Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.5
2.7
Journals
Applied Sciences
Special Issues
Security Issues and Solutions of Smart Contracts in Blockchain Technology
share announcement

Security Issues and Solutions of Smart Contracts in Blockchain Technology

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (30 June 2019) | Viewed by 31812

Special Issue Editor

Prof. Dr. Volker Skwarek

E-Mail Website
Guest Editor
Hamburg University of Applied Sciences, Department Industrial Engineering, Head of DLT³-Hamburg, Ulmenliet 20, 21033 Hamburg, Germany
Interests: blockchain- and distributed ledger technologies, focus on industrial applications, smart contracts (security), IoT-blockchain-connections

Special Issue Information

Dear Colleagues,

Blockchain- and distributed ledger technologies (BC/DLT) provide an emerging approach to secure data and transactions. As an additional feature, applications in or on BC/DLT systems such as smart contracts or chain code provide an automation based on transactions. They provide a more secured outcome than local applications, as consensus- and validation mechanisms of BC/DLT-systems are supplied.

There are also severe issues reported for such smart contracts or chain-code. This Special Issue shall discuss the analysis of security problems, verification tools, design templates and further research in order to improve the security of smart contracts/chain code.

Prof. Dr. Volker Skwarek
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • BC/DLT applications, security, smart contracts/chain code, code verification, secure design patterns

Published Papers (4 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

22 pages, 579 KiB  
Article
Control-Flow Integrity: Attacks and Protections
by Sarwar Sayeed, Hector Marco-Gisbert, Ismael Ripoll and Miriam Birch
Appl. Sci. 2019, 9(20), 4229; https://doi.org/10.3390/app9204229 - 10 Oct 2019
Cited by 10 | Viewed by 9119
Abstract
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in [...] Read more.
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them. Full article
(This article belongs to the Special Issue Security Issues and Solutions of Smart Contracts in Blockchain Technology)
Show Figures

Figure 1

14 pages, 8532 KiB  
Article
Portable Smart Spectrometer Integrated with Blockchain and Big Data Technology
by Jianwei Yin, Yinglin Yang, Weibin Hong, Yefan Cai and Xiangyang Yu
Appl. Sci. 2019, 9(16), 3279; https://doi.org/10.3390/app9163279 - 09 Aug 2019
Cited by 2 | Viewed by 3097
Abstract
A portable smart spectrometer (PSS-1.0) and related systems have been designed and implemented to provide rapid on-site spectral analysis and lower the operator knowledge threshold for the application of spectrometry. The PSS-1.0 employs spectral analysis models downloaded from the spectral analysis system for [...] Read more.
A portable smart spectrometer (PSS-1.0) and related systems have been designed and implemented to provide rapid on-site spectral analysis and lower the operator knowledge threshold for the application of spectrometry. The PSS-1.0 employs spectral analysis models downloaded from the spectral analysis system for offline spectral analysis and displays the results in the field. Users are incentivized to upload spectral analysis data to the Internet for storage by big data technologies, so that the spectral data can be reused easily. By employing blockchain technology it can be ensured that the data has not been tampered with, which can be used in monitoring and data transaction scenarios. The design of this spectrometer and related systems can be used for regulatory uses that require spectroscopy. Experimental results are presented in this paper, which prove that the design of the PSS-1.0 is feasible. The purpose of this paper is to design a civilian and non-operator knowledge threshold spectrometer and provide some ideas for better processing and utilization of spectral data. Full article
(This article belongs to the Special Issue Security Issues and Solutions of Smart Contracts in Blockchain Technology)
Show Figures

Figure 1

19 pages, 3289 KiB  
Article
DNS-IdM: A Blockchain Identity Management System to Secure Personal Data Sharing in a Network
by Jamila Alsayed Kassem, Sarwar Sayeed, Hector Marco-Gisbert, Zeeshan Pervez and Keshav Dahal
Appl. Sci. 2019, 9(15), 2953; https://doi.org/10.3390/app9152953 - 24 Jul 2019
Cited by 55 | Viewed by 8139
Abstract
Identity management (IdM) is a method used to determine user identities. The centralized aspect of IdM introduces a serious concern with the growing value of personal information, as well as with the General Data Protection Regulation (GDPR). The problem with currently-deployed systems and [...] Read more.
Identity management (IdM) is a method used to determine user identities. The centralized aspect of IdM introduces a serious concern with the growing value of personal information, as well as with the General Data Protection Regulation (GDPR). The problem with currently-deployed systems and their dominating approach, with identity providers (IdP) and single-point services, is that a third party is in charge of maintaining and controlling the personal data. The main challenge to manage data securely lies in trusting humans and institutes who are responsible for controlling the entire activity. Identities are not owned by the rightful owners or the user him/herself, but by the mentioned providers. With the rise of blockchain technology, self-sovereign identities are in place utilizing decentralization; unfortunately, the flaws still exist. In this research, we propose DNS-IdM, a smart contract-based identity management system that enables users to maintain their identities associated with certain attributes, accomplishing the self-sovereign concept. DNS-IdM has promising outcomes in terms of security and privacy. Due to the decentralized nature, DNS-IdM is able to avoid not only the conventional security threats, but also the limitations of the current decentralized identity management systems. Full article
(This article belongs to the Special Issue Security Issues and Solutions of Smart Contracts in Blockchain Technology)
Show Figures

Figure 1

25 pages, 1505 KiB  
Article
Address Space Layout Randomization Next Generation
by Hector Marco-Gisbert and Ismael Ripoll Ripoll
Appl. Sci. 2019, 9(14), 2928; https://doi.org/10.3390/app9142928 - 22 Jul 2019
Cited by 27 | Viewed by 10858
Abstract
Systems that are built using low-power computationally-weak devices, which force developers to favor performance over security; which jointly with its high connectivity, continuous and autonomous operation makes those devices specially appealing to attackers. ASLR (Address Space Layout Randomization) is one of the most [...] Read more.
Systems that are built using low-power computationally-weak devices, which force developers to favor performance over security; which jointly with its high connectivity, continuous and autonomous operation makes those devices specially appealing to attackers. ASLR (Address Space Layout Randomization) is one of the most effective mitigation techniques against remote code execution attacks, but when it is implemented in a practical system its effectiveness is jeopardized by multiple constraints: the size of the virtual memory space, the potential fragmentation problems, compatibility limitations, etc. As a result, most ASLR implementations (specially in 32-bits) fail to provide the necessary protection. In this paper we propose a taxonomy of all ASLR elements, which categorizes the entropy in three dimensions: (1) how, (2) when and (3) what; and includes novel forms of entropy. Based on this taxonomy we have created, ASLRA, an advanced statistical analysis tool to assess the effectiveness of any ASLR implementation. Our analysis show that all ASLR implementations suffer from several weaknesses, 32-bit systems provide a poor ASLR, and OS X has a broken ASLR in both 32- and 64-bit systems. This is jeopardizing not only servers and end users devices as smartphones but also the whole IoT ecosystem. To overcome all these issues, we present ASLR-NG, a novel ASLR that provides the maximum possible absolute entropy and removes all correlation attacks making ASLR-NG the best solution for both 32- and 64-bit systems. We implemented ASLR-NG in the Linux kernel 4.15. The comparative evaluation shows that ASLR-NG overcomes PaX, Linux and OS X implementations, providing strong protection to prevent attackers from abusing weak ASLRs. Full article
(This article belongs to the Special Issue Security Issues and Solutions of Smart Contracts in Blockchain Technology)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-4
Back to TopTop