Write a Blog >>
Tue 11 Oct 2022 10:00 - 10:30 at Ballroom A - Tool Poster Session 1
Thu 13 Oct 2022 11:00 - 11:10 at Ballroom C East - Technical Session 23 - Security Chair(s): John-Paul Ore

Cross-Chain bridges have become the most popular solution to support asset interoperability between heterogeneous blockchains. However, while providing efficient and flexible cross-chain asset transfer, the complex workflow involving both on-chain smart contracts and off-chain programs causes emerging security issues. In the past year, there have been more than ten severe attacks against cross-chain bridges, causing billions of loss. With few studies focusing on the security of cross-chain bridges, the community still lacks the knowledge and tools to mitigate this significant threat. To bridge the gap, we conduct the first study on the security of cross-chain bridges. We document three new classes of security bugs and propose a set of security properties and patterns to characterize them. Based on those patterns, we design Xscope, an automatic tool to find security violations in cross-chain bridges and detect real-world attacks. We evaluate Xscope on four popular cross-chain bridges. It successfully detects all known attacks and finds suspicious attacks unreported before. A video of Xscope is available at https://youtu.be/vMRO_qOqtXY.

Tue 11 Oct

Displayed time zone: Eastern Time (US & Canada) change

10:00 - 10:30
Tool Poster Session 1Tool Demonstrations at Ballroom A
10:00
30m
Demonstration
WebMonitor: https://youtu.be/hqVw0JU3k9c
Tool Demonstrations
Ennio Visconti TU Wien, Christos Tsigkanos University of Bern, Switzerland, Laura Nenzi University of Trieste
10:00
30m
Demonstration
Quacky: Quantitative Access Control Permissiveness Analyzer
Tool Demonstrations
William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara
10:00
30m
Demonstration
Snapshot Metrics Are Not Enough: Analyzing Software Repositories with Longitudinal Metrics
Tool Demonstrations
Nicholas Synovic Loyola University Chicago, Matt Hyatt Loyola University Chicago, Rohan Sethi Loyola University Chicago, Sohini Thota Loyola University Chicago, Shilpika University of California at Davis, Allan J. Miller Loyola University Chicago, Wenxin Jiang Purdue University, Emmanuel S. Amobi Loyola University Chicago, Austin Pinderski Duke University, Loyola University Chicago, Konstantin Läufer Loyola University Chicago, Nicholas J. Hayward Loyola University Chicago, Neil Klingensmith Loyola University Chicago, James C. Davis Purdue University, USA, George K. Thiruvathukal Loyola University Chicago and Argonne National Laboratory
10:00
30m
Demonstration
AUSERA: Automated Security Vulnerability Detection for Android AppsVirtual
Tool Demonstrations
Sen Chen Tianjin University, Yuxin Zhang Tianjin University, Lingling Fan Nankai University, Jiaming Li Tianjin University, Yang Liu Nanyang Technological University
10:00
30m
Demonstration
Trimmer: Context-Specific Code ReductionVirtual
Tool Demonstrations
Aatira Anum Ahmad Lahore University of Management Sciences, Mubashir Anwar University of Illinois Urbana-Champaign, Hashim Sharif University of Illinois at Urbana-Champaign, Ashish Gehani SRI, Fareed Zaffar Lahore University of Management Sciences
10:00
30m
Demonstration
Maktub: Lightweight Robot System Test Creation and Automation
Tool Demonstrations
Amr Moussa North Carolina State University, John-Paul Ore North Carolina State University
10:00
30m
Demonstration
V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities
Tool Demonstrations
Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology
10:00
30m
Demonstration
RobSimVer: A Tool for RoboSim Modeling and AnalysisVirtual
Tool Demonstrations
Dehui Du East China Normal University, Ana Cavalcanti University of York, JihuiNie East China Normal University
10:00
30m
Demonstration
Xscope: Hunting for Cross-Chain Bridge AttacksVirtual
Tool Demonstrations
Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen
10:00
30m
Demonstration
SAFA: A Tool for Supporting Safety Analysis in Evolving Software Systems
Tool Demonstrations
Alberto D. Rodriguez University of Notre Dame, Timothy Newman University of Notre Dame, Katherine R. Dearstyne University of Notre Dame, Jane Cleland-Huang University of Notre Dame
10:00
30m
Demonstration
Building recommender systems for modelling languages with DroidVirtual
Tool Demonstrations
Lissette Almonte Universidad Autónoma de Madrid, Esther Guerra Universidad Autónoma de Madrid, Iván Cantador Universidad Autónoma de Madrid, Juan de Lara Autonomous University of Madrid
Pre-print Media Attached
10:00
30m
Demonstration
Shibboleth: Hybrid Patch Correctness Assessment in Automated Program Repair
Tool Demonstrations
Ali Ghanbari Iowa State University, Andrian Marcus University of Texas at Dallas

Thu 13 Oct

Displayed time zone: Eastern Time (US & Canada) change

10:00 - 12:00
Technical Session 23 - SecurityTool Demonstrations / Journal-first Papers / Late Breaking Results / Research Papers at Ballroom C East
Chair(s): John-Paul Ore North Carolina State University
10:00
10m
Demonstration
V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities
Tool Demonstrations
Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology
10:10
20m
Paper
Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?
Journal-first Papers
Ying Zhang Virginia Tech, USA, Md Mahir Asef Kabir Virginia Tech, Ya Xiao Virginia Tech, Daphne Yao Virginia Tech, Na Meng Virginia Tech
DOI Pre-print
10:30
10m
Demonstration
A transformer-based IDE plugin for vulnerability detectionVirtual
Tool Demonstrations
Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal
10:40
10m
Demonstration
Quacky: Quantitative Access Control Permissiveness Analyzer
Tool Demonstrations
William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara
10:50
10m
Paper
Towards Robust Models of Code via Energy-Based Learning on Auxiliary DatasetsVirtual
Late Breaking Results
Nghi D. Q. Bui Singapore Management University, Yijun Yu Huawei Ireland Research Center
11:00
10m
Demonstration
Xscope: Hunting for Cross-Chain Bridge AttacksVirtual
Tool Demonstrations
Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen
11:10
20m
Research paper
Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase ApproachVirtual
Research Papers
Zhuo Zhang Chongqing University, Yan Lei Chongqing University, Meng Yan Chongqing University, Yue Yu College of Computer, National University of Defense Technology, Changsha 410073, China, Jiachi Chen Sun Yat-Sen University, Shangwen Wang National University of Defense Technology, Xiaoguang Mao National University of Defense Technology