-
公开(公告)号:US20200334066A1
公开(公告)日:2020-10-22
申请号:US16773004
申请日:2020-01-27
Inventor: Hai JIN , Song Wu , Qizhi Tang
Abstract: The present disclosure discloses a NVM-based method for performance acceleration of containers. The method comprises classifying each image layer of mirror images as either an LAL (Layer above LDL) or an LBL (Layer below LDL) during deployment of containers; storing the LALs into a non-volatile memory and selectively storing each said LBL into one of the non-volatile memory and a hard drive; acquiring hot image files required by the containers during startup and/or operation of the containers and storing the hot image files required by the containers into the non-volatile memory; and sorting the mirror images in terms of access frequency according to at least numbers of times of access to the hot image files so as to release the non-volatile memory currently occupied by the mirror image having the lowest access frequency when the non-volatile memory is short of storage space.
-
公开(公告)号:US20200326992A1
公开(公告)日:2020-10-15
申请号:US16752870
申请日:2020-01-27
Abstract: The present invention relates to an acceleration method for an FPGA-based distributed stream processing system, which accomplishes computational processing of stream processing operations through collaborative computing conducted by FPGA devices and a CPU module and at least comprises following steps: building the FPGA-based distributed stream processing system having a master node by installing the FPGA devices on slave nodes; dividing stream applications into first tasks suitable to be executed by the FPGA devices and second tasks suitable to be executed by the CPU module; and where the stream applications submitted to the master node are configured with kernel files that can be compiled and executed by the FPGA devices or with uploading paths of the kernel files, making the master node allocate and schedule resources by pre-processing the stream applications.
-
公开(公告)号:US20190294798A1
公开(公告)日:2019-09-26
申请号:US16109870
申请日:2018-08-23
Inventor: Hai JIN , Weiqi Dai , Jun Deng , Deqing Zou
Abstract: The present invention provides a TrustZone-based security isolation system for shared library, the system at least comprising: a sandbox creator, a library controller, and an interceptor, the sandbox creator, in a normal world, dynamically creating a sandbox isolated from a Rich OS, the interceptor, intercepting corresponding system-calling information and/or Android framework APIs by means of inter-process stack inspection, the library controller, performing analysis based on the intercepted system-calling information and/or Android framework APIs, redirecting a library function to the sandbox, and switching calling states of the library function in the sandbox as well as setting up a library authority. The present invention has good versatility, low cost and high security. It realizes isolation of the library without increasing the trusted bases in the Secure World of the TrustZone, effectively reducing the risk of being attacked.
-
公开(公告)号:US20190281074A1
公开(公告)日:2019-09-12
申请号:US16109846
申请日:2018-08-23
Inventor: Hai JIN , Weiqi DAI , Yan XIA , Deqing ZOU
Abstract: The present invention involves with a cloud tenant oriented method and system for protecting privacy data. The method comprises at least the following steps: analyzing event handler information and/or behavioral signature information of request information and determining an execution mode, selecting at least one node without a behavioral signature plot to execute the tenant request and recording an execution result, generating a behavioral signature plot based on the execution result, and dynamically detecting security-sensitive behavior based on the behavioral signature plot. The present invention ensures data security during processing of security-sensitive data for cloud services by adopting a technology based on behavioral signatures, and prevents attackers from exploiting vulnerabilities and bypassing security control to conduct malicious operations. When there is no corresponding behavioral signature plots, multiples nodes are selected for processing of event handlers, and private data are dynamically protected based on behavioral signature plots, so as to assure secure execution results, provide fine-grained protection for security-sensitive behavior and protect data security while maintaining relatively low performance costs.
-
公开(公告)号:US20190228135A1
公开(公告)日:2019-07-25
申请号:US16169632
申请日:2018-10-24
Inventor: Hai JIN , Weizhong Qiang , Zezhao Dong
IPC: G06F21/12 , G06F11/14 , G06F11/07 , G06F21/53 , G06F21/57 , G06F21/74 , G06F21/30 , H04L9/32 , H04L29/06 , G06F9/455
Abstract: The present invention involves with a method and system of state consistency protection for Intel software guard extension (SGX). In a method of state consistency protection for a central processing unit capable of creating enclaves, the central processing unit supports creation of at least one enclave, wherein the central processing unit communicates with a remote server providing services for the central processing unit through remote communication and the remote server has a remote attestation module, configuring the remote attestation module to facilitate the completion of every execution state storing operation and/or every execution state restoring operation, wherein the remote attestation refers to an attestation mechanism by which the central processing unit proves to the remote server that it has created the specific enclave in a local platform so that the remote server trusts the specific enclave. The present invention does not require special hardware and is favorable to cross-platform migration.
