检索结果-内蒙古大学图书馆

DBKEM-AACS: a distributed key escrow model in blockchain with anonymous authentication and committee selection

Science China(Information Sciences) 2023年第3期66卷 289-290页

作者： Axin XIANG Hongfeng GAO Youliang TIAN Liang WAN College of Computer Science and Technology Guizhou University Institute of Cryptography and Data Security Guizhou University Network and Information Management Center Guizhou University State Key Laboratory of Public Big Data Guizhou University Institute of Computer Software and Theory Guizhou University

Dear editor, Key security is of great practical significance and demand to guarantee the security of digital assets in the blockchain system. At present, users prefer to escrow their assets on centralized institutions, but this phenomenon has gone against the unique characteristics of decentralization and anonymity in the blockchain. Among them, the suspense incidents of assets lock or lost are enough to prove that the security of escrowed keys on the exchanges is questionable.

关键词：

来源：评论

学校读者我要写书评

暂无评论

PS3: Precise Patch Presence Test Based on Semantic Symbolic Signature 24

PS3: Precise Patch Presence Test Based on Semantic Symbolic ...

引用

44th ACM/IEEE International Conference on software Engineering, ICSE 2024

作者： Zhan, Qi Hu, Xing Li, Zhiyang Xia, Xin Lo, David Li, Shanping Zhejiang University The State Key Laboratory of Blockchain and Data Security Hangzhou China Zhejiang University Hangzhou China Software Engineering Application Technology Lab Huawei China Singapore Management University Singapore

ISBN: (纸本)9798400702174

During software development, vulnerabilities have posed a significant threat to users. Patches are the most effective way to combat vulnerabilities. In a large-scale software system, testing the presence of a security patch in every affected binary is crucial to ensure system security. Identifying whether a binary has been patched for a known vulnerability is challenging, as there may only be small differences between patched and vulnerable versions. Existing approaches mainly focus on detecting patches that are compiled in the same compiler options. However, it is common for developers to compile programs with very different compiler options in different situations, which causes inaccuracy for existing methods. In this paper, we propose a new approach named PS3, referring to precise patch presence test based on semantic-level symbolic signature. PS3 exploits symbolic emulation to extract signatures that are stable under different compiler options. Then PS3 can precisely test the presence of the patch by comparing the signatures between the reference and the target at semantic level. To evaluate the effectiveness of our approach, we constructed a dataset consisting of 3,631 (CVE, binary) pairs of 62 recent CVEs in four C/C++ projects. The experimental results show that PS3 achieves scores of 0.82, 0.97, and 0.89 in terms of precision, recall, and F1 score, respectively. PS3 outperforms the state-of-the-art baselines by improving 33% in terms of F1 score and remains stable in different compiler options. © 2024 ACM.

关键词： software design

来源：评论

学校读者我要写书评

暂无评论

A Cross-Chain Protocol Based on Main-SubChain Architecture 4

A Cross-Chain Protocol Based on Main-SubChain Architecture

引用

4th International Conference on Computer Science and Blockchain, CCSB 2024

作者： Zhang, Feng Le, Yu Wang, Rong Yuan, Minfu Tsai, Wei-Tek Dong, Yuansheng China Mobile Information Security Management and Operation Center Beijing China Guangzhou Institute of Software Guangzhou China College of Computer and Data Science Fuzhou University Arizona State University TempeAZ United States Huanggang Polytechnic College Huanggang China

ISBN: (纸本)9798350356502

Addressing the current surge in blockchain applications and the increasingly significant throughput and scalability challenges of single-chain systems, we propose a cross-chain protocol based on a main-subchain architecture, utilizing a ' 1+N' model composed of a main blockchain and multiple sidechains. The main blockchain is a permissioned public blockchain that employs relay chain technology, combining the flexibility and scalability of public blockchains with the performance, security, and regulatory advantages of federated blockchains. It serves as the core of the architecture, managing and coordinating the operations of the sidechains. Sidechains maintain a high degree of independence, selecting consensus algorithms tailored to their specific business needs and processing transactions asynchronously across different chains. Cross-chain transactions are decomposed into multiple sub-transactions, which are independently processed and verified by the relevant sidechains and the committee blockchain. This architecture ensures the atomicity, consistency, and security of transactions while enhancing the system's parallel processing capability and overall performance. Finally, this paper demonstrates the superiority of the proposed scheme in terms of fund security, atomicity, consistency, continuity, and dynamics through theoretical analysis. © 2024 IEEE.

