This book discusses understand cybersecurity management in decentralized finance (DeFi). It commences with introducing fundamentals of DeFi and cybersecurity to readers. It emphasizes on the importance of cybersecurity for decentralized finance by illustrating recent cyber breaches, attacks, and financial losses. The book delves into understanding cyber threats and adversaries who can exploit those threats. It advances with cybersecurity threat, vulnerability, and risk management in DeFi. The book helps readers understand cyber threat landscape comprising different threat categories for that can exploit different types of vulnerabilities identified in DeFi. It puts forward prominent threat modelling strategies by focusing on attackers, assets, and software.
The book includes the popular blockchains that support DeFi include Ethereum, Binance Smart Chain, Solana, Cardano, Avalanche, Polygon, among others. With so much monetary value associated with all these technologies, theperpetrators are always lured to breach security by exploiting the vulnerabilities that exist in these technologies. For simplicity and clarity, all vulnerabilities are classified into different categories: arithmetic bugs, re-Entrancy attack, race conditions, exception handling, using a weak random generator, timestamp dependency, transaction-ordering dependence and front running, vulnerable libraries, wrong initial assumptions, denial of service, flash loan attacks, and vampire
Since decentralized finance infrastructures are the worst affected by cyber-attacks, it is imperative to understand various security issues in different components of DeFi infrastructures and proposes measures to secure all components of DeFi infrastructures. It brings the detailed cybersecurity policies and strategies that can be used to secure financial institutions. Finally, the book provides recommendations to secure DeFi infrastructures from cyber-attacks.
|
1 The Origin of Modern Decentralized Finance |
|
|
1 | (28) |
|
1.1 A Brief History of Finance |
|
|
1 | (3) |
|
1.2 Introduction to FinTech |
|
|
4 | (2) |
|
1.3 Key Problems of Centralized Financial System |
|
|
6 | (2) |
|
1.4 Introduction to Crypto-Based Finance |
|
|
8 | (4) |
|
|
|
9 | (2) |
|
|
|
11 | (1) |
|
1.4.3 Advantages of DeFi Ecosystem |
|
|
11 | (1) |
|
|
|
12 | (3) |
|
1.5.1 Characteristics of Bitcoin Ecosystem |
|
|
14 | (1) |
|
|
|
14 | (1) |
|
1.6 Smart Contract-Based Blockchains |
|
|
15 | (11) |
|
|
|
26 | (3) |
|
|
|
26 | (3) |
|
2 Introduction to Smart Contracts and DeFi |
|
|
29 | (28) |
|
2.1 History of Smart Contracts |
|
|
29 | (2) |
|
2.2 Fundamentals of Smart Contracts |
|
|
31 | (6) |
|
2.2.1 Creating First Smart Contract |
|
|
33 | (4) |
|
2.3 The Operation Process of Smart Contracts |
|
|
37 | (7) |
|
2.3.1 Technical Operational Process |
|
|
42 | (2) |
|
2.4 How Can We Use Smart Contracts |
|
|
44 | (2) |
|
2.5 Benefits and Problems of Smart Contracts |
|
|
46 | (2) |
|
|
|
48 | (2) |
|
2.6.1 DeFi Characteristics |
|
|
49 | (1) |
|
|
|
49 | (1) |
|
|
|
50 | (2) |
|
|
|
50 | (1) |
|
|
|
51 | (1) |
|
|
|
51 | (1) |
|
|
|
51 | (1) |
|
|
|
52 | (1) |
|
|
|
52 | (1) |
|
2.8 Importance of Oracles in the Rise of DeFi |
|
|
52 | (2) |
|
|
|
54 | (3) |
|
|
|
54 | (3) |
|
|
|
57 | (14) |
|
3.1 Popular Blockchains that Support DeFi Apps |
|
|
57 | (9) |
|
|
|
57 | (1) |
|
3.1.2 Binance Smart Chain |
|
|
58 | (2) |
|
|
|
60 | (1) |
|
|
|
61 | (1) |
|
|
|
62 | (2) |
|
|
|
64 | (1) |
|
|
|
64 | (2) |
|
3.2 Security and Safety of DeFi Platforms |
|
|
66 | (1) |
|
3.3 Evaluating the Security of DeFi Platforms |
|
|
67 | (2) |
|
|
|
69 | (2) |
|
|
|
69 | (2) |
|
|
|
71 | (20) |
|
4.1 Blockchain Attacks and Countermeasures |
|
|
71 | (16) |
|
4.1.1 Double-Spending Attack |
|
|
72 | (1) |
|
|
|
73 | (1) |
|
|
|
74 | (1) |
|
4.1.4 Brute Force or Alternative History Attack |
|
|
75 | (1) |
|
4.1.5 Vector 76 or One-Confirmation Attack |
|
|
75 | (1) |
|
|
|
76 | (1) |
|
4.1.7 Nothing-at-Stake Attack |
|
|
76 | (1) |
|
4.1.8 Selfish Mining or Block Discarding Attack |
|
|
77 | (1) |
|
|
|
77 | (2) |
|
4.1.10 Block Withholding Attack |
|
|
79 | (1) |
|
4.1.11 Fork After Withholding Attack |
|
|
79 | (1) |
|
|
|
80 | (1) |
|
4.1.13 Feather and Punitive Forking Blockchain Attack |
|
|
81 | (1) |
|
4.1.14 Eclipse or Netsplit Attack |
|
|
82 | (1) |
|
4.1.15 Distributed Denial of Service Attack |
|
|
82 | (1) |
|
4.1.16 Liveness Denial Attack |
|
|
83 | (1) |
|
|
|
84 | (1) |
|
4.1.18 Tampering or Delay Attack |
|
|
84 | (1) |
|
4.1.19 BGP Hijacking or Routing Attack |
|
|
85 | (1) |
|
|
|
85 | (1) |
|
|
|
86 | (1) |
