報告題目：Finding Permission Bugs in Smart Contracts with Role Mining

報告人： 李一新加坡南洋理工大學計算機與工程系助理教授

報告時間：6月12日（周一）下午15:30

報告地點：88858cc永利官网新珈樓B101

報告主題簡介：

Smart contracts deployed on permissionless blockchains, such as Ethereum, are accessible to any user in a trustless environment. Therefore, most smart contract applications implement access control policies to protect their valuable assets from unauthorized accesses. A difficulty in validating the conformance to such policies, i.e., whether the contract implementation adheres to the expected behaviors, is the lack of policy specifications. In this talk, I introduce a technique SPCon, for mining past transactions of a contract to recover a likely access control model, which can then be checked against various information flow policies and identify potential bugs related to user permissions. The experimental evaluation on labeled smart contract role mining benchmark demonstrates that SPCon effectively mines more accurate user roles compared to the state-of-the-art role mining tools.

報告人簡介：

李一，新加坡南洋理工大學計算機與工程系助理教授，計算金融中心副主任。主要研究方向包括軟件工程與安全，程序分析，形式化邏輯與驗證。目前專注于軟件可靠性、可持續性、以及軟件分析在人工智能和去中心化軟件中的應用。曾在相關領域頂會，ASE'15，ICSEM'20，FSE'21和ISSTA'22，獲ACM最佳論文獎三次和最佳工具獎兩次。擔任包括ICSE，FSE，ASE，ICDCS等頂會程序委員。也擔任ICFEM'23，ICECCS’20，SEAIS‘22等會議程序委員會主席。

邀請人：陳晶 教授

歡迎老師和同學們積極參與學習交流！