National Library of Energy BETA

Sample records for authentication bypass vulnerability

  1. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 57: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  2. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory

  3. V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for

  4. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  5. U-169: Sympa Multiple Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.

  6. V-236: MediaWiki CentralAuth Extension Authentication Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the ...

  7. U-188: MySQL User Login Security Bypass and Unspecified Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    An error when verifying authentication attempts can be exploited to bypass the authentication mechanism.

  8. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  9. V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    issued a fix (7.1.2). Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  10. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information

    Broader source: Energy.gov [DOE]

    Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information.

  11. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  12. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

  13. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  14. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors

  15. V-036: EMC Smarts Network Configuration Manager Database Authentication

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Vulnerability | Department of Energy 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts

  16. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  17. V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

  18. T-646: Debian fex authentication bypass | Department of Energy

    Energy Savers [EERE]

    PLATFORM: Debian fex ABSTRACT: Debian security discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the ...

  19. U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

  20. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Red Hat Enterprise MRG Messaging. A remote user can access cluster messages and view the internal configuration.

  1. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets

  2. U-267: RSA® Authentication Agent 7.1 for Microsoft Windows®...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step reference LINKS: SecurityTracker Alert ID: 1027559 Bugtraq ID: 55662 CVE-2012-2287...

  3. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis...

  4. V-216: Drupal Monster Menus Module Security Bypass and Script...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP ...

  5. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

  6. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December 21, 2012 - ...

  7. V-186: Drupal Login Security Module Security Bypass and Denial...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-216: Drupal Monster Menus Module ...

  8. V-223: RSA Authentication Agent for PAM Allows Remote Users to...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    has issued a fix Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  9. V-127: Samba Bug Lets Remote Authenticated Users Modify Files...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Samba Bug Lets Remote Authenticated Users Modify Files V-127: Samba Bug Lets Remote Authenticated Users Modify Files April 5, 2013 - 6:00am Addthis PROBLEM: A vulnerability was...

  10. V-216: Drupal Monster Menus Module Security Bypass and Script Insertion

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 6: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities August 12, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in the Monster Menus module for Drupal PLATFORM: Drupal Monster Menus Module 6.x and 7.x ABSTRACT: The vulnerabilities can be exploited by malicious users to bypass certain security restrictions and

  11. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 2: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities December 21, 2012 - 12:15am Addthis PROBLEM: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities PLATFORM: Drupal 6.x versions prior to 6.27 Drupal 7.x versions prior to 7.18 ABSTRACT: Drupal Core Multiple vulnerabilities REFERENCE LINKS: SA-CORE-2012-004 - Drupal core

  12. T-540: Sybase EAServer Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information.

  13. Low-bandwidth authentication.

    SciTech Connect (OSTI)

    Donnelly, Patrick Joseph; McIver, Lauren; Gaines, Brian R.; Anderson, Erik; Collins, Michael Joseph; Thomas,Kurt Adam; McDaniel, Austin

    2007-09-01

    Remotely-fielded unattended sensor networks generally must operate at very low power--in the milliwatt or microwatt range--and thus have extremely limited communications bandwidth. Such sensors might be asleep most of the time to conserve power, waking only occasionally to transmit a few bits. RFID tags for tracking or material control have similarly tight bandwidth constraints, and emerging nanotechnology devices will be even more limited. Since transmitted data is subject to spoofing, and since sensors might be located in uncontrolled environments vulnerable to physical tampering, the high-consequence data generated by such systems must be protected by cryptographically sound authentication mechanisms; but such mechanisms are often lacking in current sensor networks. One reason for this undesirable situation is that standard authentication methods become impractical or impossible when bandwidth is severely constrained; if messages are small, a standard digital signature or HMAC will be many times larger than the message itself, yet it might be possible to spare only a few extra bits per message for security. Furthermore, the authentication tags themselves are only one part of cryptographic overhead, as key management functions (distributing, changing, and revoking keys) consume still more bandwidth. To address this problem, we have developed algorithms that provide secure authentication while adding very little communication overhead. Such techniques will make it possible to add strong cryptographic guarantees of data integrity to a much wider range of systems.

