scispace - formally typeset
Search or ask a question
Author

Sukrit Kalra

Bio: Sukrit Kalra is an academic researcher from University of California, Berkeley. The author has contributed to research in topics: Computer science & Modular design. The author has an hindex of 5, co-authored 8 publications receiving 393 citations. Previous affiliations of Sukrit Kalra include IBM & Indraprastha Institute of Information Technology.

Papers
More filters
Proceedings ArticleDOI
01 Jan 2018
TL;DR: This work presents ZEUS—a framework to verify the correctness and validate the fairness of smart contracts, which leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety.
Abstract: A smart contract is hard to patch for bugs once it is deployed, irrespective of the money it holds. A recent bug caused losses worth around $50 million of cryptocurrency. We present ZEUS—a framework to verify the correctness and validate the fairness of smart contracts. We consider correctness as adherence to safe programming practices, while fairness is adherence to agreed upon higher-level business logic. ZEUS leverages both abstract interpretation and symbolic model checking, along with the power of constrained horn clauses to quickly verify contracts for safety. We have built a prototype of ZEUS for Ethereum and Fabric blockchain platforms, and evaluated it with over 22.4K smart contracts. Our evaluation indicates that about 94.6% of contracts (containing cryptocurrency worth more than $0.5 billion) are vulnerable. ZEUS is sound with zero false negatives and has a low false positive rate, with an order of magnitude improvement in analysis time as compared to prior art.

546 citations

Proceedings Article
01 Jan 2021
TL;DR: Senate is presented, a system that allows multiple parties to collaboratively run analytical SQL queries without revealing their individual data to each other, and provides a new query planning algorithm that decomposes and plans the cryptographic computation effectively.
Abstract: Many organizations stand to benefit from pooling their data together in order to draw mutually beneficial insights -- e.g., for fraud detection across banks, better medical studies across hospitals, etc. However, such organizations are often prevented from sharing their data with each other by privacy concerns, regulatory hurdles, or business competition. We present Senate, a system that allows multiple parties to collaboratively run analytical SQL queries without revealing their individual data to each other. Unlike prior works on secure multi-party computation (MPC) that assume that all parties are semi-honest, Senate protects the data even in the presence of malicious adversaries. At the heart of Senate lies a new MPC decomposition protocol that decomposes the cryptographic MPC computation into smaller units, some of which can be executed by subsets of parties and in parallel, while preserving its security guarantees. Senate then provides a new query planning algorithm that decomposes and plans the cryptographic computation effectively, achieving a performance of up to 145$\times$ faster than the state-of-the-art.

28 citations

Posted Content
TL;DR: Pylot provides several state-of-the-art reference implementations for the various components of an AV pipeline, and a Pylot-based AV pipeline is able to drive a real vehicle, and attains a high score on the CARLA Autonomous Driving Challenge.
Abstract: We present Pylot, a platform for autonomous vehicle (AV) research and development, built with the goal to allow researchers to study the effects of the latency and accuracy of their models and algorithms on the end-to-end driving behavior of an AV. This is achieved through a modular structure enabled by our high-performance dataflow system that represents AV software pipeline components (object detectors, motion planners, etc.) as a dataflow graph of operators which communicate on data streams using timestamped messages. Pylot readily interfaces with popular AV simulators like CARLA, and is easily deployable to real-world vehicles with minimal code changes. To reduce the burden of developing an entire pipeline for evaluating a single component, Pylot provides several state-of-the-art reference implementations for the various components of an AV pipeline. Using these reference implementations, a Pylot-based AV pipeline is able to drive a real vehicle, and attains a high score on the CARLA Autonomous Driving Challenge. We also present several case studies enabled by Pylot, including evidence of a need for context-dependent components, and per-component time allocation. Pylot is open source, with the code available at this https URL.

