As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in b...As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.展开更多
Deep learning frameworks promote the development of artificial intelligence and demonstrate considerable potential in numerous applications.However,the security issues of deep learning frameworks are among the main ri...Deep learning frameworks promote the development of artificial intelligence and demonstrate considerable potential in numerous applications.However,the security issues of deep learning frameworks are among the main risks preventing the wide application of it.Attacks on deep learning frameworks by malicious internal or external attackers would exert substantial effects on society and life.We start with a description of the framework of deep learning algorithms and a detailed analysis of attacks and vulnerabilities in them.We propose a highly comprehensive classification approach for security issues and defensive approaches in deep learning frameworks and connect different attacks to corresponding defensive approaches.Moreover,we analyze a case of the physical-world use of deep learning security issues.In addition,we discuss future directions and open issues in deep learning frameworks.We hope that our research will inspire future developments and draw attention from academic and industrial domains to the security of deep learning frameworks.展开更多
基金supported by the National Key Research and Devel-opment Program of China(2018YFB0803403)Fundamental Research Funds for the Central Universities(FRF-AT-20-11)from the Ministry of Education of China。
文摘As an advantageous technique and service,the blockchain has shown great development and application prospects.However,its security has also met great challenges,and many security vulnerabilities and attack issues in blockchain-based services have emerged.Recently,security issues of blockchain have attracted extensive attention.However,there is still a lack of blockchain security research from a full-stack architecture perspective,as well as representative quantitative experimental reproduction and analysis.We aim to provide a security architecture to solve security risks in blockchain services from a full-stack architecture perspective.Meanwhile,we propose a formal definition of the full-stack security architecture for blockchain-based services,and we also propose a formal expression of security issues and defense solutions from a full-stack security perspective.We use ConCert to conduct a smart contract formal verification experiment by property-based testing.The security vulnerabilities of blockchain services in the Common Vulnerabilities and Exposures(CVE)and China Nation Vulnerability Database(CNVD)are selected and enumerated.Additionally,three real contract-layer real attack events are reproduced by an experimental approach.Using Alibaba's blockchain services and Identity Mixer in Hyperledger Fabric as a case study,the security problems and defense techniques are analyzed and researched.At last,the future research directions are proposed.
基金supported by the National Key Research and Development Program of China(No.2018YFB0803403)Fundamental Research Funds for the Central Universities(Nos.FRF-AT-19-009Z and FRF-BD-19-012A)National Social Science Fund of China(No.18BGJ071)。
文摘Deep learning frameworks promote the development of artificial intelligence and demonstrate considerable potential in numerous applications.However,the security issues of deep learning frameworks are among the main risks preventing the wide application of it.Attacks on deep learning frameworks by malicious internal or external attackers would exert substantial effects on society and life.We start with a description of the framework of deep learning algorithms and a detailed analysis of attacks and vulnerabilities in them.We propose a highly comprehensive classification approach for security issues and defensive approaches in deep learning frameworks and connect different attacks to corresponding defensive approaches.Moreover,we analyze a case of the physical-world use of deep learning security issues.In addition,we discuss future directions and open issues in deep learning frameworks.We hope that our research will inspire future developments and draw attention from academic and industrial domains to the security of deep learning frameworks.