enter the hydra t oward principled bug bounties and
play

Enter the Hydra: T oward Principled Bug Bounties and - PowerPoint PPT Presentation

May 22, 2023 •429 likes •1.16k views

Ari Juels Phil Daian, Florian Tramer Cornell Tech, Jacobs, IC3 Stanford Lorenz Breidenbach Cornell Tech, ETH, IC3 Enter the Hydra: T oward Principled Bug Bounties and Exploit-Resistant Smart Contracts Summer School on Real-World Crypto

  1. Ari Juels Phil Daian, Florian Tramer Cornell Tech, Jacobs, IC3 Stanford Lorenz Breidenbach Cornell Tech, ETH, IC3 Enter the Hydra: T oward Principled Bug Bounties and Exploit-Resistant Smart Contracts Summer School on Real-World Crypto and Privacy Š ibenik, Croatia, 14 June 2018

  2. What’s a Smart Contract?

  3. Smart Smart contracts Contract • Small programs that run on blockchains • Given trust in underlying blockchain, smart contracts are • Transparent • Irreversible • Tamper-resistant • ...plus they can act upon crypto tokens = $money

  4. Lots of recent interest in ETH… $7 billion < $27 billion $35 billion $22 billion > $48 billion

  5. Why? Suppose Alice and Bob want to trade.. 10 Bob’s Bubble T okens (BBT) 1 ETH Bob’s Bubble T okens (BBT) Problem of Fair Exchange !

  6. Trusted third-party (with public state) 10 BBT 1 ETH 10 BBT 1 ETH

  7. Smart contract ≈ Trusted third-party (with public state) Smart 10 BBT contract 1 ETH 10 BBT 1 ETH

  8. No, not Floyd Mayweather…

  9. !

  10. Crypto T okens • Application-specific cryptocurrency • Mainly ERC20 tokens • Managed in Ethereum smart contracts • $38+ billion token market cap

  11. Crypto T okens • Sold in Initial Coin Offerings (ICOs) • a.k.a. T oken Launch, T oken Generation Events (TGEs), etc. • Like unregulated VC • T oken like a share (kind of…) • Since mid-2017, ICO funding outstripping early- stage Internet VC (!)

  12. Crypto T okens: ERC721 • “Non-fungible tokens”: Represent unique objects

  13. SMART CONTRACT CHALLENGES 1. Correctness : Contracts often have fatal bugs! 2. Confidentiality : No private data. 3. Authenticated data : No good, trustworthy access to real-world data!

  14. Side effects of the token mania T oken Lines of Value per • T oken smart contracts Code line are compact • Lots of money per OmiseGo 396 ∼ $2.4M contract (OMG) • Astonishing value per T ether 423 ∼ $5.9M line of code (USDT) • Which makes for juicy EOS 584 ∼ $15.8M targets… (EOS) Sources: coinmarketcap.com, 14 June 2018., and published contract source code

  15. Some (in)famous smart contracts • The DAO (June 2016) • Reentrancy bug ⇒ $50+ million stolen • Parity multisig hack (July 2017) • Parity 1.5 client’s multisig wallet contract • Bad use of delegatecall ⇒ $30 million stolen …from 3 ICO wallets ( Edgeless Casino, Swarm City, and æternity ) • Parity multisig hack—Redux! (Nov. 2017) • Bad use of delegatecall ⇒ > $150 million frozen • …much from ICO wallets (Polkadot, $98 million)

  16. Why not try to address correctness with… • Formal verification • Absolutely! • But limited scaling • What if there’s a bug in the formal spec? (T urtles!) • Static and dynamic verification • Absolutely! • But limited scope

  18. N-Version programming (Chen & Avizienis ’ 78, Knight-Leveson ‘86) Program

  19. N-Version programming (Chen & Avizienis ’ 78, Knight-Leveson ‘86) Version 1 Agreed Input X output Majority Version 2 Vote Version 3 N software versions / heads

  20. If something goes wrong… Version 1 Agreed Input X output Majority Version 2 Vote Version 3 N software versions / heads

  21. What is N-version programming doing? A program transformation T takes N ≥ 1 programs and creates new program f * := T ( f 1 , f 2 , . . . , f N ). f* Version 1 Input X output Y Majority Version 2 Vote Version 3

