Implementation of a Security Test Framework for Blockchain-based Applications
IRT SystemX

Implementation of a Security Test Framework for Blockchain-based Applications

IRT SystemX
  • Internship (From 1 to 6 months (Start date Mar. 2021))
  • Gif-sur-Yvette (France)
  • Published on April 16 2021

At the SystemX Research Institute of Technology, located at the heart of Paris-Saclay's world-class scientific campus, you will take an active part in the development of a world-class technology research center in the field of digital systems engineering. Supported by the best French research organizations in the field and made up of mixed teams of industrialists and academics, this center's mission is to generate new knowledge and technological solutions based on the breakthroughs in digital engineering and disseminate its skills in all economic sectors.

You will be supervised by a SystemX architect from the blockchain domain. You will work within the sytemx research project whose partners are the University of Technology of Troyes – UTT, France, the Lero–Science Foundation Ireland Research Centre for Software, University of Limerick, Ireland and the Institut Mines-Télécom & Institut Polytechnique de Paris, Télécom SudParis, France.

 Le poste est basé à l’IRT SystemX , Gif sur Yvette

Goals:  The blockchain security may suffer from different vulnerabilities that we classify in four levels as follows: (1) Low level vulnerabilities, (2) Smart contract vulnerabilities,(3) Consensus algorithms vulnerabilities and  Data storage vulnerabilities.  These different vulnerabilities are exploited by attackers in order to perform attacks on the blockchain, such as denial of service, the DAO, Selfish mining, SPV mining, long-range attacks, etc.

In the literature, many approaches tried to bring solutions to detect vulnerabilities through formal verifications and also to propose some countermeasures. For instance, some of them are designed to address the privacy issues [1], others to face the smart contract attacks [2-3]. Moreover, many works addressed static analysis of smart contract code, testing techniques for finding security flaws, and tools for identifying vulnerable smart contracts [4].

Despite the existing frameworks that detect and test separately each vulnerability cause, we can easily notice the lack of a security test framework that proposes a complete process covering the different levels noted above. We propose in this project to deal with the whole vulnerabilities causes to provide a suitable guide to help the blockchain designer to choose and to test the security level of his blockchain-based application.

Your missions will be as follows:

The first task proposes an analytic study of the existing vulnerabilities related to the blockchain technology. It aims to propose a new taxonomy relating these vulnerabilities, first, to the levels that we defined above, and second, to the different attacks that may occur on the blockchain technology.

The second task aims to design our security test framework, its different modules as well as their interactions. It details the inputs/outputs of each module as well as the functional and nonfunctional requirements of the framework.  A set of existing open source tools may be used in the design of this framework

The third task deals with the deployment phase. It specifies the tools and services to be selected in order to satisfy our security test framework building.

References:

[1] J. Bernal Bernabe, J. L. Canovas, J. L. Hernandez-Ramos, R. Torres Moreno and A. Skarmeta, "Privacy-Preserving Solutions for Blockchain: Review and Challenges," in IEEE Access, vol. 7, pp. 164908-164940, 2019.

[2] Joshi, Archana Prashanth, Meng Han, and Yan Wang. "A survey on security and privacy issues of blockchain technology." Mathematical foundations of computing 1.2 (2018): 121.

[3] Li, Xiaoqi, et al. "A survey on the security of blockchain systems." Future Generation Computer Systems 107 (2020): 841-853. [REPEATED]

[4] Anna Vacca, Andrea Di Sorbo, Corrado A. Visaggio, Gerardo Canfora, A systematic literature review of blockchain and smart contract development: Techniques, tools, and open challenges, Journal of Systems and Software, 2020


Profile:
Student at the end of his Master or engineering studies (Bac +5), in the field of computer science, cryptography, network security or applied mathematics.

Technical skills:

  • Having a first experience in any research field
  • Having a good level in programming languages such as Java, Python or GO
  • Ability to communicate orally and in writing (in English)

Personal skills:

  • Having a deep motivation to conduct research with high real world impact
  • Highly motivated to work on blockchain and security testing
  • Ability to work in collaboration