Qingze Hum, Wei Jin Tan, Shi Ying Tey, Latasha Lenus, I. Homoliak, Yun Lin, Jun Sun
{"title":"CoinWatch:一种基于克隆的加密货币漏洞检测方法","authors":"Qingze Hum, Wei Jin Tan, Shi Ying Tey, Latasha Lenus, I. Homoliak, Yun Lin, Jun Sun","doi":"10.1109/Blockchain50366.2020.00011","DOIUrl":null,"url":null,"abstract":"Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin’s core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, called COINWATCH $\\left( {\\mathcal{C}\\mathcal{W}} \\right)$. Given a reported vulnerability at the input, $\\mathcal{C}\\mathcal{W}$ uses the code evolution analysis and a clone detection technique for the indication of cryptocurrencies that might be vulnerable. We applied $\\mathcal{C}\\mathcal{W}$ on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.","PeriodicalId":109440,"journal":{"name":"2020 IEEE International Conference on Blockchain (Blockchain)","volume":"79 8","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"CoinWatch: A Clone-Based Approach For Detecting Vulnerabilities in Cryptocurrencies\",\"authors\":\"Qingze Hum, Wei Jin Tan, Shi Ying Tey, Latasha Lenus, I. Homoliak, Yun Lin, Jun Sun\",\"doi\":\"10.1109/Blockchain50366.2020.00011\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin’s core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, called COINWATCH $\\\\left( {\\\\mathcal{C}\\\\mathcal{W}} \\\\right)$. Given a reported vulnerability at the input, $\\\\mathcal{C}\\\\mathcal{W}$ uses the code evolution analysis and a clone detection technique for the indication of cryptocurrencies that might be vulnerable. We applied $\\\\mathcal{C}\\\\mathcal{W}$ on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.\",\"PeriodicalId\":109440,\"journal\":{\"name\":\"2020 IEEE International Conference on Blockchain (Blockchain)\",\"volume\":\"79 8\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE International Conference on Blockchain (Blockchain)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/Blockchain50366.2020.00011\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Blockchain (Blockchain)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Blockchain50366.2020.00011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CoinWatch: A Clone-Based Approach For Detecting Vulnerabilities in Cryptocurrencies
Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin’s core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, called COINWATCH $\left( {\mathcal{C}\mathcal{W}} \right)$. Given a reported vulnerability at the input, $\mathcal{C}\mathcal{W}$ uses the code evolution analysis and a clone detection technique for the indication of cryptocurrencies that might be vulnerable. We applied $\mathcal{C}\mathcal{W}$ on 1094 cryptocurrencies using 4 CVEs and obtained 786 true vulnerabilities present in 384 projects, which were confirmed with developers and successfully reported as CVE extensions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
