Day12 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 4 minutes

author: aman

Blog III - Part II - Day 12

In this blog, we’ll vaguely discuss the Hyperproperties and Information Flow thing.

As continued, this blog will contain the understandings from the Teachings of Dr Pramod, from SAT SMT Winter School 2018[1]. I will try to portray my understanding from his teachings and is working with him closely on Blockchain, I suppose it earned me a proper understanding.

Let us do this....

In this micro-blog

  • Let us check this vaguely
  • 2-trace property
  • Hyperproperties
  • How this could be so big?
Let us check it vaguely

We'll play a game, known as Distinguishability Game.

We pose a challenge game between attacker and a defender, where the attacker needs to exploit flow of information and the defender has to prevent it.

2 people:

day12_01day12_02
attackerdefender

Situation: There are two systems behind a wall, say system_0 and system_1, and the attacker just have the access to a function foo(x). He doesn't know, whenever he makes a call, to what system does this does the call go to.

The attacker is just like any other user, but who is trying to attack an arrangement behind a wall, popularly known as adversaries.

The defender is the arrangement behind the wall, which diverts the calls to different systems, which have following secret keys: "secret_b" , where b -> {0,1}. i.e. secret_0 or secret_1.

Game Initialisation

  • secret_0 := {0,1,2,3}
  • secret_1 := {4,5,6,7}
  • publicx := {10,11,12,13}
  • whenever a normal user makes a call, "only publicx is called, and thus the values inside it are returned"

Game Execution

  • there are a lot of calls to foo(x) made from across the world, and by the users with different access levels, i.e. admins & normal user
  • so the calls by a normal user are interspersed calls made by the admins

Finalisation

  • if attacker is able to identify which system in system_b the call is sent to, he wins, as this information should not be made available to the "normal user"

---> Now consider the following picture

day12_03

The attacker will try to observe the value of "r", and specially "he will be looking for any unexpected values"

Considering this program, try to make following calls to the system(both normal user and admins included),

• priv_level = sup_user, foo(1), obs = ∅ • priv_level = user, foo(1), obs = 11 • priv_level = sup_user, foo(2), obs= ∅ ........ These calls will go on forever the attacker will

But, now if the program has been like the following, and we bagin with our game:

day12_04

we start with the following calls, (notice the introduction of variable t)

day12_05

  • priv_level = sup_user, foo(1), obs = ∅
  • priv_level = user, foo(4),
    • obs = 2 -> b = 0
    • obs = 6 -> b = 1

Woosh!!! Did you realise here attacker wins the game, by observing the value of r & t.

If the value returned to the attacker is 2 clearly the secret key b, chosen will be b = 0 and if the value returned to the attacker is 6 clearly the secret key b, chosen will be b = 1

The system just leaked the information.

AFAIK, during my study I encountered this incident had already been reported, where the highly confidential data was leaked due a misprinted "=", I may be wrong though. But, This is a very critical exploitation of Information Flow.


In the very next blog, I'll take a use case of blockchain, and try to determine for such observations for it.

Thanks y'all..

and yeah, Amid this Corona virus thing, be safe...

_ Team CEV

E-Mailing professors shouldn’t be that hard

Reading Time: 2 minutes

Following are a few excerpts from the regular CEV Group chats. Where we were discussing a few very important points you must take care for before emailing professors.

Since, our college has no such source, where the undergrads can learn this skill, which is required in real life. 

CEV is publicizing it for everyone’s benefit…

Make a good use of it…

I don’t know if it is quite random. But I wanted to share this thing with you people.

Good Structuring of an Email is very important. I believe I have received a few very good responses from the professors abroad, just because of probably good structuring of Emails. Professors generally find it good reading the emails is it is structured well. Plus, it reflects, how good you are in documenting the things about you.

A few suggested tips:

1) Try seeing the cover letter from Professor’s POV, (this works for both the cover letter and the resume.). Generally, professor has less time and a large no. of applications, highlighting only the important points while writing a letter/resume works well.

2) Do at least some research about the professor before emailing them. Generally, professors receive a lot of emails regarding assistantship. They have a very good eye at detecting the template emails. So, working on researching about the professors have the benefits like you can show interest in his work, and importantly, you can design your cover letter according to his interests.

