Random numbers play a crucial role in cryptographic applications and cryptosystems, and their quality directly affects the security of these systems. This article reviewed recent advances in evaluation methods for random number generators based on neural networks. First, it introduced random number generators and existing randomness test suites. Second, it focused on neural network-based evaluation methods, including prediction models and classification models. Third, by comparing with traditional evaluation methods, it elaborated on the advantages and potential of neural networks in assessing random number generators. Finally, it identified key challenges in current research and outlined future directions for improvement.

Armv9 introduces the Arm Confidential Compute Architecture (Arm CCA), which protects confidential virtual machines from untrusted software and system environments by executing them in an isolated Realm world. The architectural design and software ecosystem development of CCA urgently require a simulation platform that supports both functional modeling and performance evaluation. However, existing studies either focus on functional virtualization of CCA without performance modeling capabilities, or provide performance simulation while lacking support for CCA mechanisms, making them inadequate for architectural exploration and performance analysis. To address this gap, this paper presented CCASim, a performance simulation platform with support for CCA functional modeling. CCASim provided a front-end/back-end decoupled simulation mode based on SniperSim and a full-system simulation mode based on Gem5, enabling configurable modeling of core CCA mechanisms and parallel simulation of multiple Realm virtual machines. Experimental results demonstrate that CCASim can correctly implement fine-grained memory protection and multi-VM isolation with only limited performance overhead, while ensuring functional correctness. Compared with existing solutions, the proposed platform offers clear advantages in simulation accuracy, flexibility, and performance evaluation capability, providing an effective tool for architectural research and software optimization of Arm CCA.

Aiming at the difficulty in detecting exception handling vulnerabilities in C language programs of industrial control systems due to the lack of a unified exception handling mechanism, this paper proposed a directed fuzz testing method for C language exception handling paths in industrial control systems. The method improved the detection capability of exception handling-related vulnerabilities through the collaborative work of two stages: exception test condition modeling and exception handling vulnerability detection. In the exception test condition modeling stage, a software exception event import algorithm was designed, which combined dynamic-static indirect call relationship analysis and exception injection technology to generate test programs with controllable exception states. In the exception handling vulnerability detection stage, a multi-objective directed fuzz testing framework MEFuzz was constructed, which dynamically adjusted test resource allocation through pre-run multi-objective planning and runtime multi-objective early stopping algorithms to improve the exploration efficiency of multi-context exception handling paths. Experiments based on the UniBench dataset show that this method outperforms existing tools in static detection accuracy (22.22%) and the total number of fuzz testing vulnerability triggers (294), with an improvement factor of 1.26, effectively enhancing the detection effect of vulnerabilities related to exception handling paths in C language programs of industrial control systems.

Sieve is the fastest approach to solve the shortest vector problem in the lattice. In practice, the heuristic sieve has become a new type of attack against lattice-based cryptography due to its low time complexity and excellent attack efficiency. With the rapid advancement of quantum computing, quantum algorithms enable the quantum sieve to achieve the optimal asymptotic time complexity theoretically, but the research on specific circuit design for quantum sieve is still in the primary stage. In this paper, a quantum circuit design scheme of Gauss sieve based on Grover’s quantum search algorithm was proposed, which discussed in depth the quantum circuit design of the two core search processes in Gauss sieve and their key operations, and the corresponding Oracle black box quantum circuits were successfully constructed. Through the analysis and verification of toy examples, the scheme not only can be correctly executed under the quantum computing model, but also effectively reduces the time complexity of the Gauss sieve. This result provides new ideas and methods for the research of quantum sieve realization in the post-quantum cryptography era.

