{"id":"https://openalex.org/W4285490412","doi":"https://doi.org/10.1145/3533767.3534372","title":"Finding permission bugs in smart contracts with role mining","display_name":"Finding permission bugs in smart contracts with role mining","publication_year":2022,"publication_date":"2022-07-15","ids":{"openalex":"https://openalex.org/W4285490412","doi":"https://doi.org/10.1145/3533767.3534372"},"language":"en","primary_location":{"id":"doi:10.1145/3533767.3534372","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3533767.3534372","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100346528","display_name":"Ye Liu","orcid":"https://orcid.org/0000-0001-6709-3721"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Ye Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100421812","display_name":"Yi Li","orcid":"https://orcid.org/0000-0003-4562-8208"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yi Li","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072863865","display_name":"Shang\u2010Wei Lin","orcid":"https://orcid.org/0000-0002-9726-3434"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Shang-Wei Lin","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063347761","display_name":"Cyrille Artho","orcid":"https://orcid.org/0000-0002-3656-1614"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Cyrille Artho","raw_affiliation_strings":["KTH, Sweden"],"affiliations":[{"raw_affiliation_string":"KTH, Sweden","institution_ids":["https://openalex.org/I86987016"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100346528"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":15.9432,"has_fulltext":false,"cited_by_count":53,"citation_normalized_percentile":{"value":0.99103235,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"716","last_page":"727"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.8736003637313843},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.7847565412521362},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7458634376525879},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7298974394798279},{"id":"https://openalex.org/keywords/smart-contract","display_name":"Smart contract","score":0.5742073059082031},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5654995441436768},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5257459878921509},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.5062090754508972},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4934164583683014},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.4561242163181305},{"id":"https://openalex.org/keywords/information-flow","display_name":"Information flow","score":0.42807719111442566},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.36834558844566345},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10483261942863464}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.8736003637313843},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.7847565412521362},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7458634376525879},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7298974394798279},{"id":"https://openalex.org/C2779950589","wikidata":"https://www.wikidata.org/wiki/Q7544035","display_name":"Smart contract","level":3,"score":0.5742073059082031},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5654995441436768},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5257459878921509},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.5062090754508972},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4934164583683014},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.4561242163181305},{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.42807719111442566},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.36834558844566345},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10483261942863464},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C2779687700","wikidata":"https://www.wikidata.org/wiki/Q20514253","display_name":"Blockchain","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3533767.3534372","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3533767.3534372","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W1559018605","https://openalex.org/W1560388458","https://openalex.org/W1968110920","https://openalex.org/W2007999111","https://openalex.org/W2041713059","https://openalex.org/W2054075152","https://openalex.org/W2060690494","https://openalex.org/W2107801860","https://openalex.org/W2133523155","https://openalex.org/W2140965492","https://openalex.org/W2141752622","https://openalex.org/W2163328802","https://openalex.org/W2164673530","https://openalex.org/W2277593056","https://openalex.org/W2325535142","https://openalex.org/W2539190473","https://openalex.org/W2598139937","https://openalex.org/W2604844934","https://openalex.org/W2788841915","https://openalex.org/W2790587587","https://openalex.org/W2805827286","https://openalex.org/W2846896781","https://openalex.org/W2898569715","https://openalex.org/W2954151438","https://openalex.org/W2963610883","https://openalex.org/W2963983602","https://openalex.org/W2972498626","https://openalex.org/W2979467439","https://openalex.org/W2982275082","https://openalex.org/W2999044410","https://openalex.org/W3034136313","https://openalex.org/W3043398834","https://openalex.org/W3046701849","https://openalex.org/W3098149161","https://openalex.org/W3098450669","https://openalex.org/W3101591015","https://openalex.org/W3104720502","https://openalex.org/W3128660473","https://openalex.org/W4243694527","https://openalex.org/W6727233892","https://openalex.org/W6836725202"],"related_works":["https://openalex.org/W2374393728","https://openalex.org/W2392916544","https://openalex.org/W2124367090","https://openalex.org/W2171974872","https://openalex.org/W2386396757","https://openalex.org/W2135849267","https://openalex.org/W4378191926","https://openalex.org/W2105261429","https://openalex.org/W2876884816","https://openalex.org/W3102965473"],"abstract_inverted_index":{"Smart":[0],"contracts":[1],"deployed":[2],"on":[3,110,137],"permissionless":[4],"blockchains,":[5],"such":[6,42],"as":[7],"Ethereum,":[8],"are":[9],"accessible":[10],"to":[11,27,41,50,70,92,127,162],"any":[12],"user":[13,93,124],"in":[14,37,104],"a":[15,68,72],"trustless":[16],"environment.":[17],"Therefore,":[18],"most":[19],"smart":[20,112,139],"contract":[21,47,69,113,140],"applications":[22],"implement":[23,96],"access":[24,74,143],"control":[25,75,144],"policies":[26,86],"protect":[28],"their":[29],"valuable":[30],"assets":[31],"from":[32],"unauthorized":[33],"accesses.":[34],"A":[35],"difficulty":[36],"validating":[38],"the":[39,46,51,55,128,134,163],"conformance":[40],"policies,":[43],"i.e.,":[44],"whether":[45],"implementation":[48],"adheres":[49],"expected":[52],"behaviors,":[53],"is":[54],"lack":[56],"of":[57,67],"policy":[58,102],"specifications.":[59],"In":[60],"this":[61],"paper,":[62],"we":[63],"mine":[64],"past":[65],"transactions":[66],"recover":[71],"likely":[73],"model,":[76],"which":[77],"can":[78,180],"then":[79],"be":[80],"checked":[81],"against":[82],"various":[83],"information":[84],"flow":[85],"and":[87,100,142,157,172],"identify":[88],"potential":[89,150],"bugs":[90,152,171],"related":[91],"permissions.":[94],"We":[95],"our":[97],"role":[98,114,130],"mining":[99,115,131],"security":[101,165],"validation":[103],"tool":[105,179],"SPCon.":[106],"The":[107],"experimental":[108,135],"evaluation":[109,136],"labeled":[111],"benchmark":[116,141],"demonstrates":[117],"that":[118,176],"SPCon":[119,147],"effectively":[120,148],"mines":[121],"more":[122],"accurate":[123],"roles":[125],"compared":[126,161],"state-of-the-art":[129,164],"tools.":[132],"Moreover,":[133],"real-world":[138],"CVEs":[145,175],"indicates":[146],"detects":[149],"permission":[151],"while":[153],"having":[154],"better":[155],"scalability":[156],"lower":[158],"false-positive":[159],"rate":[160],"tools,":[166],"finding":[167],"11":[168],"previously":[169],"unknown":[170],"detecting":[173],"six":[174],"no":[177],"other":[178],"find.":[181]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":22},{"year":2024,"cited_by_count":15},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}