关键词： Blockchain

来源：评论

学校读者我要写书评

暂无评论

Ppt4j: Patch Presence Test for Java Binaries 24

Ppt4j: Patch Presence Test for Java Binaries

引用

44th ACM/IEEE International Conference on software Engineering, ICSE 2024

作者： Pan, Zhiyuan Hu, Xing Xia, Xin Zhan, Xian Lo, David Yang, Xiaohu Zhejiang University The State Key Laboratory of Blockchain and Data Security Hangzhou China Huawei Software Engineering Application Technology Lab Hangzhou China The Hong Kong Polytechnic University Hong Kong School of Computing and Information Systems Singapore Management University Singapore

ISBN: (纸本)9798400702174

The number of vulnerabilities reported in open source software has increased substantially in recent years. security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult to identify whether patches have been integrated into software, especially if we only have binary files. Therefore, the ability to test whether a patch is applied to the target binary, a.k.a. patch presence test, is crucial for practitioners. However, it is challenging to obtain accurate semantic information from patches, which could lead to incorrect results. In this paper, we propose a new patch presence test framework named Ppt4j (Patch Presence Test forJava Binaries). Ppt4j is designed for open-source Java libraries. It takes Java binaries (i.e. bytecode files) as input, extracts semantic information from patches, and uses feature-based techniques to identify patch lines in the binaries. To evaluate the effectiveness of our proposed approach Ppt4j, we construct a dataset with binaries that include 110 vulnerabilities. The results show that Ppt4j achieves an F1 score of 98.5% with reasonable efficiency, improving the baseline by 14.2%. Furthermore, we conduct an in-the-wild evaluation of Ppt4j on JetBrains IntelliJ IDEA. The results suggest that a third-party library included in the software is not patched for two CVEs, and we have reported this potential security problem to the vendor. © 2024 ACM.

关键词： Open source software

来源：评论

学校读者我要写书评

暂无评论

Code Search Is All You Need? Improving Code Suggestions with Code Search 24

Code Search Is All You Need? Improving Code Suggestions with...

引用

44th ACM/IEEE International Conference on software Engineering, ICSE 2024

作者： Chen, Junkai Hu, Xing Li, Zhenhao Gao, Cuiyun Xia, Xin Lo, David School of Software Technology Zhejiang University Ningbo China Zhejiang University The State Key Laboratory of Blockchain and Data Security Hangzhou China Concordia University Montreal Canada Harbin Institute of Technology Shenzhen China Zhejiang University Hangzhou China Singapore Management University Singapore

ISBN: (纸本)9798400702174

Modern integrated development environments (IDEs) provide various automated code suggestion techniques (e.g., code completion and code generation) to help developers improve their efficiency. Such techniques may retrieve similar code snippets from the code base or leverage deep learning models to provide code suggestions. However, how to effectively enhance the code suggestions using code retrieval has not been systematically investigated. In this paper, we study and explore a retrieval-augmented framework for code suggestions. Specifically, our framework leverages different retrieval approaches and search strategies to search similar code snippets. Then the retrieved code is used to further enhance the performance of language models on code suggestions. We conduct experiments by integrating different language models into our framework and compare the results with their original models. We find that our framework noticeably improves the performance of both code completion and code generation by up to 53.8% and 130.8% in terms of BLEU-4, respectively. Our study highlights that integrating the retrieval process into code suggestions can improve the performance of code suggestions by a large margin. © 2024 ACM.

关键词： Deep learning

来源：评论

学校读者我要写书评

暂无评论

Integration of Process Optimization and Automation: A Way to AI Powered Digital Transformation

Integration of Process Optimization and Automation: A Way to...

