Ivica Nikolić

School of Computing,COM2 B1-02, 15 Computing Drive, Singapore 117418
inikolic (at) nus (dot) edu (dot) sg
Google ScholarLinkedIn

About

I'm a senior postdoc at NUS, Singapore in Prateek Saxena's group.

My list of publications can be found here.


Research interests

  • Program analysis

  • Machine learning meets security

  • Blockchain and smart contracts

  • Algorithms for crypto problems

Some recent projects

Refined Grey-Box Fuzzing with SIVO [paper]

Refinements to grey-box fuzzing including replacement of random sampling with multi-armed bandits, byte-by-byte taint inference with group testing, and a few more. Implemented all refinements in a new fuzzer called SIVO that beats other notable grey-boxes on multiple benchmarks in terms of coverage and vulnerabilities. The implementation is here.

OHIE: Blockchain Scaling Made Simple [paper]

New permissionless blockchain protocol that runs in parallel many (thousands) Bitcoin chains, allows optimal throuhgput, and scales linearly with bandwidth (e.g. with network of 50,000 nodes and only 2.5 MB/s per node, OHIE processes 2,500 transactions per second) . The implementation is here.

Exploiting The Laws of Order in Smart Contracts [paper].

Investigated bugs (called event-ordering bugs) in Ethereum smart contract related to the dynamic ordering of contract functions. Overcame the technical challenge of combinatorial blowup in path and state space analysis with the use of partial-order reduction techniques, happens-before relations extracted automatically for contracts, along with several other optimizations built on a dynamic symbolic execution technique. Built an automatic tool EthRacer that runs on EVM code, requires around 20 mins per contract, and provides compact event traces that human analysts can run as witnesses. Among others, EthRacer detects the subtle ERC-20 bug.

Finding The Greedy, Prodigal, and Suicidal Contracts at Scale [paper].

Designed a tool called Maian that automatically checks for trace vulnerabilities in Ethereum smart contracts. Programmed in Python, the tool scanned around 1 million contracts and flagged those that leak or lock Ether, as well as those that can be killed (similarly to the Parity bug). Maian is open sourced here.

How to Use Metaheuristics for Design of Symmetric-Key Primitives [paper].

Often during the design of symmetric-key primitives, some parts of the schemes are optimized by a plain random search. The paper shows that metaheuristics such as simulated annealing and genetic algorithms can be used to replace the random search because they are equally versatile but may have much better time complexity. The implementation of the metaheuristics is available here.

A New Algorithm for the Unbalanced Meet-in-the-Middle Problem [paper]

We show that the unbalanced meet-in-the-middle problem (i.e. one of the functions is R times more expansive to compute) besides the well known TM = N tradeoff, supports additional T2M = R2 N tradeoff. We achieve it with a new algorithm based on combination of two ideas: unbalanced interleaving and van Oorschot-Wiener parallel collision search.

Efficient Design Strategies Based on the AES Round Function [paper]

It was known that symmetric-key crypto based on the AES operations may potentially be really fast with the AES-NI instruction set. We stretch the limits even further and propose constructions (can be used to build MACs and authenticated schemes) that on the latest Intel processor Skylake achieve a speed of 0.125 cycles per bytes (this means that theoretically, one 3GHz core can process 24 GB of data per second).