In the era of big data, data privacy protection in the field of machine learning has become increasingly important. In multi-party learning scenarios, attackers can reverse-engineer original data features from information such as gradients and model parameters. Moreover, some participants may collude for personal gain, sharing data that should remain confidential, thereby undermining the fairness and privacy requirements of multi-party learning. To address these issues, this paper proposed a fusion scheme of multi-key homomorphic encryption and differential privacy for distributed learning, namely the PrivMPL scheme, whose core objective was to achieve efficient model training while ensuring data privacy security. In this scheme, local clients used an aggregated public key to encrypt updated model parameters, and the decryption process required collaborative participation from all data users. The server achieved differential privacy by adding Gaussian noise to the aggregated parameters. The scheme effectively prevented privacy leakage caused by information sharing during multi-party training and was robust against collusion between data users and the server. To validate the effectiveness of the PrivMPL scheme, it is compared with a Paillier-based homomorphic encryption multi-party learning approach, using model accuracy as the evaluation metric. Experimental results show that the PrivMPL scheme achieves a significant improvement in model accuracy, further demonstrating its advantages in data privacy protection and model performance.

With the increasing demand for privacy protection, Multiparty Private Set Intersection (MP-PSI) has emerged as a crucial privacy-preserving computation technique and has gained widespread attention across various domains. However, in resource-constrained environments, existing MP-PSI protocols often impose a significant computational burden on clients, limiting their practical applicability. To address this issue, this paper proposed an MP-PSI protocol based on Bloom filter and homomorphic encryption for lightweight clients. By incorporating oblivious programmable pseudorandom function, the proposed protocol effectively offloaded most computational tasks from the client to the server, thereby significantly reducing client-side computational overhead while fully utilizing server-side computational resources. Experimental results demonstrate that the proposed protocol outperforms existing approaches in terms of client-side computation time and server-side computational efficiency. Furthermore, in the semi-honest model, the protocol can resist collusion attacks from up to n-1 participants while ensuring the privacy of honest parties. This paper provides an innovative solution to privacy protection in resource-constrained environments.

The mobile operating system translates application bytecode into machine code through pre-compilation and stores it in odex files to improve application startup and runtime efficiency. However, system framework updates invalidate these odex files, necessitating application recompilation and degrading user experience. One approach to avoid recompilation was to statically rewrite existing odex files, but existing static rewriting technologies paid little attention to odex files and the rewriting challenges posed by system environment changes. To address these issues, this paper proposed a compiler-assisted odex file rewriting method. During compilation, this method collected instruction information to guide precise static rewriting and adapt odex files to new system environments. This paper implemented a prototype system based on this method and evaluated it on 50 popular applications. The experimental results show that the method effectively rewrites odex files. The average time cost for rewriting is only 6.85% of the time required for recompilation.

Existing SQL injection vulnerability detection methods suffer from insufficient robustness and a lack of targeted test cases. To address these limitations, this paper proposed a large language model(LLM)-based approach for generating targeted detection payloads to effectively identify SQL injection vulnerabilities. Specifically, by integrating prompt engineering with the DeepSeek-V3 model, the method automatically extracted heterogeneous vulnerability features and constructed them into a unified semantic representation. A contribution-based feature selection mechanism was then employed to identify the most influential features, which serve as the core input to the model. Furthermore, key features were structured into a chain-of-thought format to enable effective fusion of multi-dimensional vulnerability representations. Domain-adaptive supervised fine-tuning was performed on the Qwen model using low-rank adaptation.Extensive experiments was conducted on multiple public vulnerability benchmarks to evaluate both the detection performance and payload generation quality of the proposed method against SqliGPT, GPT-2-web, and SQLMap. Additionally, we conducted an in-depth analysis of DeepSeek-V3’s capability in extracting meaningful features from complex SQL injection vulnerability data. Experimental results show that the Qwen model achieves an average detection accuracy of over 75%, representing improvements of 49.18%, 59.64%, and 15.19% over SqliGPT, GPT-2-web, and SQLMap, respectively. Moreover, the quality of its generated payloads is significantly superior to that of existing models, demonstrating the effectiveness and superiority of the proposed approach—leveraging large language models to generate detection payloads for SQL injection vulnerability identification.

