LUP Student Papers

Using Blockchain Techniques to Create an Opinion-Based Whitelisting Procedure

• Mark

Abstract

Malware has proven to be a persistent problem with an increasing amount of variations, and new attack vectors are constantly being taken advantage of. Security specialists are always on the hunt for new technologies useful in the fight against malware. Blockchain technologies bring promises of high integrity, decentralization, and transparency. The technology is very much in its infancy, but previous research has identified scalability as a weakness.

In this thesis, a prototype to be used by a group of users with limited trust for each other was designed and developed. The prototype is able to gather information from software and use it to allow the group to create a uniform opinion for whitelisting software. Different approaches for... (More)

Malware has proven to be a persistent problem with an increasing amount of variations, and new attack vectors are constantly being taken advantage of. Security specialists are always on the hunt for new technologies useful in the fight against malware. Blockchain technologies bring promises of high integrity, decentralization, and transparency. The technology is very much in its infancy, but previous research has identified scalability as a weakness.

In this thesis, a prototype to be used by a group of users with limited trust for each other was designed and developed. The prototype is able to gather information from software and use it to allow the group to create a uniform opinion for whitelisting software. Different approaches for how each user can generate a vote with minimal user intrusion was discussed. To be able to assess the design’s scalability and limitations, a thorough review of current research was performed. The goal of the review was to determine differences between blockchains and traditional databases with focus on aspects such as properties, performance, cost, and security.

A working proof of concept was developed, and its potential scalability was discussed. It was shown to scale similarly to Byzantine fault tolerant consensus algorithms often used in permissioned blockchains. An estimate of at most 100 to 1,000 users was motivated, and collected research indicate a throughput of single digits per second, with potentially 20 minutes of delay at 1,000 users. The usage of smart contracts had benefits of more transparency, higher integrity and decentralized verification of the result. Tests showed the performance of the smart contract used in the prototype scaled well with thousands of versions of programs and would not be a bottleneck. The analysis of current research papers was used to create a summarizing table and a decision tree that should be helpful for developers when deciding to use a blockchain or a traditional database in their systems. (Less)

Popular Abstract

Ever downloaded a program and wondered if it was safe to run? Can blockchains, the technology behind Bitcoin, be useful in an application for collectively voting on and whitelisting software? This thesis builds one such application and evaluates the limitations and scalability of the blockchain technology.

How do you know if a program you just downloaded is safe to run, or if it is a virus? Perhaps you use your gut feeling, an anti-virus software, or a tech-savvy relative? In all of those cases you blindly trust one single party. If the judgment of said party is off, you might end up running a virus on your computer. This Master’s Thesis investigates how blockchains can be used to allow multiple people to electronically vote on whether... (More)

Ever downloaded a program and wondered if it was safe to run? Can blockchains, the technology behind Bitcoin, be useful in an application for collectively voting on and whitelisting software? This thesis builds one such application and evaluates the limitations and scalability of the blockchain technology.

How do you know if a program you just downloaded is safe to run, or if it is a virus? Perhaps you use your gut feeling, an anti-virus software, or a tech-savvy relative? In all of those cases you blindly trust one single party. If the judgment of said party is off, you might end up running a virus on your computer. This Master’s Thesis investigates how blockchains can be used to allow multiple people to electronically vote on whether a certain program is good or bad. Furthermore, the thesis assumes there are ill-advised and villainous users swaying the opinion on software in the wrong direction — both upvoting viruses and downvoting harmless programs.

Think of a blockchain as a sturdy chain with information. It is impossible to remove a link once it has been attached to the chain. You can easily point to a link and everyone else is able to verify that it is indeed in the chain. By utilizing this property and storing votes on the chain, a blockchain with verifiable votes was created.

Blockchain is one of many technologies with the purpose of storing data, so-called databases. Blockchain is a new technology with many interesting properties. It is still not clear where blockchains should be used, and the judgement of many is clouded by the recentness of the technology. A comparison to databases was made with regards to properties such as; performance, security, and cost. Blockchains have interesting properties, but often scale negatively with the amount of users or have substantial delay. The thesis includes a table which shows how blockchains and databases scale, as well as a decision tree. This can be used to help developers decide on whether blockchain is a good fit for their application or not.

The proof of concept would be able to handle up to a third of the users acting in a malicious way before they would be able to sway the opinion in the wrong direction. However, it would not support more than a hundred users. If users would be willing to fully trust a single individual or organization, a program using a more traditional database would be able to have millions of users instead. (Less)