Axiom Gateway
Join
Latest
Call for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 JulyCall for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 July
Digital Library

Research Archive

Search across 2.4 million peer-reviewed documents from journals, conferences, and standards.

Showing 2 of 2,418,902 results

Journal Article Open Access Cybersecurity

Integrating Security into DevOps: Empirical Assessment of DevSecOps Adoption Barriers and Enablers in Financial Services Organizations

The integration of security practices into DevOps pipelines — commonly termed DevSecOps or "shifting security left" — has attracted significant practitioner interest, yet academic understanding of the organizational dynamics that enable or impede this integration remains nascent. This paper reports findings from a grounded theory study conducted across nine financial services organizations undergoing DevSecOps transformation. Data was collected through 64 interviews with security engineers, DevOps leads, compliance officers, and CISOs, supplemented by documentary analysis of security policy artifacts and incident logs spanning 24 months. Our analysis yielded a substantive theory of DevSecOps adoption organized around three core categories: Security-Development Trust Formation, Toolchain Convergence, and Regulatory Constraint Navigation. We find that the predominant barrier to DevSecOps adoption is not technical but relational: the adversarial framing historically embedded between security and development teams. Organizations that successfully dissolve this framing through shared ownership models and joint blameless post-mortems exhibit twice the rate of automated security gate adoption. The paper contributes an empirically grounded theoretical model and a set of practitioner interventions for accelerating DevSecOps adoption in regulated industries.

Nadia Okonkwo, Lars Bergström, Mei-Ling Chen, Arjun Patel· May 2018· 521 citations
Journal Article Open Access Blockchain

Smart Contract Vulnerability Analysis: Automated Detection of Reentrancy, Integer Overflow, and Access Control Flaws in Ethereum Solidity Codebases

Smart contracts deployed on public blockchain platforms such as Ethereum execute autonomously and immutably, meaning that security vulnerabilities discovered post-deployment cannot be patched without costly migration procedures -- a constraint that elevates pre-deployment security analysis to critical importance. This paper presents SmartGuard, a hybrid static-symbolic analysis framework for automated detection of smart contract vulnerabilities, evaluated against a dataset of 48,000 verified Solidity contracts drawn from the Ethereum mainnet. SmartGuard combines abstract syntax tree analysis, control flow graph construction, and bounded symbolic execution to detect six vulnerability classes: reentrancy, integer overflow and underflow, timestamp dependence, unprotected self-destruct, access control misconfigurations, and front-running susceptibility. On a labeled benchmark of 2,400 contracts with ground-truth vulnerability annotations, SmartGuard achieves 91.2% precision and 87.6% recall for reentrancy detection and 88.4% precision and 83.1% recall averaged across all six vulnerability classes, outperforming Mythril, Slither, and Oyente on four of six categories. We analyze the 48,000 mainnet contracts and find that 23.4% contain at least one high-severity vulnerability, with integer overflow (14.1%) and access control misconfiguration (9.3%) being the most prevalent. We release SmartGuard as an open-source tool and discuss implications for smart contract audit workflows and DeFi protocol governance.

Obiora Okeke, Sofia Lindqvist, Kenji Nakamura, Yasmin Hassan· May 2018· 498 citations