Please use this identifier to cite or link to this item: http://dx.doi.org/10.25673/112992
Title: Mitigating the Ronin Protocol Vulnerability in the Context of RBAC Policy
Author(s): Huzenko, Halyna
Galchynsky, Leonid
Granting Institution: Hochschule Anhalt
Issue Date: 2023
Language: English
Subjects: Vulnarability
Ronin Protocol
RBAC Standard
ERD
Simulation Modelling
Abstract: The article discusses the structure of the Ronin protocol and its components, focusing on consensus mechanisms and validators. The purpose of the study was to identify the vulnerability of the protocol and to develop methods for its resolution. It was determined that the bridge component of the protocol has a certain vulnerability. Analyzing and investigating the structure and mechanics of Ronin smart contracts, it was found that all validators are Bridge Validators. This prompted a more detailed study of the protocol structure. Audits for 2022 and 2023 were analyzed, which indicated the presence of privileged functionality in some roles in the system. The conclusion was that the protocol has an unformalized role-based access distribution model. By comparing with the NIST standard, it was found that the role-based access control system in the Ronin protocol (Ronin RBAC) is a Flat Model. By increasing the level of the model to the level of the Restricted Model, it was possible to increase the security level of the protocol. Using the MySQL environment, a simulation model was developed that confirmed the vulnerability of the considered access control system. Based on the analysis of the standard requirements, steps were formulated to make changes to the simulation model. To solve this problem, it was proposed to change the role model of access distribution to Level 3 of the NIST RBAC standard.
URI: https://opendata.uni-halle.de//handle/1981185920/114949
http://dx.doi.org/10.25673/112992
http://dx.doi.org/10.25673/112992
Open Access: Open access publication
License: (CC BY-SA 4.0) Creative Commons Attribution ShareAlike 4.0(CC BY-SA 4.0) Creative Commons Attribution ShareAlike 4.0
Appears in Collections:International Conference on Applied Innovations in IT (ICAIIT)

Files in This Item:
File Description SizeFormat 
2_2_ICAIIT_Paper_2023(2)_Нuzenko_17-1.pdf1.09 MBAdobe PDFThumbnail
View/Open