3) Always be straight to the point. Seriously, professors love that. Adding a few informal lines at the bottom of the text separately will work, but the initial part of the most highlighted part should be straight to the point.

4) Don’t be cheesy! strictly

5) It is perfectly ok to write about the things you are currently doing(ongoing) or the things you can complete until the date of the interview scheduled by the professor.

6) Try giving reminders after 3 days or a week. Generally, the professor put the email to the reading waitlist, then they forget to look back to it. Giving a properly scheduled reminder, helps him to identify your genuine interests and obviously, helps him remember about your email.

7) never use email trackers. It’s creepy.

Team CEV will make sure to update this list as frequently as possible.

Day11 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 2 minutes

author: aman

Blog III - Part I - Day 11

Hope the blogs are going pretty well.

In this very blog, divided into several micro-blogs, I'll be explaining about the Hyperproperties. This particular thing will take you to the most obvious level of understanding the computer systems. And in this particular micro-blog, I'll tell about hyperproperties, directly.

Most of the work will be taken from the teachings of my mentor Dr Pramod Subramanyan[1], IITK. He is Doctorate from UPenn and Post-Doctorate from UC, Berkeley, and one of the smartest individual I have ever met.

I will try to prepare everything from my understanding...

In this micro-blog

  • Let us check this vaguely
  • 2-trace property
  • Hyperproperties
  • How this could be so big?
Hyperproperties

This excerpt is from #Day08 blog, where I have tried to give a few intuitive explanations about Formal Methods and Verifications.

Day11 - "Why?" & "What in?" Security & Blockchain?

This explains about the states.

One more definition I want to speak about is traces, which are just the sequence of states.

e.g. for a system S the Trace(S) can be intuitively understood as,

t1 = S1 -> S2 -> S3....

where, Sn is the state of the system, at a certain point.

"A Trace Property is a set of Infinite states."

"A hyperproperty is a set of sets of infinite traces, or equivalently a set of trace properties."

{{S1, S2, S3, ...}, {S1, S2, S4, ...}, {S1, S4, S6, ...} ....}

The interpretation of a hyperproperty as a security policy is that the hyperproperty is the set of systems allowed by that policy. Each trace property in a hyperproperty is an allowed system, specifying exactly which executions must be possible for that system.

Trace properties are satisfied by traces, whereas hyperproperties are satisfied by sets of traces.

These hyperproperties are largely employed as a tool to measure Secure information flow, and many other security issues.


Actually I started in the exact order written in the above checkbox. But switched it to explaining the Hyperproperties first. Just try giving a thought over, "Hyperproperties and Blockchain"

See y'all on the next blog...

Day10 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 3 minutes

author: aman

Blog II - Part III - Day 10

Apologies for not being able to write the #Day10 blog on time. But this blog will contain some wonderful things, actually applicable in the field of Security of blockchain.

I will pick up just one case I have worked on extensively, followed by the intuitive trails of other cases, you can think of logically. The blogs will be mostly texts so, just read.

Lets get through...

In this micro-blog

  • Formal Methods
  • Formal Verification
  • First Order Logic
  • Information Flow and Vulnerability : Just a CASE
  • ..... will keep adding
Information Flow and Vulnerability : Just a CASE

The theory of Information Flow draws some important points in the direction of how the data flows, i.e. the access of information to different type of users. Let's try to understand it from a critical point of view...

The PLOT

Suppose you are an NSA Agent, just like Edward Snowden was, and you need to design a system that just have to fetch data to the other "normal" employees that serve the government.

Now the government employee simply query about the data and gets the required data. But it's perfectly normal right y'all... What is the problem?

The Challenge

The thing is that, there are a certain "high-level" access to information and certain "low-level" access to information. The critical point in Information Flow expresses the fact that, the high level access information should not be accessed by the people who have low-level access. In this case, the govt. employee should never access the information that only an NSA employee should have access to.

If there is anyway, the government employee is somehow able to find out the high level information, it is a security flaw.

There was this machine learning competition, where the people were given anonymised IMBD data(i.e. the identity of people were removed). One of the participant was able to apply some stastical techniques to deanonymise the data, i.e. he was able to identify the people. This is clearly a fault in securing information, which those participants should not have access to.

The participants applied the technique called "Differential learning" to de-anonymise the data. This is just a way in which a certain information can be exploited. But understanding this thing, will be a bit more complex.