-
Patent Agency Ranking
公开(公告)号:US20250077683A1
公开(公告)日:2025-03-06
申请号:US18650308
申请日:2024-04-30
Inventor: Bin YUAN , Zijing XU , Tiancheng HU , Yueming WU , Deqing ZOU , Hai JIN
Abstract: The present disclosure relates to a system and method for vulnerability localization based on deep learning, which comprises, at a minimum, a processor configured to: analyze a code file under detection to obtain a first abstract syntax tree devoid of semantic information; build upon the first abstract syntax tree by incorporating data-flow edges and/or control-flow edges, thereby forming a second abstract syntax tree with semantic-flow enhancement; split the second abstract syntax tree to obtain a plurality of second abstract syntax sub-trees; and input these second abstract syntax sub-trees into a pre-established vulnerability detection and localization model. Compared with existing code vulnerability detection methods, the present disclosure employs a semantically-enhanced abstract syntax tree and finely-grained segmentation thereof, enabling both the efficient detection and accurate localization of code vulnerabilities, characterized by swift detection rates, low false positive rates, and commendable interpretability of the detection results.
-
17.发明申请公开(公告)号:US20250013463A1
公开(公告)日:2025-01-09
申请号:US18650290
申请日:2024-04-30
Inventor: Zhen LI , Junyao YE , Deqing ZOU , Hai JIN , Xianghong ZENG
IPC: G06F8/73 , G06V10/764
Abstract: A method, system and processor for enhancing robustness of a source-code classification model based on invariant features is provided, wherein the method includes: combining non-robustness features to generate different style templates, converting codes in an input code training set into new codes of different styles to obtain a converted-code training set, merging the input-code and the converted-code training set into an expanded training set, and converting code texts in the expanded training set into code images; and converting the code images into required vectors, pairing samples of identical class randomly picked from the expanded training set and inputting the matched sample pairs into a feature extractor, iteratively updating the feature extractor and the matched sample pairs and extracting target characteristics, and training the extracted invariant features in a classifier to produce a trained model. The disclosed system includes a training set-expanding module and a model-training module.
-
18.发明公开公开(公告)号:US20240330699A1
公开(公告)日:2024-10-03
申请号:US18519518
申请日:2023-11-27
Inventor: Dezhong YAO , Sifan ZHAO , Hai JIN
Abstract: A system and method for acceleration of deep-learning computing with edge-terminal collaboration is provided, wherein the system includes at least one terminal device and at least one edge server. The terminal device is configured to, when being present in a service coverage of the at least one edge server, determine an inter-layer partitioning and/or intra-layer partitioning policy for a deep learning model based on first configuration information related to the terminal device itself and second configuration information related to the edge server. And the edge server is configured to execute the inter-layer partitioning and/or intra-layer partitioning policy for the deep learning model in response to an inference request message, so as to implement collaborative inference. In the present disclosure, by using the load-based random forest method to predict the execution time for the DNN model, more accurate prediction results can be obtained.
-
公开(公告)号:US20240330506A1
公开(公告)日:2024-10-03
申请号:US18603202
申请日:2024-03-12
CPC classification number: G06F21/6245 , H04L9/088 , H04L9/3247
Abstract: A method and system for deleting multi-copy personal data efficiently and securely is provided, wherein the personal data and its subject identifier are signed and uploaded to data domains and stored as personal data copies; the personal data copies along with its source and destination data are circulated among the data domains; the data domain receiving a deletion instruction transmits the deletion instruction to every relevant data domains based on the identifier of the personal data subject and the destination data and then performs deletion; and after completing the deletion, the data domain deposit its domain identifier and feedback data it receives into a log, and feed the log back to its superior data domain. And the system of the present disclosure includes a plurality of data domains that can perform the above operations, thereby realizing association-based storage, association-based deletion and verification of association-based deletion of multi-copy personal data.
-
公开(公告)号:US20240330505A1
公开(公告)日:2024-10-03
申请号:US18602957
申请日:2024-03-12
Inventor: Peng XU , Yixin SU , Wei WANG , Mengyang YU , Tianyang CHEN , Hai JIN
IPC: G06F21/62
CPC classification number: G06F21/6245 , G06F2221/2143
Abstract: A method and system for trusted third-party audit of personal-information deletion is provided, wherein the method includes: acquiring log data of an arbitrary source-domain personal-information deleting body in a network and of its associated-domain personal-information deleting bodies; normalizing the log data according to predetermined parsing rules and thereby generating normalized log data; and performing consistency-of-notification analysis and operation-compliance analysis on the normalized log data by means of association analysis. The present application is based on an audit analysis of log files to identify whether the information deletion process conforms to the multi-dimensional or multi-level audit judgment conditions and to perform forensics on abnormal deletion of personal information in a timely manner, so as to ensure that personal-information deletion can satisfy requirements of internal control, industrial standards, policies and regulations.
-
-
-
-
-
-
-
-
-
Search Results
57
records
(took 0.022 seconds)
