Loading [MathJax]/extensions/MathMenu.js
Compositional Security for Reentrant Applications | IEEE Conference Publication | IEEE Xplore

Compositional Security for Reentrant Applications


Abstract:

The disastrous vulnerabilities in smart contracts sharply remind us of our ignorance: we do not know how to write code that is secure in composition with malicious code. ...Show More

Abstract:

The disastrous vulnerabilities in smart contracts sharply remind us of our ignorance: we do not know how to write code that is secure in composition with malicious code. Information flow control has long been proposed as a way to achieve compositional security, offering strong guarantees even when combining software from different trust domains. Unfortunately, this appealing story breaks down in the presence of reentrancy attacks. We formalize a general definition of reentrancy and introduce a security condition that allows software modules like smart contracts to protect their key invariants while retaining the expressive power of safe forms of reentrancy. We present a security type system that provably enforces secure information flow; in conjunction with run-time mechanisms, it enforces secure reentrancy even in the presence of unknown code; and it helps locate and correct recent high-profile vulnerabilities.
Date of Conference: 24-27 May 2021
Date Added to IEEE Xplore: 26 August 2021
ISBN Information:

ISSN Information:

Conference Location: San Francisco, CA, USA

Funding Agency:


References

References is not available for this document.