the rapid growth in natural gas consumption has increased the need for gas storage, in particular in the form of injection into depleted reservoirs. also, co2 sequestration into the depleted reservoirs has attracted a large attention recently. however, it is important to ensure that the injection pressure is maintained below a certain limit to avoid unsealing the cap rock or reactivation of any...

Instruction Set Randomization (ISR) is a promising technique for preventing code-injection attacks. In this paper we present a complete randomization framework for JavaScript aiming at detecting and preventing Cross-Site Scripting (XSS) attacks. RaJa randomizes JavaScript source without changing the code structure. Only JavaScript identifiers are carefully modified and the randomized code can b...

This paper describes a framework, which modifies existing source code to generate security issues. An example plugin for generating SQL injection in Java source code is described. The generation process is based on static code analysis techniques like dataflow analysis and abstract syntax trees. The framework is evaluated with the help of Java projects from GitHub. One modified project was succ...

Problem. Among the various methods to perform Fault Injection, the technique of Software Fault Injection is getting more popular. In this technique, a special piece of code, associated to the system under test, tries to simulate faults. Generally, Fault Injection testing can be done by using a Fault Injection tool, and there is a number of them. However, there are no tools that work under each ...

Security of embedded devices today is a critical requirement for the Internet of Things (IoT) as these devices will access sensitive in­ formation such as social security numbers and health records. This makes these devices a lucrative target for attacks exploiting vulnerabilities to inject malicious code or reuse existing code to alter the execution of their software. Existing defense techniqu...

Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. For example, software attackers perform code injection and code-reuse attacks on their remote interfaces, and physical access to IoT devices allows to tamper with code in memory, steal confidential Intellectual Property (IP), or mount fault attacks to manipulate a CPU’s control flow. In this work, we pr...

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect...

The LSTF experiment simulating the SGTR accident at the Mihama Unit-2 reactor is analyzed using the RELAP5/MOD3.3 code. In the accident, and thus in the experiment, the ECC water was injected not only into the cold legs but into the upper plenum. Overall transients during the experiment such as pressures and fluid temperatures are simulated well by the code. The cold-leg fluid temperatures are ...