ANANAS - A Framework For Analyzing Android Applications

Android is an open software platform for mobile devices with a large market share in the smartphone sector. The openness of the system as well as its wide adoption lead to an increasing amount of malware developed for this platform. ANANAS is an expandable and modular framework for analyzing Android applications. It takes care of common needs for dynamic malware analysis and provides an interface for the development of plugins. Adaptability and expandability have been main design goals during the development process. An abstraction layer for simple user interaction and phone event simulation is also part of the framework. It allows an analyst to script the required user simulation or phone events on demand or adjust the simulation to his needs. Six plugins have been developed for ANANAS. They represent well known techniques for malware analysis, such as system call hooking and network traffic analysis. The focus clearly lies on dynamic analysis, as five of the six plugins are dynamic analysis methods.Comment: Paper accepted at First Int. Workshop on Emerging Cyberthreats and Countermeasures ECTCM 201

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools

EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts

Recent attacks exploiting errors in smart contract code had devastating consequences thereby questioning the benefits of this technology. It is currently highly challenging to fix errors and deploy a patched contract in time. Instant patching is especially important since smart contracts are always online due to the distributed nature of blockchain systems. They also manage considerable amounts of assets, which are at risk and often beyond recovery after an attack. Existing solutions to upgrade smart contracts depend on manual and error-prone processes. This paper presents a framework, called EVMPatch, to instantly and automatically patch faulty smart contracts. EVMPatch features a bytecode rewriting engine for the popular Ethereum blockchain, and transparently/automatically rewrites common off-the-shelf contracts to upgradable contracts. The proof-of-concept implementation of EVMPatch automatically hardens smart contracts that are vulnerable to integer over/underflows and access control errors, but can be easily extended to cover more bug classes. Our extensive evaluation on 14,000 real-world (vulnerable) contracts demonstrate that our approach successfully blocks attack transactions launched on these contracts, while keeping the intended functionality of the contract intact. We perform a study with experienced software developers, showing that EVMPatch is practical, and reduces the time for converting a given Solidity smart contract to an upgradable contract by 97.6 %, while ensuring functional equivalence to the original contract.Comment: A slightly shorter version of this paper will be published at USENIX Security Symposium 202

Prostaglandins in Superovulation Induced Bovine Follicles During the Preovulatory Period and Early Corpus Luteum

The aim of this study was to characterize the regulation pattern of prostaglandin family members namely prostaglandin F2alpha (PTGF), prostaglandin E2 (PTGE), their receptors (PTGFR, PTGER2, PTGER4), cyclooxygenase 2 (COX-2), PTGF synthase (PTGFS), and PTGE synthase (PTGES) in the bovine follicles during preovulatory period and early corpus luteum (CL). Ovaries containing preovulatory follicles or CL were collected by transvaginal ovariectomy (n = 5 cows/group), and the follicles were classified: (I) before GnRH treatment; (II) 4 h after GnRH; (III) 10 h after GnRH; (IV) 20 h after GnRH; (V) 25 h after GnRH, and (VI) 60 h after GnRH (early CL). In these samples, the concentrations of progesterone (P4), estradiol (E2), PTGF and PTGE were investigated in the follicular fluid (FF) by validated EIA. Relative mRNA abundance of genes encoding for prostaglandin receptors (PTGFR, PTGER2, PTGER4), COX-2, PTGFS and PTGES were quantified by RT-qPCR. The localization of COX-2 and PTGES were investigated by established immunohistochemistry in fixed follicular and CL tissue samples. The high E2 concentration in the FF of the follicle group before GnRH treatment (495.8 ng/ml) and during luteinizing hormone (LH) surge (4 h after GnRH, 574.36 ng/ml), is followed by a significant (P<0.05) downregulation afterwards with the lowest level during ovulation (25 h after GnRH, 53.11 ng/ml). In contrast the concentration of P4 was very low before LH surge (50.64 mg/ml) followed by a significant upregulation (P < 0.05) during ovulation (537.18 ng/ml). The mRNA expression of COX-2 increased significantely (P < 0.05) 4 h after GnRH and again 20 h after GnRH, followed by a significant decrease (P < 0.05) after ovulation (early CL). The mRNA of PTGFS in follicles before GnRH was high followed by a continuous and significant downregulation (P < 0.05) afterwards. In contrast, PTGES mRNA abundance increased significantely (P < 0.05) in follicles 20 h after GnRH treatment and remained high afterwards. The mRNA abundance of PTGFR, PTGER2, and PTGER4 in follicles before GnRH was high, followed by a continuous and significant down regulation afterwards and significant increase (P < 0.05) only after ovulation (early CL). The low concentration of PTGF (0.04 ng/ml) and PTGE (0.15 ng/ml) in FF before GnRH, increased continuously in follicle groups before ovulation and displayed a further significant and dramatic increase (P < 0.05) around ovulation (101.01 ng/ml, respectively, 484.21 ng/ml). Immunohistochemically, the granulosa cells showed an intensive signal for COX-2 and PTGES in follicles during preovulation and in granulosa-luteal cells of the early CL. In conclusion, our results indicate that the examined bovine prostaglandin family members are involved in the local mechanisms regulating final follicle maturation and ovulation during the folliculo-luteal transition and CL formation