  14. V-231: Cisco Identity Services Engine Discloses Authentication Credentials

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to Remote Users | Department of Energy 1: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users V-231: Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users August 30, 2013 - 3:01am Addthis PROBLEM: A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials. PLATFORM: Cisco Identity Services Engine (ISE) 1.x ABSTRACT: A vulnerability was reported in Cisco Identity Services

  15. V-187: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  16. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  17. V-097: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  18. V-186: Drupal Login Security Module Security Bypass and Denial of Service

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerability | Department of Energy 6: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability June 26, 2013 - 1:28am Addthis PROBLEM: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability PLATFORM: Login Security 6.x-1.x versions prior to 6.x-1.2. Login Security 7.x-1.x versions prior to 7.x-1.2. ABSTRACT: A security issue and a vulnerability have been

  19. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  20. System and method for authentication

    SciTech Connect (OSTI)

    Duerksen, Gary L.; Miller, Seth A.

    2015-12-29

    Described are methods and systems for determining authenticity. For example, the method may include providing an object of authentication, capturing characteristic data from the object of authentication, deriving authentication data from the characteristic data of the object of authentication, and comparing the authentication data with an electronic database comprising reference authentication data to provide an authenticity score for the object of authentication. The reference authentication data may correspond to one or more reference objects of authentication other than the object of authentication.

  1. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  2. U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

  3. U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Scripting and URL Redirection Attacks | Department of Energy 12: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks July 13, 2012 - 7:00am Addthis PROBLEM: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks PLATFORM: RSA Authentication Manager 7.1 is vulnerable; other

  4. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  5. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: IBM Lotus Expeditor Multiple Vulnerabilities U-198: IBM Lotus Expeditor Multiple Vulnerabilities June 25, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus Expeditor. PLATFORM: IBM Lotus Expeditor 6.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.. Reference Links: Vendor Advisory

  6. V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Issue | Department of Energy 4: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue September 4, 2013 - 6:00am Addthis PROBLEM: A weakness and a security issue have been reported in EMC RSA Archer GRC PLATFORM: EMC RSA Archer GRC 5.x ABSTRACT: This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing

  7. Multi-factor authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-10-21

    Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

  8. Authentication of byte sequences

    SciTech Connect (OSTI)

    Stearns, S.D.

    1991-06-01

    Algorithms for the authentication of byte sequences are described. The algorithms are designed to authenticate data in the Storage, Retrieval, Analysis, and Display (SRAD) Test Data Archive of the Radiation Effects and Testing Directorate (9100) at Sandia National Laboratories, and may be used in similar situations where authentication of stored data is required. The algorithms use a well-known error detection method called the Cyclic Redundancy Check (CRC). When a byte sequence is authenticated and stored, CRC bytes are generated and attached to the end of the sequence. When the authenticated data is retrieved, the authentication check consists of processing the entire sequence, including the CRC bytes, and checking for a remainder of zero. The error detection properties of the CRC are extensive and result in a reliable authentication of SRAD data.

  9. T-646: Debian fex authentication bypass | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ABSTRACT: Debian security discovered that fex, a web service for transferring very large, ... Impact: Debian has discovered that F*EX, a web service for transferring very large files, ...

  10. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591

  11. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Password | Department of Energy 5: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A vulnerability was reported in OpenLDAP. A remote user can authenticate without a valid password. PLATFORM: Open LDAP version(s) 2.4.12 - 2.2.24 ABSTRACT: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password. reference LINKS: SecurityTracker

  12. Authentication of quantum messages.

    SciTech Connect (OSTI)

    Barnum, Howard; Crépeau, Jean-Claude; Gottesman, D.; Smith, A.; Tapp, Alan

    2001-01-01

    Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.

  13. Secure authenticated video equipment

    SciTech Connect (OSTI)

    Doren, N.E.

