The hypothetical Weyl particles in high-energy physics have been discovered in three-dimensional crystals as collective quasiparticle excitations near two-fold degenerate Weyl points1-5. Such momentum-space Weyl parti...
详细信息
Wearable devices become popular because they can help people observe health *** battery life is the critical problem for wearable devices. The non-volatile memory(NVM) attracts attention in recent years because of its...
详细信息
Wearable devices become popular because they can help people observe health *** battery life is the critical problem for wearable devices. The non-volatile memory(NVM) attracts attention in recent years because of its fast reading and writing speed, high density, persistence, and especially low idle power. With its low idle power consumption,NVM can be applied in wearable devices to prolong the battery lifetime such as smart bracelet. However, NVM has higher write power consumption than dynamic random access memory(DRAM). In this paper, we assume to use hybrid random access memory(RAM)and NVM architecture for the smart bracelet *** paper presents a data management algorithm named bracelet power-aware data management(BPADM) based on the architecture. The BPADM can estimate the power consumption according to the memory access, such as sampling rate of data, and then determine the data should be stored in NVM or DRAM in order to satisfy low power. The experimental results show BPADM can reduce power consumption effectively for bracelet in normal and sleeping modes.
With the popular use of network application services and the growing number of users, web services have become the main target of hackers. Traditional single software has insufficient security protection against unkno...
With the popular use of network application services and the growing number of users, web services have become the main target of hackers. Traditional single software has insufficient security protection against unknown threats and is prone to various vulnerabilities. In this paper, we adopt a new type of active defense strategy in java web services. At different application layers, we use existing components based on the natural software diversity to form different software stacks, and use dynamic scheduling mechanisms to change the attack surface at all times to obtain security protection. Our analysis shows that the flexibility of java web services using this defense strategy is enhanced, and the exploitability of its vulnerabilities is effectively reduced.
Programmable Logic Controller (PLC) programs are vulnerable to tampering attacks with addition of malware, which can substantially cause severe physical destructions. In order to solve the problems, We propose a stati...
详细信息
Cyberspace mimic defense has been proven to be a revolutionary defense technology that 'changes the rules of the game' to ensure the security of cyberspace. However, the software diversity inherent in mimic de...
Cyberspace mimic defense has been proven to be a revolutionary defense technology that 'changes the rules of the game' to ensure the security of cyberspace. However, the software diversity inherent in mimic defense technology may increase the difficulty in managing software executable binaries, especially when updating or debugging a software. In this paper, we study the problem of software assignment in a networked system to minimise the number of binaries generated by mimic compilers. Mimic compilers can help to generate functional equivelant software executables which exhibits diverse characteristics such as binary size etc. Theoretically the software assignment problem is equal to the traditional graph coloring problem. To guarantee network severity, we apply a Welsh-Powell-based Software Assignment (WPSA) algorithm to determine the number of binaries needed and the assignment of these binaries to hosts in a network. We conduct experiments on real world network topologies. Experimental results show that our algorithm can effectively reduce the number of binaries needed in networked systems.
Software diversity has been proven to be an effective approach to enhance system security. To make the best of the advantage brought by software diversity, a multi-variant execution environment is needed. However, alt...
Software diversity has been proven to be an effective approach to enhance system security. To make the best of the advantage brought by software diversity, a multi-variant execution environment is needed. However, although some MVEEs have been proposed, most of them are either too simple or only focusing one aspect which limits their widely adoption in industry. In this paper we propose a framework for multi-variant execution environment to enhance the security of software systems. The framework addresses different aspects when implementing a MVEE and can help to make the best of software diversity to enhance the system's security.
The Unified Extensible Firmware Interface (UEFI) is a software interface between an operating system and platform firmware designed to replace a traditional BIOS. In this paper, we evaluated the security mechanisms us...
The Unified Extensible Firmware Interface (UEFI) is a software interface between an operating system and platform firmware designed to replace a traditional BIOS. In this paper, we evaluated the security mechanisms used to protected SPI Flash, and then analyzed the attack surface presented by those security mechanisms. Intel provides several registers in its chipset relevant to locking down the SPI Flash chip that contains the UEFI in order to prevent arbitrary writes. Since these registers implement their functions through the system management mode, the main attack surface is concentrated in the system management mode. In this paper, we propose an attack vector for the system management mode, which uses the method of cache poisoning to attack the system management mode and destroy the protection mechanism of SPI Flash. This method can overcome the limitations for the traditional attacks. Experimental results proved that this kind of attack can arbitrarily write to the UEFI.
The topological band theory predicts that bulk materials with nontrivial topological phases support topological edge states. This phenomenon is universal for various wave systems and has been widely observed for elect...
详细信息
This paper addresses detecting taint-style Thisvulnerabilities in PHP code. It extends classical taint-style model with an element called "cleans", which is used to specify sanitation routines. Based on the ...
详细信息
ISBN:
(纸本)9781509038237;9781509038220
This paper addresses detecting taint-style Thisvulnerabilities in PHP code. It extends classical taint-style model with an element called "cleans", which is used to specify sanitation routines. Based on the new model, a static backward taint data analysis method is proposed to detecting taint-style vulnerabilities. This method includes four key steps, first of which is collecting sinks and constructing contexts, the second is backward tracing variables during a basic block, the third is tracing variables between blocks, and the last is tracing variables crossing function call. A tool called POSE implements this method and testing results show that the method is valid for detecting taint-style web application vulnerabilities.
With the convergence of computer technology and industrial networks, attackers are not limited to attacking only individual users' computers, turning to attack industrial control systems that can cause major infra...
With the convergence of computer technology and industrial networks, attackers are not limited to attacking only individual users' computers, turning to attack industrial control systems that can cause major infrastructure problems. Programmable Logic Controllers (PLC) are the core components of industrial control systems. Its safety has a profound impact on the safety of the entire industrial system. This paper firstly classifies the security research of PLC according to the structure and function, and expounds the existing security defects of PLC from the aspects of firmware security, operation security and program security. Then it summarizes and analyzes four types of security protection measures: the integrity of verification firmware, protocol security encryption, code formal verification, and program security defence detection. Finally, according to the overall safety of the industrial system and the actual development of the current PLC, we discuss the development trend of safety research.
暂无评论