From 282e0d9f4115527aa0bed4ff634bd15d3c8cbd12 Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 15:08:52 +1100 Subject: [PATCH 1/8] Editorial changes, images, add a note on smart contracts (TODO: fix citation, I need to install texlive via the net installer rather than via AUR, which has issues.) --- Biblio.bib | 27 +++++++++ Whitepaper.tex | 73 ++++++++++++++++++------ media/{ => svg}/BeakerKernelOverview.svg | 0 media/{ => svg}/EntryProcedure.svg | 0 media/{ => svg}/NormalKernelOverview.svg | 0 media/{ => svg}/ProcedureCreation.svg | 0 media/{ => svg}/Separation.svg | 0 media/{ => svg}/SystemCalls.svg | 0 8 files changed, 81 insertions(+), 19 deletions(-) create mode 100644 Biblio.bib rename media/{ => svg}/BeakerKernelOverview.svg (100%) rename media/{ => svg}/EntryProcedure.svg (100%) rename media/{ => svg}/NormalKernelOverview.svg (100%) rename media/{ => svg}/ProcedureCreation.svg (100%) rename media/{ => svg}/Separation.svg (100%) rename media/{ => svg}/SystemCalls.svg (100%) diff --git a/Biblio.bib b/Biblio.bib new file mode 100644 index 0000000..d06d6da --- /dev/null +++ b/Biblio.bib @@ -0,0 +1,27 @@ +@Article{ohara2017, + url = "https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7867719", + Publisher = "IEEE Computer Society", + author = "OHara, Kieron", + title = "Smart ContractsDumb Idea", + journal = "The Digital Citzen", + volume = "1089", + number = "7801", + pages = "97--101, + year = "2017", +} + +@Misc{EIP-100, + url = "https://github.com/ethereum/EIPs/blob/master/EIPS/eip-100.md", + author = "Vitalik Buterin", + title = "{EIP}-100: Change difficulty adjustment to target mean block time including uncles", + year = "2016", + month = "April", +} + +@book{ASICSmithMJS, + title = {{Application-Specific Integrated Circuits}}, + author = "Smith, Michael John Sebastian", + publisher = "Addison-Wesley", + year = "1997", + ISBN = "0201500221", +} \ No newline at end of file diff --git a/Whitepaper.tex b/Whitepaper.tex index cda2ae0..43c0a45 100644 --- a/Whitepaper.tex +++ b/Whitepaper.tex @@ -5,6 +5,7 @@ \usepackage{ifxetex,ifluatex} \usepackage{fixltx2e} % provides \textsubscript \usepackage[T1]{fontenc} +\usepackage{natbib} \usepackage[utf8]{inputenc} % use upquote if available, for straight quotes in verbatim environments \IfFileExists{upquote.sty}{\usepackage{upquote}}{} @@ -27,6 +28,32 @@ \usepackage{longtable,booktabs} \usepackage{graphicx,grffile} +% \usepackage[bookmarks=true, unicode=true, pdftitle={Beaker: A security +% protocol and framework for smart contracts}, pdfauthor={Jacob Payne \and Jake +% O'Shannessy \and Alexey Troitskiy},pdfkeywords={exokernel, OS, Operating +% System, security protocol, permission system, smart contract platform, stored +% procedure, Ethereum, semantic restriction, blockchain, virtual machine, +% decentralised organisation, data access, open source, introspection, +% system call, isolation, procedure},pdfborder={0 0 0.5 [1 3] +% },pagebackref=true]{hyperref} + +% %This should be the last package before \input{Version.tex} +% \PassOptionsToPackage{hyphens}{url}\usepackage{hyperref} +% % "hyperref loads the url package internally. Use \PassOptionsToPackage +% {hyphens}{url}\usepackage{hyperref} to pass the option to the url package +% when it is loaded by hyperref. This avoids any package option clashes." +% Source: . +% Note also this: "If the \PassOptionsToPackage{hyphens}{url} approach does +% not work, maybe it's "because you're trying to load the url package with a +% specific option, but it's being loaded by one of your packages before that +% with a different set of options. Try loading the url package earlier than +% the package that requires it. If it's loaded by the document class, try +% using \RequirePackage[hyphens]{url} before the document class." Source: +% . +% For more information on using the hyperref package, refer to e.g. +% https://en.wikibooks.org/w/index.php?title=LaTeX/Hyperlinks&stable=0#Hyperlink_and_Hypertarget. + \makeatletter \def\maxwidth{\ifdim\Gin@nat@width>\linewidth\linewidth\else\Gin@nat@width\fi} \def\maxheight{\ifdim\Gin@nat@height>\textheight\textheight\else\Gin@nat@height\fi} @@ -92,7 +119,11 @@ \section{Introduction}\label{introduction} While this unlocks a huge potential, the development and deployment of such organizations -has a high barrier of entry. Smart contract development practices and +has a high barrier of entry. Smart contract\footnote{ + A more appropriate, accurate name for smart contracts may be stored + procedures (\href{https://twitter.com/VladZamfir/status/1051162300437020673}{as