    1993-07-01

    In the verification technology arena, there is a pressing need for surveillance and monitoring equipment that produces authentic, verifiable records of observed activities. Such a record provides the inspecting party with confidence that observed activities occurred as recorded, without undetected tampering or spoofing having taken place. The secure authenticated video equipment (SAVE) system provides an authenticated series of video images of an observed activity. Being self-contained and portable, it can be installed as a stand-alone surveillance system or used in conjunction with existing monitoring equipment in a non-invasive manner. Security is provided by a tamper-proof camera enclosure containing a private, electronic authentication key. Video data is transferred communication link consisting of a coaxial cable, fiber-optic link or other similar media. A video review station, located remotely from the camera, receives, validates, displays and stores the incoming data. Video data is validated within the review station using a public key, a copy of which is held by authorized panics. This scheme allows the holder of the public key to verify the authenticity of the recorded video data but precludes undetectable modification of the data generated by the tamper-protected private authentication key.

  14. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Reader/Acrobat Multiple Vulnerabilities U-146: Adobe Reader/Acrobat Multiple Vulnerabilities April 12, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat. PLATFORM: Adobe Acrobat 9.x Adobe Acrobat X 10.x Adobe Reader 9.x Adobe Reader X 10.x ABSTRACT: Vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive

  15. Authentication Without Secrets

    SciTech Connect (OSTI)

    Pierson, Lyndon G.; Robertson, Perry J.

    2015-11-01

    This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integrity of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.

  16. Two-Factor Authentication

    Broader source: Energy.gov [DOE]

    Two-Factor Authentication (2FA) (also known as 2-Step Verification) is a system that employs two methods to identify an individual. More secure than reusable passwords, when a token's random number...

  17. International safeguards data authentication

    SciTech Connect (OSTI)

    Melton, R.B.; Smith, C.E.; DeLand, S.M.; Manatt, D.R.

    1996-07-01

    The International Safeguards community is becoming increasingly reliant on information stored in electronic form. In international monitoring and related activities it must be possible to verify and maintain the integrity of this electronic information. This paper discusses the use of data authentication technology to assist in accomplishing this task. The paper provides background information, identifies the relevance to international safeguards, discusses issues related to export controls, algorithm patents, key management and the use of commercial vs. custom software.

  18. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis PROBLEM: Cisco Unified Communications Manager contains a vulnerability that could allow an authenticated, remote attacker to inject arbitrary script code on a targeted system. PLATFORM: Cisco Unified Communications Manager versions prior to 8.5(1), 8.0(3), 7.1(5)su1, and 6.1(5)su2 are

  19. Anonymous authenticated communications

    DOE Patents [OSTI]

    Beaver, Cheryl L.; Schroeppel, Richard C.; Snyder, Lillian A.

    2007-06-19

    A method of performing electronic communications between members of a group wherein the communications are authenticated as being from a member of the group and have not been altered, comprising: generating a plurality of random numbers; distributing in a digital medium the plurality of random numbers to the members of the group; publishing a hash value of contents of the digital medium; distributing to the members of the group public-key-encrypted messages each containing a same token comprising a random number; and encrypting a message with a key generated from the token and the plurality of random numbers.

  20. CERTIFICATE OF AUTHENTICITY

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. ~ i c h a e l G. Mueller, Chair National Coal Council I NATIONAL COAL COUNCIL 1 FULL COUNCIL MEETING FRIDAY NOVEMBER 14, 2 0 0 8 The Full Council meeting convened at 9 : 0 0 a.m. in the Washington Ballroom of the Westin Grand Hotel, 2 3 5 0 M Street, NW, Washington, DC, Chair

  1. AVNG authentication features

    SciTech Connect (OSTI)

    Thron, Jonathan Louis; Mac Arthur, Duncan W; White, Greg; Razinkov, Sergey; Livke, Alexander

