thorough
literature review on related work, and establish a framework for yield farming
protocols that takes into account pool structure, accepted token types, and
implemented strategies. Using our framework, we characterize major yield
aggregators in the market including Yearn Finance, Beefy, and Badger DAO.
Moreover, we discuss anecdotal attacks against yield aggregators and generalize
a number of risks associated with yield farming.Comment: arXiv admin note: text overlap with arXiv:2105.1389
SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets
The rapid growth of decentralized digital currencies, enabled by blockchain
technology, has ushered in a new era of peer-to-peer transactions,
revolutionizing the global economy. Cryptocurrency wallets, serving as crucial
endpoints for these transactions, have become increasingly prevalent. However,
the escalating value and usage of these wallets also expose them to significant
security risks and challenges. This research aims to comprehensively explore
the security aspects of cryptocurrency wallets. It provides a taxonomy of
wallet types, analyzes their design and implementation, identifies common
vulnerabilities and attacks, and discusses defense mechanisms and mitigation
strategies. The taxonomy covers custodial, non-custodial, hot, and cold
wallets, highlighting their unique characteristics and associated security
considerations. The security analysis scrutinizes the theoretical and practical
aspects of wallet design, while assessing the efficacy of existing security
measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are
examined to understand their causes and consequences. Furthermore, the paper
surveys defense mechanisms, transaction monitoring, evaluating their
effectiveness in mitigating threats
BotFlowMon: Identify Social Bot Traffic With NetFlow and Machine Learning
With the rapid development of online social networks (OSN), maintaining the security of social media ecosystems becomes dramatically important for public. Among all the security threats in OSN, malicious social bot is the most common risk factor.
This paper puts forward a detection method called BotFlowMon that only utilize NetFlow data to identify OSN bot traffic. The detection procedure takes the raw NetFlow data as input and use DBSCAN algorithm to aggregate related flows into transaction level data. Then a special data fusion technique along with a visualization method are proposed to extract features, normalize values and help analyzing flows. A new clustering algorithm called Clustering Based on Density Sort and Valley Point Competition is also designed to subdivide transactions into basic operations. After the above preprocessing steps, some classic machine learning algorithms are applied to construct the classification model.2020-09-0
CToMP: A Cycle-task-oriented Memory Protection Scheme for Unmanned Systems
Memory corruption attacks (MCAs) refer to malicious behaviors of system
intruders that modify the contents of a memory location to disrupt the normal
operation of computing systems, causing leakage of sensitive data or
perturbations to ongoing processes. Unlike general-purpose systems, unmanned
systems cannot deploy complete security protection schemes, due to their
limitations in size, cost and performance. MCAs in unmanned systems are
particularly difficult to defend against. Furthermore, MCAs have diverse and
unpredictable attack interfaces in unmanned systems, severely impacting digital
and physical sectors. In this paper, we first generalize, model and taxonomize
MCAs found in unmanned systems currently, laying the foundation for designing a
portable and general defense approach. According to different attack
mechanisms, we found that MCAs are mainly categorized into two
types--return2libc and return2shellcode. To tackle return2libc attacks, we
model the erratic operation of unmanned systems with cycles and then propose a
cycle-task-oriented memory protection (CToMP) approach to protect control flows
from tampering. To defend against return2shellcode attacks, we introduce a
secure process stack with a randomized memory address by leveraging the memory
pool to prevent Shellcode from being executed. Moreover, we discuss the
mechanism by which CToMP resists the ROP attack, a novel variant of return2libc
attacks. Finally, we implement CToMP on CUAV V5+ with Ardupilot and Crazyflie.
The evaluation and security analysis results demonstrate that the proposed
approach CToMP is resilient to various MCAs in unmanned systems with low
footprints and system overhead.Comment: This paper has been accepted by SCIENCE CHINA Information Science
CoAvoid: Secure, Privacy-Preserved Tracing of Contacts for Infectious Diseases
To fight against infectious diseases (e.g., SARS, COVID-19, Ebola, etc.),
government agencies, technology companies and health institutes have launched
various contact tracing approaches to identify and notify the people exposed to
infection sources. However, existing tracing approaches can lead to severe
privacy and security concerns, thereby preventing their secure and widespread
use among communities. To tackle these problems, this paper proposes CoAvoid, a
decentralized, privacy-preserved contact tracing system that features good
dependability and usability. CoAvoid leverages the Google/Apple Exposure
Notification (GAEN) API to achieve decent device compatibility and operating
efficiency. It utilizes GPS along with Bluetooth Low Energy (BLE) to dependably
verify user information. In addition, to enhance privacy protection, CoAvoid
applies fuzzification and obfuscation measures to shelter sensitive data,
making both servers and users agnostic to information of both low and high-risk
populations. The evaluation demonstrates good efficacy and security of CoAvoid.
Compared with four state-of-art contact tracing applications, CoAvoid can
reduce upload data by at least 90% and simultaneously resist wormhole and
replay attacks in various scenarios
Oligomeric Proanthocyanidins Confer Cold Tolerance in Rice through Maintaining Energy Homeostasis
Oligomeric proanthocyanidins (OPCs) are abundant polyphenols found in foods and botanicals that benefit human health, but our understanding of the functions of OPCs in rice plants is limited, particularly under cold stress. Two rice genotypes, named Zhongzao39 (ZZ39) and its recombinant inbred line RIL82, were subjected to cold stress. More damage was caused to RIL82 by cold stress than to ZZ39 plants. Transcriptome analysis suggested that OPCs were involved in regulating cold tolerance in the two genotypes. A greater increase in OPCs content was detected in ZZ39 than in RIL82 plants under cold stress compared to their respective controls. Exogenous OPCs alleviated cold damage of rice plants by increasing antioxidant capacity. ATPase activity was higher and poly (ADP-ribose) polymerase (PARP) activity was lower under cold stress in ZZ39 than in RIL82 plants. Importantly, improvements in cold tolerance were observed in plants treated with the OPCs and 3-aminobenzamide (PARP inhibitor, 3ab) combination compared to the seedling plants treated with H2O, OPCs, or 3ab alone. Therefore, OPCs increased ATPase activity and inhibited PARP activity to provide sufficient energy for rice seedling plants to develop antioxidant capacity against cold stress
Integrated microspectrometer with elliptical Bragg mirror enhanced diffraction grating on silicon on insulator
An on-chip micro-spectrometer is demonstrated based on a circular diffraction grating consisting of an elliptical Bragg mirror. This structure results in a highly efficient and compact device with simplified processing requirements, useful for sensing, spectroscopy, telecom demultiplexing, and optical interconnects. The computed efficiency for a realistic geometry is 0.14 dB, which represents to the best of our knowledge the highest predicted efficiency for concave diffraction gratings (echelle/echelette gratings). The first realization of the elliptical Bragg mirror diffraction grating spectrometer is presented on silicon on insulator at a wavelength of 1.55 µm. Measurements show a full device efficiency of 3.0 dB, including all in-line losses, with a band flatness of 0.4 dB over 30 nm