Biblio

This paper for the first time investigate the security and reliability performance of ultra-reliable low-latency communication (URLLC) systems in the presence of randomly distributed eavesdroppers, where the impact of short blocklength codes and imperfect channel estimation are jointly considered. Based on the finite-blocklength information theory, we first derive a closed-form approximation of transmission error probability to describe the degree of reliability loss. Then, we also derive an asymptotic expression of intercept probability to characterize the security performance, where the impact of secrecy protected zone is also considered. Simulation and numerical results validate the accuracy of theoretical approximations, and illustrate the tradeoff between security and reliability. That is, the intercept probability of URLLC systems can be suppressed by loosening the reliability requirement, and vice versa. More importantly, the theoretical analysis and methodologies presented in this paper can offer some insights and design guidelines for supporting secure URLLC applications in the future 6G wireless networks.

The reuse of libraries in software development has become prevalent for improving development efficiency and software quality. However, security vulnerabilities of reused libraries propagated through software project dependency pose a severe security threat, but they have not yet been well studied. In this paper, we present the first large-scale empirical study of project dependencies with respect to security vulnerabilities. We developed PDGraph, an innovative approach for analyzing publicly known security vulnerabilities among numerous project dependencies, which provides a new perspective for assessing security risks in the wild. As a large-scale software collection in dependency, we find 337,415 projects and 1,385,338 dependency relations. In particular, PDGraph generates a project dependency graph, where each node is a project, and each edge indicates a dependency relationship. We conducted experiments to validate the efficacy of PDGraph and characterized its features for security analysis. We revealed that 1,014 projects have publicly disclosed vulnerabilities, and more than 67,806 projects are directly dependent on them. Among these, 42,441 projects still manifest 67,581 insecure dependency relationships, indicating that they are built on vulnerable versions of reused libraries even though their vulnerabilities are publicly known. During our eight-month observation period, only 1,266 insecure edges were fixed, and corresponding vulnerable libraries were updated to secure versions. Furthermore, we uncovered four underlying dependency risks that can significantly reduce the difficulty of compromising systems. We conducted a quantitative analysis of dependency risks on the PDGraph.

This paper studies the security issue of a gossip-based distributed projected gradient (DPG) algorithm, when it is applied for solving a decentralized multi-agent optimization. It is known that the gossip-based DPG algorithm is vulnerable to insider attacks because each agent locally estimates its (sub)gradient without any supervision. This work leverages the convolutional neural network (CNN) to perform the detection and localization of the insider attackers. Compared to the previous work, CNN can learn appropriate decision functions from the original state information without preprocessing through artificially designed rules, thereby alleviating the dependence on complex pre-designed models. Simulation results demonstrate that the proposed CNN-based approach can effectively improve the performance of detecting and localizing malicious agents, as compared with the conventional pre-designed score-based model.