The existing network defense decision-making methods are largely based on the assumption of complete rationality of both attacker and defender, as well as deterministic game models. However, these approaches struggle to align with real-world network attack-defense scenarios, leading to poor practicality. To better adapt to the bounded rationality of network attack-defense games, a network defense decision-making method based on Moran process and stochastic evolutionary game model was constructed. A selection intensity coefficient was introduced to analyze the preference of both attacker and defender for dominant strategy. By solving the dynamic evolutionary equilibrium equations of attack-defense strategy, an optimal defensive strategy decision-making algorithm was designed, and the evolution trajectory of strategy selection was characterized. The results of numerical simulation experiments verify the scientificity and effectiveness of the proposed method, and the evolution trajectories of attack and defense strategies under different network states are analyzed and discussed. Furthermore, compare to network defense decision-making methods based on Wright-Fisher and replicator dynamics, the average convergence speed of the optimal defense strategy proposed in this article improves by 23.1% and 17.4% respectively, indicating the superiority of this method in terms of convergence rate.

Static analysis includes control flow analysis, data flow analysis, pointer analysis, and taint analysis. Grounded in abstract interpretation theory, these methods analyze programs across different abstract domains to extract program information for tasks such as compilation optimization and program comprehension, as well as vulnerability detection. Injection vulnerabilities, such as command injection and SQL injection, arise when external inputs reach sensitive functions. For detecting injection vulnerabilities, static analysis primarily employs two approaches: rule matching and taint analysis. The rule matching approach uses pattern-based templates to identify vulnerabilities, which tends to yield a high false positive rate. The taint analysis approach detects vulnerabilities by tracking the flow of tainted data from sources to sensitive sinks, though its effectiveness depends on the completeness of both taint sources and propagation rules. This paper employed a string constant propagation algorithm to analyze variable-referenced string information within programs, followed by a dangerous function parameter analysis algorithm based on the string information to detect injection vulnerabilities. The proposed method which named ConstStringDetect, was implemented on the open-source Java static analysis framework Tai-e. Experiments were conducted on the Juliet Java v1.3 and OWASP v1.2 benchmark suites, covering three types of injection vulnerabilities: CWE-078 (OS command injection), CWE-089 (SQL injection), and CWE-090 (LDAP injection). Compared to state-of-the-art static vulnerability detection tools such as SpotBugs and CodeQL, the method proposed in this paper achieves a higher recall rate than CodeQL and a significantly lower false positive rate than SpotBugs, even without relying on specific function rules.

This paper proposed a hierarchical role-based encryption scheme based on trusted execution environment to address the shortcomings of existing encryption technologies in data sensitivity protection and runtime security. The scheme combined hierarchical role-based encryption with trusted computing, dynamically matching data access permissions and sensitivity requirements by selecting different levels of role public keys for encryption based on data sensitivity. For general data, encryption was performed using keys from deeper-level nodes, while for highly sensitive data, keys from shallow-level nodes closer to the root were used. Furthermore, encryption operations and key management were carried out within the trusted execution environment, ensuring that encryption keys and sensitive data were not compromised or tampered with during processing, effectively addressing the shortcomings of conventional encryption schemes in runtime protection. Additionally, by leveraging the hardware isolation characteristics of trusted execution environment and hierarchical role-based encryption, the system enhanced its resistance to attacks and implemented more refined access control management. Experimental results demonstrate that the proposed scheme not only ensures data security but also offers high efficiency.

The proliferation of Internet of Things (IoT) devices has led to increasingly severe security challenges posed by embedded firmware vulnerabilities. Current mainstream taint analysis schemes are plagued by significant limitations, including path explosion and high false positive rates. To overcome the limitations of existing solutions, this paper proposed Laptaint, a high-accuracy firmware vulnerability detection scheme based on taint analysis. First, for keyword matching, Laptaint integrated lightweight model and fuzzy matching to enhance keyword identification. This approach precisely recognized input sources, thereby reducing false negatives caused by missing source points. Second, in terms of data flow analysis, a fine-grained taint semantics model was constructed. This model utilized definitional reachability analysis to iteratively trace backward from hazardous function call sites, reaching the taint sources. Finally, for function sanitization, an integrated sanitization verification module validated tainted inputs through four distinct checking logics. Experiments conduct on 30 real-world device firmwares demonstrat Laptaint’s ability to identify vulnerabilities with an 82.02% accuracy rate, outperforming comparable schemes.