Characterizing the cost of introducing secure programming patterns and practices in Ethereum

Aboua Ange Kevin N'da; Santiago Matalonga; Keshav Dahal

doi:10.1007/978-3-030-45691-7_3

Characterizing the cost of introducing secure programming patterns and practices in Ethereum

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Citations (Scopus)

153 Downloads (Pure)

Abstract

Ethereum is blockchain-based platform which enables the development and deployment of smart contracts. Smart contracts are computer programs that provide automation for the governance of decentralized autonomous organizations (DAO). However, while the Blockchain technology is secure, smart contracts are only as secure as the programmers has designed it to be. Therefore, smart contract exposes vulnerabilities that can be exploited by attackers and threaten the viability of the DAOs. This study presents a case study which investigated how security programming patterns and practices from other programming languages can be applied in Solidity – Ethereum programming language. We have characterized the cost of introducing these patterns and practices. We identified 30 security programming patterns and practices from C++, JAVA which can be applicable to Solidity and implemented ten in a representative smart contract. The results show that the application of the ten security patterns and practices identified and implemented increases the cost of the smart contract (when compared to the baseline). Furthermore, we argue that this difference is not significant and should not deter any programmers into introducing the security patterns and practices into their smart contracts.

Original language	English
Title of host publication	WorldCist'20 - 8th World Conference on Information Systems and Technologies
Editors	Álvaro Rocha, Hojjat Adeli, Luís Paulo Reis, Sandra Costanzo, Irena Orovic, Fernando Moreira
Publisher	Springer
Pages	25-34
Number of pages	10
ISBN (Electronic)	9783030456917
ISBN (Print)	9783030456900
DOIs	https://doi.org/10.1007/978-3-030-45691-7_3
Publication status	Published - 8 Jun 2020
Event	8th World Conference on Information Systems and Technologies - Budva, Montenegro Duration: 7 Apr 2020 → 10 Apr 2020 http://worldcist.org/

Publication series

Name	AISC Series (Advances in Intelligent Systems and Computing)
Publisher	Springer
Volume	1160
ISSN (Print)	2194-5357

Conference

Conference	8th World Conference on Information Systems and Technologies
Abbreviated title	WorldCist'20
Country/Territory	Montenegro
City	Budva
Period	7/04/20 → 10/04/20
Internet address	http://worldcist.org/

Keywords

secure programming
blockchain
ethereum
smart contract

Access to Document

10.1007/978-3-030-45691-7_3

2020 06 08 N'da et al Characterizing AcceptedAccepted author manuscript, 345 KB

Cite this

N'da, A. A. K., Matalonga, S., & Dahal, K. (2020). Characterizing the cost of introducing secure programming patterns and practices in Ethereum. In Á. Rocha, H. Adeli, L. P. Reis, S. Costanzo, I. Orovic, & F. Moreira (Eds.), WorldCist'20 - 8th World Conference on Information Systems and Technologies (pp. 25-34). (AISC Series (Advances in Intelligent Systems and Computing); Vol. 1160). Springer. https://doi.org/10.1007/978-3-030-45691-7_3

N'da, Aboua Ange Kevin ; Matalonga, Santiago ; Dahal, Keshav. / Characterizing the cost of introducing secure programming patterns and practices in Ethereum. WorldCist'20 - 8th World Conference on Information Systems and Technologies. editor / Álvaro Rocha ; Hojjat Adeli ; Luís Paulo Reis ; Sandra Costanzo ; Irena Orovic ; Fernando Moreira. Springer, 2020. pp. 25-34 (AISC Series (Advances in Intelligent Systems and Computing)).

@inproceedings{ef594beb306a42ce8a875e7f9d67fff2,

title = "Characterizing the cost of introducing secure programming patterns and practices in Ethereum",

abstract = "Ethereum is blockchain-based platform which enables the development and deployment of smart contracts. Smart contracts are computer programs that provide automation for the governance of decentralized autonomous organizations (DAO). However, while the Blockchain technology is secure, smart contracts are only as secure as the programmers has designed it to be. Therefore, smart contract exposes vulnerabilities that can be exploited by attackers and threaten the viability of the DAOs. This study presents a case study which investigated how security programming patterns and practices from other programming languages can be applied in Solidity – Ethereum programming language. We have characterized the cost of introducing these patterns and practices. We identified 30 security programming patterns and practices from C++, JAVA which can be applicable to Solidity and implemented ten in a representative smart contract. The results show that the application of the ten security patterns and practices identified and implemented increases the cost of the smart contract (when compared to the baseline). Furthermore, we argue that this difference is not significant and should not deter any programmers into introducing the security patterns and practices into their smart contracts.",

keywords = "secure programming, blockchain, ethereum, smart contract",

author = "N'da, \{Aboua Ange Kevin\} and Santiago Matalonga and Keshav Dahal",

year = "2020",

month = jun,

day = "8",

doi = "10.1007/978-3-030-45691-7\_3",

language = "English",

isbn = "9783030456900",

series = "AISC Series (Advances in Intelligent Systems and Computing)",

publisher = "Springer",

pages = "25--34",

editor = "{\'A}lvaro Rocha and Hojjat Adeli and Reis, \{Lu{\'i}s Paulo\} and Sandra Costanzo and Irena Orovic and Fernando Moreira",

