PERCI: Processo de verificação de contratos inteligentes para aplicações IoT

Detalhes bibliográficos
Ano de defesa: 2024
Autor(a) principal: Alves, Joyce Quintino
Orientador(a): Andrade, Rossana Maria de Castro
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Não Informado pela instituição
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Área do conhecimento CNPq:
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Link de acesso: http://repositorio.ufc.br/handle/riufc/81175
Resumo: The growth of devices in the Internet of Things (IoT) has brought an increase in the amount of data flowing through the network. As a consequence of that, a reliable environment has became essential to avoid security vulnerabilities. In this scenario, Blockchain emerges as a promising technology to enhance IoT security, enabling decentralized, encrypted, and immutable data registration with the consensus of network participants. Smart contracts are self-executing programs distributed in a Blockchain. In IoT applications that use Blockchain, smart contracts can eliminate the need for intermediaries, allowing for more secure and transparent data transfers between involved parties in a decentralized manner. However, smart contracts are subject to security flaws, mainly caused by programming errors and vulnerabilities in the source code, which can result in financial losses or compromise data integrity, posing risks to users’ privacy and security. Therefore, performing tests with different approaches before deployment can expose errors in the smart contract code and reduce security risks. This work then proposes a process, called PERCI, that defines a set of verification steps for smart contracts in IoT applications to detect known vulnerabilities, using a combination of static and dynamic analysis tools before the contract deployment. The combination of static and dynamic analyses is proposed to improve vulnerability detection, providing a more robust solution. For this, the process uses two static analysis tools, Slither and Mythril, and one dynamic analysis tool, Manticore. PERCI is evaluated, firstly, by demosntrating that the combination of the analyses of each tool resulted in more efficient vulnerability detection, providing a more comprehensive and precise verification of the smart contract code. Additionally, this work integrated a smart contract to register and authenticate devices on the Blockchain with an IoT application that shows weather conditions through colors with a smart lamp. The process evaluation demonstrated the feasibility of using combined static and dynamic analyses for more efficient vulnerability detection. Finally, this dissertation is expected to contribute to improving the security and the reliability of IoT applications that use Blockchain.
id UFC-7_9b97107a8bdcfd1e118e4e1537122848
oai_identifier_str oai:repositorio.ufc.br:riufc/81175
network_acronym_str UFC-7
network_name_str Repositório Institucional da Universidade Federal do Ceará (UFC)
repository_id_str
spelling Alves, Joyce QuintinoOliveira, Carina Teixeira deAndrade, Rossana Maria de Castro2025-06-04T13:59:52Z2025-06-04T13:59:52Z2024ALVES, Joyce Quintino. PERCI: Processo de verificação de Contratos Inteligentes para aplicações IoT. 2025. 81 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal do Ceará, Fortaleza, 2024.http://repositorio.ufc.br/handle/riufc/81175The growth of devices in the Internet of Things (IoT) has brought an increase in the amount of data flowing through the network. As a consequence of that, a reliable environment has became essential to avoid security vulnerabilities. In this scenario, Blockchain emerges as a promising technology to enhance IoT security, enabling decentralized, encrypted, and immutable data registration with the consensus of network participants. Smart contracts are self-executing programs distributed in a Blockchain. In IoT applications that use Blockchain, smart contracts can eliminate the need for intermediaries, allowing for more secure and transparent data transfers between involved parties in a decentralized manner. However, smart contracts are subject to security flaws, mainly caused by programming errors and vulnerabilities in the source code, which can result in financial losses or compromise data integrity, posing risks to users’ privacy and security. Therefore, performing tests with different approaches before deployment can expose errors in the smart contract code and reduce security risks. This work then proposes a process, called PERCI, that defines a set of verification steps for smart contracts in IoT applications to detect known vulnerabilities, using a combination of static and dynamic analysis tools before the contract deployment. The combination of static and dynamic analyses is proposed to improve vulnerability detection, providing a more robust solution. For this, the process uses two static analysis tools, Slither and Mythril, and one dynamic analysis tool, Manticore. PERCI is evaluated, firstly, by demosntrating that the combination of the analyses of each tool resulted in