With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an impor...With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an important aspect of future audit that cannot be ignored.However,the existing code security audit ismainly based on source code,which is difficult to meet the audit needs of more and more programming languages and binary commercial software.Based on the idea of normalized transformation,this paper constructs a cross language code security audit framework(CLCSA).CLCSA first uses compile/decompile technology to convert different highlevel programming languages and binary codes into normalized representation,and then usesmachine learning technology to build a cross language code security audit model based on normalized representation to evaluate code security and find out possible code security vulnerabilities.Finally,for the discovered vulnerabilities,the heuristic search strategy will be used to find the best repair scheme from the existing normalized representation sample library for automatic repair,which can improve the effectiveness of code security audit.CLCSA realizes the normalized code security audit of different types and levels of code,which provides a strong support for improving the breadth and depth of code security audit.展开更多
This paper analyzes institutional defects in the Chinese social security system, based on irregularities in social security funds revealed in the Audit Report by the China National Audit Offce. The author divides the ...This paper analyzes institutional defects in the Chinese social security system, based on irregularities in social security funds revealed in the Audit Report by the China National Audit Offce. The author divides the irregularities into five categories according to the nature of fimd use. The results show that the institutional root cause of the irregularities lies in the unreasonable design and operation of the social security system, which currently faces management and institutional risks, This paper argues that simple rhetoric about strengthening regulation and supervision cannot help to reduce illegal practices, or to realize risk control. The only solution is to reform the social security system. Specifically, the Chinese Government should regulate the administrative cost of the social security system, and the behavior of its agencies, through legislation, reform the investment regime to increase rate of return of pension assets, and adjust and reshape the existing social security system, so as to elevate its pooling level.展开更多
基金This work was supported by the Universities Natural Science Research Project of Jiangsu Province under Grant 20KJB520026the Natural Science Foundation of Jiangsu Province under Grant BK20180821.
文摘With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an important aspect of future audit that cannot be ignored.However,the existing code security audit ismainly based on source code,which is difficult to meet the audit needs of more and more programming languages and binary commercial software.Based on the idea of normalized transformation,this paper constructs a cross language code security audit framework(CLCSA).CLCSA first uses compile/decompile technology to convert different highlevel programming languages and binary codes into normalized representation,and then usesmachine learning technology to build a cross language code security audit model based on normalized representation to evaluate code security and find out possible code security vulnerabilities.Finally,for the discovered vulnerabilities,the heuristic search strategy will be used to find the best repair scheme from the existing normalized representation sample library for automatic repair,which can improve the effectiveness of code security audit.CLCSA realizes the normalized code security audit of different types and levels of code,which provides a strong support for improving the breadth and depth of code security audit.
文摘This paper analyzes institutional defects in the Chinese social security system, based on irregularities in social security funds revealed in the Audit Report by the China National Audit Offce. The author divides the irregularities into five categories according to the nature of fimd use. The results show that the institutional root cause of the irregularities lies in the unreasonable design and operation of the social security system, which currently faces management and institutional risks, This paper argues that simple rhetoric about strengthening regulation and supervision cannot help to reduce illegal practices, or to realize risk control. The only solution is to reform the social security system. Specifically, the Chinese Government should regulate the administrative cost of the social security system, and the behavior of its agencies, through legislation, reform the investment regime to increase rate of return of pension assets, and adjust and reshape the existing social security system, so as to elevate its pooling level.