booktitle = "WorldCist'20 - 8th World Conference on Information Systems and Technologies",

address = "United States",

note = "8th World Conference on Information Systems and Technologies, WorldCist'20 ; Conference date: 07-04-2020 Through 10-04-2020",

url = "http://worldcist.org/",

}

N'da, AAK , Matalonga, S & Dahal, K 2020, Characterizing the cost of introducing secure programming patterns and practices in Ethereum. in Á Rocha, H Adeli, LP Reis, S Costanzo, I Orovic & F Moreira (eds), WorldCist'20 - 8th World Conference on Information Systems and Technologies. AISC Series (Advances in Intelligent Systems and Computing), vol. 1160, Springer, pp. 25-34, 8th World Conference on Information Systems and Technologies, Budva, Montenegro, 7/04/20. https://doi.org/10.1007/978-3-030-45691-7_3

Characterizing the cost of introducing secure programming patterns and practices in Ethereum. / N'da, Aboua Ange Kevin ; Matalonga, Santiago ; Dahal, Keshav.
WorldCist'20 - 8th World Conference on Information Systems and Technologies. ed. / Álvaro Rocha; Hojjat Adeli; Luís Paulo Reis; Sandra Costanzo; Irena Orovic; Fernando Moreira. Springer, 2020. p. 25-34 (AISC Series (Advances in Intelligent Systems and Computing); Vol. 1160).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Characterizing the cost of introducing secure programming patterns and practices in Ethereum

AU - N'da, Aboua Ange Kevin

AU - Matalonga, Santiago

AU - Dahal, Keshav

PY - 2020/6/8

Y1 - 2020/6/8

N2 - Ethereum is blockchain-based platform which enables the development and deployment of smart contracts. Smart contracts are computer programs that provide automation for the governance of decentralized autonomous organizations (DAO). However, while the Blockchain technology is secure, smart contracts are only as secure as the programmers has designed it to be. Therefore, smart contract exposes vulnerabilities that can be exploited by attackers and threaten the viability of the DAOs. This study presents a case study which investigated how security programming patterns and practices from other programming languages can be applied in Solidity – Ethereum programming language. We have characterized the cost of introducing these patterns and practices. We identified 30 security programming patterns and practices from C++, JAVA which can be applicable to Solidity and implemented ten in a representative smart contract. The results show that the application of the ten security patterns and practices identified and implemented increases the cost of the smart contract (when compared to the baseline). Furthermore, we argue that this difference is not significant and should not deter any programmers into introducing the security patterns and practices into their smart contracts.

AB - Ethereum is blockchain-based platform which enables the development and deployment of smart contracts. Smart contracts are computer programs that provide automation for the governance of decentralized autonomous organizations (DAO). However, while the Blockchain technology is secure, smart contracts are only as secure as the programmers has designed it to be. Therefore, smart contract exposes vulnerabilities that can be exploited by attackers and threaten the viability of the DAOs. This study presents a case study which investigated how security programming patterns and practices from other programming languages can be applied in Solidity – Ethereum programming language. We have characterized the cost of introducing these patterns and practices. We identified 30 security programming patterns and practices from C++, JAVA which can be applicable to Solidity and implemented ten in a representative smart contract. The results show that the application of the ten security patterns and practices identified and implemented increases the cost of the smart contract (when compared to the baseline). Furthermore, we argue that this difference is not significant and should not deter any programmers into introducing the security patterns and practices into their smart contracts.

KW - secure programming

KW - blockchain

KW - ethereum

KW - smart contract

UR - http://worldcist.org/

U2 - 10.1007/978-3-030-45691-7_3

DO - 10.1007/978-3-030-45691-7_3

M3 - Conference contribution

SN - 9783030456900

T3 - AISC Series (Advances in Intelligent Systems and Computing)

SP - 25

EP - 34

BT - WorldCist'20 - 8th World Conference on Information Systems and Technologies

A2 - Rocha, Álvaro

A2 - Adeli, Hojjat

A2 - Reis, Luís Paulo

A2 - Costanzo, Sandra

A2 - Orovic, Irena

A2 - Moreira, Fernando

PB - Springer

T2 - 8th World Conference on Information Systems and Technologies

Y2 - 7 April 2020 through 10 April 2020

ER -

N'da AAK , Matalonga S , Dahal K. Characterizing the cost of introducing secure programming patterns and practices in Ethereum. In Rocha Á, Adeli H, Reis LP, Costanzo S, Orovic I, Moreira F, editors, WorldCist'20 - 8th World Conference on Information Systems and Technologies. Springer. 2020. p. 25-34. (AISC Series (Advances in Intelligent Systems and Computing)). doi: 10.1007/978-3-030-45691-7_3

Characterizing the cost of introducing secure programming patterns and practices in Ethereum

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this