Web applications witnessed a rapid growth for online business and transactions are expected to be secure, efficient and reliable to the users against any form of injection attacks. SQL injection is one of the most common application layer attack techniques used today by hackers to steal data from organizations. It is a technique that exploits a security vulnerability occurring in the database l...

The effects of variations in the workload input when estimating error detection coverage using fault injection are investigated. Results from scanchain implemented fault injection experiments using the FIMBUL tool on the Thor microprocessor show that the estimated error non-coverage may vary by more than five percentage units for different workload input sequences. A methodology for predicting ...

Intrusion detection systems are fundamentally passive and fail–open. Because their primary task is classification, they do nothing to prevent an attack from succeeding. An intrusion prevention system (IPS) adds protection mechanisms that provide fail–safe semantics, automatic response capabilities, and adaptive enforcement. We present FLIPS (Feedback Learning IPS), a hybrid approach to host sec...

Model driven software engineering aims at creating high level executable models which may be interpreted or compiled. For efficient execution of operations on model instances code generators play an important role. A wellestablished tool for structural modeling and code generation is the Eclipse Modeling Framework (EMF). We extended EMF by behavior modeling within ModGraph, a tool to model beha...

Document-based code injection attacks, where-in malicious code (coined shellcode) is embedded in a document, have quickly replaced network-service based exploits as the preferred method of attack. In this paper, we present a new technique to aid in forensic and diagnostic analysis of malicious documents detected using dynamic code analysis techniques — namely, automated API call hooking and sim...

MCAIDS-Machine Code Analysis Intrusion Detection System for blocking code-injection buffer overflow attack messages targeting at various Internet services such as web service. With the increasing access of Internet,the Internet threat takes a form of attack, targetting individuals users to gain control over network and data. Buffer overlow is one of the most occuring security vulnerability in c...

We analyze: (i) use of virtualization to facilitate fault injection into non-virtualized systems, and (ii) use of fault injection to evaluate the dependability of virtualized systems. With the Xen Virtual Machine Monitor (VMM) as a test case, for (i), we injected thousands of faults into the code, memory, and registers of paravirtualized and fullyvirtualized Virtual Machines (VMs) from within t...

Fault injection deals with the insertion or simulation of faults in order to test the robustness and fault tolerance of a software application [8]. Such measures are generally performed on software that is mission critical, to the extent that failure could have significant negative ramifications. Actual injection of faults can be performed either at compile time, when additional code is inserte...

Fault injection techniques are important and widely used for verifying the dependability of computer systems. Traditionally fault injection has been successfully applied for evaluating dependability of hardware electronics and is now increasingly been used for software systems. At the same time increasing complexity of embedded software systems such as in automotive sector has driven these doma...