proposed by Vlad Zamfir} and used in database terminology). + Smart contracts have also been critiqued by \citet{ASICSmithMJS}. +} development practices and tooling are still in their prenatal stages of maturity, with zero margin for error. Additionally, organizations must be extensible upfront to allow changes and upgrades to their systems while still maintain high @@ -120,7 +151,7 @@ \section{Introduction}\label{introduction} demonstrate these security guarantees to others without requiring manual-code verification. \section{Problems}\label{problems} -Smart contracts are, by their nature, unforgiving machines that follow the their +Smart contracts are, by their nature, unforgiving machines that follow their specification to the letter. This is one of the main benefits of smart contracts, but it can also be their downfall, as the machine will faithfully execute any flaw or mistake in that code. This is a well known property of smart @@ -187,7 +218,7 @@ \subsection{Isolation}\label{isolation} \subsection{Upgrades}\label{upgrades} One area where the lack of isolation in smart contracts is most problematic is -in the upgrading of smart contracts. DSLs, verification, auditing etc. are +in the upgrading of smart contracts. DSLs, verification, auditing, etc., are excellent tools to ensure that a smart contract will behave as intended, but where they struggle to maintain their effectiveness is during upgrades. Once an upgrade occurs, the whole system needs to be re-audited to ensure the same @@ -237,7 +268,7 @@ \section{Existing Work}\label{existing-work} \subsection{ZeppelinOS} Of the recent projects that are making an impact in this area is the -ZeppelinOS\footnote{https://zeppelinos.org/} ZEP protocol by the Zeppelin Team. +ZeppelinOS\footnote{\url{https://zeppelinos.org/}} ZEP protocol by the Zeppelin Team. Users of smart contract libraries that use the ZEP protocol are able to vouch or vote for upgrades they wish to adopt. Only code that is sufficiently vouched for @@ -269,7 +300,7 @@ \subsection{ZeppelinOS} market can trust long-term. \subsection{AragonOS} -AragonOS\footnote{https://aragon.org/} is another example of smart contract +AragonOS\footnote{\url{https://aragon.org/}} is another example of smart contract framework that seeks to take a more operating system style approach. Much like Beaker, AragonOS features a permission system and a kernel, however, after that the design diverges significantly. AragonOS aims to be a featureful platform on @@ -309,8 +340,8 @@ \subsection{Domain Specific Languages} \section{Overview}\label{overview} \begin{figure}[H] - \includegraphics[width=0.49\textwidth]{media/NormalKernelOverview.pdf} - \includegraphics[width=0.49\textwidth]{media/BeakerKernelOverview.pdf} + \includegraphics[width=0.49\textwidth]{media/NormalKernelOverview} + \includegraphics[width=0.49\textwidth]{media/BeakerKernelOverview} \caption{Similar to how existing operating systems act as an interface to hardware for applications on a computer, the Beaker kernel @@ -349,7 +380,7 @@ \section{Overview}\label{overview} through system calls, the operating system kernel has the final say on what the contract can or cannot do. -\subsection{Procedures}\label{procedures} +\end{document}\subsection{Procedures}\label{procedures} A Procedure is a smart contract that can be executed by the kernel. This is the smallest independent component or unit of code. As far as the Ethereum VM is concerned they are a normal smart contract. @@ -437,12 +468,13 @@ \subsection{System Calls}\label{system-calls} done via CALLCODE. This means that that our system, which we will call our ``kernel instance'', is the current storage and event space of the -running code. It also means that the CALLER\footnote{One downside of this design +running code. It also means that the CALLER value, +which is a global +read-only value, is set to the address of our kernel instance. +\footnote{One downside of this design is that the original sender of the transaction must be included in the payload of the transaction if it is needed. As the kernel address is more security -critical, and is needed more often, it is placed in the CALLER value.} value, -which is a global -read-only value, is set to the address of our kernel instance. When our +critical, and is needed more often, it is placed in the CALLER value.