References of "Fiz Pontiveros, Beltran 50003614"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailÆGIS: Shielding Vulnerable Smart Contracts Against Attacks
Ferreira Torres, Christof UL; Steichen, Mathis UL; Norvill, Robert UL et al

in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’20), October 5–9, 2020, Taipei, Taiwan (2020)

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified ... [more ▼]

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnera- ble contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce ÆGIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare ÆGIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild. [less ▲]

Detailed reference viewed: 247 (12 UL)
Full Text
Peer Reviewed
See detailStandardising smart contracts: Automatically inferring ERC standards
Norvill, Robert UL; Fiz Pontiveros, Beltran UL; State, Radu UL et al

in Proceedings of 2019 IEEE International Conference on Blockchain and Cryptocurrency (2019)

Ethereum smart contracts have become common enough to warrant the need for standards to ensure ease of use. The most well known standard was created for the emerging token ecosystem and the exchanges ... [more ▼]

Ethereum smart contracts have become common enough to warrant the need for standards to ensure ease of use. The most well known standard was created for the emerging token ecosystem and the exchanges serving it: the ERC20 standard. In this work we use the function selectors present in Ethereum smart contract bytecode to define contract purpose. Contracts are clustered according to the selectors they have. A Reverse look-up from selectors to function names is used to label clusters. We use the function names in clusters to suggest candidates for ERC standardisation. [less ▲]

Detailed reference viewed: 110 (2 UL)
Full Text
Peer Reviewed
See detailWhispering Botnet Command and Control Instructions
Steichen, Mathis UL; Ferreira Torres, Christof UL; Fiz Pontiveros, Beltran UL et al

in 2nd Crypto Valley Conference on Blockchain Technology, Zug 24-26 June 2019 (2019, June 25)

Detailed reference viewed: 151 (1 UL)
Full Text
Peer Reviewed
See detailMint Centrality: A Centrality Measure for the Bitcoin Transaction Graph
Fiz Pontiveros, Beltran UL; Steichen, Mathis UL; State, Radu UL

Poster (2019, May 17)

In this work, we consider the graph of confirmed transactions in Bitcoin. Understanding this graph is essential to discern the different economic activities conducted by the pseudonymous actors. In ... [more ▼]

In this work, we consider the graph of confirmed transactions in Bitcoin. Understanding this graph is essential to discern the different economic activities conducted by the pseudonymous actors. In addition to traditional graph analysis methods, new metrics need to be engineered specifically for the bitcoin transaction graph. Hence, we propose a new centrality measure named mint centrality. The measure uses the inherent tree structure of transactions in bitcoin and their relation to the corresponding set of coinbase transactions, and can be evaluated with linear complexity. We evaluate the mint centrality on the first 200,000 blocks of the public bitcoin blockchain. [less ▲]

Detailed reference viewed: 225 (2 UL)
Full Text
See detailA Transaction’s Journey: Transactional Enhancements for Public Blockchain-based Distributed Ledgers
Fiz Pontiveros, Beltran UL

Doctoral thesis (2019)

Interest in the decentralised nature of blockchain-based distributed ledgers has rapidly grown over the past few years. While a portion of this interest is fuelled by the price surge in Bitcoin towards ... [more ▼]

Interest in the decentralised nature of blockchain-based distributed ledgers has rapidly grown over the past few years. While a portion of this interest is fuelled by the price surge in Bitcoin towards the end of 2017, numerous companies across industries such as healthcare and finance have shown a keen interest in this technology and begun investing in diverse research projects. The work presented in this dissertation proposes a series of enhancements to blockchain-based distributed ledger technologies by focusing on a key element in the system: the transaction. By investigating the life cycle of a transaction in popular blockchain systems like bitcoin and ethereum, several enhancements were identified to tackle some of the challenges under active research today by the blockchain community. [less ▲]

Detailed reference viewed: 227 (31 UL)
Full Text
Peer Reviewed
See detailBlockchain-Based, Decentralized Access Control for IPFS
Steichen, Mathis UL; Fiz Pontiveros, Beltran UL; Norvill, Robert UL et al

in The 2018 IEEE International Conference on Blockchain (Blockchain-2018) (2018, July 30)

Large files cannot be efficiently stored on blockchains. On one hand side, the blockchain becomes bloated with data that has to be propagated within the blockchain network. On the other hand, since the ... [more ▼]

Large files cannot be efficiently stored on blockchains. On one hand side, the blockchain becomes bloated with data that has to be propagated within the blockchain network. On the other hand, since the blockchain is replicated on many nodes, a lot of storage space is required without serving an immediate purpose, especially if the node operator does not need to view every file that is stored on the blockchain. It furthermore leads to an increase in the price of operating blockchain nodes because more data needs to be processed, transferred and stored. IPFS is a file sharing system that can be leveraged to more efficiently store and share large files. It relies on cryptographic hashes that can easily be stored on a blockchain. Nonetheless, IPFS does not permit users to share files with selected parties. This is necessary, if sensitive or personal data needs to be shared. Therefore, this paper presents a modified version of the InterPlanetary Filesystem (IPFS) that leverages Ethereum smart contracts to provide access controlled file sharing. The smart contract is used to maintain the access control list, while the modified IPFS software enforces it. For this, it interacts with the smart contract whenever a file is uploaded, downloaded or transferred. Using an experimental setup, the impact of the access controlled IPFS is analyzed and discussed. [less ▲]

Detailed reference viewed: 680 (43 UL)
Full Text
Peer Reviewed
See detailVisual emulation for Ethereum's virtual machine
Norvill, Robert UL; Fiz Pontiveros, Beltran UL; State, Radu UL et al

in NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium (2018, July 09)

