The use of web application has become increasingly popular in our daily life as reading news paper, making online payments for shopping etc. At the same time there is an increase in number of attacks that target them. In this paper we present a detailed review on various types of SQL injection attacks and prevention technique for web application. Here we are presenting a new technique for preve...

This paper proposes a comprehensive set of techniques which limit the scope of remote code injection attacks. These techniques prevent any injected code from making system calls and thus restrict the capabilities of an attacker. In defending against the traditional ways of harming a system these techniques significantly raise the bar for compromising the host system forcing the attack code to t...

One of the important problems in reducing pollutant emission from diesel engines is trade-off between soot and NOx. Split injection is one of the most powerful tools that decrease soot and NOx emissions simultaneously. At the present work, the effect of split injection on the combustion process and emissions of a direct-injection diesel engine under full-load conditions is investigated by the c...

In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream cipher-like hash function design with components of the AES, and it is one of the fastest submitted hash functions. In our attack, we show weaknesses in the message injection and state update of SHAMATA. It is possible to find certain message differences that do not get changed by the message expan...

In this paper we survey the current literature on code obfuscation and review current practices as well as applications. We analyze the different obfuscation techniques in relation to protection of intellectual property and the hiding of malicious code. Surprisingly, the same techniques used to thwart reverse engineers are used to hide malicious code from virus scanners. Additionally, obfuscati...

Hypervisors have quickly become essential but are vulnerable to attack. Unfortunately, efficiently hardening hypervisors is challenging because they lack a privileged security monitor and decomposition strategies. In this work we systematically analyze the 191 Xen hypervisor vulnerabilities from Xen Security Advisories, revealing that the majority (144) are in the core hypervisor not Dom0. We t...

While code injection attacks have been virtually eliminated on modern systems, programs today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP (JIT-ROP) techniques, where an attacker uses a memory disclosure vulnerability to discover code gadgets at runtime. We designed a code-reuse defense, called Shuffler, which continuously re-randomizes code locations on...

Software fault injection has recently started showing great promise as a means for measuring the safety of software programs. This paper shows the results from applying one method for implementing software fault injection, data state error corruption, to the Departure from Nucleate Boiling Ratio (DNBR) code, a research code from the Halden Reactor Project, located in Halden Norway. THE OPINIONS...