Let me give you a simple example, of how the access to variables can be exploited to leak certain information.

example[1]
suppose there are 2 variable, l & h. l ->

Low-level variable, some info. that both the govt employee and NSA can know about
h -> high-level variable, some info. that ""only"" the NSA agent should know abt

now, being a government employee I write a certain program:

var l, h
if h = true:
    l = 3
else
    l = 42

The govt. employee runs the program, and check the value of l after it finishes.
Now, by the value of l, whether it is 3 or 42, the govt. employee will be able to find the current state of value of h.

Isn't it much obvious? But it is clearly a big Vulnerability. The government employee should never come to know about the value of h. Now, he can make various queries to the NSA Database, and make certain conclusions of the results obtained. "The similar way the machine learning people were able to do." 😉


In the very next BLOG, I will tell about HYPERPROPERTIES, the very basic way to find out if a SYSTEM LEAKS SOME INFORMATION, the term was introduced by F B Scheidner and MR Clarkson, in 2010 in Cornell University.

I will also, cover, how this particular thing is used in Blockchain. This will be the very start where we will be employing BLOCKCHAIN examples, to understanf its seurity aspects.

Let us first get some responses on this blog.

Day09 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 2 minutes

author: aman

Blog II - Part II - Day 09

Hope you people got an intuition about the Formal Methods & Verifications in the latest blog. However, if you feel like having a query, that possibly I can solve, please drop an email to aman0902pandey@gmail.com.

This blog will cover the explanation about what is known as, First-Order Logic. Plus in the very next micro-blog, most importantly what was my approach, with Dr Pramod, at IIT Kanpur. And the applications of Formal Methods in it. This one will only roam around the First-Order-Logics....

Lets get in...

In this micro-blog

  • Formal Methods
  • Formal Verification
  • First Order Logic
  • Information Flow and Vulnerability
  • ..... will keep adding
First Order Logic

Well, the first order logic has several philosophical theories. I'll stay with the one most understood by me.

The FOL, are the extensions of the logics, to what we call as Propositional Logics. The only difference is that the FOL also covers the predicates and quantifications.

Quite confusing, right!?

Lets break them into smaller parts.

  1. Propositional Logics: These logics only covers the "propositional arguments", which are the statements which are logical(i.e. they can be true or false). The propositional formulas, are written by using certain symbols.
Day09 - "Why?" & "What in?" Security & Blockchain?

*remember the same thing you've learned in your school times....

here, p,q,r,s are the predicates, for eg.(p -> people who are quarantined for 6 days), and the complete notation in the above image is the propositional formula.

  1. Predicates: can be simply defined as a few functions/operations with have either of the 2 values: 0 or 1. This is very important when we will be discussing the satisfiability in checking the systems. That will eventually lead to an understanding of how these are applied to the real world problems, and security, as we'll be discussing in case of blockchain.

  2. Quantifications: simply stands for "quantifying" things or better to say objects. The FOLs also try to give no. to the objects. and that's it.

So, the FOLs are the way to represent a few conditions, with the use of propositional symbols, predicates, functions & Symbols, quantifiers. These representations lead to some "understanding", and this understanding is called as "interpretations".

These interpretations are the whole lot which governs the mathematical science behind using these logics while describing a secure systems.

Propositional logics are also known as zeroth-order-logic as it is extending the First-Order-Logic

Don't lose your heart, if you were not able to understand somethings, or anything at all. A few examples, and applications have got your back.

Keep Up....

Day08 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 3 minutes

author: aman

Blog II - Part I - Day 08

The last blog was written by Kaushik, the Applied Physics Freshman student, beautifully covered the diverse applications of Blockchain and the challenges/risks involved with the use of the current form of Blockchain technology..

This blog will cover straight definitions and their super intuitive explanations(as far as I can make), about the FORMAL METHODS & VERIFICATIONS. What are they? and Why are they?

Plus I'll try to give a brief about my work, in the later part of this blog.(in another micro-blog)

Buckle up a bit, the logics and thinking coming up...

In this micro-blog

  • Formal Methods
  • Formal Verification
  • First Order Logic
  • ..... will keep adding
-----

There was a series of events which motivated me to begin this series.

