GUEST EDITORIAL

ADVANCED COMPUTING AND ENDOGENOUS SECURITY

C omputing is the foundation of cyberspace,and all activities in cyberspace are built on the basis of computing.At the same time,cyberspace and its underlying infrastructure are vulnerable to a wide range of risks stemming from both physical and cyber threats and hazards.With the further expansion of the scope of cyberspace,e.g.,information technology being increasingly integrated with physical infrastructure operations,computing and security still considered as one of the least investigated and exploited regions.In the past years,significant progress has been made with respect to advanced computing and endogenous security theories and technologies,and commercial advanced computing and endogenous security devices and systems are anticipated to become a reality in the near future.

Recently,advanced computing and endogenous security technologies have entered a new era of revolution and development.As cloud computing,5G and AI technologies become widespread,advanced computing and endogenous security is where fundamental scientific and engineering breakthroughs will occur for emerging paradigms such as AI Chips,Industry 4.0,Quantum Computers,Quantum Communication and Satellite Internet.Constantly,new concepts,new ideas,new methods and new technologies are emerging,such as Mimic Computing,Brain-like Computing,Graph Computing,Memory Computing,Biological Computing,Quantum Computing,as well as new computing and security technologies such as Cyberspace Mimic Defense,Trusted Computing 3.0 and Zero Trust.

Inspired by these,this feature topic invites submissions of high-quality original research papers capturing the state-of-the-art advances in the theoretical foundations and practical implementation of advanced computing and endogenous security.The Call for Papers generated considerable interest in the research community,and 9 out of in total 18 submissions were accepted after a rigorous review process.The feature topic begins with the article by Wang et al.,“SHFuzz:A Hybrid Fuzzing Method Assisted by Static Analysis for Binary Programs”.This article proposes a hybrid fuzzing method assisted by static analysis for binary programs.The basic idea of our method is to prioritize seed inputs according to the complexity of their associated execution paths.And,the static analysis is used to evaluate the complexity of each basic block and employ the hardware trace mechanism to dynamically extract the execution path for calculating the seed inputs’ weights.The key advantage of this work is that the system can test binary programs efficiently by using hardware trace and hybrid fuzzing.

The article by Zhou et al.,“SecIngress:An API Gateway Framework to Secure Cloud Applications Based on N-variant System,” presents an API gateway framework to upgrade the cloud applications based on N-variant system in a portable way.In this work,a two-stage timeout processing method is designed to lessen the service latency while an analytic hierarchy process voting under the metadata mechanism is introduced to enhance voting accuracy.Moreover,a prototype in a testbed environment is implemented to analyze the security and performance metrics before and after deploying the API gateway to show the effectiveness of SecIngress.And the results reveal that SecIngress enhances the reliability of cloud applications with acceptable performance degradation.

By surveying the latest literature findings,the article by Zhu et al.,“Generative Trapdoors for Public Key Cryptography based on Automatic Entropy Optimization,” generalize the methodology of adversarial learning model in artificial intelligence and introduce a novel way to conveniently obtain sub-optimal and computationally hard trapdoors based on the automatic information theoretic search technique.The basic routine is constructing a generative architecture to search and discover a probabilistic reversible generator which can correctly encoding and decoding any input messages.This work satisfies the basic indistinguishability of outputs under the chosen-plaintext attack model(CPA)and high efficiency in generating cheap trapdoors.

The article by Hu et al.,“A Safe and Reliable Heterogeneous Controller Deployment Approach in SDN”,proposes heterogeneous controller deployment in the SDN,considering the different types of controllers and relevant criteria and proposes a safe and reliable heterogeneous controller deployment approach in SDN network.Moreover,the type and the number of heterogeneous controllers required for the SDN network are determined based on the dynamic programming.Also,the SDN network is divided into multiple subnets by k-means algorithm and an improved genetic algorithm is used to optimize the heterogeneous controller deployment in these SDN subnets to ensure reliable switch-controller communications.This work effectively reduces the control plane fault rate and increase the attack difficulties.

The article by Gao et al.,“Distributed Asynchronous Learning for Multipath Data Transmission based on P-DDQN”,proposes a distributed asynchronous deep reinforcement learning framework(DADF)to intensify the dynamics and prediction of adaptive packet scheduling.In particular,the DADF framework contains two parts:local asynchronous packet scheduling(Laps)and distributed cooperative control center(DC3).In Laps,asynchronous prioritized replay double deep Q-learning packets scheduling algorithm(ADPS)is proposed for dynamic adaptive packet scheduling learning.The core of ADPS uses a prioritized replay double deep Q-learning network(P-DDQN)to make the fitting analysis.Besides,for global optimization and performance stability of ADPS,a distributed scheduling learning and neural fitting acceleration algorithm(DSNA)is proposed in DC3.

The article by Zhao et al.,“A Fast Physical Layer Security-Based Location Privacy Parameter Recommendation Algorithm in 5G IoT”,proposes an algorithm that can recommend terminal’ s privacy requirements based on getting terminal distribution information in the neighborhood after cross-layer authentication and therefore help 5G IoT terminals find enough collaborative terminals safely and quickly.The approach shows it can avoid man-in-the-middle attacks and needs lower communication costs and less searching time than 520ms at the same time.It has an anonymization success rate of 93% through extensive simulation experiments for a range of 5G IoT scenarios.

Finally,the article by Li et al.,“SecMVX:Analysis on the Vulnerability of Multi-Variant Execution”,analyze the security of MVX theory from the perspective of formal description.Then,this work summarizes the general forms and attack techniques for performing attacks against MVX,analyzes the causes of new vulnerabilities arising from the combination of variant generation technologies.Moreover,SecMVX,a secure MVX architecture and variant generation technology,is proposed and evaluated based on CVEs and SPEC 2006 benchmark.The result shows that SecMVX introduces 11.29\% of the average time overhead,and avoids vulnerabilities caused by the improper combination of variant generation technologies while keeping the defensive ability of MVX.

The article by Song et al.,“Preventing Hardware Trojans in Switch Chip based on Payload Decoupling”,proposed a hardware Trojans active defense mechanism for network switching chips based on the principle of encryption algorithm.By encoding the data entering the chip,the argot hidden in the data cannot trigger the hardware Trojans that may exist in the chip,so that the chip can work normally even if it is implanted with a hardware Trojans.The proposed method is proved to be effective in preventing hardware Trojans with different trigger characteristics by simulation tests and practical tests on our secure switching chip.

Finally,the article by Yu et al.,“On Distributed Object Storage Architecture Based on Mimic Defense”,constructs the principle framework of the distributed object storage based on mimic defense theory to deal with unknown security threats.Moreover,this work introduces the dynamic redundancy and heterogeneous function in the distributed object storage system architecture,which increases the attack cost,and greatly improves the security and availability of data.

In conclusion,the Guest Editors of this feature topic would like to thank all the authors for their contributions,and the anonymous reviewers for their constructive comments and suggestions.We also would like to acknowledge the guidance from Ms.Fan,Ms.Nie and the editorial team of China Communications.