25 citations

Proceedings ArticleDOI
04 Dec 2018
TL;DR: The approach uses blockchain to manage definitive game state and exploits peer consensus on every player action to track modifications to tangible player assets and enables flexibility to customize games with minimum modifications to game clients by porting server-side logic to smart contracts that execute atop peers.
Abstract: The gaming industry is affected by two key issues---cheating and DDoS attacks against game servers. In this paper, we aim to present a novel yet concrete application of the blockchain technology to address the seemingly disparate problems. Our approach uses blockchain to manage definitive game state and exploits peer consensus on every player action to track modifications to tangible player assets. While a key impediment to adopting blockchain for real-time systems is its high per-operation latency, our approach leverages several optimizations to enable real-time prevention of a large class of cheats where the reported client state is inconsistent with the observed state at the server. Further, blockchain-based games leverage the robust peer-to-peer architecture to successfully defend against DDoS attacks.Our strategy enables flexibility to customize games with minimum modifications to game clients by porting server-side logic to smart contracts that execute atop peers. We evaluate our approach on a recent port of the multi-player game Doom. Our prototype can scale to client tickrates matched by modern games, and prevent cheats in

15 citations

Proceedings ArticleDOI
Ayush Goel1, Sukrit Kalra1, Mohan Dhawan1
06 Dec 2016
TL;DR: GRETEL is a system that leverages non-intrusive system monitoring to expedite root cause analysis of both operational and performance faults manifesting in OpenStack operations, and uses unique operational fingerprints to quickly identify faulty operations at runtime.
Abstract: Like any other distributed system, cloud management stacks such as OpenStack, are susceptible to faults whose root cause is often hard to diagnose and may take hours or days to fix. We present GRETEL, a system that leverages non-intrusive system monitoring, to expedite root cause analysis of both operational and performance faults manifesting in OpenStack operations. GRETEL uses unique operational fingerprints to quickly identify faulty operations at runtime. GRETEL is accurate in its diagnosis, and achieves >98% precision in identifying the faulty operation with very few false positives and negatives even under conditions of stress. GRETEL is lightweight and orders of magnitude faster than prior work, sustaining a throughput of ~77 Mbps.

14 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: A comprehensive classification of blockchain-enabled applications across diverse sectors such as supply chain, business, healthcare, IoT, privacy, and data management is presented, and key themes, trends and emerging areas for research are established.

1,310 citations

Proceedings ArticleDOI
15 Oct 2018
TL;DR: Securify as mentioned in this paper is a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property.
Abstract: Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify's analysis consists of two steps. First, it symbolically analyzes the contract's dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed >18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.

688 citations

Journal ArticleDOI
TL;DR: This paper first introduces blockchains and smart contracts, then presents the challenges in smart contracts as well as recent technical advances, and gives a categorization of smart contract applications.

506 citations

Journal ArticleDOI
TL;DR: The review reveals that several opportunities are available for utilizing blockchain in various industrial sectors; however, there are still some challenges to be addressed to achieve better utilization of this technology.
Abstract: Blockchain technologies have recently come to the forefront of the research and industrial communities as they bring potential benefits for many industries. This is due to their practical capabilities in solving many issues currently inhibiting further advances in various industrial domains. Securely recording and sharing transactional data, establishing automated and efficient supply chain processes, and enhancing transparency across the whole value chain are some examples of these issues. Blockchain offers an effective way to tackle these issues using distributed, shared, secure, and permissioned transactional ledgers. The employment of blockchain technologies and the possibility of applying them in different situations enables many industrial applications through increased efficiency and security; enhanced traceability and transparency; and reduced costs. In this paper, different industrial application domains where the use of blockchain technologies has been proposed are reviewed. This paper explores the opportunities, benefits, and challenges of incorporating blockchain in different industrial applications. Furthermore, the paper attempts to identify the requirements that support the implementation of blockchain for different industrial applications. The review reveals that several opportunities are available for utilizing blockchain in various industrial sectors; however, there are still some challenges to be addressed to achieve better utilization of this technology.

363 citations

Proceedings ArticleDOI
03 Dec 2018
TL;DR: Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits.
Abstract: Smart contracts---stateful executable objects hosted on blockchains like Ethereum---carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime. We focus attention on three example properties of such trace vulnerabilities: finding contracts that either lock funds indefinitely, leak them carelessly to arbitrary users, or can be killed by anyone. We implemented Maian, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits. Our analysis of nearly one million contracts flags 34, 200 (2, 365 distinct) contracts vulnerable, in 10 seconds per contract. On a subset of 3, 759 contracts which we sampled for concrete validation and manual analysis, we reproduce real exploits at a true positive rate of 89%, yielding exploits for 3, 686 contracts. Our tool finds exploits for the infamous Parity bug that indirectly locked $200 million US worth in Ether, which previous analyses failed to capture.

303 citations