This was when I was talking to one of the Sophomore year members in CEV, Shtakshi, Comps. Shtakshi has a huge interest in mathematics and love logics, but as a normal sophomore problems, she has a lot of options to explore because of which she didn't have any particular choice.

As a normal 3rd year member's job suggests, I tried explaining her about the field I have worked on, The FORMAL METHODS, and how crucial is it for Computer Researches.

I will put up a more "formal" definition and a more "informal" definition. You can always miss the formal definitions.

Formal Language:

Formal Definition says: (You can skip though)

In mathematics, computer science, and linguistics, a formal language consists of words whose letters are taken from an alphabet and are well-formed according to a specific set of rules. The alphabet of a formal language consist of symbols, letters, or tokens that concatenate into strings of the language.[1]

Informal Definition says:

It is just like, when you use normal languages(say english), what you brain really comprehends is only what that sentence "actually" means, and not the meaning of each word (eg. "the boy is running" your brain comprehends it to the "boy" & "running") or You say "I have Ice-cream rolls, the roll, x, such that 1cm3 < x < 5cm3, goes to box A, <1cm3 goes to B, and >5cm3 goes to C..... What brain really comprehends here is 3 boxes, 3 categories, and place the ICE-CREAM rolls accordingly."

The first formal language is thought to be the one used by Gottlob Frege in his Begriffsschrift (1879), literally meaning "concept writing", and which Frege described as a "formal language of pure thought."

This is the formal languages are all about. You just have to write what actually exists and is important. Just in case you need actual example[2]

Formal Methods:

Formal Definition says: (You can skip this one too) Find wikipedia definition here[3]

Informal Definition says: Whenever you try to use these formal languages to represent "states" (or say various computer states), and derive a few specifications of the computer systems, then the representation is called as the Formal representation and the deriving specifications and using them is called Formal Methods.

States are the condition in which a system currently is. For e.g. ""A light switch can be either on or off, and it can be toggled from one or the other. The current position of the switch (on or off) is the state of the switch. If you change the position of the switch you have changed it’s state.

Specifications are simply a few states that a system "must follow" and a few that a system "must not follow".

If you wonder this thing can be applied to literally anything. Computer Sciences are just an application.

For e.g. "A machine in a factory has a lever, a grinder and a conveyer belt" So, you may "always want" a state when the following happen -> Lever is lifted up (i.e. the machine is on) -> Conveyer belt is running -> Grinder is running

could be represented as follows:

Unfaulty state
Part(1-> on, 0-> off)
Lever1
Conveyer Belt1
Grinder1

but, you may never want a state where the lever is ""off"" but the conveyer belt is running. i.e.

faulty state
Part(1-> on, 0-> off)
Lever0
Conveyer Belt1
Grinder1

Similarly, this works for every computer system. And thus, used largely in Computer Science Researches, specially when researching for bugs and vulnerabilities in the system.

Formal Verifications:

When you use, these methods to "Verify that the system under observations is following certain specfications or not", these methods are called the Formal Verifications.

Hope that gets clear.

Please share the blog to make its reach high.

Thank you for your time. Gears down!!!

Day06 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 2 minutes

author: aman

Blog I - Part VI - Day 06

This blog will cover the motivation to what lead me write this blog series. I will be covering a few intriguing bugs(in the very next BLOG), which could seriously be enlightening to the people reading, and yeah, may serve the target of this blog series, of showing the people to what is called as "The road not taken"

Let's go through...

In this micro-blog

  • What am I talking about?
  • Why am I talking about it?
    • Have you heard before? (The "goto fail;", Heartbeat, Meltdown, Spectre)
  • What the world is upto against such ____ ?
  • Basic Challenges faced
  • Unimportant sounding complete terms
  • Motivation behind
Motivation Behind

The motivation to start this blog series came right from the incident where, PRIYANSH, the same 2nd year CEV members, who reached out to me regarding the BACKDOOR thing.

Just give it a clear view, everyone is now using the tech to transfer money, to share data, to create a "online portfolio" on instagram, ... bla bla bla.. almost everywhere. The people are more accepting towards new technology, for ex. the UPI, initially people resisted, now using it almost everywhere. Atleast in my city, Surat.

You are so surrounded by data exchange, that a day without internet is honestly a day spent sleeping.

Since, blockchain hype has caught a boom, just like Machine Learning, people still can't come over from learning to make applications, and actually focusing on the very ways they can make it safe to use.