    2010-01-01

    Any verification measurement performed on potentially classified nuclear material must satisfy two seemingly contradictory constraints. First and foremost, no classified information can be released. At the same time, the monitoring party must have confidence in the veracity of the measurement (called authentication). An information barrier (IB) is included in the measurement system to protect the potentially classified information. To achieve both goals, the IB allows only very limited, previously agreed-on information to be displayed to the monitoring party. In addition to this limited information from the potentially classified measurement, other measurements are performed and procedures are put in place for the monitoring party to gain confidence that the material being measured is consistent with the host's declarations concerning that material. In this presentation, we will discuss the techniques used in the AVNG attribute measuring system to facilitate authentication of the verification measurements by the monitors. These techniques include measuring unclassified items while allowing more information to be displayed; having the monitor understand the system function, design, and implementation; and randomly selecting the order of measurements.

  2. Heat exchanger bypass test report

    SciTech Connect (OSTI)

    De Vries, M.L.

    1995-01-26

    This test report documents the results that were obtained while conducting the test procedure which bypassed the heat exchangers in the HC-21C sludge stabilization process. The test was performed on November 15, 1994 using WHC-SD-CP-TC-031, ``Heat Exchanger Bypass Test Procedure.`` The primary objective of the test procedure was to determine if the heat exchangers were contributing to condensation of moisture in the off-gas line. This condensation was observed in the rotameters. Also, a secondary objective was to determine if temperatures at the rotameters would be too high and damage them or make them inaccurate without the heat exchangers in place.

  3. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code Apple QuickTime Multiple Vulnerabilities May 24, 2013 V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass The...

  4. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Execute Arbitrary Code Apple QuickTime Multiple Vulnerabilities May 24, 2013 V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass The...

  5. Authentication techniques for smart cards

    SciTech Connect (OSTI)

    Nelson, R.A.

    1994-02-01

    Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thorough understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.

  6. T-555: Adobe Acrobat and Reader Image Parsing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

  7. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  8. Lessons about vulnerability assessments.

    SciTech Connect (OSTI)

    Johnston, R. G.

    2004-01-01

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.

  9. T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw

    Broader source: Energy.gov [DOE]

    An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.

  10. AVTA: Oil Bypass Filter Specifications and Test Procedures | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Oil Bypass Filter Specifications and Test Procedures AVTA: Oil Bypass Filter Specifications and Test Procedures PuraDYN Oil Bypass Filtration System Evaluation Test Plan methodology is used in the testing of all oil bypass filters on the buses at the Idaho National Laboratory. PuraDYN Oil Bypass Filtration System Evaluation Test Plan (732.1 KB) More Documents & Publications Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Effects of

  11. Photovoltaic power generation system free of bypass diodes (Patent...

    Office of Scientific and Technical Information (OSTI)

    Photovoltaic power generation system free of bypass diodes Title: Photovoltaic power generation system free of bypass diodes A photovoltaic power generation system that includes a ...

  12. Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and ...

  13. Oil Bypass Filter Technology Performance Evaluation - First Quarterly...

    Office of Scientific and Technical Information (OSTI)

    Oil Bypass Filter Technology Performance Evaluation - First Quarterly Report Citation Details In-Document Search Title: Oil Bypass Filter Technology Performance Evaluation - First ...

  14. Thermal Bypass Air Barriers in the 2009 International Energy...

    Energy Savers [EERE]

    Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code - Building America Top Innovation Thermal Bypass Air Barriers in the 2009 International Energy ...

  15. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor

  16. Obfuscated authentication systems, devices, and methods

    DOE Patents [OSTI]

    Armstrong, Robert C; Hutchinson, Robert L

    2013-10-22

    Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

  17. A proposed generic authentication information element

    SciTech Connect (OSTI)

    Tarman, T.D.

    1995-08-01

    This contribution describes a proposed information element that can convey authentication information within an ATM signaling message. The design of this information element provides a large amount of flexibility to the user because it does not specify a particular signature algorithm, and it does not specify which information elements must accompany the Authentication IE in a signaling message. This allows the user to implement authenticated signaling based on her site`s security policies and performance requirements.

