Biblio

Aiming at the current troubles encountered by enterprise employees in their daily work when operating business systems due to web compatibility issues, a dual-core secure browser is designed and developed in the paper based on summarizing the current development status of multi-core browsers, key difficulties and challenges in the field. Based on the Chromium open-source project, the design of a dual-core browser auto-adaptation method is carried out. Firstly, dual-core encapsulation technology is implemented, followed by a study of the core auto-adaptation algorithm, and then a core cookie sharing function is developed based on Hook technology. In addition, the security of the browser is reinforced by designing a cookie manager, adding behavior monitoring functions, and unified platform control to enhance confidentiality and security, providing a safe and secure interface for employees' work and ubiquitous IoT access. While taking security into account, the browser realizes the need for a single browser compatible with all business system web pages of the enterprise, enhancing the operating experience of the client. Finally, the possible future research directions in this field are summarized and prospected.

Aiming at the realization of power system visualization plane topology modeling, a development method of Microsoft Foundation Classes application framework based on Microsoft Visual Studio is proposed. The overall platform development is mainly composed of five modules: the primitive library module, the platform interface module, the model array file module, the topology array file module, and the algorithm module. The software developed by this method can realize the user-defined power system modeling, and can realize power system operation analysis by combining with algorithm. The proposed method has a short development cycle, compatibility and expandability. This method is applied to the development of a plane topology modeling platform for the distribution network system, which further demonstrates the feasibility of this method.

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, i.e., indirect calls through function pointers and virtual calls. Protecting the backward edge is left to stack canaries, which are easily bypassed through information leaks. Shadow Stacks are a fully precise mechanism for protecting backwards edges, and should be deployed with CFI mitigations. We present a comprehensive analysis of all possible shadow stack mechanisms along three axes: performance, compatibility, and security. For performance comparisons we use SPEC CPU2006, while security and compatibility are qualitatively analyzed. Based on our study, we renew calls for a shadow stack design that leverages a dedicated register, resulting in low performance overhead, and minimal memory overhead, but sacrifices compatibility. We present case studies of our implementation of such a design, Shadesmar, on Phoronix and Apache to demonstrate the feasibility of dedicating a general purpose register to a security monitor on modern architectures, and Shadesmar's deployability. Our comprehensive analysis, including detailed case studies for our novel design, allows compiler designers and practitioners to select the correct shadow stack design for different usage scenarios. Shadow stacks belong to the class of defense mechanisms that require metadata about the program's state to enforce their defense policies. Protecting this metadata for deployed mitigations requires in-process isolation of a segment of the virtual address space. Prior work on defenses in this class has relied on information hiding to protect metadata. We show that stronger guarantees are possible by repurposing two new Intel x86 extensions for memory protection (MPX), and page table control (MPK). Building on our isolation efforts with MPX and MPK, we present the design requirements for a dedicated hardware mechanism to support intra-process memory isolation, and discuss how such a mechanism can empower the next wave of highly precise software security mitigations that rely on partially isolated information in a process.