As a pivotal cornerstone of the digital society, the security of critical information infrastructure directly affects economic development, social stability, national wellbeing, and national security. By analyzing the strategic significance of security protection standards for critical information infrastructure, and drawing on a study of the current landscape of domestic and international policies, this paper conducts an indepth analysis of the challenges and existing issues confronting the development of China’s security protection standard system for critical information infrastructure. In response to these problems, optimized strategies of China’s security protection standard system for critical information infrastructure are proposed from the perspectives of toplevel design, improvement of the standard system, and enhancement of effectiveness. The purpose of this paper is to refine the nation’s security protection standard system for critical information infrastructure, elevate the security protection capabilities thereof, safeguard social stability and national security, and realize sustainable development.

A preliminary legal framework for China’s critical information infrastructure (CII) has been established. However, there remain several issues, including the insufficient industryspecificity and adaptability of the legal liability system, the inadequate coordination between accountability mechanisms and the enforcement of penalties, and the need for enhanced alignment with international regulations. By conducting a comparative analysis of the frameworks and models of CII legal liability systems in countries and organizations such as the United States, the European Union, and Russia, it is suggested that China should build a targeted CII liability system, strengthen the coordinated mechanism between law enforcement and accountability, and actively participate in international CII security protection.

In recent years, cyberattacks targeting national critical information infrastructure systems have increased rapidly, intensifying the security situation increasingly severe. Cyberattacks exploiting vulnerabilities in weak defense systems have become a major threat to the security protection of critical information infrastructure. Under the increasingly complex cyberattack environment, building a coordinated defense mechanism has become especially important. This paper analyzes the evolution and progress of organizational management in the area of critical information infrastructure security both domestically and internationally, and proposes a series of improvement measures. These efforts aim to provide reference for the future development of organizational management systems in coordinated security protection for critical information infrastructure.

Byzantine faulttolerant consensus algorithms in blockchain face significant challenges with the increase in the number of nodes, including arbitrary leader election and high communication overhead. Existing solutions predominantly  focus on optimizing a single dimension of node grouping, but in complex network environments, how to integrate multidimensional factors for effective node grouping and when to trigger regrouping remain unresolved. To address these issues, this paper proposes a dynamic networkaware driven multidimensional adaptive grouping HotStuff (DMAGHotStuff) algorithm. Firstly, a dynamic reputation regulation mechanism is designed, incorporating reward and punishment strategies. This mechanism evaluates node reputation based on historical behaviors and communication characteristics, while considering factors such as geographic location and network latency, effectively reducing misjudgments caused by network issues and minimizing the impact of Byzantine nodes. Secondly, a multidimensional Kmeans grouping consensus algorithm is proposed, classifying nodes based on diversereputation levels and communication features, which significantly enhances the system’s tolerance to Byzantine nodes. Finally, a momentum monitoring system is used to monitor network status changes, isolating potential Byzantine nodes and determining the optimal timing for regrouping, thereby achieving more accurate adaptive grouping decisions. Experimental results demonstrate that DMAGHotStuff outperforms HotStuff, PBHS, and other HotStuff variants with different grouping strategies in terms of both latency and throughput.

Large language models (LLMs) often exhibit hallucinations in various occasions, leading to unreliable inferences. Such vulnerabilities render it  critical for LLMs to be adopted cautiously in vertical domains such as financial, medical, and cybersecurity domains. In preLLM era, humans have accumulated the best practices to ensure reliabilities of complicated tasks through careful engineering. Standard operating procedures (SOP) and Check List are the exemplars of these best practices. Likewise, in LLM era, we propose highorder program (HOP)to achieve the reliability breakthroughs. By fusing both accurate execution of traditional programing languages, and superior knowledge intrinsics of LLMs, HOP sets the backbone of the control system required by vertical LLM applications. HOP achieves automations by leveraging key vertical knowledge and practices. More importantly, it delivers expected reliability through verifications. HOP itself can be autogenerated by LLMs, which further incentivizes its wide adoptions. Lately, we have applied HOP in different scenarios including fulllifecycle financial risk management in cryptographic computing settings, duplicate charges in medical diagnosis, and intrusion detection. HOP has achieved 5 to 10 folds of efficiency improvement, and an accuracy as good as 99% across aforementioned scenarios.

In view of the issues encountered in product tracking and traceability during the manufacturing process—such as data dispersion, opaque information, susceptibility to tampering, and the lack of trust—this paper proposes a construction method for a trustworthy manufacturing traceability system based on blockchain. First, the system architecture and its key functions are designed, and the system workflow is clearly specified. A production transaction control model based on smart contracts is developed to facilitate interactions between users and producers as well as to control the business processes among different production nodes. Using Cuckoo filters as a priori conditions, an onchain and offchain data storage and retrieval algorithm based on Cuckoo filters and Merkle trees is established to achieve efficient traceability process retrieval. This method stores key information onchain while storing raw data in an offchain database. Finally, system performance is evaluated on a Hyperledger Fabric blockchain network. The results indicate that the retrieval algorithm based on Cuckoo filters and Merkle trees improves system throughput and resource utilization efficiency, while also reducing transaction latency.

