Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs

Rust is an emerging programming language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This article studies the question by surveying 186 real-world bug reports collected from several origins, which contain all existing Rust common vulnerability and exposures (CVEs) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code, and many memory-safety bugs in our dataset are mild soundness issues that only leave a possibility to write memory-safety bugs without unsafe code. Furthermore, we summarize three typical categories of memory-safety bugs, including automatic memory reclaim, unsound function, and unsound generic or trait. While automatic memory claim bugs are related to the side effect of Rust newly-adopted ownership-based resource management scheme, unsound function reveals the essential challenge of Rust development for avoiding unsound code, and unsound generic or trait intensifies the risk of introducing unsoundness. Based on these findings, we propose two promising directions toward improving the security of Rust development, including several best practices of using specific APIs and methods to detect particular bugs involving unsafe code. Our work intends to raise more discussions regarding the memory-safety issues of Rust and facilitate the maturity of the language.

Effective TCP Flow Management Based on Hierarchical Feedback Learning in Complex Data Center Network

Many studies focusing on improving Transmission Control Protocol (TCP) flow control realize a more effective use of bandwidth in data center networks. They are excellent ways to more effectively use the bandwidth between clients and back-end servers. However, these schemes cannot achieve the total optimization of bandwidth use for data center networks as they do not take into account the path design of TCP flows against a hierarchical complex structure of data center networks. To address this issue, this paper proposes a TCP flow management scheme specified a hierarchical complex data center network for effective bandwidth use. The proposed scheme dynamically controls the paths of TCP flows by reinforcement learning based on a hierarchical feedback model, which obtains an optimal TCP flow establishment policy even if both the network topology and link states are more complicated. In evaluation, the proposed scheme achieved more effective bandwidth use and reduced the probability of TCP incast up to 30% than the conventional TCP flow management schemes: Variant Load Balancing (VLB), Equal Cost Multi Path (ECMP), and Intelligent Forwarding Strategy Based on Reinforcement Learning (IFS-RL) in the complex data center network.

Information Sharing and Privacy Protection of Electronic Nursing Record Management System

The traditional centralized storage of traditional electronic medical records (EMRs) faces problems like data leakage, data loss, and EMR misplacement. The current protection measures for patients’ privacy in EMRs cannot withstand the fast-developing password cracking technologies and frequency cyberattacks. This paper intends to innovate the information sharing and privacy protection of electronic nursing records (ENRs) management system. Specifically, the signature interception technology was introduced to EMRs, the different phases of certificateless signature interception scheme were depicted, and the validation procedures of the scheme were designed. Then, the six phases of ENR information sharing protocol based on alliance blockchain were described in detail. Finally, an end-to-end memory neural network was constructed for ENR classification. The proposed management scheme was proved effective through experiments.

Demand Management for Resilience Enhancement of Integrated Energy Distribution System against Natural Disasters

For energy sustainability, the integrated energy distribution system (IEDS) is an efficient and clean energy system, which is based on the coordinated operation of a power distribution network, a gas distribution network and a district heating system. In this paper, considering the damage of natural disasters to IEDS, a demand management strategy is proposed to improve resilience of IEDS and ensure stable operation, which is divided into three stages. In the first stage, the electricity, natural gas and thermal energy are co-optimized in the simulating fault state to develop the importance ranking of transmission lines and gas pipelines. In the second stage, the natural disasters are classified as surface natural disasters and geological natural disasters. According to the types of natural disasters, the demand management strategy includes semi-emergency demand management scheme and full-emergency demand management scheme in the electrical resilience mode and the integrated resilience mode, respectively. In the third stage, the non-sequential Monte-Carlo simulation and scenario reduction algorithm are applied to describe potential natural disaster scenarios. According to the importance ranking of transmission lines and gas pipelines, a demand management strategy is formulated. Finally, the proposed strategy is applied on an IEEE 33-bus power system and a 19-node natural gas system. Its effectiveness is verified by numerical case studies.