Dawning Information Industry BEIJING Co.

Beijing, China

Dawning Information Industry BEIJING Co.

Beijing, China
SEARCH FILTERS
Time filter
Source Type

Patent
Dawning Cloud Computing Technology Co. and Dawning Information Industry BEIJING Co. | Date: 2015-04-22

The present invention provides a storage controller and a using method therefor. The method comprises: processors send a storage instruction; a processor controller receives the storage instructions sent by the processors, and sends the storage instructions to an exchanger; the exchanger sends the storage instructions to a hard disk controller one by one; and the hard disk controller sends the storage instructions to a hard disk according to storage address spaces indicated in the storage instructions, the indicated address spaces being address spaces allocated to the processors sending the storage instructions. By using the technical scheme of the present invention, multiplexing of the same physical storage space for the storage instructions of multiple processors can be ensured in a time-sharing mechanism, and accordingly, a purpose that the multiple processors share the same physical storage space by means of hardware is achieved.


Qiang W.,Huazhong University of Science and Technology | Xin S.,Huazhong University of Science and Technology | Jin H.,Huazhong University of Science and Technology | Sun G.,Dawning Information Industry Beijing Co.
Concurrency Computation | Year: 2017

Exploitation of covert channels in smartphone operating systems may lead to furtive data transmission between applications with different permissions, which might threaten users' privacy. Restricting the access to shared system resources can effectively prevent the exploitation of known covert channels. However, it inevitably limits the normal usage of those resources. In this paper, we propose a general method that detects covert channel attack at runtime without impacting the accessibility of shared resources in the system. The main idea of the method is to track and audit the use of system resources known as potential covert channel variables and impose interferences on those channels to reduce their capacity once violations are detected. We implement a prototype framework, which is able to audit and interfere covert communication both in the application layer and in the native layer of Android. The experimental results demonstrate that our method can effectively reduce the data rate of user-defined covert channels while the overhead is negligible. © 2017 John Wiley & Sons, Ltd.


Qiang W.,Huazhong University of Science and Technology | Huang Y.,Huazhong University of Science and Technology | Zou D.,Huazhong University of Science and Technology | Jin H.,Huazhong University of Science and Technology | And 2 more authors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2017

Control-Flow Integrity (CFI) is a popular method against control-flow hijacking attacks. For Commercial Off-the-Shelf (COTS) binaries, in order to reduce the runtime overhead, traditional works provide coarse-grained CFI and thus are context-insensitive. Because of the inaccuracy of the control-flow graphs (CFGs), they can hardly defend against elaborately designed attacks. We present a fully context-sensitive CFI method (FCCFI), which determines the validity of the control flow of the current execution path through checking the whole execution path instead of the single edge or partial edges in the execution path. FCCFI gathers the control-flow information in the offline phase and tracks the execution paths to gather the process-tracking information during runtime. Then it compares the control-flow information with the process-tracking information to check the validity of the control flow. We implement the system and evaluate the security of the implementation. The evaluation results show that FCCFI can defend against most common control-flow hijacking attacks. © Springer International Publishing AG 2017.


Zou D.,Huazhong University of Science and Technology | Qi H.,Huazhong University of Science and Technology | Li Z.,Huazhong University of Science and Technology | Li Z.,Hebei University | And 5 more authors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2017

The behavior of copying existing code to reuse or modify its functionality is very common in the software development. However, when developers clone the existing code, they also clone any vulnerabilities in it. Thus, it seriously affects the security of the system. In this paper, we propose a novel semantics-based approach called SCVD for cloned vulnerable code detection. We use the full path traversal algorithm to transform the Program Dependency Graph (PDG) into a tree structure while preserving all the semantic information carried by the PDG and apply the tree to the cloned vulnerable code detection. We use the identifier name mapping technique to eliminate the impact of identifier name modification. Our key insights are converting the complex graph similarity problem into a simpler tree similarity problem and using the identifier name mapping technique to improve the effectiveness of semantics-based cloned vulnerable code detection. We have developed a practical tool based on our approach and performed a large number of experiments to evaluate the performance from three aspects, including the false positive rate, false negative rate, and time cost. The experiment results show that our approach has a significant improvement on the vulnerability detection effectiveness compared with the existing approaches and has lower time cost than subgraph isomorphism approaches. © Springer International Publishing AG 2017.

Loading Dawning Information Industry BEIJING Co. collaborators
Loading Dawning Information Industry BEIJING Co. collaborators