Approved
Using Blockchain Techniques to Create an Opinion-Based Whitelisting Procedure
Simon Alm Nilsson (2013) and David Johansson (2013)
Start
2018-01-29
Presentation
2018-06-14 10:15
Location:
E:3139
Finished:
2018-06-26
Master's thesis:
Abstract
There exists a large threat in users running malicious or abnormal software that may come from spoofed sites, phishing emails or other sources. The objective of this Master Thesis is to design a proof of concept capable of storing information about software together with votes/opinions from different entities in a peer-to-peer fashion. Blockchains and accompanying technologies like smart contracts offer ways to store and handle this information among peers where trust may be missing, without having to rely fully on third parties. This information can then be used to avoid execution of spoofed software, or otherwise poorly rated and potentially malicious software.<br/> <br/> Previous research will be used to evaluate different options for the design, both in terms of which type of blockchain technique to use and what information to extract from the software. An identifying “fingerprint” can be extracted from software on an entity's computer, and this fingerprint together with information such as version number, name, the signature, and a vote can be stored in the blockchain.<br/> <br/> A voting system needs to be designed to cover the needs of the system, and to take advantage of the chosen blockchain structure. Every opinion must be verifiable to the entire network. Also, an entity should be able to update their opinion of a software, if new information surfaces.<br/> <br/> Finally, the Master Thesis will try to answer the following questions:<br/> * What can be said about scalability of the design, both in terms of users and software? Is it worth it compared to a central alternative?<br/> * Which considerations and limitations are there for applying the design in a permissioned blockchain?<br/> * What are the advantages when implementing the program logic in a smart contract compared to outside?
Supervisor: Diana Selck (SecureLink Sweden AB) and Christoffer Toft (SecureLink Sweden AB) and Paul Stankovski Wagner (EIT)
Examiner: Thomas Johansson (EIT)