Biblio

The fog platform is very suitable for time and location sensitive applications. Compared with cloud computing, fog computing faces new security and privacy challenges. This paper integrates blockchain nodes with fog nodes, and uses multi-party secure computing (MPC) in smart contracts to realize privacy-protected fog computing. MPC technology realizes encrypted input and output, so that participants can only get the output value of their own function. It is impossible to know the input and output of other people, and privacy calculation is realized. At the same time, the blockchain can perform network-wide verification and consensus on the results calculated by the MPC under the chain. Ensure the reliability of the calculation results. Due to the integration of blockchain and fog nodes, access control and encryption are guaranteed, integrity and isolation are provided, and privacy-sensitive data is controlled. As more complex topological structures emerge, the entire chain of fog nodes must be trusted. This ensures the network security of distributed data storage and network topology, users and fog service providers. Finally, trusted fog computing with privacy protection is realized.

With the progressive development of web applications and the urgent requirement of web security, vulnerability scanner has been particularly emphasized, which is regarded as a fundamental component for web security assurance. Various scanners are developed with the intention of that discovering the possible vulnerabilities in advance to avoid malicious attacks. However, most of them only focus on the vulnerability detection with single target, which fail in satisfying the efficiency demand of users. In this paper, an effective web vulnerability scanner that integrates the information collection with the vulnerability detection is proposed to verify whether the target web application is vulnerable or not. The experimental results show that, by guiding the detection process with the useful collected information, our tool achieves great web vulnerability detection capability with a large scanning scope.

To find software vulnerabilities using software vulnerability detection technology is an important way to ensure the system security. Existing software vulnerability detection methods have some limitations as they can only play a certain role in some specific situations. To accurately analyze and evaluate the existing vulnerability detection methods, an integrated testing and evaluation system (iTES) is designed and implemented in this paper. The main functions of the iTES are:(1) Vulnerability cases with source codes covering common vulnerability types are collected automatically to form a vulnerability cases library; (2) Fourteen methods including static and dynamic vulnerability detection are evaluated in iTES, involving the Windows and Linux platforms; (3) Furthermore, a set of evaluation metrics is designed, including accuracy, false positive rate, utilization efficiency, time cost and resource cost. The final evaluation and test results of iTES have a good guiding significance for the selection of appropriate software vulnerability detection methods or tools according to the actual situation in practice.