Today, public blockchains are a multi-trillion-dollar economy. While the existing literature has examined blockchain security at the consensus-protocol level, the system-level security, namely the security of complex and evolving blockchain software systems in deployment, needs to be better understood. This is evidenced by the numerous reported bugs and high-impact blockchain attacks on the Internet.
In this talk, I will present our recent works examining the systems-level security of the connection between Ethereum blockchain and web3.0 users. The research uncovers several high-impact vulnerabilities under denial-of-service attacks (CCS’21, NDSS’21, IMC’21). These vulnerabilities reveal the fundamental design challenges in the tradeoff between enabling rich functionalities (e.g., by supporting smart contracts) and achieving security against DoS. The vulnerabilities have been confirmed by the Ethereum developer community. By the end, I will talk about other recent research and educational efforts in my group on blockchain security, cost-efficiency, and broader applications.
Dr. Yuzhe Tang is an associate professor in the EECS department at Syracuse University. He is broadly interested in cyber-security and computer systems. His security research covers vulnerability discovery, threat detection, threat mitigation, and security-oriented measurement of deployed systems. His current research is centered around blockchains: 1) Enabling blockchain systems security, 2) building cost-effective blockchains, 3) broadening blockchain applications into new domains, and 4) developing and disseminating blockchain educational materials. His blockchain research is published at top-tier venues, including ACM CCS, NDSS, ACM IMC, FSE, IEEE ICDE, ACM Middleware, etc. His research results in software updates in popular Ethereum clients, including Geth, Besu, and OpenEthereum. He also builds the BADD labs for active learning in Blockchain And Dapp Development.
Besides blockchains, he has worked on confidential computing and secure clouds, trusted execution environments, applied privacy-preserving protocols, and peer-to-peer data management. His research is generously supported by National Science Foundation (NSF under SaTC and CNS programs), Ethereum Foundation, National Security Agency (NSA), Intel, Cyber Research Institute, and Syracuse University.
Dr. Tang earns his Ph.D. degree in Computer Science from Georgia Institute of Technology and B.Sc. in Computer Science and Technology from Fudan University, China. He is the recipient of the Best Paper award in IEEE Cloud 2012, the Best Paper award in ACM/IEEE CCGrid 2015, the AFRL visiting faculty research award 2017, and the Ethereum Foundation academic grant awardee in 2022.