Security and Privacy in Communication Networks: 15th EAI International Conference, SecureComm 2019, Orlando, FL, USA, October 23-25, 2019, Proceedings, Part I

One of the major problems in current implementations of iterative double auction is that they rely on a trusted third party to handle the auction process. This imposes the risk of single point of failures and monopoly. In this paper, we aim to tackle this problem by proposing a novel decentralized and trustless framework for iterative double auction based on blockchain. Our design adopts the smart contract and state channel technologies to enable a double auction process among parties that do not trust each other, while minimizing the blockchain transactions. We provide a formal development of the framework and highlight the security of our design against adversaries.

[1]  Collin Jackson,et al.  Robust defenses for cross-site request forgery , 2008, CCS.

[2]  Per Larsen,et al.  SoK: Automated Software Diversity , 2014, 2014 IEEE Symposium on Security and Privacy.

[3]  Benjamin Livshits,et al.  ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Eunjin Jung,et al.  Obfuscated malicious javascript detection using classification techniques , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[5]  Zhenkai Liang,et al.  Enforcing system-wide control flow integrity for exploit detection and diagnosis , 2013, ASIA CCS '13.

[6]  He Huang,et al.  SPRITE: a novel strategy-proof multi-unit double auction scheme for spectrum allocation in ubiquitous communications , 2013, Personal and Ubiquitous Computing.

[7]  Úlfar Erlingsson,et al.  Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM , 2014, USENIX Security Symposium.

[8]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[9]  Michael Backes,et al.  Dachshund : Digging for and Securing Against ( Non-) Blinded Constants in JIT Code , 2016 .

[10]  Christopher Krügel,et al.  Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.

[11]  Iddo Bentov,et al.  Sprites and State Channels: Payment Networks that Go Faster Than Lightning , 2017, Financial Cryptography.

[12]  R. Sekar,et al.  JaTE: Transparent and Efficient JavaScript Confinement , 2015, ACSAC 2015.

[13]  Charlie Miller,et al.  Engineering Heap Overflow Exploits with JavaScript , 2008, WOOT.

[14]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[15]  Xi Chen,et al.  StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries , 2015, NDSS.

[16]  P. Komisarczuk,et al.  Identification of Malicious Web Pages with Static Heuristics , 2008, 2008 Australasian Telecommunication Networks and Applications Conference.

[17]  Benjamin Livshits,et al.  ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection , 2011, USENIX Security Symposium.

[18]  Herbert Bos,et al.  ASLR on the Line: Practical Cache Attacks on the MMU , 2017, NDSS.

[19]  Sophia Drossopoulou,et al.  Towards Type Inference for JavaScript , 2005, ECOOP.

[20]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[21]  Stefan Savage,et al.  Manufacturing compromise: the emergence of exploit-as-a-service , 2012, CCS.

[22]  Saumya K. Debray,et al.  Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.

[23]  Helen J. Wang,et al.  BrowserShield: vulnerability-driven filtering of dynamic HTML , 2006, OSDI '06.

[24]  Mu Zhang,et al.  Extract Me If You Can: Abusing PDF Parsers in Malware Detectors , 2016, NDSS.

[25]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[26]  Wenke Lee,et al.  ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks , 2015, CCS.

[27]  Wouter Joosen,et al.  BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks , 2010, ESSoS.

[28]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[29]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.