A Lightweight Type System with Uniqueness and Typestates for the Java Cryptography API

Java cryptographic APIs facilitate building secure applications, but not all developers have strong cryptographic knowledge to use these APIs correctly. Several studies have shown that misuses of those cryptographic APIs may cause significant security vulnerabilities, compromising the integrity of applications and exposing sensitive data. Hence, it is an important problem to design methodologies and techniques, which can guide developers in building secure applications with minimum effort, and that are accessible to non-experts in cryptography. In this thesis, we present a methodology that reasons about the correct usage of Java cryptographic APIs with types, specifically targeting to cryptographic applications. Our type system combines aliasing control and the abstraction of object states into typestates, allowing users to express a set of user-defined disciplines on the use of cryptographic APIs and invariants on variable usage. More specifically, we employ the typestate automaton to depict typestates within our type system, and we control aliases by applying the principle of uniqueness to sensitive data. We mainly focus on the usage of initialization vectors. An initialization vector is a binary vector used as the input to initialize the state for the encryption of a plaintext block sequence. Randomization and uniqueness are crucial to an initialization vector. Failing to maintain a unique initialization vector for encryption can compromise confidentiality. Encrypting the same plaintext with the same initialization vector always yields the same ciphertext, thereby simplifying the attacker's task of guessing the cipher pattern. To address this problem practically, we implement our approach as a pluggable type system on top of the EISOP Checker Framework. To minimize the cryptographic expertise required by application developers looking to incorporate secure computing concepts into their software, our approach allows cryptographic experts to plug in the protocols into the system. In this setting, developers merely need to provide minimal annotations on sensitive data—requiring little cryptographic knowledge. We also evaluated our work by performing experiments over one benchmark and 7 real-world Java projects from Github. We found that 6 out 7 projects have security issues. In summary, we found 12 misuses in initialization vectors

Identification of multi-faults in GNSS signals using RSIVIA under dual constellation

This publication presents the development of integrity monitoring and fault detection and exclusion (FDE) of pseudorange measurements, which are used to aid a tightly-coupled navigation filter. This filter is based on an inertial measurement unit (IMU) and is aided by signals of the global navigation satellite system (GNSS). Particularly, the GNSS signals include global positioning system (GPS) and Galileo. By using GNSS signals, navigation systems suffer from signal interferences resulting in large pseudorange errors. Further, a higher number of satellites with dual-constellation increases the possibility that satellite observations contain multiple faults. In order to ensure integrity and accuracy of the filter solution, it is crucial to provide sufficient fault-free GNSS measurements for the navigation filter. For this purpose, a new hybrid strategy is applied, combining conventional receiver autonomous integrity monitoring (RAIM) and innovative robust set inversion via interval analysis (RSIVIA). To further improve the performance, as well as the computational efficiency of the algorithm, the estimated velocity and its variance from the navigation filter is used to reduce the size of the RSIVIA initial box. The designed approach is evaluated with recorded data from an extensive real-world measurement campaign, which has been carried out in GATE Berchtesgaden, Germany. In GATE, up to six Galileo satellites in orbit can be simulated. Further, the signals of simulated Galileo satellites can be manipulated to provide faulty GNSS measurements, such that the fault detection and identification (FDI) capability can be validated. The results show that the designed approach is able to identify the generated faulty GNSS observables correctly and improve the accuracy of the navigation solution. Compared with traditional RSIVIA, the designed new approach provides a more timely fault identification and is computationally more efficient

7th grade VASI study : the case of Beijing

One of the key components of scientific literacy is having deep understanding about Scientific Inquiry (SI). So it is important for curriculum designer and researcher to know students' understanding about SI. And Lederman et al (2014) published the VASI questionnaire, which can evaluate students' idea about SI in a valid and reliable way. This study is to investigate 7th grade students' notions about SI, who came from mainland China. The sample are all selected from public schools in Beijing, the capital, where there is plenty of educational resources and access to international education program that might focus on SI teaching and learning. Two raters code all sample's data together. One of them had one-year experience of coding the data from VASI and trained another researcher for coding first. Both joined in the code training meeting with the VASI designers' team online to be consistent with other international groups. The inter-rater reliabilities of eight aspect of SI are at least higher than 0.80. The results show students did well on the aspect of "procedures are guided by the question asked" and "conclusions consistent with data collected", and did not well on the rest of aspects. Especially over 40% of students had naïve understanding or no idea on three aspects of SI, including "data does not equal evidence", "multiple methods", and "same procedures may not get the same results". And less than 10% of students held informed idea on these three aspects of SI. This finding is consistent with no emphasis on these SI aspects in national curriculum standards, even in implicit way. But learning in SI way does be emphasized in the standards. It might indicate that doing SI is not sufficient for developing understandings about SI. Also these might be related with the eastern philosophies of education, such as Confucianism which have been extensively discussed in the literature

