 Hello everyone, my name is Gao Tong, and that's my co-speaker Sun Bang Cheng Jin, and it's our honor to standing here to introduce a security vulnerability detection framework to you, and its name is Jamai, and it is developed in the open-killing community for all Linux operating system. Next, I will show you Jamai from four aspects. The brief introduction, the technical details, the development plan of Jamai, and the open source of achievements of Jamai. At first, I will show you the background of Jamai. It was born in the open-killing community. Open-killing is an open-source desktop operating system root community. It has an open and independent code construction platform and tries to enforce the innovation-driven growth, and its ecological source, it tries to promote the sustainable development of Linux software and hardware, and it aims to become an active open-source community with international influence. And the founder of Jamai is the open-killing security governance SID group, which aims to product the most secure products and the security community products to you. I against this background, Jamai has taken root in the open-killing community, and the Chinese phrase Jamai is a Chinese medicine term. It means a doctor uses fingers to feel a patient's artery and find the internal changes in the body of the patient, and we use Jamai to name the security detection tool, and we hope Jamai can see the small clues of the vulnerabilities in the Linux operating system. Jamai was originally designed to respond to the community vulnerabilities and propose solutions. The community security issues mainly include vulnerability data management, community vulnerability repair, community SDL process development, and discovering and reverification of vulnerabilities and research on community security attract. At last, we hope to provide security detection tools to the users of the Linux operating systems. Before the birth of Jamai, the security detection tools mainly solve two problems. The first is how to confirm the existence of vulnerability, and the second is how to determine the effectiveness of the repair. Well, so there's two problems. There are many difficulties. The first difficulty is that the main security tools mostly rely on version matching, and they don't very validate the vulnerabilities from the attract and defense aspect. The second problem is that it's a high investment work to like to prove the concept because valuable POC might cost much worth millions of dollars, and POC has compatibility problems in different different situations, like different architectures, different systems, or different computers, and POC may even cause damage to the computer. While solving these four difficulties, we provide four targeted solutions. The first solution is that we use POC validate as the main method of the detection, and we establish a community reward plan to invite a security expert from various industries to join in the participation of the code, and the open-killing security governance SIG group modify, test, and digest the POCs to ensure the compatibility of the POCs, and we also use a sandbox mode to avoid the damage to the computer, and make sure that Jamai can keep running on the computer. The open-killing security governance SIG responds to and identify security issues in the community and propose solutions. We maintain the development of these security detection tools. Jamai was established in 2022 February, and until now it has submitted 22,000 lines of code, and we have 27 original public vulnerabilities, and 68 original private vulnerabilities. Over 40% of the vulnerabilities are high-risk, and more than 300 people joined in the contribution of this project we have published 33 pieces of papers about the security attract and defense field. The next part is the technology details of Jamai include the technology architecture characteristics, technical advantages, utility assessment. We chose Golan language as the development foundation of Jamai for several reasons. Golan language has silent concurrent programming advantages and high practical efficiencies, and the time required for completion is very short, and Golan also has abandoned ecosystem and built-in libraries. In terms of detection efficiency, it usually takes 12 hours or even longer. Hey, hey, hey, hey, hey, hey. I'm sorry. Hello. Okay. I'm sorry. It often takes 12 hours or even longer to detect a POC by manual way, and Jamai only takes about 25 seconds to run over 70 POCs, and the time is short, and the occurrence of Jamai reached over 90% is also higher than the manual way. According to the vulnerabilities detected by Jamai, the open kidney system has repaired over 70 vulnerabilities, and it shortens the repair cycle vulnerabilities, and the security of the operating system is improved. The technical architecture of Jamai consists of four parts. The core part is the framework layer. It's modularized each function, like use case execution, baseline track, report, concurrently management, POC, data, data service, remote management, sandbox, and cache. The network layer manages the remote transmission and remote monitoring. The data layer verifies the data sent to POC data, vulnerability data, and the security information data. The application layer interacts with the users straightly. People can choose local tests, remote testing, and report analysis, and knowledge management. People can track the security knowledge in the knowledge repository. The detection of Jamai consists of four main parts. The core part is the vulnerability detection. It consists system vulnerability detection and wide vulnerability detection. System vulnerability consists the public CVE detection and the original Jamai vulnerability detection. The wide vulnerability consists the weak passwords and authorized access, and so on. The fielding model consists the fielding test for kernel and for security interfaces. The baseline security detection consists intrusion detection and security configuration detection. Intrusion detection detects the processes, files, and logs of the system. And security configuration detection consists the detection of operating system configuration, network system configuration, and the application system configuration. The evaluation part consists the local evaluation and remote evaluation. Jamai can use SSH and SAP to achieve the remote connection. The patch model consists the patch information for system vulnerabilities and repair suggestions for wide vulnerabilities and other security info about security, about the vulnerability repairs. And this flow chart will show the detection details of Jamai. First, Jamai will obtain all of the security