more efficient vulnerability detection, providing a more comprehensive and precise verification of the smart contract code. Additionally, this work integrated a smart contract to register and authenticate devices on the Blockchain with an IoT application that shows weather conditions through colors with a smart lamp. The process evaluation demonstrated the feasibility of using combined static and dynamic analyses for more efficient vulnerability detection. Finally, this dissertation is expected to contribute to improving the security and the reliability of IoT applications that use Blockchain.Com o crescimento dos dispositivos na Internet das Coisas (IoT), a quantidade de dados trafegando pela rede aumenta e um ambiente confiável torna-se essencial para evitar vulnerabilidades de segurança. Nesse cenário, a Blockchain surge como uma tecnologia promissora para aprimorar a segurança na IoT, pois possibilita o registro de dados de forma descentralizada, criptografada e imutável, com o consenso dos participantes da rede. Os contratos inteligentes são programas autoexecutáveis distribuídos em uma Blockchain. Nas aplicações de IoT que utilizam Blockchain, os contratos inteligentes podem eliminar a necessidade de intermediários, permitindo transferências de dados mais seguras e transparentes entre as partes envolvidas, de forma descentralizada. Contudo, os contratos inteligentes estão sujeitos a falhas de segurança, causadas principalmente por erros de programação e vulnerabilidades presentes no código-fonte podem resultar, por exemplo, em perdas financeiras ou comprometer a integridade dos dados, causando riscos à privacidade e à segurança dos usuários. Diante disso, realizar testes com diferentes abordagens antes da implantação pode expor erros no código do contrato inteligente e reduzir os riscos de segurança. Este trabalho propõe então um processo, denominado PERCI, que define um conjunto de etapas de verificação de contratos inteligentes para aplicações IoT, a fim de detectar vulnerabilidades conhecidas usando a combinação de ferramentas de análises estática e dinâmica, antes da implantação do contrato inteligente. A combinação de análises estática e dinâmica é proposta para melhorar a detecção de vulnerabilidades, proporcionando uma solução mais robusta. Para isso, utiliza-se no processo duas ferramentas de análise estática, Slither e Mythril, e uma ferramenta de análise dinâmica, Manticore. Para avaliar o PERCI, primeiro, demonstrou-se que a combinação das análises de cada ferramenta teve uma detecção mais eficiente de vulnerabilidades, proporcionando uma verificação mais abrangente e precisa do código dos contratos inteligentes. Além disso, este trabalho integrou um contrato inteligente para registrar e autenticar dispositivos na Blockchain a uma aplicação IoT que representa condições meteorológicas por meio de cores com uma lâmpada inteligente. A avaliação do processo demonstrou a viabilidade do uso combinado de análises estática e dinâmica na detecção mais eficiente de vulnerabilidades. Por fim, espera-se que esta dissertação contribua para a melhoria da segurança e confiabilidade das aplicações IoT que utilizam Blockchain.PERCI: Processo de verificação de contratos inteligentes para aplicações IoTPERCI - Smart Contract Verification Process for IoT applicationsinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisInternet das coisasSegurançaBlockchainContratos inteligentesInternet of thingsSecurityBlockchainSmart contractsCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOinfo:eu-repo/semantics/openAccessporreponame:Repositório Institucional da Universidade Federal do Ceará (UFC)instname:Universidade Federal do Ceará (UFC)instacron:UFC0009-0005-0165-5476http://lattes.cnpq.br/7563717731745850http://lattes.cnpq.br/9576713124661835http://lattes.cnpq.br/28935904098257562025-06-04ORIGINAL2024_dis_jqalves.pdf2024_dis_jqalves.pdfapplication/pdf4512977http://repositorio.ufc.br/bitstream/riufc/81175/3/2024_dis_jqalves.pdf091cd17cbcd9749debf30eb22f05bf5fMD53LICENSElicense.txtlicense.txttext/plain; charset=utf-81748http://repositorio.ufc.br/bitstream/riufc/81175/4/license.txt8a4605be74aa9ea9d79846c1fba20a33MD54riufc/811752025-06-04 10:59:53.251oai:repositorio.ufc.br:riufc/81175Tk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo=Repositório InstitucionalPUBhttp://www.repositorio.ufc.br/ri-oai/requestbu@ufc.br || repositorio@ufc.bropendoar:2025-06-04T13:59:53Repositório Institucional da Universidade Federal do Ceará (UFC) - Universidade Federal do Ceará (UFC)false
dc.title.pt_BR.fl_str_mv PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
dc.title.en.pt_BR.fl_str_mv PERCI - Smart Contract Verification Process for IoT applications
title PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
spellingShingle PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
Alves, Joyce Quintino
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Internet das coisas
Segurança
Blockchain
Contratos inteligentes
Internet of things
Security
Blockchain
Smart contracts
title_short PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