引用

Advances in Computer Science, Electrical, Electronics, and Communication Technologies (CE2CT), International Conference on

作者： Kulasekhara Reddy Kotte Latha Thammareddi Divya Kodi Venkateswara Rao Anumolu Arun Kumar K Shubham Joshi SLRI Solutions INC India Project Management Operations India Cyber Security Senior Data Analyst Truist Financial India Technical Architect ERP Solutions- Information Technology India Big Data Architect India Department of Computer Science & Engineering Bipin Tripathi Kumaon Institute of Technology Almora India

ISBN: (数字)9798331518578

ISBN: (纸本)9798331518585

One of the most important factors facilitating AI-powered digital transformation is the combination of process automation and optimisation. Organisations may improve operational efficacy, save costs, and streamline procedures by utilising cutting-edge technology like robotic process automation (RPA), machine learning (ML), and artificial intelligence (AI). While automation seeks to reduce human participation in repetitive and rule-based operations, process optimisation concentrates on improving current business processes to attain improved productivity. The development of intelligent, adaptable, and self-improving systems is made possible by the combination of these two methodologies. Predictive findings, real-time decision-making, and customised customer experiences are further made possible by AI-driven analytics. This connection promotes innovation, scalability, and agility across sectors, giving businesses a competitive edge in the quickly changing digital market. The article examines the main principles, advantages, and difficulties of this shift and provides a road map for businesses looking to automate and optimise processes using AI in order to attain operational excellence and sustainable growth.

关键词： Productivity Intelligent automation Technological innovation Digital transformation Roads Decision making Stakeholders Artificial intelligence Optimization Business

来源：评论

学校读者我要写书评

暂无评论

A Secure Device management Scheme with Audio-Based Location Distinction in IoT

引用

Computer Modeling in Engineering & Sciences 2024年第1期138卷 939-956页

作者： Haifeng Lin Xiangfeng Liu Chen Chen Zhibo Liu Dexin Zhao Yiwen Zhang Weizhuang Li Mingsheng Cao College of Economics and Management Nanjing University of Aeronautics and AstronauticsNanjing211106China Chengdu Aircraft Industrial(Group)Co. Ltd.Chengdu610073China Academy of Military Sciences of PLA Beijing100091China School of Information and Software Engineering University of Electronic Science and Technology of ChinaChengdu610054China Ningbo Web King Technology Joint Stock Co. Ltd.Ningbo315000China The Network and Data Security Key Laboratory of Sichuan Province University of Electronic Science and Technology of ChinaChengdu610054China

Identifying a device and detecting a change in its position is critical for secure devices management in the Internet of Things(IoT).In this paper,a device management system is proposed to track the devices by using audio-based location distinction *** the proposed scheme,traditional cryptographic techniques,such as symmetric encryption algorithm,RSA-based signcryption scheme,and audio-based secure transmission,are utilized to provide authentication,non-repudiation,and confidentiality in the information interaction of the management ***,an audio-based location distinction method is designed to detect the position change of the ***,the audio frequency response(AFR)of several frequency points is utilized as a device *** device signature has the features as follows.(1)Hardware Signature:different pairs of speaker and microphone have different signatures;(2)Distance Signature:in the same direction,the signatures are different at different distances;and(3)Direction Signature:at the same distance,the signatures are different in different *** on the features above,amovement detection algorithmfor device identification and location distinction is ***,a secure communication protocol is also proposed by using traditional cryptographic techniques to provide integrity,authentication,and non-repudiation in the process of information interaction between devices,Access Points(APs),and *** experiments are conducted to evaluate the performance of the proposed *** experimental results show that the proposedmethod has a good performance in accuracy and energy consumption.

关键词： Acoustic hardware fingerprinting device management IoT location distinction

来源：评论

学校读者我要写书评

暂无评论

PS3: Precise Patch Presence Test Based on Semantic Symbolic Signature

PS3: Precise Patch Presence Test Based on Semantic Symbolic ...

