[Pl-seminar] Fwd: [professors] [allccis] 11/5 at 10:30am -- Decompiling Ethereum Bytecode and Detecting Gas-Focused Vulnerabilities (Talk Announcement Update)

Sat Nov 3 10:13:41 EDT 2018

The content of the talk by Yannis has changed.

Yannis will talk about Ethereum Smart Contracts, work that won a
distinguished paper award at OOPLSA 2018. Here is an updated abstract.

Date: Monday November 5, 2018
Location: ISEC 142
Time: 10:30-Noon
Host: Pete Manolios

Decompiling Ethereum Bytecode and Detecting Gas-Focused Vulnerabilities

The talk will present two related static analysis techniques on EVM
bytecode: MadMax, which detects gas-focused vulnerabilities, and Gigahorse,
which performs decompilation of EVM bytecode.

MadMax combines contract decompilation and declarative program-structure
queries. The analysis captures high-level domain-specific concepts (such as
“dynamic data structure storage” and “safely resumable loops”) and achieves
high precision and scalability. MadMax analyzes the entirety of smart
contracts in the current Ethereum blockchain in just 10 hours (with
decompilation timeouts in 8% of the cases) and flags contracts with a
current monetary value in the $B range. (Manual inspection of a sample of
flagged contracts shows that 81% of the sampled warnings do indeed lead to
vulnerabilities.)

Gigahorse is a general-purpose decompiler for EVM bytecode, drastically
improving over past approaches (including the decompilation techniques used
in MadMax). Gigahorse turns EVM bytecode into a high-level 3-address code
representation. The new intermediate representation of smart contracts
makes implicit data- and control-flow dependencies of the EVM bytecode
explicit. Gigahorse can decompile over 99.98% of deployed contracts and
offers a full-featured toolchain for further analyses.

Key to both MadMax and Gigahorse is the use of a declarative, logic-based
specification for the analysis.

=====================
Yannis Smaragdakis (http://smaragd.org) is a Professor at the University of
Athens. Prior to that he had a 10+ year faculty career in the US, most
recently as an Associate Professor at the University of Massachusetts,
Amherst. His interests include program analysis and testing (especially
pointer analysis, static-dynamic analysis combinations, and invariant
inference); declarative and extensible languages (especially program
generators, generics/templates, and logic-based languages); and languages
and tools for systems (especially multi-threading, parallel and distributed
computing, and program locality). Large parts of his FC++ project have been
integrated into the Boost C++ libraries, and he continues to maintain
strong ties to industrial development and open-source projects. His latest
work includes the Doop framework for the analysis of Java bytecode, as well
as other related projects for program analysis algorithms expressed
declaratively, in the Datalog language. Smaragdakis has served on the
SIGPLAN Executive Committee and was the Program Chair of OOPSLA'16. He is a
recipient of an NSF Career award, ERC Consolidator and Proof-of-Concept
grants, and best/distinguished paper or artifact awards at OOPSLA'18,
ECOOP'18, OOPSLA'15, ISSTA'12, ASE'07, ISSTA'06, GPCE'04, USENIX'99.

On Wed, Oct 31, 2018 at 3:34 PM Frank Tip, CCIS Graduate Programs <
ccis-graduateprograms at northeastern.edu> wrote:

> Date: Monday November 5, 2018
>
> Location: ISEC 142
>
> Time: 10:30-Noon
>
> Declarative Static Program Analysis: An Intelligent System over Programs
>
> It's the dream of most every programmer: a smart system that "knows more
> about my code than I do". How do we go about building it? I will argue for
> the benefits of using logic-based declarative languages as a means to
> specify static program analysis algorithms. Every aspect of complex program
> behavior (from standard features, such as parameter passing, to reflection,
> exceptions, and code generation) is captured by separate logical rules that
> cooperate to produce a model of what the code does.
>
> Concretely, the focus will be on the Doop framework for analysis of Java
> programs, and especially on its latest developments and practical
> applications. Doop encodes multiple analysis algorithms for Java
> declaratively, using Datalog: a logic-based language for defining
> (recursive) relations. With an aggressive optimization methodology, Doop
> also achieves very high performance--often an order of magnitude faster
> than comparable frameworks.
>
> =====================
> Yannis Smaragdakis (http://smaragd.org
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsmaragd.org&data=02%7C01%7Cs.gale%40northeastern.edu%7C533978d42cc44cbda4e708d63f66fee2%7Ca8eec281aaa34daeac9b9a398b9215e7%7C0%7C0%7C636766108960534556&sdata=VnPxWLEZIvdl7QIW%2B5I1YLeuU4Rl67PZwQiB9P5j%2B8A%3D&reserved=0>)
> is a Professor at the University of Athens. Prior to that he had a 10+ year
> faculty career in the US, most recently as an Associate Professor at the
> University of Massachusetts, Amherst. His interests include program
> analysis and testing (especially pointer analysis, static-dynamic analysis
> combinations, and invariant inference); declarative and extensible
> languages (especially program generators, generics/templates, and
> logic-based languages); and languages and tools for systems (especially
> multi-threading, parallel and distributed computing, and program locality).
> Large parts of his FC++ project have been integrated into the Boost C++
> libraries, and he continues to maintain strong ties to industrial
> development and open-source projects. His latest work includes the Doop
> framework for the analysis of Java bytecode, as well as other related
> projects for program analysis algorithms expressed declaratively, in the
> Datalog language. Smaragdakis has served on the SIGPLAN Executive Committee
> and was the Program Chair of OOPSLA'16. He is a recipient of an NSF Career
> award, ERC Consolidator and Proof-of-Concept grants, and best/distinguished
> paper or artifact awards at OOPSLA'18, ECOOP'18, OOPSLA'15, ISSTA'12,
> ASE'07, ISSTA'06, GPCE'04, USENIX'99.
>
>
>

-- 
Pete Manolios
Professor of Computer and Information Science
Northeastern University
http://www.ccs.neu.edu/home/pete

-- 
Pete Manolios
Professor of Computer and Information Science
Northeastern University
http://www.ccs.neu.edu/home/pete
-------------- next part --------------
HTML attachment scrubbed and removed