This project explores a new, integrated approach to securing decentralized applications. The key problem is that decentralized applications are executed by mutually distrusting entities in a decentralized distributed system (such as a blockchain), where the entities must collaborate to execute the desired computation, despite not trusting each other. Building decentralized applications is difficult and error prone because the low-level security mechanisms are too removed from the high-level policies, thus it is difficult for programmers to correctly implement the policies. In these cases, no single entity is trusted to fully specify or enforce security policies. The project will develop Flame, a programming language offering more precise abstractions for expressing security intent in decentralized systems. Using Flame gives developers assurance that their programs are both secure and realizable without requiring them to design and implement complex security protocols. This project will also develop Decent, a decentralized runtime platform for executing decentralized applications built with Flame. The project will open-source Flame and Decent and promote them with publications, tutorials, and course materials. To explore a new, integrated approach to enforce end-to-end security for decentralized applications the project will build a prototype based on techniques for decentralized information flow control, blockchain networks, trusted computing, and cryptography to create a high-level programming layer that eases the task of building, verifying, and deploying decentralized applications. The prototype will support policies that cannot be enforced in current information control models and are too difficult to realize with cryptographic and access control mechanisms alone.
CAREER: Building Secure Decentralized Applications with Trusted Hardware and Blockchains