Master's Thesis Thomas Hain

Abstract

The Ethereum Blockchain has gained a lot of popularity within the recent years. While it is often mentioned alongside Bitcoin, it receives an increasing amount of attention by itself. One of the reasons for the rising interest lies in systems lies in its capability of encoding enforceable code on its Blockchain. This allows an automatic and transparent transfer of funds between the network’s participants and eliminates the need for a Trusted Third Party. Further it is currently being the subject of diverse researchers as its potential use cases expand beyond the financial domain. In the past there have been several successful attacks however. Oftentimes they might have been prevented by a more sophisticated model of access control. As Smart Contracts are being exposed to the complete network this leaves many possible attack vectors. This is underlined by the fact that these programs can hold big amounts of currency. This makes it necessary to carefully evaluate one’s security model and to assess each component’s required degree of public exposure. This is being further complicated by the fact that Ethereum’s most popular programming language Solidity suffers from a lot of shortcomings compared to more established ones oftentimes leading to programming errors which can only be debugged by rather primitive means. As a consequence the thesis includes an evaluation of different implementations of access control in Ethereum and derives their commonalities in order to derive desirable features of a new implementation. In addition it provides insights about the topic of data privacy in Blockchain systems by describing the permissioned Blockchain Quorum. It provides a perspective on how to approach the decision making process behind publicly exposing one’s system to a network of multiple competing nodes and gives warnings about related implications. The findings are then being accumulated and formulated into a model finally being transferred into the implementation of an own modified XACML based system. This prototype provides a reusable and flexible framework for future implementations.