info and data from the data layer, and the JSON parser and YAML parser will formulate the data into the formulated way. And Jamai will store all of this formulated data into the cache. If people choose local assessment and Jamai will detect the system concurrently, it will call the coroutine pool and request pool for the vulnerability detection. And if people choose remote assessment, it will use SSH or SAP to connect. And then Jamai will call the validator authorisms to validate the detected result. And then Jamai will detect the whole systems and form a detector report to the users. All of these processes are running in the sandbox. The characteristics of Jamai can consist of three parts. First, Jamai use POC detection as the core detection method and version matching as the auxiliary detection method. And Jamai use sandbox mode to solve the impact of POC on the computer. Also Jamai includes some cutting-edge technologies. It's introduced an AI module for auto generation of security baseline items. And it shows fielding to test the interface of the operating system. And as an open source detection tools, the advantages of Jamai is very evident. It has very good social participation way has invited security experts from universities, security vendors, online security guards, and community enthusiasts to draw in the contribution of Jamai. And attract defense things like of Jamai also provide security guarantees for the development of Jamai. Once POC has, once Jamai submitted a POC, the open-cailing security governance ASSG group will conduct a review to the POC and ensure that it's, ensure it's comparability and formulated. And then we will give, follow, we will comply the open-cailing vulnerability disclosure policy to expose the POC. And then by the original POC, we will draw some security experts to draw in the contribution of the code. Jamai aims to provide accuracy, practicality, expansiveness. And we try to give users the repair functions and concise UI. Open-cailing security governance ASSG group makes sure it surprises and maintains the development of Jamai and tries to make it better. Open Jamai improves the security of Linux operating systems from five aspects. First, it shows auto scanning to improve the efficiency of detection. And comprehensive scanning and testing will reduce the manual detection errors and improve the accuracy of detection. And discover and fix vulnerabilities before they cause consequence. It will improve the cost benefit. And we use baseline detection to find data breaches or privacy leakages so that you can take mirrors to protect your privacy. It is also able to identify configuration issues of the systems to improve the security of the Linux operating system. The next part is the development, development plan of Jamai. We have finished the patch-info import function, fielding detection function, and open AI interface to add more comprehensive AI repair suggestions in 2023. And we planned to add intrusion detection model to improve the ability of resisting network attracts at the beginning of 2024. And we planned to perfect the black box fielding model for the potential security threats. And we also planned to perfect the white box fielding model to inspect the logical structure of systems in 2025. Open-cailing has achieved little results until now. The POC repository of Jamai has contained over 200 of POCs. And many of them have invited, many of them was included by mainstream vulnerability intelligence platforms in China and the world, such as Siri and Chinese Thinly. And OpenGMI also got the second prize of the 2022 Chinese open-source innovation competition and also joined the open item global open-source summit as a exhibit in 2023. The social participation of Jamai also increased over Chinese security vendors through universities and security experts in various industries has joined in the contribution of Jamai. And open-cailing, the security governance SIDG also got the most popular award of the open-cailing as a new attempt for open-source desktop operating system. Open-cailing has won a little result also. Open-cailing has participated in the open-source work of China, Japan, and South Korea as a group leader of Chinese enterprises. And we also become a chairman under the Secretary General of Chinese OSS Promote Union and became a Platinum member of the Open Item Foundation. Open-cailing has contributed millions of lives of the code in open stacks and in kernel and so on. And we hope in the future we hope to invite international friends to join in the participation of Jamai or communicate with us in the open-cailing community and improve the security of links operating system in the future. That's all of my speech. Thank you all for your listening. This is the project code of the open-cailing. I actually have a question about the proof of concept. So it seems like at the core of your detection is actually trying to detect vulnerability per proof of concept. So what is a proof of concept program typically? Is it just like, you know, let's say we have vulnerability, some classical buffer overflow. And is it just, you know, a program which is going to trigger that buffer overflow and that code and let's say you're detecting with, you know, a certain, you have Kazan enabled or some others and you're detecting certain event or can you tell more about what is this proof of concept? Is the detection to promote services or computers? Like if you don't have a computer nearby, maybe you need a remote, a promote detection for the remote, for the computer. But I'm just trying to understand what is this proof of concept by itself, like the code which you try to run to detect vulnerability. So could you give an example what it would typically be? I guess you're not asking people to contribute real-world exploits. Yes. So is it just something simpler or? Well, this project is still development. It is still in development so we are glad to invite people to join in this project. You can submit POC or detection method to this project or join in the development like our development plan. Yes. So for the POCs which so far have been submitted, so what are they typically look like? It will have a comprehensive detection in the future. No, but now you said that you have a number of POCs which are already there. So what do we do? If you have a new POC, like it has original new POC and you can join in this job or you can perfect our the POCs like we have already original POCs and you can exchange it. And the original POCs are also in the trip with the jury so you can just take a look, right? Yes. Okay. So it's probably easier to take a look. Thank you. Any other questions? No, let's thank a speaker.