|
|
|
86 | (1) |
|
|
|
87 | (4) |
|
|
|
87 | (4) |
|
5 Smart Contracts and DeFi Security and Threats |
|
|
91 | (22) |
|
|
|
91 | (1) |
|
|
|
92 | (2) |
|
|
|
94 | (1) |
|
|
|
95 | (1) |
|
5.5 Using a Weak Random Generator |
|
|
96 | (1) |
|
|
|
96 | (1) |
|
5.7 Transaction-Ordering Dependence and Front Running |
|
|
97 | (1) |
|
|
|
98 | (1) |
|
5.9 Wrong Initial Assumptions |
|
|
98 | (1) |
|
|
|
99 | (1) |
|
|
|
100 | (1) |
|
|
|
101 | (1) |
|
5.13 Maximal Extractable Value |
|
|
101 | (1) |
|
5.14 Sample Attack Scenarios |
|
|
102 | (7) |
|
5.14.1 Weak Random Generator Attack |
|
|
103 | (2) |
|
5.14.2 Transaction-Ordering Attack |
|
|
105 | (3) |
|
5.14.3 Denial of Service Attack |
|
|
108 | (1) |
|
|
|
109 | (4) |
|
|
|
109 | (4) |
|
6 Challenges, Issues, and Basic Security Practices |
|
|
113 | |
|
|
|
113 | (1) |
|
6.2 Challenges and Issues |
|
|
114 | (1) |
|
6.3 Best Security Practices |
|
|
115 | (2) |
|
|
|
117 | |
|
|
|
117 | |
Dr. Gurdip Kaur is a CISSP, and CompTIA certified Cybersecurity Analyst (CySA+) experienced in detecting and analyzing malicious network traffic, FinTech risk management, and network attack traffic classification. She led multiple cybersecurity teams to generate three publicly available cybersecurity datasets for Android malware analysis, DNS over HTTPS (DoH) attack mitigation, and darknet traffic detection. She is an active contributor to cybersecurity blogs and articles as part of the cybersecurity awareness program. Dr. Gurdip is the first author of the book titled Understanding Cybersecurity Management in FinTech published by Springer in 2021. She has published several book chapters and research papers in reputed journals. She was awarded two gold medals in Bachelor of Technology and a silver medal for the research project on high interaction honeypots by NDRF, India. Her research project on malware reverse engineering was selected among the top 10 projects in theNational Student Project Contest in 2015. She is strongly inclined towards cybersecurity, malware analysis, vulnerability management, incident reporting, SIEM solutions, and SOC design.
Dr. Arash Habibi Lashkari is a Canada Research Chair (CRC) in Cybersecurity. He is senior member of the IEEE and an Associate Professor in Cybersecurity at York University (Canada). Prior to this, he was an Associate Professor at the Faculty of Computer Science, University of New Brunswick (Canada), and the Research Coordinator of the Canadian Institute for Cybersecurity (CIC). His research focuses on cyber threat modeling and detection, malware analysis, big data security, internet traffic analysis, and cybersecurity dataset generation.
Arash Lashkari has over 22 years of teaching experience, spanning several international universities, and was responsible for designing the first cybersecurity Capture the Flag (CTF) competition for post-secondary students in Canada. He has been the recipient of 15 awards at international computer security competitions - including three gold awards - and was recognized as one of Canadas Top 150 Researchers for 2017. In 2020, Dr. Lashkari was recognized with the University of New Brunswicks prestigious Teaching Innovation Award for his personally-created teaching methodology, the Think-Que-Cussion Method.
He is the author of ten published books and more than 110 academic articles on a variety of cybersecurity-related topics and the co-author of the national award-winning article series, Understanding Canadian Cybersecurity Laws, which was recently recognized with a Gold Medal at the 2020 Canadian Online Publishing Awards.
Iman Sharafaldin is Application & Cloud Security Lead at Forward Securiy Inc in Vancouver, Canada. Passionate about all things code, Iman has more than 8 years of cybersecurity and software related experience. He is also a PhD candidate in computer science at the University of New Brunswick, Canada, with more than 1000 citations on his cybersecurity related publications.
Ziba Habibi Lashkari is an Assistant Professor of Finance in the Department of Organization Engineering, Business Administration, and Statistics, the Technical University of Madrid, Spain. She had been participating in the project of Anįlisis de Modelos en Dinįmica de poblaciones Estructuradas en Valoración de Derivados Financieros financed by the Spanish Ministry of Economy. She has more than 15 years of academic and industry experience in financial management. Her research focuses on asset pricing, risk Management, cybersecurity risk in digital financial and data science in fintech.
Biežāk uzdotie jautājumi par e-grāmatām