  22. Some more definitions • Let be an ideal program specification • Conceptual! Doesn’t actually exist… • Let f be an implemented program • An exploit is an input X such that ( X ) ≠ f ( X ) • Intuition: Any deviation from intended behavior is a potentially serious bug • Exploit set E( f , ): set of exploits X for f and

  23. Mind the gap • Let D be a distribution over inputs X Exploits against • Definition of exploit gap : f 1 , f 2, f 3 … gap Exploits against f * • Affirmative gap (> 1 ) means T reduces exploits • Bigger gap ⇒ fewer relative bugs in f * • gap captures dependencies among heads

  24. Houston… we have a gap gap f 1 f* Version 1 Agreed f 2 Input X output Majority Version 2 Vote f 3 Version 3 N software versions / heads

  25. N-version-programming criticism • Strong gap requires independence Version 1 among heads Input X • Correlations hurt! Agreed Majority Version 2 Vote output • Knight-Leveson (1986): Version 3 • “We reject the null hypothesis of full N software versions / heads independence at a p-level of 5%” • Eckhardt et al. (1991): • “We tried it at NASA and it wasn’t cost effective” • Worst case: 3 versions ⇒ 4x fewer errors

  26. But not everything is a space shuttle… • Not all software needs to be available at all times! • E.g., Smart contracts: How bad if it’s down for a while? • In fact, often better no answer than the wrong one • Bugs are often harmful • N-of-N-Version Programming (NNVP)

  27. NNVP a.k.a. Hydra Framework Version 1 Input X Majority Agreed Version 2 output vote Version 3 Fault manager N software versions / heads Idea: Strengthen majority vote of N-Version Programming

  28. NNVP a.k.a. Hydra Framework Version 1 =? Input X Agreed Version 2 output Version 3 Fault manager N software versions / heads Unless all versions agree, abort!

  29. NNVP a.k.a. Hydra • Aborting in NNVP: Head 1 Correctness ← Availability Head 2 Head 3 • NASA numbers much better for NNVP • Some availability loss, but… • gap = 4,409 for N = 3 heads • gap = 34,546 for N = 4 heads • Probably even better!

  30. Hydra creates a (strong) gap … ✗ Head 1 =? Input X Program Agreed Head 2 output Head 3 Fault manager Serious bug in one head now rarely fatal…

  31. Smart contracts are Hydra-friendly! Hydra could probably have addressed cases in green and yellow vulnerabilities

  32. Application: Bug Bounties

  33. Bug bounties • Reward for responsible disclosure of software vulnerabilities • Key element of nearly all security assurance programs • E.g., Apple (up to $200k)

  34. Some problems with bug bounties: 1. Bounties often fail to incentivize disclosure • Apple: ≤ $200k bounty • Zerodium: $1.5 million for certain iPhone jailbreaks 2. Time lag between reporting and action • Weaponization can happen after disclosure 3. Bounty administrator doesn’t doesn’t always pay!

  35. Some problems with bug bounties: 1. Bounties often fail to incentivize disclosure • Apple: ≤ $200k bounty • Zerodium: $1.5 million for certain iPhone jailbreaks 2. Time lag between reporting and action • Weaponization can happen after disclosure 3. Bounty administrator doesn’t doesn’t always pay!

  36. The perfect bug bounty 1. High leverage: Small bounty incentivizes disclosure for valuable program 2. Automatic payout: Bounty hunter need not trust bounty administrator to pay • Censorship-resistant, verifiable 3. Automatic remediation: Immediate intervention in affected software

  37. Bug bounties: The Rational Attacker’s Game Program Value: $A

  38. Bug bounties: The Rational Attacker’s Game Find Exploit Attack Disclose $A $0 No bounty

  39. Bug bounties: The Rational Attacker’s Game Find Exploit Always attack! Attack Disclose $A $0 No bounty

  40. Bug bounties: The Rational Attacker’s Game Find Exploit Attack Disclose $A $B Classic bounty: $B

  41. Bug bounties: The Rational Attacker’s Game Find Exploit Disclose if Attack Disclose $B > $A ! $A $B Classic bounty: $B

