How effective are Static Application Security Testing (SAST) tools at finding bugs in consensus-critical code in application-specific blockchains? That’s the question we addressed in our new paper “Static Application Security Testing of Consensus-Critical Code in the Cosmos Network” that recently got accepted at the 5th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS 2023).
This past semester I had the pleasure of running a seminar course in KU Leuven’s brand new Advanced Master of Cybersecurity. The course is called “Security & Privacy of Contemporary Distributed Software Systems”. That’s a mouthful, but at least it’s quite descriptive.
For this inaugural year I decided to focus the course on security & privacy aspects of blockchain and distributed ledger technology. As far as “contemporary distributed systems” go, it’s hard to miss the rapid expansion of this class of systems - the core technology underpinning “Web3”.
After (almost) 9 years at Bell Labs (first as a researcher, then as a department head) I have recently made the decision to move back to academia, while remaining affiliated with the Labs in a limited advisory research role.
As of this week I am part of the faculty at the Computer Science Department in KU Leuven as an Associate Professor where I will be pursuing research and teaching on distributed systems, blockchain and software security in the DistriNet research group.
In this new role I will bootstrap a new line of research on secure distributed computing with a focus on building and securing decentralized applications, in particular applications that employ “smart contracts”, i.e. code that manages digital assets, usually recorded on blockchain-based ledgers. Specific topics of interest include the study of new and widely used languages for writing smart contracts and system-level challenges of blockchain platforms including their security, privacy, scalability and interoperability.
I’m looking for Master students interested in pursuing a PhD in any of these areas. I have an open position for a 4-year full-time PhD research assistant appointment in Leuven, Belgium. For any questions about the topic, don’t hesitate to reach out at tom.vancutsem at kuleuven.be. For practical questions regarding working conditions for PhD students at KU Leuven, check this helpful website from the university.
Update: my inaugural lecture slides on secure and dependable software services for the Internet of Value are available here.
In the last few years, with my colleagues at Nokia Bell Labs, I’ve been looking into how machine learning can help improve software development, helping developers write code better and faster by leveraging the large amounts of open source code that are now available online. We’ve covered various use cases including recommendation engines for open source software packages and code search engines to better find runnable usage examples based on programmer intent.
One particular area that I’ve found quite compelling has been the area of translating natural language into code. This idea fits in a wider body of work known in academic circles as “program synthesis”, and in the software development world as “AI pair programming”.
In this post I introduce the notion of programmable money and smart contracts, why they go hand-in-hand with blockchains, how smart contracts are programmed today and how they might be programmed in the future.