It is clearly demand > supply.

So much work in developing applications and so less in securing them. The reason why the most of the BIG Institutions spend a lot of time in doing these critical researches.

The DAO bug I had talked about caused nearly $50 million worth ETH lost in the hands of attacker. Just because he was able to find and exploit the smart contract. The another attack famously called "Parity WAllet MULTI-SIG attack", frozen the use of around 500,000ETH. The bug caused due to improper checks in the smart contract functions.

Next one is even more interesting, When a user submits a transaction with no to field, it is interpreted as a contract deployment. If they also leave out the data field this results in a contract being deployed with no code. If the transaction has ETH attached to it then the ETH becomes inaccessible as it is given to the "contract" even though the contract has no code associated with it. This problem most commonly occurs when someone constructs a transaction incorrectly (accidentally leaving off the to field) but can also occur when someone attempts to create a contract but accidentally leaves out the data. In either case, it is easy to identify and the proper owner is obvious (transaction submitter).

These motivated me enough to work in that directed. In the direction of security DISTRIBUTED LEDGER TECHNOLOGY, in general. BLOCKCHAIN, is just a type of DLT.

A lot to come ahead... Keep your spirits high...

Cheers...!!!

Day05 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 2 minutes

author: aman

Blog I - Part V - Day 05

The challenges faced while creating a secure software is quite straight, and so straight are the solutions. This blog covers the very two terms to tell about how to measure the realiability of a secure system.

Plus, after covering a lot of scenarios, I will try to connect the dots for you people, to be able to comprehend the further blogs.

It gotta be a little boring one. But very essential.

In this micro-blog

  • What am I talking about?
  • Why am I talking about it?
    • Have you heard before? (The "goto fail;", Heartbeat, Meltdown, Spectre)
  • What the world is upto against such ____ ?
  • Basic Challenges faced
  • Unimportant sounding complete terms
  • Motivation behind
Unimportant sounding complete terms

So, there could be two ways, either you take the code of the software you want to check vulnerability of, and check its path on various and varying input sets or just run the program under "instrumented" conditions and check for likely bugs. Simple to understand, take program and try to understand its structure and the critical conditions it can reach, or, make a sandbox(a testing environment to isolate your program from rest of the system), and test your program for faults.

The terms used for this are Static and Dynamic,

  • Static analysis
    • Inspect code or run automated method to find errors or gain confidence about their absence
    • Try to aggregate the program behavior over a large number of paths without enumerating them explicitly
  • Dynamic analysis
    • Run code, possibly under instrumented conditions, to see if there are likely problems
    • Enumerate paths but avoid redundant ones

The two following terms, tells about the measure of a "should be used", software analysers. There is always a great deal of researches in the Universities across the globe, to create the better software.

Soundness “Sound for reporting correctness”

or equivalently There is a bug  Analysis finds a bug Completeness “Complete for reporting correctness”

PropertyDefinition
SoundnessAnalysis says no bugs -> No bugs
CompletenessNo bugs -> Analysis says no bugs

In a funny manner, it simply means that if a program analyser says that a program has no bugs, it "actually doesn't have any bug". And, completeness is when if there are "NO BUGS", the program analyser should be able to tell that there are no bugs.

Think for a while, how these terms are so powerful, in context of an efficient program analyser.

During my research at IITK, Dr Pramod took me to work on a FUZZER, which is simply a Dynamic kind of software analyser, which fuzz(input) the software program with random inputs, and checks for its failure in accordance with the INVARIANTS(specifications) provided.

a lot more to cover, before ending this major blog, and starting with the new one.

See ya.. Cheers.!!

THE pi DAY

Reading Time: 2 minutes

Natural, irrational and consequential. Pi is not just a collection of random digits. It’s a journey, an experience, which you will decipher when you try to unveil it. 

Other than Pi being everlasting, there are some other captivating facts about pi. Pi is believed to contain the numbers 0 to 9 in every combination possible. Your phone number, ATM pin and every other string of numbers you can imagine are in there somewhere. And if you convert letters to numbers (as in h-a-t to 8-1-20), then every piece of writing ever been written, including any essay you ever wrote or any of the works of Shakespeare, it’s all in there.

Pi day (3/14) was first proclaimed in 1988 by the prince of pi, Larry Shaw.