} When our procedure does a DELEGATECALL, this address is maintained. As a consequence, whenever a kernel is executing a system call, it is able to simply check that the CALLER value is equal to its own address (it is @@ -607,7 +639,7 @@ \subsection{Auditability and the Principle of Least By using an operating system model, Beaker is able to enforce isolation at runtime. The information on the isolation of the system is contained -within the kernel and can be audited quite simply be anyone looking at +within the kernel and can be audited quite simply by anyone looking at the system. This allows us to not only isolate the highest risk portion of our code and reduce our attack surface, but also to verifiably demonstrate that to others. To an outside auditor, many chunks of a @@ -772,7 +804,7 @@ \subsection{Implementing a Capability Based Security The advantage of this design, where capabilities are assigned to procedures, is that it is simple and enforceable. Compared to some other capability system designs this does have a few limitations. One -limitation it does not support dynamically chosen capabilities. For +limitation is that it does not support dynamically chosen capabilities. For example this means that it is not possible to pass a capability of a particular storage location to a procedure. This is an often touted feature of capability systems that allows for the delegation of @@ -782,7 +814,7 @@ \subsection{Implementing a Capability Based Security \subsection{Custom User Permissions}\label{custom-user-permissions} A capability-based security model allows the flexibility to define a procedure that can act as a custom permission system akin to an access -control list. With a custom permission system, users are free do define +control list. With a custom permission system, users are free to define their own hierarchies or groups in order to satisfy their particular requirements. Thus users are not forced to follow a specific permission model that does not fit their needs and still maintain safety through @@ -801,7 +833,7 @@ \subsection{Custom User Permissions}\label{custom-user-permissions} administration system to maintain and upgrade previously defined components within the organization by secure vote. -Another example can involve groups. Where group is assigned control over +Another example can involve groups, where a group is assigned control over a procedure with designated capabilities that define how the group can affect the organization. This in effect can be used as an explicit safeguard where each group cannot compromise the other's resources. @@ -872,7 +904,7 @@ \subsubsection{Storage}\label{storage} procedure can either read or write a 32 byte value. In order to provide the kernel a protected storage space, storage is divided into two spaces, with half of locations assigned to kernel-space and and the -other half assigned to user-space storage. This provides all procedure a +other half assigned to user-space storage. This provides all procedures a user-space of $2^{255}$ unique keys. The number of storage keys far outweighs the capacity of the storage system itself, so will not be a limiting factor long term. @@ -880,9 +912,9 @@ \subsubsection{Storage}\label{storage} \subsubsection{Events}\label{events} Events are crucial for signalling verified changes to the outside world, accessing data asynchronously, as well as their use in establishing -off-chain networks. In Ethereum, logs can be ascribed from 0-4 topics, +off-chain networks. In Ethereum, logs can be ascribed from 0–4 topics, with each topic being a 32-byte value. These topics are handled as -addresses or namespaces. In order to log to specific topic, the +addresses or namespaces. In order to log to a specific topic, the procedure must have the capability to do so. This capability is the write capability included under the Log object in the table kernel object table above. This capability type is then refined to dictate @@ -911,4 +943,7 @@ \section{Acknowledgments}\label{acknowledgments} mentors and advisors, and the many welcoming people in the Ethereum community. +\bibliographystyle{plainnat} +\bibliography{Biblio} + \end{document} diff --git a/media/BeakerKernelOverview.svg b/media/svg/BeakerKernelOverview.svg similarity index 100% rename from media/BeakerKernelOverview.svg rename to media/svg/BeakerKernelOverview.svg diff --git a/media/EntryProcedure.svg b/media/svg/EntryProcedure.svg similarity index 100% rename from media/EntryProcedure.svg rename to media/svg/EntryProcedure.svg diff --git a/media/NormalKernelOverview.svg b/media/svg/NormalKernelOverview.svg similarity index 100% rename from media/NormalKernelOverview.svg rename to media/svg/NormalKernelOverview.svg