References of "Jonker, Hugo"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailÆGIS: Shielding Vulnerable Smart Contracts Against Attacks
Ferreira Torres, Christof UL; Steichen, Mathis UL; Norvill, Robert UL et al

in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’20), October 5–9, 2020, Taipei, Taiwan (2020)

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified ... [more ▼]

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnera- ble contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce ÆGIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare ÆGIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild. [less ▲]

Detailed reference viewed: 93 (8 UL)
Full Text
Peer Reviewed
See detailInvestigating Fingerprinters and Fingerprinting-Alike Behaviour of Android Applications
Ferreira Torres, Christof UL; Jonker, Hugo

in 23rd European Symposium on Research in Computer Security, Barcelona, Spain, September 3-7, 2018 (2018)

Detailed reference viewed: 93 (6 UL)
Full Text
Peer Reviewed
See detailFormal modelling and analysis of receipt-free auction protocols in applied pi
Dong, Naipeng; Jonker, Hugo; Pang, Jun UL

in Computers & Security (2017), 65

Detailed reference viewed: 130 (1 UL)
Full Text
Peer Reviewed
See detailA security perspective on publication metrics
Jonker, Hugo; Mauw, Sjouke UL

in Stajano, F. (Ed.) Proc. 25th Security Protocols Workshop (2017)

Detailed reference viewed: 90 (4 UL)
Full Text
Peer Reviewed
See detailReverse Bayesian poisoning: How to use spam filters to manipulate online elections
Jonker, Hugo; Mauw, Sjouke UL; Schmitz, Tom UL

in Krimmer, L. (Ed.) Proc. 2nd International Joint Conference on Electronic Voting (2017)

E-voting literature has long recognised the threat of denial-of-service attacks: as attacks that (partially) disrupt the services needed to run the voting system. Such attacks violate availability ... [more ▼]

E-voting literature has long recognised the threat of denial-of-service attacks: as attacks that (partially) disrupt the services needed to run the voting system. Such attacks violate availability. Thankfully, they are typically easily detected. We identify and investigate a denial-of-service attack on a voter's spam filters, which is not so easily detected: reverse Bayesian poisoning, an attack that lets the attacker silently suppress mails from the voting system. Reverse Bayesian poisoning can disenfranchise voters in voting systems which rely on emails for essential communication (such as voter invitation or credential distribution). The attacker stealthily trains the voter's spam filter by sending spam mails crafted to include keywords from genuine mails from the voting system. To test the potential effect of reverse Bayesian poisoning, we took keywords from the Helios voting system's email templates and poisoned the Bogofilter spam filter using these keywords. Then we tested how genuine Helios mails are classified. Our experiments show that reverse Bayesian poisoning can easily suppress genuine emails from the Helios voting system. [less ▲]

Detailed reference viewed: 92 (1 UL)
Full Text
Peer Reviewed
See detailFP-Block: Usable Web Privacy by Controlling Browser Fingerprinting
Ferreira Torres, Christof UL; Jonker, Hugo; Mauw, Sjouke UL

in Pernul, Günther; Y A Ryan, Peter; Weippl, Edgar (Eds.) Computer Security -- ESORICS 2015 (2015)

Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a ... [more ▼]

Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a substantial negative impact on privacy, while it enables legitimate benefits. In contrast, cross-domain tracking negatively impacts user privacy, while being of little benefit to the user. Existing methods to counter fingerprint-based tracking treat cross-domain tracking and regular tracking the same. This often results in hampering or disabling desired functionality, such as embedded videos. By distinguishing between regular and cross-domain tracking, more desired functionality can be preserved. We have developed a prototype tool, FP-Block, that counters cross-domain fingerprint-based tracking while still allowing regular tracking. FP-Block ensures that any embedded party will see a different, unrelatable fingerprint for each site on which it is embedded. Thus, the user’s fingerprint can no longer be tracked across the web, while desired functionality is better preserved compared to existing methods. [less ▲]

Detailed reference viewed: 306 (5 UL)