  42. Our goal: High leverage Find Exploit Attack Disclose $B $A / gap

  43. Our goal: High leverage Find Exploit Attack Disclose $B $A / gap For gap ≫ 1

  44. Our goal: High leverage Find Exploit Disclose if Attack Disclose $B > $A / gap ! $B $A/ gap * Exploit gap

  45. Disclose, i.e., Wait a minute… don’t attack even though Program $B < $A ?! Value: $A

  46. The Hydra Framework for Bug Bounties ? ✓ Head 1 Agreed output Y Head 2 Input X = Head 3

  47. The Hydra Framework for Bug Bounties Head 1 ✗ ? Head 2 Input X = Abort Head 3 $bounty Pay Fault $bounty manager

  48. The Hydra Hacker’s Dilemma $$$ Head 1 Head 1 Input X Input X Head 2 Head 2 Head 3 Head 3 Try to break all heads ($A)? Claim bounty ($B) now?

  49. Recall: gap

  50. Hydra Framework → High leverage • Suppose strong rational adversary discovers bugs as fast as all honest bounty hunters combined • Suppose: • Contract worth $A • Bounty $B • Then (we prove) adversary discloses if: $B > $A / ( gap + 1) .

  51. Example • Recall: NASA experiments imply: • gap = 4,409 for N = 3 heads • gap = 34,546 for N = 4 heads • So… • Approx $1 billion contract (e.g., OmiseGo) • N = 4 • $30k $bounty incentivizes adversary to disclose!

  52. The perfect bug bounty ✓ 1. High leverage: Small bounty incentivizes disclosure for valuable program 2. Automatic payout: Bounty hunter need not trust bounty administrator to pay • Censorship-resistant, verifiable 3. Automatic remediation: Immediate intervention in affected software

  53. It’s a smart contract! It’s automatically automatic! f* Head 1 ? ✗ Head 2 Input X = Head 3 $bounty Pay $bounty

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enter the Hydra: T oward Principled Bug Bounties and Exploit-Resistant Smart Contracts EPFL

Enter the Hydra: T oward Principled Bug Bounties and Exploit-Resistant Smart Contracts EPFL

Ari Juels Phil Daian, Florian Tramer Cornell Tech, Jacobs, IC3 Stanford Lorenz Breidenbach Cornell Tech, ETH, IC3 Enter the Hydra: T oward Principled Bug Bounties and Exploit-Resistant Smart Contracts EPFL SuRI 18 June 2018 Whats

1.07k views • 71 slides
Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] . Lorenz Breidenbach ETH Zurich, Cornell [Tech] . Florian Tramer . Stanford . Bug bounties Problems with Bug bounties Unaligned incentives (exploit $$$

582 views • 31 slides
Tcl Bounties November 16, 2016 Tcl Bounties FlightAware is offering a number of bounties for

Tcl Bounties November 16, 2016 Tcl Bounties FlightAware is offering a number of bounties for

Tcl Bounties November 16, 2016 Tcl Bounties FlightAware is offering a number of bounties for various enhancements, fixes, etc, for Tcl and/or Tcl extensions Donal referred to this as a series of Grand Challenges. Recognizing a golden

394 views • 27 slides
Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] .

Enter Hydra towards (more) secure smart contracts Philip Daian, Ari Juels Cornell [Tech] . Lorenz Breidenbach ETH Zurich, Cornell [Tech] . Florian Tramer . Stanford . Smart Contract Security - The Prongs Formal Verification (+Specification)

960 views • 28 slides
Introducing the Hydra Software Hydra is professional Internet management software that manages

Introducing the Hydra Software Hydra is professional Internet management software that manages

Introducing the Hydra Software Hydra is professional Internet management software that manages users based on the radius protocol as well as provides a variety of reports for connecting users to the network . In a general definition, Hydra can

234 views • 11 slides
Hydra: : a Python Framework a Python Framework Hydra for Parallel Computing for Parallel

Hydra: : a Python Framework a Python Framework Hydra for Parallel Computing for Parallel

Hydra: : a Python Framework a Python Framework Hydra for Parallel Computing for Parallel Computing Waide Tristram Karen Bradshaw 3 rd November 2009 Hydra in hour hour Hydra in An Opportunity Why Python and CSP? Aim

491 views • 22 slides
Migrating from Fedora 3 to 4 Now With More Hydra Goals for the Session Understand the basic

Migrating from Fedora 3 to 4 Now With More Hydra Goals for the Session Understand the basic