diff --git a/media/ProcedureCreation.svg b/media/svg/ProcedureCreation.svg similarity index 100% rename from media/ProcedureCreation.svg rename to media/svg/ProcedureCreation.svg diff --git a/media/Separation.svg b/media/svg/Separation.svg similarity index 100% rename from media/Separation.svg rename to media/svg/Separation.svg diff --git a/media/SystemCalls.svg b/media/svg/SystemCalls.svg similarity index 100% rename from media/SystemCalls.svg rename to media/svg/SystemCalls.svg From 37516b3b5ce5b98e279cfb1a1af9f42a6c60d3c4 Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 07:43:23 +0000 Subject: [PATCH 2/8] Delete Biblio.bib --- Biblio.bib | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 Biblio.bib diff --git a/Biblio.bib b/Biblio.bib deleted file mode 100644 index d06d6da..0000000 --- a/Biblio.bib +++ /dev/null @@ -1,27 +0,0 @@ -@Article{ohara2017, - url = "https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7867719", - Publisher = "IEEE Computer Society", - author = "OHara, Kieron", - title = "Smart ContractsDumb Idea", - journal = "The Digital Citzen", - volume = "1089", - number = "7801", - pages = "97--101, - year = "2017", -} - -@Misc{EIP-100, - url = "https://github.com/ethereum/EIPs/blob/master/EIPS/eip-100.md", - author = "Vitalik Buterin", - title = "{EIP}-100: Change difficulty adjustment to target mean block time including uncles", - year = "2016", - month = "April", -} - -@book{ASICSmithMJS, - title = {{Application-Specific Integrated Circuits}}, - author = "Smith, Michael John Sebastian", - publisher = "Addison-Wesley", - year = "1997", - ISBN = "0201500221", -} \ No newline at end of file From f51dab04e6d2055308824801e36bc880ee26d23c Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 07:47:44 +0000 Subject: [PATCH 3/8] Remove footnote --- Whitepaper.tex | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Whitepaper.tex b/Whitepaper.tex index 43c0a45..9364884 100644 --- a/Whitepaper.tex +++ b/Whitepaper.tex @@ -119,11 +119,7 @@ \section{Introduction}\label{introduction} While this unlocks a huge potential, the development and deployment of such organizations -has a high barrier of entry. Smart contract\footnote{ - A more appropriate, accurate name for smart contracts may be stored - procedures (\href{https://twitter.com/VladZamfir/status/1051162300437020673}{as proposed by Vlad Zamfir} and used in database terminology). - Smart contracts have also been critiqued by \citet{ASICSmithMJS}. -} development practices and +has a high barrier of entry. Smart contract development practices and tooling are still in their prenatal stages of maturity, with zero margin for error. Additionally, organizations must be extensible upfront to allow changes and upgrades to their systems while still maintain high From 981961ababff1b609a6fc088badce0b2738e3d60 Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 07:52:38 +0000 Subject: [PATCH 4/8] Remove accidental addition --- Whitepaper.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Whitepaper.tex b/Whitepaper.tex index 9364884..d5b53ab 100644 --- a/Whitepaper.tex +++ b/Whitepaper.tex @@ -376,7 +376,7 @@ \section{Overview}\label{overview} through system calls, the operating system kernel has the final say on what the contract can or cannot do. -\end{document}\subsection{Procedures}\label{procedures} +\subsection{Procedures}\label{procedures} A Procedure is a smart contract that can be executed by the kernel. This is the smallest independent component or unit of code. As far as the Ethereum VM is concerned they are a normal smart contract. From 52a98b7a70f94ebb903024c2b8c548a850e4e1b7 Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 18:58:32 +1100 Subject: [PATCH 5/8] Re-append .pdf to *KernelOverview --- Whitepaper.tex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Whitepaper.tex b/Whitepaper.tex index d5b53ab..f5d6b3a 100644 --- a/Whitepaper.tex +++ b/Whitepaper.tex @@ -336,8 +336,8 @@ \subsection{Domain Specific Languages} \section{Overview}\label{overview} \begin{figure}[H] - \includegraphics[width=0.49\textwidth]{media/NormalKernelOverview} - \includegraphics[width=0.49\textwidth]{media/BeakerKernelOverview} + \includegraphics[width=0.49\textwidth]{media/NormalKernelOverview.pdf} + \includegraphics[width=0.49\textwidth]{media/BeakerKernelOverview.pdf} \caption{Similar to how existing operating systems act as an interface to hardware for applications on a computer, the Beaker kernel From 89d38617fde3d573a39289aee874ed3ad6b0ec7d Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 