  18. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CERTIFICATE OF AUTHENTICITY CERTIFICATE OF AUTHENTICITY I hereby certify that this transcript constitutes an accurate record of the full Council meeting of the National Coal Council held on November 14,2008 at the Westin Grand Hotel, Washington, D.C. Tran_001.pdf CERTIFICATE OF AUTHENTICITY (4.5 MB) More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for Offshore Wind Demonstrations Office of Information Resources Office of

  19. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    McAfee Security Bulletin ID: SB10026 SecurityTracker Alert ID: 1027444 Bugtraq ID: 55184 CVE-2012-4595, CVE-2012-4596, CVE-2012-4597 IMPACT ASSESSMENT: Medium Discussion A remote...

  20. CERTIFICATE OF AUTHENTICITY | Department of Energy

    Energy Savers [EERE]

    D.C. Tran001.pdf PDF icon CERTIFICATE OF AUTHENTICITY More Documents & Publications U.S. Offshore Wind Advanced Technology Demonstration Projects Public Meeting Transcript for...

  1. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  2. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  3. Exhaust gas bypass valve control for thermoelectric generator

    DOE Patents [OSTI]

    Reynolds, Michael G; Yang, Jihui; Meisner, Greogry P.; Stabler, Francis R.; De Bock, Hendrik Pieter Jacobus; Anderson, Todd Alan

    2012-09-04

    A method of controlling engine exhaust flow through at least one of an exhaust bypass and a thermoelectric device via a bypass valve is provided. The method includes: determining a mass flow of exhaust exiting an engine; determining a desired exhaust pressure based on the mass flow of exhaust; comparing the desired exhaust pressure to a determined exhaust pressure; and determining a bypass valve control value based on the comparing, wherein the bypass valve control value is used to control the bypass valve.

  4. Bypass diode for a solar cell

    DOE Patents [OSTI]

    Rim, Seung Bum; Kim, Taeseok; Smith, David D.; Cousins, Peter J.

    2012-03-13

    Bypass diodes for solar cells are described. In one embodiment, a bypass diode for a solar cell includes a substrate of the solar cell. A first conductive region is disposed above the substrate, the first conductive region of a first conductivity type. A second conductive region is disposed on the first conductive region, the second conductive region of a second conductivity type opposite the first conductivity type.

  5. V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated...

  6. V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks...

  7. Instructions for using HSPD-12 Authenticated Outlook Web Access...

    Energy Savers [EERE]

    Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Instructions for using HSPD-12 Authenticated Outlook Web Access (OWA) Provides instructions for remote Outlook...

  8. V-231: Cisco Identity Services Engine Discloses Authentication...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    system stores the username and password of an authenticated user within hidden ... or clickjacking attack to access the username and password of an authenticated session. ...

  9. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs Advanced

  10. AUTHENTICATED

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    1 Contract No. 11PB-12330 AMENDMENT executed by the BONNEVILLE POWER ADMINISTRATION and PORT TOWNSEND PAPER CORPORATION This AMENDMENT to the Firm Power Sales Agreement (Agreement)...

  11. Climate Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Vulnerabilities Climate Vulnerabilities The Energy Sector's Vulnerabilities to Climatic Conditions x Impacts Due to... Increasing Temperatures Decreasing Water Availability Increasing Storms, Flooding, and Sea Level Rise See All Impacts Map locations are approximate. Find out more about this data here. Click and drag the map to read about each location

  12. Data Authentication Demonstration for Radionuclide Stations

    SciTech Connect (OSTI)

    Harris, Mark; Herrington, Pres; Miley, Harry; Ellis, J. Edward; McKinnon, David; St. Pierre, Devon