ÆGIS: Smart Shielding of Smart Contracts

In recent years, smart contracts have suffered major exploits, losing millions of dollars. Unlike traditional programs, smart contracts cannot be updated once deployed. Though various tools were pro- posed to detect vulnerable smart contracts, they all fail to protect contracts that have already been deployed on the blockchain. More- over, they focus on vulnerabilities, but do not address scams (e.g., honeypots). In this work, we introduce ÆGIS, a tool that shields smart contracts and users on the blockchain from being exploited. To this end, ÆGIS reverts transactions in real-time based on pat- tern matching. These patterns encode the detection of malicious transactions that trigger exploits or scams. New patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by blockchain. By allowing its protection to be updated, the smart contract acts as a smart shield

Polyethylene glycol-coated collagen patch (hemopatch®) in open partial nephrectomy

PURPOSE To describe the results of a polyethylene glycol-coated collagen patch, Hemopatch® on blood loss, surgical time and renal function in partial nephrectomy (PN) for renal cell carcinoma (RCC). METHODS Out of a single surgeon cohort of n = 565 patients undergoing conventional open PN (CPN) between 01/2015 and 12/2017 at the University of Munich a consecutive subgroup (n = 42) was operated on using a polyethylene glycol-coated collagen-based sealant Hemopatch® (Baxter International Inc., Deerfield, IL, USA) (HPN). RESULTS Median age was 65.2~years (range 12.7-95.2) with median follow-up of 9.43~months (0.03-49.15). Baseline renal function (CKD-EPI) was 78.56~ml/min/1.73~m2 (range 20.38-143.09) with a non-significant decline to 74.78~ml/min/1.73~m2 (range 3.75-167.74) at follow-up. In CPN 46% had low complexity, 33% moderate complexity and 20% high complexity lesions with 33% low, 40% moderate and 27% high complexity masses in HPN. Median tumor size was 4.3~cm (range 1-38~cm) in CPN with 4.8~cm (range 3.8-18.3~cm) with HPN, p = 0.293. Median blood loss and duration of surgery was significantly lower in the HPN group vs. CPN (146~ml ± 195 vs. 114~ml ± 159~ml; p = 0.021; 43~min ± 27 for HPN vs. 53~min ± 49; p = 0.035) with no difference in clamping time (12.6~min ± 8.6 for HPN vs. 12.0~min ± 9.5; p = 0.701). CONCLUSIONS Hemopatch® supported renoraphy shows promising results compared to standard renoraphy in PN. No side effects were seen. Further studies should evaluate the prevention of arterio-venous or urinary fistulas. In complex partial nephrectomies Hemopatch® supported renoraphy should be considered

EF/CF: High Performance Smart Contract Fuzzing for Exploit Generation

Smart contracts are increasingly being used to manage large numbers of high-value cryptocurrency accounts. There is a strong demand for automated, efficient, and comprehensive methods to detect security vulnerabilities in a given contract. While the literature features a plethora of analysis methods for smart contracts, the existing proposals do not address the increasing complexity of contracts. Existing analysis tools suffer from false alarms and missed bugs in today's smart contracts that are increasingly defined by complexity and interdependencies. To scale accurate analysis to modern smart contracts, we introduce EF/CF, a high-performance fuzzer for Ethereum smart contracts. In contrast to previous work, EF/CF efficiently and accurately models complex smart contract interactions, such as reentrancy and cross-contract interactions, at a very high fuzzing throughput rate. To achieve this, EF/CF transpiles smart contract bytecode into native C++ code, thereby enabling the reuse of existing, optimized fuzzing toolchains. Furthermore, EF/CF increases fuzzing efficiency by employing a structure-aware mutation engine for smart contract transaction sequences and using a contract's ABI to generate valid transaction inputs. In a comprehensive evaluation, we show that EF/CF scales better -- without compromising accuracy -- to complex contracts compared to state-of-the-art approaches, including other fuzzers, symbolic/concolic execution, and hybrid approaches. Moreover, we show that EF/CF can automatically generate transaction sequences that exploit reentrancy bugs to steal Ether.Comment: To be published at Euro S&P 202