The space-air-ground integrated networks(SAGINs)are pivotal for modern communication and surveillance,with a growing number of connected devices.The proliferation of Io T devices within these networks introduces new r...The space-air-ground integrated networks(SAGINs)are pivotal for modern communication and surveillance,with a growing number of connected devices.The proliferation of Io T devices within these networks introduces new risks due to potential erroneous synergistic interactions that could compromise system integrity and security.This paper addresses the challenges in coordination,synchronization,and security within SAGINs by introducing a novel static program analysis(SPA)technique using zero-knowledge(ZK)proofs.This approach ensures the detection of risky interactions without compromising sensitive source code,thus safeguarding intellectual property and privacy.The proposed method overcomes the incompatibility between SPA and ZK systems by developing an imperative programming language for SAGINs and a specialized abstract domain for interaction threats.The system translates network control algorithms into arithmetic circuits suitable for ZK analysis,maintaining high accuracy in detecting risks.Evaluations of real-world scenarios demonstrate the system's efficacy in identifying risky interactions with minimal computational overhead.This research presents the first ZK-based SPA scheme for SAGINs,enhancing security and confidentiality in network analysis while adhering to privacy regulations.展开更多
Although static program analysis methods are frequently employed to enhance software quality,their efficiency in commercial settings is limited by their high false positive rate.The EUGENE tool can effectively lower t...Although static program analysis methods are frequently employed to enhance software quality,their efficiency in commercial settings is limited by their high false positive rate.The EUGENE tool can effectively lower the false positive rate.However,in continuous integration(CI)environments,the code is always changing,and user feedback from one version of the software cannot be applied to a subsequent version.Additionally,people find it difficult to distinguish between true positives and false positives in the analytical output.In this study,we developed the EUGENE-CI technique to address the CI problem and the EUGENE-rank lightweight heuristic algorithm to rate the reports of the analysis output in accordance with the likelihood that they are true positives.On the three projects ethereum,go-cloud,and kubernetes,we assessed our methodologies.According to the trial findings,EUGENE-CI may drastically reduce false positives while EUGENE-rank can make it much easier for users to identify the real positives among a vast number of reports.We paired our techniques with GoInsight~1 and discovered a vulnerability.We also offered a patch to the community.展开更多
This paper proposes an action analysis for implementing combining partial evaluation efficiently. By analyzing the results of binding time analysis, on erations, which should be used in the combining partial evaluatio...This paper proposes an action analysis for implementing combining partial evaluation efficiently. By analyzing the results of binding time analysis, on erations, which should be used in the combining partial evaluation, are determined in advance, so that the computation in the combination of specialized programs is reduced effectively.展开更多
基金supported by the National Natural Science Foundation of China(Grant Nos.62232002,62202051)the National Key R&D Program of China(Grant Nos.2021YFB2700500 and 2021YFB2700503)+7 种基金the China Postdoctoral Science Foundation(Grant Nos.2021M700435,2021TQ0042)the Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies(Grant No.2022B1212010005)the Key-Area Research and Development Program of Guangdong Province(Grant No.2021B0101400003)the Open Project Funding of Key Laboratory of Mobile Application Innovation and Governance TechnologyMinistry of Industry and Information Technology(Grant No.2023IFS080601-K)the Yunnan Provincial Major Science and Technology Special Plan Projects(Grant No.202302AD080003)the Beijing Institute of Technology Research Fund Program for Young Scholarsthe Young Elite Scientists Sponsorship Program by CAST(Grant No.2023QNRC001)
文摘The space-air-ground integrated networks(SAGINs)are pivotal for modern communication and surveillance,with a growing number of connected devices.The proliferation of Io T devices within these networks introduces new risks due to potential erroneous synergistic interactions that could compromise system integrity and security.This paper addresses the challenges in coordination,synchronization,and security within SAGINs by introducing a novel static program analysis(SPA)technique using zero-knowledge(ZK)proofs.This approach ensures the detection of risky interactions without compromising sensitive source code,thus safeguarding intellectual property and privacy.The proposed method overcomes the incompatibility between SPA and ZK systems by developing an imperative programming language for SAGINs and a specialized abstract domain for interaction threats.The system translates network control algorithms into arithmetic circuits suitable for ZK analysis,maintaining high accuracy in detecting risks.Evaluations of real-world scenarios demonstrate the system's efficacy in identifying risky interactions with minimal computational overhead.This research presents the first ZK-based SPA scheme for SAGINs,enhancing security and confidentiality in network analysis while adhering to privacy regulations.
基金the Project"Research on the protection technology of endogenous safety for industrial control system"supported by National Science and Technology Major Project(2016YFB08002)。
文摘Although static program analysis methods are frequently employed to enhance software quality,their efficiency in commercial settings is limited by their high false positive rate.The EUGENE tool can effectively lower the false positive rate.However,in continuous integration(CI)environments,the code is always changing,and user feedback from one version of the software cannot be applied to a subsequent version.Additionally,people find it difficult to distinguish between true positives and false positives in the analytical output.In this study,we developed the EUGENE-CI technique to address the CI problem and the EUGENE-rank lightweight heuristic algorithm to rate the reports of the analysis output in accordance with the likelihood that they are true positives.On the three projects ethereum,go-cloud,and kubernetes,we assessed our methodologies.According to the trial findings,EUGENE-CI may drastically reduce false positives while EUGENE-rank can make it much easier for users to identify the real positives among a vast number of reports.We paired our techniques with GoInsight~1 and discovered a vulnerability.We also offered a patch to the community.
文摘This paper proposes an action analysis for implementing combining partial evaluation efficiently. By analyzing the results of binding time analysis, on erations, which should be used in the combining partial evaluation, are determined in advance, so that the computation in the combination of specialized programs is reduced effectively.