Showing 1–5 of 5 results for author: Notland, J S

SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations

Authors: Jakob Svennevik Notland, Jinguye Li, Mariusz Nowostawski, Peter Halland Haro

Abstract: Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and there is next to no notion of how diff… ▽ More Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and there is next to no notion of how different architectures and their components are related to different vulnerabilities. Throughout this study, we have analysed 60 different bridges and 34 bridge exploits in the last three years (2021-2023). Our analyses identified 13 architectural components of the bridges. We linked the components to eight types of vulnerabilities, also called design flaws. We identified prevention measures and proposed 11 impact reduction measures based on the existing and possible countermeasures to address the imminent exploits of the design flaws. The results are meant to be used as guidelines for designing and implementing secure cross-chain bridge architectures, preventing design flaws, and mitigating the negative impacts of exploits. △ Less

Submitted 1 March, 2024; originally announced March 2024.

Evaluating the Impact of ChatGPT on Exercises of a Software Security Course

Authors: Jingyue Li, Per Håkon Meland, Jakob Svennevik Notland, André Storhaug, Jostein Hjortland Tysse

Abstract: Along with the development of large language models (LLMs), e.g., ChatGPT, many existing approaches and tools for software security are changing. It is, therefore, essential to understand how security-aware these models are and how these models impact software security practices and education. In exercises of a software security course at our university, we ask students to identify and fix vulnera… ▽ More Along with the development of large language models (LLMs), e.g., ChatGPT, many existing approaches and tools for software security are changing. It is, therefore, essential to understand how security-aware these models are and how these models impact software security practices and education. In exercises of a software security course at our university, we ask students to identify and fix vulnerabilities we insert in a web application using state-of-the-art tools. After ChatGPT, especially the GPT-4 version of the model, we want to know how the students can possibly use ChatGPT to complete the exercise tasks. We input the vulnerable code to ChatGPT and measure its accuracy in vulnerability identification and fixing. In addition, we investigated whether ChatGPT can provide a proper source of information to support its outputs. Results show that ChatGPT can identify 20 of the 28 vulnerabilities we inserted in the web application in a white-box setting, reported three false positives, and found four extra vulnerabilities beyond the ones we inserted. ChatGPT makes nine satisfactory penetration testing and fixing recommendations for the ten vulnerabilities we want students to fix and can often point to related sources of information. △ Less

Submitted 18 September, 2023; originally announced September 2023.

Comments: 6 pages, 1 table, accepted to the 17th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2023)

An Empirical Study on Governance in Bitcoin's Consensus Evolution

Authors: Jakob Svennevik Notland, Mariusz Nowostawski, Jingyue Li

Abstract: Blockchain systems run consensus rules as code to agree on the state of the distributed ledger and secure the network. Changing these rules can be risky and challenging. In addition, it can often be controversial and take much effort to make all the necessary participants agree to adopt a change. Arguably, Bitcoin has seen centralisation tendencies in pools and in development. However, how these t… ▽ More Blockchain systems run consensus rules as code to agree on the state of the distributed ledger and secure the network. Changing these rules can be risky and challenging. In addition, it can often be controversial and take much effort to make all the necessary participants agree to adopt a change. Arguably, Bitcoin has seen centralisation tendencies in pools and in development. However, how these tendencies influence blockchain governance has received minimal community and academic attention. Our study analyses the governmental structures in a blockchain by looking into the history of Bitcoin. We investigate the process of changing consensus rules through a grounded theory analysis comprising quantitative and qualitative data from 34 consensus forks in Bitcoin and Bitcoin Cash. The results reveal the decentralised behaviour in Bitcoin and blockchain. Our results are in contrast to related work, emphasising centralisation among miners and developers. Furthermore, our results show how the consensus-driven deployment techniques and governance of consensus rules are intertwined. △ Less

Submitted 14 February, 2024; v1 submitted 6 May, 2023; originally announced May 2023.

Consensus in Blockchain Systems with Low Network Throughput: A Systematic Mapping Study

Authors: Henrik Knudsen, Jakob Svennevik Notland, Peter Halland Haro, Truls Bakkejord Ræder, Jingyue Li

Abstract: Blockchain technologies originate from cryptocurrencies. Thus, most blockchain technologies assume an environment with a fast and stable network. However, in some blockchain-based systems, e.g., supply chain management (SCM) systems, some Internet of Things (IOT) nodes can only rely on the low-quality network sometimes to achieve consensus. Thus, it is critical to understand the applicability of e… ▽ More Blockchain technologies originate from cryptocurrencies. Thus, most blockchain technologies assume an environment with a fast and stable network. However, in some blockchain-based systems, e.g., supply chain management (SCM) systems, some Internet of Things (IOT) nodes can only rely on the low-quality network sometimes to achieve consensus. Thus, it is critical to understand the applicability of existing consensus algorithms in such environments. We performed a systematic mapping study to evaluate and compare existing consensus mechanisms' capability to provide integrity and security with varying network properties. Our study identified 25 state-of-the-art consensus algorithms from published and preprint literature. We categorized and compared the consensus algorithms qualitatively based on established performance and integrity metrics and well-known blockchain security issues. Results show that consensus algorithms rely on the synchronous network for correctness cannot provide the expected integrity. Such consensus algorithms may also be vulnerable to distributed-denial-of-service (DDOS) and routing attacks, given limited network throughput. Conversely, asynchronous consensus algorithms, e.g., Honey-BadgerBFT, are deemed more robust against many of these attacks and may provide high integrity in asynchrony events. △ Less

Submitted 4 March, 2021; originally announced March 2021.

The Minimum Hybrid Contract (MHC): Combining legal and blockchain smart contracts

Authors: Jørgen Svennevik Notland, Jakob Svennevik Notland, Donn Morrison

Abstract: Corruption is a major global financial problem with billions of dollars rendered lost or unaccountable annually. Corruption through contract fraud is often conducted by withholding and/or altering financial information. When such scandals are investigated by authorities, financial and legal documents are usually altered to conceal the paper trail. Smart contracts have emerged in recent years and… ▽ More Corruption is a major global financial problem with billions of dollars rendered lost or unaccountable annually. Corruption through contract fraud is often conducted by withholding and/or altering financial information. When such scandals are investigated by authorities, financial and legal documents are usually altered to conceal the paper trail. Smart contracts have emerged in recent years and appear promising for applications such as legal contracts where transparency is critical and of public interest. Transparency and auditability are inherent because smart contracts execute operations on the blockchain, a distributed public ledger. In this paper, we propose the Minimum Hybrid Contract (MHC), with the aim of introducing 1) auditability, 2) transparency, and 3) immutability to the contract's financial transactions. The MHC comprises an online smart contract and an offline traditional legal contract. where the two are immutably linked. Secure peer-to-peer financial transactions, transparency, and cost accounting are automated by the smart contract, and legal issues or disputes are carried out by civil courts. The reliance on established legal processes facilitates an appropriate adoption of smart contracts in traditional contracts. △ Less

Submitted 17 February, 2020; originally announced February 2020.