The idea of the relationship between a circle’s perimeter to its diameter goes back to the middle ages. In ancient times, mathematicians used a polygon-method to calculate pi. They added more and more sides to a polygon so that its area approached the area of a circle. Archimedes used a polygon with 96 sides. Many other mathematicians also used this method to compute this perpetual number. In China, a mathematician used over 3,000 sides in a polygon to arrive at the value 3.14159. Another mathematician used about 25,000 sides to calculate pi. Many mathematicians believe that it is more accurate to say that a circle has infinite corners than it is to say that it has none. It is only fair to assume that the infinite number of corners in a circle connects to the infinite number of digits of pi.

Talking about mathematics and not mentioning an Indian is a mortal sin. Though mathematicians have discovered over 30 trillion digits (to feel its immensity, u can think of it like this- if u recite each digit in one second, it will take you approximately 900,000 years to complete it),  people racing to calculate more digits of pi is a never-ending competition. And to specify, the competition to memorize the pi digits is even more astonishing. The world record for reciting the most no. of digits belongs to Suresh Kumar Sharma a vegetable vendor from Jaipur, India. He was able to memorize the first 70,030 digits of pi (in nearly 17 hours) by linking each number with an image. Not only this but the top 5 record holders includes 4 Indians. 

In precise, this perpetual decimal is in the ethos of mathematics. And here’s to all the budding mathematicians, A very Happy Pi Day. It’s a day that will forever be etched. Relativity. Revolution. Radiation. It’s the birth of Einstein. Death of Karl Marx and Stephen Hawkins. Three great minds. Three great contributions ( pun intended ). Probably, no symbol in mathematics has evoked so much as mystery, misconception and human interest as the number pi.

Pi is Maths and Maths is life 🙂

 

-Team Cev

Day04 – “Why?” & “What in?” Security & Blockchain?

Reading Time: 3 minutes

author: aman

Blog I - Part IV - Day 04

The process to create a secure system, requires the knowledge of almost every domain in periphery of the application you are making, and the conjunction of that every technology. For eg. working on a Blockchain systems requires you to have an idea about what goes on in the Distibuted networks, the data structures, the contract flow, the cryptographic key generation, and a lot more.

The most important thing to create a secure system is reaching out to the edges of the softwares use cases, the absolute critical thinking. This blog covers a few very basic challenges faced in making and checking the softwares build. Following blogs will then cover the terms, very important to create great security softwares. We'll also cover(at the end of this BIG blog), the working of a few good analysers and bug finders.

Let's get on ramp...

In this micro-blog

  • What am I talking about?
  • Why am I talking about it?
    • Have you heard before? (The "goto fail;", Heartbeat, Meltdown, Spectre)
  • What the world is upto against such ____ ?
  • Basic Challenges faced
  • Unimportant sounding complete terms
  • Motivation behind
Basic Challenges faced

It is really simple to understand how does a program analyser works? It is a pretty vague and straight approach. There is a code that you want to check and certain "specifications" for what you want to look into the program. These specifications are also known as invariants. In mathematics, invariants are the properties of any "object" that remains unchanged.

Leaving a very short note here as I have not discussed about Formal languages and methods, "In formal languages, the invariants can be used to prove, what is called as correctness".

Chuck the above line off for a while.

Day04 - "Why?" & "What in?" Security & Blockchain?

This is simply what a program analyser does.

Now what will a program analyser be exactly working on. As a simple guess, it will "detect" a certain inputs for the feeded program -> check the program for crashing -> show reports.

This works easily for a simple 10 line code, but, what if the program goes ~10,000 lines, and a variety of input cases and boundary conditions. And the biggest doubt, How will you make the analyser to "detect" the inputs?.

Machine Learning?

Nah, this is no Machine Learning. Though it could carry an application of Machine Learning.

understanding challenges

Look at the following code, this will help you comprehend the further blog.

Day04 - "Why?" & "What in?" Security & Blockchain?

Suppose, we try to analyse this program by finding various paths that can be generated by different sets of inputs.
But, How will we able to find different inputs that will take different various paths? And, even we are able to write different inputs. Are we going to write those inputs manually?

No! not at all. These are the challenges, solved very gracefully.

Future blogs, will cover those techniques as well.

Lets keep the drill on and dive further.

Cheers!!!

CEV - Handout