title_full PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
title_fullStr PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
title_full_unstemmed PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
title_sort PERCI: Processo de verificação de contratos inteligentes para aplicações IoT
author Alves, Joyce Quintino
author_facet Alves, Joyce Quintino
author_role author
dc.contributor.co-advisor.none.fl_str_mv Oliveira, Carina Teixeira de
dc.contributor.author.fl_str_mv Alves, Joyce Quintino
dc.contributor.advisor1.fl_str_mv Andrade, Rossana Maria de Castro
contributor_str_mv Andrade, Rossana Maria de Castro
dc.subject.cnpq.fl_str_mv CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
topic CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Internet das coisas
Segurança
Blockchain
Contratos inteligentes
Internet of things
Security
Blockchain
Smart contracts
dc.subject.ptbr.pt_BR.fl_str_mv Internet das coisas
Segurança
Blockchain
Contratos inteligentes
dc.subject.en.pt_BR.fl_str_mv Internet of things
Security
Blockchain
Smart contracts
description The growth of devices in the Internet of Things (IoT) has brought an increase in the amount of data flowing through the network. As a consequence of that, a reliable environment has became essential to avoid security vulnerabilities. In this scenario, Blockchain emerges as a promising technology to enhance IoT security, enabling decentralized, encrypted, and immutable data registration with the consensus of network participants. Smart contracts are self-executing programs distributed in a Blockchain. In IoT applications that use Blockchain, smart contracts can eliminate the need for intermediaries, allowing for more secure and transparent data transfers between involved parties in a decentralized manner. However, smart contracts are subject to security flaws, mainly caused by programming errors and vulnerabilities in the source code, which can result in financial losses or compromise data integrity, posing risks to users’ privacy and security. Therefore, performing tests with different approaches before deployment can expose errors in the smart contract code and reduce security risks. This work then proposes a process, called PERCI, that defines a set of verification steps for smart contracts in IoT applications to detect known vulnerabilities, using a combination of static and dynamic analysis tools before the contract deployment. The combination of static and dynamic analyses is proposed to improve vulnerability detection, providing a more robust solution. For this, the process uses two static analysis tools, Slither and Mythril, and one dynamic analysis tool, Manticore. PERCI is evaluated, firstly, by demosntrating that the combination of the analyses of each tool resulted in more efficient vulnerability detection, providing a more comprehensive and precise verification of the smart contract code. Additionally, this work integrated a smart contract to register and authenticate devices on the Blockchain with an IoT application that shows weather conditions through colors with a smart lamp. The process evaluation demonstrated the feasibility of using combined static and dynamic analyses for more efficient vulnerability detection. Finally, this dissertation is expected to contribute to improving the security and the reliability of IoT applications that use Blockchain.
publishDate 2024
dc.date.issued.fl_str_mv 2024
dc.date.accessioned.fl_str_mv 2025-06-04T13:59:52Z
dc.date.available.fl_str_mv 2025-06-04T13:59:52Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.citation.fl_str_mv ALVES, Joyce Quintino. PERCI: Processo de verificação de Contratos Inteligentes para aplicações IoT. 2025. 81 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal do Ceará, Fortaleza, 2024.
dc.identifier.uri.fl_str_mv http://repositorio.ufc.br/handle/riufc/81175
identifier_str_mv ALVES, Joyce Quintino. PERCI: Processo de verificação de Contratos Inteligentes para aplicações IoT. 2025. 81 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal do Ceará, Fortaleza, 2024.
url http://repositorio.ufc.br/handle/riufc/81175
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv reponame:Repositório Institucional da Universidade Federal do Ceará (UFC)
instname:Universidade Federal do Ceará (UFC)
instacron:UFC
instname_str Universidade Federal do Ceará (UFC)
instacron_str UFC
institution UFC
reponame_str Repositório Institucional da Universidade Federal do Ceará (UFC)
collection Repositório Institucional da Universidade Federal do Ceará (UFC)
bitstream.url.fl_str_mv http://repositorio.ufc.br/bitstream/riufc/81175/3/2024_dis_jqalves.pdf
http://repositorio.ufc.br/bitstream/riufc/81175/4/license.txt
bitstream.checksum.fl_str_mv 091cd17cbcd9749debf30eb22f05bf5f
8a4605be74aa9ea9d79846c1fba20a33
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
repository.name.fl_str_mv Repositório Institucional da Universidade Federal do Ceará (UFC) - Universidade Federal do Ceará (UFC)
repository.mail.fl_str_mv bu@ufc.br || repositorio@ufc.br
_version_ 1847793351372308480

Registros relacionados