A bug is a vulnerability if it has security impacts when triggered. Determining the security impacts of a bug is important to both defenders and attackers. Maintainers of large software systems are bombarded with numerous bug reports and proposed patches, with missing or unreliable information about their impact. Determining which few bugs are vulnerabilities is difficult, and bugs that a maintainer believes do not have security impact will be de-prioritized or even ignored. On the other hand, a public report of a bug with a security impact is a powerful first step towards exploitation. Adversaries may exploit such bugs to launch devastating attacks if defenders do not fix them promptly. Common practice is for maintainers to assess the security impacts of bugs manually, but the scaling and reliability challenges of manual analysis lead to missed vulnerabilities. We propose an automated approach, SID, to determine the security impacts for a bug given its patch, so that maintainers can effectively prioritize applying the patch to the affected programs. The insight behind SID is that both the effect of a patch (either submitted or applied) and security-rule violations (e.g., out-of-bound access) can be modeled as constraints that can be automatically solved. SID incorporates rule comparison, using under-constrained symbolic execution of a patch to determine the security impacts of an un-applied patch. SID can further automatically classify vulnerabilities based on their security impacts. We have implemented SID and applied it to bug patches of the Linux kernel and matching CVE-assigned vulnerabilities to evaluate its precision and recall. We optimized SID to reduce false positives, and our evaluation shows that, from 54K recent valid commit patches, SID detected 227 security bugs with at least 243 security impacts at a 97% precision rate. Critically, 197 of them were not reported as vulnerabilities before, leading to delayed or ignored patching in derivative programs. Even worse, 21 of them are still unpatched in the latest Android kernel. Once exploited, they can cause critical security impacts on Android devices. The evaluation results confirm that SID's approach is effective and precise in automatically determining security impacts for a massive stream of bug patches.
Background: Rural–urban migrants frequently suffer from overrepresented health risks but have poor access to public health services. In China, homeownership status may play a vital role in obtaining local welfare. However, the relationship between homeownership and utilization of public health services has remained largely unexplored. This study aims to address the direct linkage between homeownership and utilization of local public health services among rural migrants in China.Methods: We applied the dataset from the 2017 National Migrants Population Dynamic Monitoring Survey (NMPDMS-2017) to explore the direct relationship between homeownership and the utilization of local public health services. Logit regression was conducted to discuss the associations and to explore the interaction effect.Results: The logit estimations reveal that homeownership is positively related to the establishment of a health record and participation in health education. The interaction term of homeownership and household location and the interaction between homeownership and healthcare center location are related to the increased establishment of a health record. However, the interaction of homeownership and household location merely reveals significant correlations with the health education model.Conclusion: Homeownership is positively associated with the utilization of local public health services among rural migrants in China. Furthermore, homeowners living in urban residential communities and within the vicinity of the healthcare center are more likely to access public health services than those living in other locations.
Background Rural migrants usually suffer from major disease risks, but little attention had been paid toward the relationship between self-employment behavior and health status of rural migrants in China. Present study aims to explore the causal effect of self-employment behavior on rural migrants’ sub-health status and chronic disease. Two research questions are addressed: does self-employment status affect the sub-health status and chronic disease of rural migrants? What is potential mechanism that links self-employment behavior and health status among rural migrants in China? Methods The dataset from the 2017 National Migrants Population Dynamic Monitoring Survey (NMPDMS-2017) was used to explore the causal effect. Logit regression was performed for the baseline estimation, and linear probability model with instrument variable estimation (IV-LPM) was applied to correct the endogeneity of self-employment. Additionally, logit regression was conducted to explore the transmission channel. Results Self-employed migrants were more susceptible to sub-health status and chronic disease, even when correcting for endogeneity. Moreover, self-employed migrants were less likely to enroll in social health insurance than their wage-employed counterparts in urban destinations. Conclusion Self-employed migrants were more likely to suffer from sub-health status and chronic disease; thus, their self-employment behavior exerted a harmful effect on rural migrants’ health. Social health insurance may serve as a transmission channel linking self-employment and rural migrants’ health status. That is, self-employed migrants were less prone to participate in an urban health insurance program, a situation which leaded to insufficient health service to maintain health.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.