Biblio

Fuzzing has been widely adopted as an effective techniques to detect vulnerabilities in softwares. However, existing fuzzers suffer from the problems of generating excessive test inputs that either cannot pass input validation or are ineffective in exploring unvisited regions in the program under test (PUT). To tackle these problems, we propose a greybox fuzzer called MuFuzzer based on AFL, which incorporates two heuristics that optimize seed selection and automatically extract input formatting information from the PUT to increase the chance of generating valid test inputs, respectively. In particular, the first heuristic collects the branch coverage and execution information during a fuzz session, and utilizes such information to guide fuzzing tools in selecting seeds that are fast to execute, small in size, and more importantly, more likely to explore new behaviors of the PUT for subsequent fuzzing activities. The second heuristic automatically identifies string comparison operations that the PUT uses for input validation, and establishes a dictionary with string constants from these operations to help fuzzers generate test inputs that have higher chances to pass input validation. We have evaluated the performance of MuFuzzer, in terms of code coverage and bug detection, using a set of realistic programs and the LAVA-M test bench. Experiment results demonstrate that MuFuzzer is able to achieve higher code coverage and better or comparative bug detection performance than state-of-the-art fuzzers.

Ciphertext policy attribute based encryption (CP-ABE) can provide high finegrained access control for cloud storage. However, it needs to solve problems such as property privacy protection, ciphertext search and data update in the application process. Therefore, based on CP-ABE scheme, this paper proposes a dynamically updatable searchable encryption cloud storage (DUSECS) scheme. Using the characteristics of homomorphic encryption, the encrypted data is compared to achieve efficient hiding policy. Meanwhile, adopting linked list structure, the DUSECS scheme realizes the dynamic data update and integrity detection, and the search encryption against keyword guessing attacks is achieved by combining homomorphic encryption with aggregation algorithm. The analysis of security and performance shows that the scheme is secure and efficient.

Since 2016, the northwest power grid has organized new energy sources to participate in the rapid frequency regulation research and carried out pilot test work at the sending end large power grid. The experimental results show that new energy generator has the ability to participate in the grid's rapid frequency regulation, and its performance is better than that of conventional power supply units. This paper analyses the requirements for fast frequency control of the sending end large power grid in northwest China, and proposes the segmented participation indexes of photovoltaic and wind power in the frequency regulation of power grids. In accordance with the idea of "clear responsibilities, various types of unit coordination", the parameter setting of new energy sources rapid frequency regulation is completed based on the coordinated control based on multi-frequency regulation resources in northwest power grid. The new energy fast frequency regulation model was established, through the PSASP power grid stability simulation program and the large-scale power grid stability simulation analysis was completed. The simulation results show that the wind power and photovoltaic adopting differential rapid frequency regulation parameters can better utilize the rapid frequency regulation capability of various types of power sources, realize the coordinated rapid frequency regulation of all types of units, and effectively improve the frequency security prevention and control level of the sending end large power grid.

Untrusted third-party vendors and manufacturers have raised security concerns in hardware supply chain. Among all existing solutions, formal verification methods provide powerful solutions in detection malicious behaviors at the pre-silicon stage. However, little work have been done towards built-in hardware runtime verification at the post-silicon stage. In this paper, a runtime formal verification framework is proposed to evaluate the trust of hardware during its execution. This framework combines the symbolic execution and SAT solving methods to validate the user defined properties. The proposed framework has been demonstrated on an FPGA platform using an SoC design with untrusted IPs. The experimentation results show that the proposed approach can provide high-level security assurance for hardware at runtime.

The inevitable temperature raise leads to the demagnetization of permanent magnet synchronous motor (PMSM), that is undesirable in the application of electrical vehicle. This paper presents a nonlinear demagnetization model taking into account temperature with the Wiener structure and neural network characteristics. The remanence and intrinsic coercivity are chosen as intermediate variables, thus the relationship between motor temperature and maximal permanent magnet flux is described by the proposed neural Wiener model. Simulation and experimental results demonstrate the precision of temperature dependent demagnetization model. This work makes the basis of temperature compensation for the output torque from PMSM.