Blockchains and Security

None, None

Blockchains and Security

Grammar-Based Evolutionary Fuzzing for JSON-RPC APIs and the Division of Responsibilities

Master Thesis (2022)

Author(s)

L.S. Veldkamp (TU Delft - Applied Sciences)

Contributor(s)

Annibale Panichella – Mentor (TU Delft - Software Engineering)

Mitchell Olsthoorn – Mentor (TU Delft - Software Engineering)

Éva Kalmár – Mentor (TU Delft - Science Education and Communication)

C Wehrmann – Graduation committee member (TU Delft - Science Education and Communication)

S.E. Verwer – Graduation committee member (TU Delft - Cyber Security)

Peter A.N. Bosman – Graduation committee member (TU Delft - Algorithmics)

Faculty

Electrical Engineering, Mathematics and Computer Science

Copyright

Fuzzing Software Testing Blockchain Framing Test Generation JSON-RPC API Evolutionary Algorithm Responsibility Division Media Content Analysis

To reference this document use:

https://resolver.tudelft.nl/uuid:4ce70a5f-777a-4b9a-9b37-1fe39ea1f98f

More Info

expand_more

Publication Year

2022

Language

English

Copyright

Graduation Date

18-08-2022

Awarding Institution

Delft University of Technology

Programme

Applied Sciences | Communication Design for Innovation

Faculty

Electrical Engineering, Mathematics and Computer Science

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

The continual increase in cyber crime revolving blockchain applications calls for secure blockchain systems and clarity on the division of security responsibilities. This research is an integrated project between two master programmes at the Delft University of Technology: Computer Science and Communication Design for Innovation, and focuses on software testing and security responsibilities.

In this study, we investigate if grammar-based fuzzing, a popular approach for identifying bugs in software, is effective on JSON-RPC systems like blockchain applications Ripple and Ethereum. Furthermore, we evaluate whether we can improve upon traditional grammar-based fuzzing by using evolutionary search.
We introduce GEFRA, a black-box grammar-based fuzzing tool that generates tests for JSON-RPC APIs.
Using a diversity-based fitness function that leverages system feedback, GEFRA is able to effectively guide the search process towards new test cases that obtain additional test coverage.

Additionally, various perspectives on blockchain security responsibilities are investigated. A media content analysis was performed and interviews were conducted with legal and blockchain experts.
News media frequently frame end users as responsible for the prevention of blockchain attacks. While attackers are legally responsible, users are left to deal with the consequences if attackers cannot be found. Responsibilities generally end up with users as decentralisation is the core idea of blockchain. Legislation may be the only solution to define a clear division of responsibilities.

Files

Blockchains_and_Security_thesi... (pdf)

(pdf | 2.05 Mb)

License info not available