报告题目：Finding Permission Bugs in Smart Contracts with Role Mining

报告人： 李一新加坡南洋理工大学计算机与工程系助理教授

报告时间：6月12日（周一）下午15:30

报告地点：火狐娱乐线上平台(中国)科技有限公司国家网络安全学院新珈楼B101

报告主题简介：

Smart contracts deployed on permissionless blockchains, such as Ethereum, are accessible to any user in a trustless environment. Therefore, most smart contract applications implement access control policies to protect their valuable assets from unauthorized accesses. A difficulty in validating the conformance to such policies, i.e., whether the contract implementation adheres to the expected behaviors, is the lack of policy specifications. In this talk, I introduce a technique SPCon, for mining past transactions of a contract to recover a likely access control model, which can then be checked against various information flow policies and identify potential bugs related to user permissions. The experimental evaluation on labeled smart contract role mining benchmark demonstrates that SPCon effectively mines more accurate user roles compared to the state-of-the-art role mining tools.

报告人简介：

李一，新加坡南洋理工大学计算机与工程系助理教授，计算金融中心副主任。主要研究方向包括软件工程与安全，程序分析，形式化逻辑与验证。目前专注于软件可靠性、可持续性、以及软件分析在人工智能和去中心化软件中的应用。曾在相关领域顶会，ASE'15，ICSEM'20，FSE'21和ISSTA'22，获ACM最佳论文奖三次和最佳工具奖两次。担任包括ICSE，FSE，ASE，ICDCS等顶会程序委员。也担任ICFEM'23，ICECCS’20，SEAIS‘22等会议程序委员会主席。

邀请人：陈晶 教授

欢迎老师和同学们积极参与学习交流！