19:07:35 +1100 Subject: [PATCH 6/8] More corrections --- Whitepaper.tex | 41 +++++++++-------------------------------- 1 file changed, 9 insertions(+), 32 deletions(-) diff --git a/Whitepaper.tex b/Whitepaper.tex index f5d6b3a..c5312f6 100644 --- a/Whitepaper.tex +++ b/Whitepaper.tex @@ -5,7 +5,6 @@ \usepackage{ifxetex,ifluatex} \usepackage{fixltx2e} % provides \textsubscript \usepackage[T1]{fontenc} -\usepackage{natbib} \usepackage[utf8]{inputenc} % use upquote if available, for straight quotes in verbatim environments \IfFileExists{upquote.sty}{\usepackage{upquote}}{} @@ -15,44 +14,25 @@ \usepackage[usenames,dvipsnames]{color} \hypersetup{breaklinks=true, bookmarks=true, - pdfauthor={}, - pdftitle={}, + pdfauthor={Jacob Payne, Jake O'Shannessy, and Alexey Troitskiy}, + pdftitle={Beaker: A security protocol and framework for smart contracts}, colorlinks=true, citecolor=blue, urlcolor=blue, + pdfkeywords={exokernel, OS, Operating System, security protocol, + permission system, smart contract platform, stored + procedure, Ethereum, semantic restriction, blockchain, virtual machine, + decentralised organisation, data access, open source, introspection, + system call, isolation, procedure}, %linkcolor=magenta, - pdfborder={0 0 0}} + pdfborder={0 0 0.5 [1 3]}}, + pagebackref=true \urlstyle{same} % don't use monospace font for urls \usepackage{color} \usepackage{listings} \usepackage{longtable,booktabs} \usepackage{graphicx,grffile} -% \usepackage[bookmarks=true, unicode=true, pdftitle={Beaker: A security -% protocol and framework for smart contracts}, pdfauthor={Jacob Payne \and Jake -% O'Shannessy \and Alexey Troitskiy},pdfkeywords={exokernel, OS, Operating -% System, security protocol, permission system, smart contract platform, stored -% procedure, Ethereum, semantic restriction, blockchain, virtual machine, -% decentralised organisation, data access, open source, introspection, -% system call, isolation, procedure},pdfborder={0 0 0.5 [1 3] -% },pagebackref=true]{hyperref} - -% %This should be the last package before \input{Version.tex} -% \PassOptionsToPackage{hyphens}{url}\usepackage{hyperref} -% % "hyperref loads the url package internally. Use \PassOptionsToPackage -% {hyphens}{url}\usepackage{hyperref} to pass the option to the url package -% when it is loaded by hyperref. This avoids any package option clashes." -% Source: . -% Note also this: "If the \PassOptionsToPackage{hyphens}{url} approach does -% not work, maybe it's "because you're trying to load the url package with a -% specific option, but it's being loaded by one of your packages before that -% with a different set of options. Try loading the url package earlier than -% the package that requires it. If it's loaded by the document class, try -% using \RequirePackage[hyphens]{url} before the document class." Source: -% . -% For more information on using the hyperref package, refer to e.g. -% https://en.wikibooks.org/w/index.php?title=LaTeX/Hyperlinks&stable=0#Hyperlink_and_Hypertarget. \makeatletter \def\maxwidth{\ifdim\Gin@nat@width>\linewidth\linewidth\else\Gin@nat@width\fi} @@ -939,7 +919,4 @@ \section{Acknowledgments}\label{acknowledgments} mentors and advisors, and the many welcoming people in the Ethereum community. -\bibliographystyle{plainnat} -\bibliography{Biblio} - \end{document} From 544b717d05c554e761e4b273dfcc1dc22982bc7a Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 19:08:49 +1100 Subject: [PATCH 7/8] Fix --- Whitepaper.tex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Whitepaper.tex b/Whitepaper.tex index c5312f6..d177931 100644 --- a/Whitepaper.tex +++ b/Whitepaper.tex @@ -25,8 +25,9 @@ decentralised organisation, data access, open source, introspection, system call, isolation, procedure}, %linkcolor=magenta, - pdfborder={0 0 0.5 [1 3]}}, - pagebackref=true + pdfborder={0 0 0.5 [1 3]} + pagebackref=true}, + \urlstyle{same} % don't use monospace font for urls \usepackage{color} \usepackage{listings} From bd636ce90d0f43946b3e9d29a0ba616ecac8846d Mon Sep 17 00:00:00 2001 From: James Ray <16969914+jamesray1@users.noreply.github.com> Date: Mon, 18 Feb 2019 19:09:36 +1100 Subject: [PATCH 8/8] Fix indent --- Whitepaper.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Whitepaper.tex b/Whitepaper.tex index d177931..f900149 100644 --- a/Whitepaper.tex +++ b/Whitepaper.tex @@ -26,7 +26,7 @@ system call, isolation, procedure}, %linkcolor=magenta, pdfborder={0 0 0.5 [1 3]} - pagebackref=true}, + pagebackref=true}, \urlstyle{same} % don't use monospace font for urls \usepackage{color}