JavaScript is extensively utilized in development scenarios such as servers and embedded devices. As the compiler and executor of JavaScript, the JavaScript engine is particularly vulnerable to security flaws, which can easily result in significant security incidents. Consequently, JavaScript engines fuzzing has been a research hotspot. However, existing fuzzing techniques for JavaScript engines often suffer from issues such as low test case validity and insufficient diversity. To address these challenges, this paper introduces a novel fuzzing approach grounded in dynamic semantic feedback. By dynamically collecting, analyzing, and feeding back runtime semantic information, the proposed method improves the validity of test cases. On this basis, the mutation strategies of expression replacement and function creation are employed to enhance the syntactic exploration capability of the test cases. This paper implemented a prototype system, DSFfuzz. In a comparative fuzzing experiments using the JerryScript engine, DSFfuzz demonstrated an average improvement of 11.81% in test case validity compared to three stateoftheart approaches and identified the highest number of crashes, including 15 unique ones. These results validate the effectiveness of the proposed method.

Virtualization technology is the core technology of cloud computing, and there are problems of regarding the integrity and security of virtual machines. Trusted computing technology, as an effective solution to cloud computing security, accomplishes the active monitoring and protection of virtual machines through trusted measurement. Currently, virtual machine trusted measurement can be divided into the report measurement mode and adjudication measurement mode. However, these methods have the problems of high starting point of trust or high hardware cost. Therefore, this paper proposes a trusted enhanced virtual machine hybrid measurement scheme, which takes vTPM as the root of trust and vTSB as the supporting software platform. Starting from the measurement of host to virtual machine vCRTM, the trust chain is extended through the reporting measurement mode part and the decision measurement mode part. The scheme extends the trust chain from the host machine to the virtual machine by adding a link to measure the vCRTM of the virtual machine, ensures the security of the trusted root of the virtual machine, and solves the problem of delayed trust starting point caused by the absence of vTPCM. Experiments demonstrate that the scheme has good security and feasibility.

In recent years, AI (artificial intelligence) technology has developed rapidly. As one of the core driving forces, AI algorithms have gradually shown great potential and influence in many fields, such as medical care and finance. However, while algorithmic technology brings innovation and convenience, it also raises a series of complex legal and ethical issues. In response to these  concerns, governments have introduced relevant laws and regulations to regulate the development and application of algorithms, and safeguard the public interest and social order. However, the current domestic and foreign laws and regulations show the characteristics of decentralization and fragmentation, lack of systematic and comprehensive analysis, which not only increases the difficulty of enterprises in algorithm compliance, but also affects the healthy and orderly development of algorithm technology. Therefore, this paper systematically and comprehensively analyzes the basic framework and characteristics of China’s AI regulations, and further compares the algorithm governance with relevant foreign regulations. The advantages and disadvantages are summarized to put forward targeted countermeasures and suggestions, which provides valuable practical reference for policy makers and enterprise managers, and jointly promotes the development and application of China’s AI technologies.

The legal protection of data property rights is the focus in the current criminal law field. Firstly, in view of the current situation of the protection of existing criminal law norms, this paper analyzes the problems of the hysteresis of synchronic norms and the inadequacy of the protection model at the legislative system level, as well as the problems of the expansion of diachronic interpretation and the departure from the principle of legality of crimes and punishments at the judicial application level. Secondly, it demonstrates the guiding principles of classification and grading of protection and the whole life cycle protection of data property rights, making data change from emphasizing dependence to realizing independence and from emphasizing control to focusing on utilization. Furthermore, it constructs the specific protection mode of criminal legislation of data property rights: that is, adhering to the “special chapter” legislative style of the small chapter system and considering the multilevel “statutory offender” elements in the setting of constitutive elements. Finally, it proposes the integrated protection of “core data, important data and general data” of data property rights in criminal law, and advocates the joint promotion of “prior supervision, inprocess supervision and afteraction relief” of data property rights in criminal law.

The transportation information system is not only a critical component of the national key information infrastructure, but also an important industry of the 2+8+N system, in which is crucial to the nation’s economy and people’s livelihood. With the continuous advancement of smart transportation construction, the volume of traffic data is growing rapidly. The position of data as a production factor highlights its importance and value, and also induces higher demands for data security. The transportation industry pays close attention to data security, and based on national policies, laws, regulations, and standards, the competent transportation authorities have issued a series of industry standards and regulations to guide the security of transportation data. However, the transportation industry covers a wide range of business areas, and its data has characteristics such as multisource, heterogeneity, partiality, spatiotemporal correlation, asynchronicity, information sparsity, and concurrency. Moreover, the data has a high degree of mobility, and the operational conditions and flow are complex, making data surveillance a large range and great difficulty, which brings a series of challenges to the protection of data security. Based on existing laws, regulations, and standards, and deeply integrating the characteristics of transportation industry data, this research on the data security risk assessment system provides a reference for the construction of transportation data security protection.