Resto security layer
REST is a software architecture style that describes an interface between decoupled
software components in a Client-Server architecture. It is widely used in the industry
and more specifically in web development as a set of guidelines for creating stateless,
reliable web APIs (also called web services).
As REST mainly defines constraints to identify and manipulate resources, RESTful web
APIs are usually based on the HTTP protocol to access resources via URL-encoded
parameters and the use of JSON or XML to encode transmitted data.
Cornerstone of the Tezos blockchain, Tezos nodes are exposing a RESTful API that
mainly permits a client to perform transactions and query its internal state in regard
to the chain. The security of these web services is an important aspect to consider
as it reduces the risk of malicious acts that could impact both the node behavior, and
its eco-system integrity.
The goal of this internship is to improve Tezos node’s web services security in order
to consolidate its robustness against hostile environments. Building upon existing
work, and guided by some documentation and research papers related to the subject,
the intern will design countermeasures for specific and predetermined scenarios of
attacks. As an optional part and beside this work, the intern can identify and address
other webservices vulnerabilities.
In order to validate its approach, the intern will develop reproducible scenarios of
attacks and demonstrate the solidity of its work by measuring its impact on a working
The successful applicant should have a good knowledge of the OCaml programming
language, be able to work independently and understand academic papers. Having a
good knowledge of the network and the HTTP protocol can be helpful. The purpose
of its work will be to propose solutions to the different problems they will encounter
and implementing these solutions.
You will work at the Nomadic Labs’ offices in Paris.
Participating in a large scale open-source project you will have to rapidly learn to
use collaborative tools (Git, merge request, issues, gitlab, continuous integration,
documentation) and to communicate about your work. The final results might be
presented at an international conference or workshop.
You will have a designated advisor at Nomadic Labs and will have to work indepen-
dently and to propose thoroughly-considered solutions to the different problems you
will have to solve. You will be encouraged to seek advice from members of the team.
All material produced (essays, documentation, code, etc.) will be released under an
open source license (e.g. MIT or CC).