Migrating from Fedora 3 to 4 Now With More Hydra Goals for the Session Understand the basic conceptual models underlying Fedora 3/CMA, Fedora 4, and PCDM Work through a rudimentary migration exercise with Hydra/Fedora-Migrate Explore

906 views • 63 slides
Members: Jason Johnson Ryan Johnson John Locklear Specialized

Members: Jason Johnson Ryan Johnson John Locklear Specialized

Members: Jason Johnson Ryan Johnson John Locklear Specialized in hydraulic equipment for Skid Steers and Tractors. Product Line: Hydra- Clip (16 Treeshear) Hydra- Snip (12 Treeshear) Hydra- Rake

423 views • 39 slides
Hydra An Open Source Wireless Testbed Hyrum K. Wright, Robert D. Grant Wireless Communication

Hydra An Open Source Wireless Testbed Hyrum K. Wright, Robert D. Grant Wireless Communication

Wireless Networking Research Hydra Demonstration Hydra An Open Source Wireless Testbed Hyrum K. Wright, Robert D. Grant Wireless Communication and Networking Group Department of Electrical and Computer Engineering The University of Texas at

551 views • 27 slides
H oward S. Lavin is a partner and Elizabeth E. DiMichele a special counsel in the Employment Law

H oward S. Lavin is a partner and Elizabeth E. DiMichele a special counsel in the Employment Law

Reprinted with permission from the Employee Relations LAW JOURNAL Vol. 41 No. 2 Autumn 2015 SPLIT CIRCUITS Ninth Circuit Splits on Overtime for Dealership Workers Howard S. Lavin and Elizabeth E. DiMichele H oward S. Lavin is a partner and

324 views • 4 slides
W HAT E XTERNSHIP T EACHERS D O : T OWARD A C LINICALLY -G ROUNDED E XTERNSHIP P EDAGOGY

W HAT E XTERNSHIP T EACHERS D O : T OWARD A C LINICALLY -G ROUNDED E XTERNSHIP P EDAGOGY

W HAT E XTERNSHIP T EACHERS D O : T OWARD A C LINICALLY -G ROUNDED E XTERNSHIP P EDAGOGY Work-in-progress presentation Externships 7, Denver February 2014 Becky Rosenfeld, Externship Director Benjamin N. Cardozo School of Law T HESIS We can

282 views • 9 slides
V U , B AID , G AO , G RUTESER , H OWARD , L INDQVIST , S PASOJEVIC , W ALLING R UTGERS U NIVERSITY

V U , B AID , G AO , G RUTESER , H OWARD , L INDQVIST , S PASOJEVIC , W ALLING R UTGERS U NIVERSITY

D ISTINGUISHING U SERS WITH C APACITIVE T OUCH C OMMUNICATION V U , B AID , G AO , G RUTESER , H OWARD , L INDQVIST , S PASOJEVIC , W ALLING R UTGERS U NIVERSITY M OBICOM 2012 Computer Networking CptS/EE555 Michael Carosino Washington State

440 views • 17 slides
Welcome to the Public Hearing for the improvement of US 30 from IL 47 to IL 31. [Enter] 1 The

Welcome to the Public Hearing for the improvement of US 30 from IL 47 to IL 31. [Enter] 1 The

Welcome to the Public Hearing for the improvement of US 30 from IL 47 to IL 31. [Enter] 1 The main goal of todays public hearing is to [enter] Provide a brief overview of the study [enter] Present the Preferred Alternative [enter] Answer

719 views • 24 slides
Fut ure Direct ion of AI M Fut ure Direct ion of AI M ~For discussion t oward next AI M proj

Fut ure Direct ion of AI M Fut ure Direct ion of AI M ~For discussion t oward next AI M proj

Fut ure Direct ion of AI M Fut ure Direct ion of AI M ~For discussion t oward next AI M proj ect ~ ~For discussion t oward next AI M proj ect ~ Yuzuru Matsuoka Matsuoka Yuzuru The 9th AI M I nternational Workshop The 9th AI M I

292 views • 6 slides
Hydra-Models A way to assess the influence of climate change and river programs on future dike

Hydra-Models A way to assess the influence of climate change and river programs on future dike

Hydra-Models A way to assess the influence of climate change and river programs on future dike heights and the probability of dike failure. Robert Slomp 18 april 2005 Robert Slomp 2 18 april 2005 Contents Hydra-models Flood defense

