Thursday, November 16, 2017

Smart contracting, SDR, and other programmable protocols introduce a new class of vulnerability

The recent Ethereum hack involving a smart contract bug illustrates a type of vulnerability that we'll be seeing a lot more often.

One can think of smart contracting as a form of programmable protocol, where protocols are themselves customized for specific uses in much the way that programming languages have traditionally customized local computer behavior for specific uses. Although protocol vulnerabilities have certainly existed before, our security, testing, and trust models today are optimized for protocols that are 'hard coded' by some standards organization prior to widespread deployment. Software defined radio, smart contracting, and likely other future developments will require that we start thinking about protocol vulnerabilities more like we think about software vulnerabilities today. While clever protocols increasingly distribute trust and mitigate damage from compromise of individual machines, the protocols themselves will become the target of choice.

One way to help is to design protocol definition languages with useful provability features. We need more research along these lines:

1 comment:

Where legacy meets cryptocurrency, there is danger

As presently formulated, ICE's Bitcoin futures market sounds like a bad idea. They are not even creating a separate clearing house. This...