The FruitShell French synthesis system at the Blizzard 2023 Challenge

This paper presents a French text-to-speech synthesis system for the Blizzard Challenge 2023. The challenge consists of two tasks: generating high-quality speech from female speakers and generating speech that closely resembles specific individuals. Regarding the competition data, we conducted a screening process to remove missing or erroneous text data. We organized all symbols except for phonemes and eliminated symbols that had no pronunciation or zero duration. Additionally, we added word boundary and start/end symbols to the text, which we have found to improve speech quality based on our previous experience. For the Spoke task, we performed data augmentation according to the competition rules. We used an open-source G2P model to transcribe the French texts into phonemes. As the G2P model uses the International Phonetic Alphabet (IPA), we applied the same transcription process to the provided competition data for standardization. However, due to compiler limitations in recognizing special symbols from the IPA chart, we followed the rules to convert all phonemes into the phonetic scheme used in the competition data. Finally, we resampled all competition audio to a uniform sampling rate of 16 kHz. We employed a VITS-based acoustic model with the hifigan vocoder. For the Spoke task, we trained a multi-speaker model and incorporated speaker information into the duration predictor, vocoder, and flow layers of the model. The evaluation results of our system showed a quality MOS score of 3.6 for the Hub task and 3.4 for the Spoke task, placing our system at an average level among all participating teams

Forced ruralisation of urban youth during Mao’s rule and women’s status in post-Mao China: an empirical study

This study uses data of “Chinese Household Income Project Survey 2002” to investigate long-term impact of Mao’s persistent policy of “forced/involuntary ruralisation of urban youth” (shangshan xiaxiang, literally “re-settlement in mountains and villages”) during the 1950s and 70s on women’s labour market participation and contribution to family incomes. Our results indicate that the impact of Mao’s forced ruralisation on female labour market participation can be positive (despite diminishing in size due to ageing). In addition, a change from positive to negative impact is largely determined by personal hardship under Maoism and its aftermath. Moreover, regarding female contribution to family incomes, our findings suggest that forcefully ruralised urban women have more bargaining power later in family finance. Our conclusion is that against all the odds Mao’s “forced ruralisation of urban youth” has improved family and societal positions of female victims in the post-Mao era as an unintended consequence of Maoism

ADAR2-dependent RNA editing of GluR2 is involved in thiamine deficiency-induced alteration of calcium dynamics

BACKGROUND: Thiamine (vitamin B1) deficiency (TD) causes mild impairment of oxidative metabolism and region-selective neuronal loss in the central nervous system (CNS). TD in animals has been used to model aging-associated neurodegeneration in the brain. The mechanisms of TD-induced neuron death are complex, and it is likely multiple mechanisms interplay and contribute to the action of TD. In this study, we demonstrated that TD significantly increased intracellular calcium concentrations [Ca2+]i in cultured cortical neurons. RESULTS: TD drastically potentiated AMPA-triggered calcium influx and inhibited pre-mRNA editing of GluR2, a Ca2+-permeable subtype of AMPA receptors. The Ca2+ permeability of GluR2 is regulated by RNA editing at the Q/R site. Edited GluR2 (R) subunits form Ca2+-impermeable channels, whereas unedited GluR2 (Q) channels are permeable to Ca2+ flow. TD inhibited Q/R editing of GluR2 and increased the ratio of unedited GluR2. The Q/R editing of GluR2 is mediated by adenosine deaminase acting on RNA 2 (ADAR2). TD selectively decreased ADAR2 expression and its self-editing ability without affecting ADAR1 in cultured neurons and in the brain tissue. Over-expression of ADAR2 reduced AMPA-mediated rise of [Ca2+]i and protected cortical neurons against TD-induced cytotoxicity, whereas down-regulation of ADAR2 increased AMPA-elicited Ca2+ influx and exacerbated TD-induced death of cortical neurons. CONCLUSIONS: Our findings suggest that TD-induced neuronal damage may be mediated by the modulation of ADAR2-dependent RNA Editing of GluR2