Fraunhofer-Institut für Produktionsanlagen und Konstruktionstechnik IPK

Filters

6
6
Reset filters

Settings
Now showing 1 - 6 of 6
No Thumbnail Available
Publication

Comparison of Ethereum Smart Contract Analysis and Verification Methods

2024 , Happersberger, Vincent , Jäkel, Frank-Walter , Knothe, Thomas , Pignolet, Yvonne Anne , Schmid, Stefan

Ethereum allows to publish and use applications known as smart contracts on its public network. Smart contracts can be costly for users if erroneous. Various security vulnerabilities have occurred in the past and have been exploited causing the loss of billions of dollars. Therefore, it is in the developer’s interest to publish smart contracts that serve their intended purpose only. In this work, we study different approaches to verify if Ethereum smart contracts behave as intended and how to detect possible vulnerabilities. To this end, we compare and evaluate, different formal verification tools and tools to automatically detect vulnerabilities. Our empirical comparison of 140 smart contracts with known vulnerabilities shows that different tools vary in their success to identify issues with smart contracts. In general, we find that automated analysis tools often miss vulnerabilities, while formal verifiers based on model checking with Hoare-style source code annotations require high effort and knowledge to discover possible weaknesses. Specifically, some vulnerabilities (e.g., related to bad randomness) are not detected by any of the tools. Formal verifiers perform better than automated analysis tools as they detect more vulnerabilities and are more reliable. One of the automated analysis tools was able to find only three out of 16 Access Control vulnerabilities. On the contrary, formal verifiers have a hundred percent detection rate for selected tests. As a case study with a smart contract without previously known vulnerabilities and for a more in-depth evaluation, we examine a smart contract using a two-phase commit protocol mechanism which is key in many smart contract applications. We use the presented tools to analyze and verify the contract. Thereby we come across different important patterns to detect vulnerabilities e.g. with respect to re-entrancy, and how to annotate a contract to prove that intended the restriction and requirements hold at any time.

View
No Thumbnail Available
Publication

Interoperability Challenges and Solutions within Industrial Networks

2022 , Jäkel, Frank-Walter , Knothe, Thomas

View
No Thumbnail Available
Publication

Integrated Model-Based Configuration of Production Systems - Reflection of ISO 19440 and MDA and MDI

2023 , Knothe, Thomas , Torka, Jan , Gering, Patrick , Jäkel, Frank-Walter

Rising business competition leads to complexity because of increased number of product variants and customer-specific processes. Model-based approaches seem to be suitable for handling this kind of flexibility in networked production environments. In this paper, current approaches to the configuration of heterogeneous systems based on standard models are reflected, and an integrated model-based configuration approach using formalized modules is proposed and its application demonstrated.

View
No Thumbnail Available
Publication

Hyperconnected Ecosystems für industrielle Netzwerke

2021 , Jäkel, Frank-Walter , Gering, Patrick , Knothe, Thomas

Das Hyperconnected Ecosystems für industrielle Netzwerke wird definiert als die Vernetzung aller relevanten Informationen und deren Erreichbarkeit jederzeit und von überall (hyperconnected). Barrieren zwischen Netzwerkpartnern bzgl. Datenbereitstellung und Zugriff werden reduziert und an aktuelle Anforderungen ausgerichtet. Die Evolution des Netzwerkes wird durch dessen dynamische Anpassbarkeit und flexible Einbindung von Diensten ermöglicht. Schlussendlich soll jede erforderliche Information an jedem Ort sofort in einer bearbeitbaren Form und möglichst ohne Aufwand verfügbar sein. Die Metapher des sozialen Netzwerks, in denen sich Partner finden und nach Bedarf Daten und Leistungen austauschen, dient als Basis für die Strukturen im Netzwerk. Dabei müssen industrielle Anforderungen nach Sicherheit, Souveränität und Transparenz integriert werden. Der Beitrag beschreibt die Vision eines Hyperconnected Ecosystem für industrielle Netzwerke und erste Ansätze zu dessen Umsetzung.

View
No Thumbnail Available
Publication

The Use of Digital Twins to Overcome Semantic Barriers in Hyperconnected Ecosystems for Industry

2022 , Jäkel, Frank-Walter , Gering, Patrick , Knothe, Thomas

To establish business networks a match between businesses demands and potential partner information is required. Publicly available information on the Internet about companies, products and services usually don’t follow a common standard. The concept of a digital twin could be used to organise the different information and, in the future, to harmonise the way company data is made available on the web. Every company usually has a web presence, related documents, web pages and a trace on the web, which can be used for an initial structure of the digital twin. Hereby, first services for the correlations between partner companies and requirements can be designed. But it requires the management of legal aspects e.g. the access of bots to the public available information. The paper provides initial ideas and feasibility checks and it propose an evolution of the current heterogeneous content and structure of the data into a well-structured digital twin including content related ontologies to describe the company characteristics.

View
No Thumbnail Available
Publication

Ensure OPC-UA interfaces for digital plug-and-produce

2020 , Jäkel, Frank-Walter , Wolff, Tobias , Happersberger, Vincent , Knothe, Thomas

Experiences in industry has illustrated that ""Open Platform Communications Unified Architecture"" (OPC-UA) as upcoming de-facto standard for Industry 4.0 requires interoperability tests to support a digital plug-and-produce. Existing tools to validate OPC-UA implementations need to be applicable for such validations. Within the German national ""Internet of Things Test"" (IoT-T) project, we developed concepts and software for the validation of interoperability between different cyber physical systems using OPC-UA. The paper focuses on this part of the work and provides insights in the results. The results consists of industrial use cases, requirements, concepts and open source software. It also includes the comparison of the developments in the IoT-T project with the Compliance Test Tools (CTT) provided by the OPC Foundation (OPCF), which checks the conformity of the OPC-UA servers and clients against the OPC-UA specification.

View