Browsing by Author "Dr Erisa Karafili"

Filter results by typing the first few letters
Now showing 1 - 3 of 3
  • Thumbnail Image
    ItemRestricted
    A Study on Ethereum’s Smart Contract Vulnerabilities
    LUJAIN MOHAMMED IBRAHIM ALHAJRI; Dr Erisa Karafili
    Many critical sectors, such as the government sector, seek to implement their services based on blockchain technology to benefit from its advantages, such as security and transparency. Since blockchain technology is very complex and requires heavy computations and supercomputers to implement it from scratch, there is a need for a platform that can be used to implement any application or service based on blockchain technology. Ethereum is one platform inspired by Bitcoin – it is considered the leading platform used by financial and non-financial industries to build applications based on blockchain. Ethereum implements applications that act in a decentralised manner, called DApps. These DApps implemented by scripts to run in a less vulnerable situation as possible which called Smart Contracts. Smart contracts targeted by critical attacks by exploiting severe vulnerabilities. This project aims to identify comprehensive Ethereum smart contract vulnerabilities that susceptible to attack. This project studies and analyze the causes of these vulnerabilities and find the prevention methods to avoid these vulnerabilities. This project simulates three different attacks scenarios for the most severe three vulnerabilities. Also, this project tests these scenarios by deploying it to the Ethereum public test network. Meaning this project proves experimentally how the smart contract code can be exploited and how to secure it. Furthermore, concerning other existing researches, there is no academic research examined smart contract vulnerabilities practically, which make this work as an addition to the cybersecurity academic field. Also, this work can be a proposal to Ethereum blockchain developers to attain practical solutions to prevents these vulnerabilities in the future improvements of the Ethereum smart contract.
    0 0
  • No Thumbnail Available
    ItemRestricted
    Detecting Supply Chain Threats
    (Saudi Digital Library, 2025) Akash Aravindan Paul Rajan; Nor Iman Binti Abdul Rashid; Ayham Al-Kilani; Alexandru-Aurel Constantin; Ashley Doel; Dr Erisa Karafili; Marwan Mousa Altamimi; Dr Erisa Karafili
    This study investigates the detection of supply chain threats in open-source software by developing an innovative system that integrates scraping techniques and artificial intelligence (AI) for intent analysis. The project aims to address critical vulnerabilities by analysing git commit messages and corresponding code changes, ensuring enhanced transparency and security in the software supply chain. The proposed system comprises a GitHub scraper that retrieves structured data using GraphQL and REST APIs, over- coming API rate limitations for efficient data collection. The collected data is processed by an AI model, ”Baymax,” which employs large language models (LLMs) to evaluate the alignment between commit messages and code changes. The system is designed with scalability and modularity to accommodate repositories of varying sizes and com- plexities. The project was implemented using Agile Scrum methodologies, employing iterative development practices with tasks prioritised through the MoSCoW framework. Collaboration within the development team was structured through specialised roles, and progress was monitored via sprints, stand-ups, and retrospectives. The results indicate that the system effectively enhances the integrity of open-source software by identi- fying discrepancies indicative of potentially malicious changes. Future work includes expanding platform compatibility, improving system performance, and incorporating user feedback to improve accuracy. This research contributes to the growing field of software supply chain security, with implications for broader applications in software development and beyond.
    9 0
  • Thumbnail Image
    ItemRestricted
    Threat Modelling: A Study of Cybersecurity Threats in Smart Home Systems
    HISHAM KHALID SULAIMAN KHAN; Dr Erisa Karafili
    Nowadays the Internet of things has many applications that make the devices involved in these applications vulnerable and need more security measures. Threat modelling is the first step that allow researchers identify risks and vulnerabilities in any system at early stages. One of the most important aspects in IoT is the smart home environment which make life much easier for the people because of the services it provides. However, security issue is a hot topic when it come to new technologies like smart homes. The aim of this project is modelling threats and identifying them to help developers and designers recognize the most vulnerable components in particular system. We specify set of rules and relations to define a threat model in order to compute the final states for each component. Then these rules and relations are applied in real life scenarios to illustrate how a secure component could get affected by other components if a malicious event occurred. Finally, we have developed a console-based tool and validated it with the created scenarios.
    0 0

Copyright owned by the Saudi Digital Library (SDL) © 2025