引用

International Conference on software Engineering (ICSE)

作者： Qi Zhan Xing Hu Zhiyang Li Xin Xia David Lo Shanping Li The State Key Laboratory of Blockchain and Data Security Zhejiang University Hangzhou China Zhejiang University Hangzhou China Software Engineering Application Technology Lab Huawei China Singapore Management University Singapore

ISBN: (数字)9798400702174

ISBN: (纸本)9798350382143

During software development, vulnerabilities have posed a significant threat to users. Patches are the most effective way to combat vulnerabilities. In a large-scale software system, testing the presence of a security patch in every affected binary is crucial to ensure system security. Identifying whether a binary has been patched for a known vulnerability is challenging, as there may only be small differences between patched and vulnerable versions. Existing approaches mainly focus on detecting patches that are compiled in the same compiler options. However, it is common for developers to compile programs with very different compiler options in different situations, which causes inaccuracy for existing methods. In this paper, we propose a new approach named $PS^security$ , referring to precise patch presence test based on semantic-level symbolic signature. $PS^security$ exploits symbolic emulation to extract signatures that are stable under different compiler options. Then $PS^security$ can precisely test the presence of the patch by comparing the signatures between the reference and the target at semantic level. To evaluate the effectiveness of our approach, we constructed a dataset consisting of 3,631 (CVE, binary) pairs of 62 recent CVEs in four C/C++ projects. The experimental results show that $PS^security$ achieves scores of 0.82, 0.97, and 0.89 in terms of precision, recall, and F1 score, respectively. $PS^security$ outperforms the state-of-the-art baselines by improving 33% in terms of F1 score and remains stable in different compiler options.

关键词： Program processors Semantics Emulation software systems security Testing software engineering

来源：评论

学校读者我要写书评

暂无评论

Attribute-Based data Sharing Scheme with Flexible Search Functionality for Cloud-Assisted Autonomous Transportation System

引用

IEEE Transactions on Industrial Informatics 2023年第11期19卷 10977-10986页

作者： Xiong, Hu Wang, Hanxiao Meng, Weizhi Yeh, Kuo-Hui University of Electronic Science and Technology of China School of Information and Software Engineering Network and Data Security Key Laboratory of Sichuan Province Chengdu610054 China Advanced Cryptography and System Security Key Laboratory of Sichuan Province Chengdu610025 China Technical University of Denmark Department of Applied Mathematics and Computer Science Kongens Lyngby2800 Denmark National Dong Hwa University Department of Information Management Hualien97401 Taiwan National Sun Yat-sen University Department of Computer Science and Engineering Kaohsiung804201 Taiwan

The existing group public key encryption with equality test schemes could only support one-to-one data sharing and are not suitable for cloud-assisted autonomous transportation systems, which demand one-to-many data sharing. To tackle this problem efficiently, in this article, we put forward the group-attribute-based encryption with equality test (G-ABEET) scheme. The presented G-ABEET allows sensors equipped in vehicles to encrypt traffic data with an expressive access policy before sharing it. Only users with attributes required by the access policy ought to access the shared ciphertexts, thus achieving selective one-to-many data sharing. Meanwhile, the authorized cloud server could provide group users with equality tests over the ciphertexts, realizing ciphertext search ability. Furthermore, with the group mechanism, the G-ABEET scheme could resist offline message recovery attacks. Besides, in the standard model, we give rigorous security proof of the G-ABEET construction. The feasibility and efficiency of G-ABEET are demonstrated by experimental simulations. © 2005-2012 IEEE.

关键词： Cloud computing

来源：评论

学校读者我要写书评

暂无评论

PS3: Precise Patch Presence Test based on Semantic Symbolic Signature

arXiv

引用

arXiv 2023年

作者： Zhan, Qi Xia, Xin Hu, Xing Lo, David Li, Zhiyang Li, Shanping The State Key Laboratory of Blockchain and Data Security Zhejiang University Hangzhou China Software Engineering Application Technology Lab China Singapore Management University Singapore Zhejiang University Hangzhou China

关键词： software design

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：