295 views • 17 slides
REPORT B OARD OF E DUCATION OF H OWARD C OUNTY M EETING A GENDA I TEM Presentation of the

REPORT B OARD OF E DUCATION OF H OWARD C OUNTY M EETING A GENDA I TEM Presentation of the

REPORT B OARD OF E DUCATION OF H OWARD C OUNTY M EETING A GENDA I TEM Presentation of the Attendance Area Adjustment Plan T ITLE : D ATE : August 20, 2019 P RESENTER ( S ): Michael J. Martirano, Ed. D., Superintendent Strategic Call To Action

755 views • 34 slides
Ralph Hodgson Realizing a semantic solution: Ontologies are like and unlike other IT models

Ralph Hodgson Realizing a semantic solution: Ontologies are like and unlike other IT models

Enterprise Architecture in SOA: Coverage Models and Methodologies Going Semantic Semantic technology May 23 rd , 2005 Enterprise architecture and semantic technology Enterprise architecture maturity model Capabilities of semantic

244 views • 9 slides
Finance Knowledge Transfer Session 1 Financial Overview (FI100) Agenda Overview M d l Module

Finance Knowledge Transfer Session 1 Financial Overview (FI100) Agenda Overview M d l Module

Finance Knowledge Transfer Session 1 Financial Overview (FI100) Agenda Overview M d l Module 1: SAP System Landscape 1 SAP S t L d Module 2: Financial Accounting (FI) Module 3: Controlling (CO) M d l 3 C t lli (CO) Module 4: Funds

1.46k views • 108 slides
G22.2390-001 Logic in Computer Science Fall 2009 Lecture 8 1 Review Last time Compactness

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 8 1 Review Last time Compactness

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 8 1 Review Last time Compactness Enumerability Theorem Definability of Models Finite Models Size of Models 2 Outline Theories Satisfiablity Modulo Theories

997 views • 65 slides
Mol2Net-04 Modelling and simulation of SAW delay line sensors with COMSOL Multiphysics Bilel

Mol2Net-04 Modelling and simulation of SAW delay line sensors with COMSOL Multiphysics Bilel

Mol2Net-04 , 2018 , BIOCHEMPHYS-01 (pages 1- x, type of paper, doi: xxx-xxxx http://sciforum.net/conference/mol2net-4 SciForum Mol2Net-04 Modelling and simulation of SAW delay line sensors with COMSOL Multiphysics Bilel Achour 1, * , Nadia

459 views • 4 slides
Computing with Univalence Daniel R. Licata with Robert Harper Carnegie Mellon University 1

Computing with Univalence Daniel R. Licata with Robert Harper Carnegie Mellon University 1

Computing with Univalence Daniel R. Licata with Robert Harper Carnegie Mellon University 1 Identity Types A type M, N : A Id A (M,N) type 2 Identity Types A type M, N : A Id A (M,N) type C : A type F : A B : Id A (M,N) : Id

1.17k views • 90 slides
An Introduction to Combinatorial Species Ira M. Gessel Department of Mathematics Brandeis

An Introduction to Combinatorial Species Ira M. Gessel Department of Mathematics Brandeis

An Introduction to Combinatorial Species Ira M. Gessel Department of Mathematics Brandeis University Brandeis Combinatorics Seminar November 8, 2016 What are combinatorial species? The theory of combinatorial species, introduced by Andr

1.43k views • 75 slides
Modelling and Analysing an Identity Federation Protocol: Federated Network Providers Scenario

Modelling and Analysing an Identity Federation Protocol: Federated Network Providers Scenario

Modelling and Analysing an Identity Federation Protocol: Federated Network Providers Scenario Maurice ter Beek (FMT, ISTICNR, Pisa, Italy) joint work with Marinella Petrocchi (IITCNR, Pisa, Italy) Corrado Moiso (Telecom Italia, Torino,

559 views • 28 slides
Click To Edit Master Title Style First Quarter 2018 Earnings Conference Call 4/18/2018

Click To Edit Master Title Style First Quarter 2018 Earnings Conference Call 4/18/2018

Click To Edit Master Title Style First Quarter 2018 Earnings Conference Call 4/18/2018 Important Cautionary Statement About Forward-Looking Statements This presentation contains forward-looking statements within the meaning of section 27A of

773 views • 32 slides

More recommend