Mingli College, together with the departments of science and technology, organized a series of reports on international basic disciplines, aiming to further enhance students' academic ability and international vision by inviting experts and scholars from world-class universities and enterprises to carry out international promotion activities on talent cultivation in various forms and themes.

From October 23 to 26, the basic software and intelligent system reliability series was carried out, and the lectures were reviewed.

Understand the security implications of third-party dependencies in the Android application supply chain

2023/10/23

Wang Xueqiang, assistant professor at the University of Central Florida, will deliver the lecture.

Dr. Wang's presentation first points out the importance of third-party dependencies for software supply chain security, and then introduces the security and privacy threats caused by malicious third-party dependencies on other dependencies in the Android app ecosystem from two new perspectives. Dr. Wang describes how malicious third-party libraries can harvest sensitive user data associated with other popular third-party libraries without using sensitive apis through a new type of cross-library data collection (XLDH) threat. At the same time, Dr. Wang shared the code and document analysis to detect this privacy threat, as well as the numerous issues they found in real-world Android apps and third-party libraries. Dr. Wang then analyzed the way third-party library resources are handled during Android application compilation, pointing out that the Android compiler's shortcomings in mediating duplicate resources across multiple libraries can lead to a new type of Duress threat. Following this, Dr. Wang used specific examples to show that Duress threats can coerce a third-party victim database into compromising security, leaking sensitive data, or even taking over its cloud back end entirely.

The influence of memory effect on system transparency in neural networks

2023/10/25

The presentation was delivered by Shiqing Ma, assistant professor at the University of Massachusetts Amherst.

Starting with ChatGPT and Linux as examples, Ma's presentation discusses the black box features of various computing architectures and the various security issues that arise from them. Later, it focuses on the memory phenomenon of neural network, that is, neural network as a system of algorithm and data, stores a lot of training data. These memories are crucial to the reasoning of neural networks, but they lead to various attack methods such as recovering training data and poisoning data. This paper analyzes the mathematical distribution of data poisoning attacks on training data sets from the perspective of input modeling, and summarizes the principle and shortcomings of the existing work, and further proposes a guaranteed defense training method based on this. On top of this, the report further explores another application of neural network data memory, namely the compressed storage of large data. The report details how this approach can be applied to achieve results that significantly outperform existing techniques.

Software quality evaluation is carried out by standard synthesis

2023/10/26

The presentation was delivered by Juan Zhai, assistant professor at the University of Massachusetts Amherst.

Zhai Juan's report shows her achievements in the generation of program specifications. As the most critical and complex part in the field of software engineering, program specification is famous for its complexity and high threshold. However, as the pre-work of shutdown technology such as automatic generation of program test cases and program verification, the automatic generation of program specifications is very necessary. The report points out that the program itself, the formal specification of the program and the description of the natural language specification are essentially the description of the semantics of the program. Based on this, the report describes a method to automatically generate other parts of the software specification based on program analysis combined with existing specifications, and the effect of the generated results on applications such as software testing. Further, the report demonstrates the transformation of software protocols based on artificial intelligence, especially natural language processing technologies, from human language descriptions to formal software protocols.

The profound, vivid and detailed lecture content and research methods of the teachers gave the students a lot of inspiration. Through this series of learning and exchange activities with distinctive themes and rich contents, MLI College is committed to providing students with a broad learning platform for their future academic research and career development, helping students improve their academic ability and broaden their international perspective. I hope the students have learned and achieved something in this series of lectures.