In this work we present E-EVM, a tool that emulates and visualises the execution of smart contracts on the Ethereum Virtual Machine. By working with the readily available bytecode of smart contracts we ... [more ▼]

In this work we present E-EVM, a tool that emulates and visualises the execution of smart contracts on the Ethereum Virtual Machine. By working with the readily available bytecode of smart contracts we are able to display the program's control flow graph, opcodes and stack for each step of contract execution. This tool is designed to aid the user's understanding of the Etheruem Virtual Machine as well as aid the analysis of any given smart contract. As such, it functions as both an analysis and a learning tool. It allows the user to view the code in each block of a smart contract and follow possible control flow branches. It is able to detect loops and suggest optimisation candidates. It is possible to step through a contract one opcode at a time. E-EVM achieved an average of 85.6% code coverage when tested. [less ▲]

Detailed reference viewed: 114 (4 UL)
Full Text
Peer Reviewed
See detailRecycling Smart Contracts: Compression of the Ethereum Blockchain.
Fiz Pontiveros, Beltran UL; Norvill, Robert UL; State, Radu UL

in Proceedings of 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS) 2018 (2018, February)

Detailed reference viewed: 209 (10 UL)
Full Text
Peer Reviewed
See detailMonitoring the transaction selection policy of Bitcoin mining pools
Fiz Pontiveros, Beltran UL; Norvill, Robert UL; State, Radu UL

in NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium (2018)

Mining pools are collection of workers that work together as a group in order to collaborate in the proof of work and reduce the variance of their rewards when mining. In order to achieve this, Mining ... [more ▼]

Mining pools are collection of workers that work together as a group in order to collaborate in the proof of work and reduce the variance of their rewards when mining. In order to achieve this, Mining pools distribute amongst the workers the task of finding a block so that each worker works on a different subset of the candidate solutions. In most mining pools the selection of transactions to be part of the next block is performed by the pool manager and thus becomes more centralized. A mining Pool is expected to give priority to the most lucrative transactions in order to increase the block reward however changes to the transaction policy done without notification of workers would be difficult to detect. In this paper we treat the transaction selection policy performed by miners as a classification problem; for each block we create a dataset, separate them by mining pool and apply feature selection techniques to extract a vector of importance for each feature. We then track variations in feature importance as new blocks arrive and show using a generated scenario how a change in policy by a mining pool could be detected. [less ▲]

Detailed reference viewed: 220 (10 UL)
Full Text
Peer Reviewed
See detailVSOC - A Virtual Security Operating Center
Falk, Eric UL; Fiz Pontiveros, Beltran UL; Repcek, Stefan et al

in Global Communications (2017)

Security in virtualised environments is becoming increasingly important for institutions, not only for a firm’s own on-site servers and network but also for data and sites that are hosted in the cloud ... [more ▼]

Security in virtualised environments is becoming increasingly important for institutions, not only for a firm’s own on-site servers and network but also for data and sites that are hosted in the cloud. Today, security is either handled globally by the cloud provider, or each customer needs to invest in its own security infrastructure. This paper proposes a Virtual Security Operation Center (VSOC) that allows to collect, analyse and visualize security related data from multiple sources. For instance, a user can forward log data from its firewalls, applications and routers in order to check for anomalies and other suspicious activities. The security analytics provided by the VSOC are comparable to those of commercial security incident and event management (SIEM) solutions, but are deployed as a cloud-based solution with the additional benefit of using big data processing tools to handle large volumes of data. This allows us to detect more complex attacks that cannot be detected with todays signature-based (i.e. rules) SIEM solutions. [less ▲]

Detailed reference viewed: 186 (9 UL)
Full Text
Peer Reviewed
See detailConfirmation Delay Prediction of Transactions in the Bitcoin Network
Fiz Pontiveros, Beltran UL; Hommes, Stefan UL; State, Radu UL

in Lecture Notes in Electrical Engineering (2017)

Bitcoin is currently the most popular digital currency. It operates on a decentralised peer-to-peer network using an open source cryptographic protocol. In this work, we create a model of the selection ... [more ▼]

Bitcoin is currently the most popular digital currency. It operates on a decentralised peer-to-peer network using an open source cryptographic protocol. In this work, we create a model of the selection process performed by mining pools on the set of unconfirmed transactions and then attempt to predict if an unconfirmed transaction will be part of the next block by treating it as a supervised classification problem. We identified a vector of features obtained through service monitoring of the Bitcoin transaction network and performed our experiments on a publicly available dataset of Bitcoin transaction. [less ▲]

Detailed reference viewed: 225 (9 UL)
Full Text
Peer Reviewed
See detailAutomated labeling of unknown contracts in Ethereum
Norvill, Robert UL; Fiz Pontiveros, Beltran UL; State, Radu UL et al

in Computer Communication and Networks (ICCCN), 2017 26th International Conference on (2017)

Smart contracts have recently attracted interest from diverse fields including law and finance. Ethereum in particular has grown rapidly to accommodate an entire ecosystem of contracts which run using its ... [more ▼]

Smart contracts have recently attracted interest from diverse fields including law and finance. Ethereum in particular has grown rapidly to accommodate an entire ecosystem of contracts which run using its own crypto-currency. Smart contract developers can opt to verify their contracts so that any user can inspect and audit the code before executing the contract. However, the huge numbers of deployed smart contracts and the lack of supporting tools for the analysis of smart contracts makes it very challenging to get insights into this eco-environment, where code gets executed through transactions performing value transfer of a crypto-currency. We address this problem and report on the use of unsupervised clustering techniques and a seed set of verified contracts, in this work we propose a framework to group together similar contracts within the Ethereum network using only the contracts publicly available compiled code. We report qualitative and quantitative results on a dataset and provide the dataset and project code to the research community. [less ▲]

Detailed reference viewed: 93 (3 UL)