Seep Goel

Bio: Seep Goel is an academic researcher from IBM. The author has contributed to research in topics: Computer science & Payment. The author has an hindex of 6, co-authored 13 publications receiving 459 citations. Previous affiliations of Seep Goel include Indian Institutes of Technology & Indian Institute of Technology Delhi.

ZEUS: Analyzing Safety of Smart Contracts.

Abstract: A smart contract is hard to patch for bugs once it is deployed, irrespective of the money it holds. A recent bug caused losses worth around $50 million of cryptocurrency. We present ZEUS—a framework to verify the correctness and validate the fairness of smart contracts. We consider correctness as adherence to safe programming practices, while fairness is adherence to agreed upon higher-level business logic. ZEUS leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety. We have built a prototype of ZEUS for Ethereum and Fabric blockchain platforms, and evaluated it with over 22.4K smart contracts. Our evaluation indicates that about 94.6% of contracts (containing cryptocurrency worth more than $0.5 billion) are vulnerable. ZEUS is sound with zero false negatives and has a low false positive rate, with an order of magnitude improvement in analysis time as compared to prior art.

Tejas: A java based versatile micro-architectural simulator

Abstract: In this paper, we present the design of a new Java based, cycle-accurate, heterogeneous architectural simulator, Tejas. Tejas is a trace driven simulator, which is platform-independent. It can simulate binaries in any ISA and corresponding to virtually any operating system. It can itself run on virtually any machine. It is one of the fastest cycle accurate simulators available in academia. This is achieved through employing optimized data structures, improving the simulator's cache locality, and reducing the amount of wasteful work done. Tejas offers a rich library of architectural features that are modular and highly configurable. Tejas has been validated against real hardware (Dell PowerEdge R620 server) and has been shown to be more accurate than some of the most popular architectural simulators.

ParTejas: A Parallel Simulator for Multicore Processors

Abstract: In this article, we present the design of a novel parallel architecture simulator called ParTejas. ParTejas is a timing simulation engine that gets its execution traces from instrumented binaries using a fast shared-memory-based mechanism. Subsequently, the waiting threads simulate the execution of multiple pipelines and an elaborate memory system with support for multilevel coherent caches. ParTejas is written in Java and primarily derives its speedups from the use of novel data structures. Specifically, it uses lock-free slot schedulers to design an entity called a parallel port that effectively models the contention at shared resources in the CPU and memory system. Parallel ports remove the need for fine-grained synchronization and allow each thread to use its local clock. Unlike conventional simulators that use barriers for synchronization at epoch boundaries, we use a sophisticated type of barrier, known as a phaser. A phaser allows threads to perform additional work without waiting for other threads to arrive at the barrier. Additionally, we use a host of Java-specific optimizations and use profiling to effectively schedule the threads. With all our optimizations, we demonstrate a speedup of 11.8× for a multi-issue in-order pipeline and 10.9× for an out-of-order pipeline with 64 threads, for a suite of seven Splash2 and Parsec benchmarks. The simulation error is limited to 2% to 4% as compared to strictly sequential simulation

GpuTejas: A parallel simulator for GPU architectures

Abstract: In this paper, we introduce a new Java-based parallel GPGPU simulator, GpuTejas. GpuTejas is a fast trace driven simulator, which uses relaxed synchronization, and non-blocking data structures to derive its speedups. Secondly, it introduces a novel scheduling and partitioning scheme for parallelizing a GPU simulator. We evaluate the performance of our simulator with a set of Rodinia benchmarks. We demonstrate a mean speedup of 17.33x with 64 threads over sequential execution, and a speedup of 429X over the widely used simulator GPGPU-Sim. We validated our timing and simulation model by comparing our results with a native system (NVIDIA Tesla M2070). As compared to the sequential version of GpuTejas, the parallel version has an error limited to <7.67% for our suite of benchmarks, which is similar to the numbers reported by competing parallel simulators.

Blockchain Based e-Invoicing Platform for Global Trade

Abstract: Transportation of shipper's goods across country borders by loading into containers is known as global container shipping, and this is part and parcel of international or global trade. Multiple carriers, third and fourth party logistics companies are typically involved in a global container shipping journey. These organizations charge base service fees, unplanned, and value-added service fees through freight invoices based on pre-agreed contract rates with the shippers. The existence of multiple en route handoffs of the goods between the different carrier organizations involved in the shipment of the goods increases the complexity of the invoice generation process. Any discrepancy in invoices leads to disputes between the shippers and carriers that may take many months and person-hours to reconcile. This paper presents a blockchain-based e-invoice generation system for the goods carriers where one or more goods carriers are involved in the shipper's goods movement from origin location in one country to a destination location in another country. The generation of an invoice for a carrier primarily uses real-time shipment tracking information and pre-agreed service contract rates between the shipper and the carrier. Our system enhances e-invoicing process efficiency and lower costs for the shippers and carriers participating in global trade. The primary motivations for the organizations to adopt blockchain-based e-invoicing systems are to reduce the number of disputes on invoices, reduce dispute resolution time, and provide real-time auditing.

Securify: Practical Security Analysis of Smart Contracts

Abstract: Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify's analysis consists of two steps. First, it symbolically analyzes the contract's dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed >18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale

Abstract: Smart contracts---stateful executable objects hosted on blockchains like Ethereum---carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime. We focus attention on three example properties of such trace vulnerabilities: finding contracts that either lock funds indefinitely, leak them carelessly to arbitrary users, or can be killed by anyone. We implemented Maian, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits. Our analysis of nearly one million contracts flags 34, 200 (2, 365 distinct) contracts vulnerable, in 10 seconds per contract. On a subset of 3, 759 contracts which we sampled for concrete validation and manual analysis, we reproduce real exploits at a true positive rate of 89%, yielding exploits for 3, 686 contracts. Our tool finds exploits for the infamous Parity bug that indirectly locked $200 million US worth in Ether, which previous analyses failed to capture.