    1999-08-03

    Data authentication is required for certification of sensor stations in the International Monitoring System (IMS). Authentication capability has been previously demonstrated for continuous waveform stations (seismic and infrasound). This paper addresses data surety for the radionuclide stations in the IMS, in particular the Radionuclide Aerosol Sampler/Analyzer (RASA) system developed by Pacific Northwest National Laboratory (PNNL). Radionuclide stations communicate data by electronic mail using formats defined in IMS 1.0, Formats and Protocols for Messages. An open message authentication standard exists, called S/MIME (Secure/Multipurpose Internet Mail Extensions), which has been proposed for use with all IMS radionuclide station message communications. This standard specifies adding a digital signature and public key certificate as a MIME attachment to the e-mail message. It is advantageous because it allows authentication to be added to all IMS 1.0 messages in a standard format and is commercially supported in e-mail software. For command and control, the RASA system uses a networked Graphical User Interface (GUI) based upon Common Object Request Broker Architecture (CORBA) communications, which requires special authentication procedures. The authors have modified the RASA system to meet CTBTO authentication guidelines, using a FORTEZZA card for authentication functions. They demonstrated signing radionuclide data messages at the RASA, then sending, receiving, and verifying the messages at a data center. They demonstrated authenticating command messages and responses from the data center GUI to the RASA. Also, the particular authentication system command to change the private/public key pair and retrieve the new public key was demonstrated. This work shows that data surety meeting IMS guidelines may be immediately applied to IMS radionuclide systems.

  13. Final report for the network authentication investigation and pilot.

    SciTech Connect (OSTI)

    Eldridge, John M.; Dautenhahn, Nathan; Miller, Marc M.; Wiener, Dallas J; Witzke, Edward L.

    2006-11-01

    New network based authentication mechanisms are beginning to be implemented in industry. This project investigated different authentication technologies to see if and how Sandia might benefit from them. It also investigated how these mechanisms can integrate with the Sandia Two-Factor Authentication Project. The results of these investigations and a network authentication path forward strategy are documented in this report.

  14. Hardware device binding and mutual authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-03-04

    Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

  15. Authentication Protocol using Quantum Superposition States

    SciTech Connect (OSTI)

    Kanamori, Yoshito; Yoo, Seong-Moo; Gregory, Don A.; Sheldon, Frederick T

    2009-01-01

    When it became known that quantum computers could break the RSA (named for its creators - Rivest, Shamir, and Adleman) encryption algorithm within a polynomial-time, quantum cryptography began to be actively studied. Other classical cryptographic algorithms are only secure when malicious users do not have sufficient computational power to break security within a practical amount of time. Recently, many quantum authentication protocols sharing quantum entangled particles between communicators have been proposed, providing unconditional security. An issue caused by sharing quantum entangled particles is that it may not be simple to apply these protocols to authenticate a specific user in a group of many users. An authentication protocol using quantum superposition states instead of quantum entangled particles is proposed. The random number shared between a sender and a receiver can be used for classical encryption after the authentication has succeeded. The proposed protocol can be implemented with the current technologies we introduce in this paper.

  16. Bypass apparatus and method for series connected energy storage devices

    DOE Patents [OSTI]

    Rouillard, Jean; Comte, Christophe; Daigle, Dominik

    2000-01-01

    A bypass apparatus and method for series connected energy storage devices. Each of the energy storage devices coupled to a common series connection has an associated bypass unit connected thereto in parallel. A current bypass unit includes a sensor which is coupled in parallel with an associated energy storage device or cell and senses an energy parameter indicative of an energy state of the cell, such as cell voltage. A bypass switch is coupled in parallel with the energy storage cell and operable between a non-activated state and an activated state. The bypass switch, when in the non-activated state, is substantially non-conductive with respect to current passing through the energy storage cell and, when in the activated state, provides a bypass current path for passing current to the series connection so as to bypass the associated cell. A controller controls activation of the bypass switch in response to the voltage of the cell deviating from a pre-established voltage setpoint. The controller may be included within the bypass unit or be disposed on a control platform external to the bypass unit. The bypass switch may, when activated, establish a permanent or a temporary bypass current path.

  17. Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

    DOE Patents [OSTI]

    Kent, Alexander Dale

    2008-09-02

    Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

  18. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the

  19. V-174: RSA Authentication Manager Writes Operating System, SNMP...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files V-174: RSA Authentication Manager Writes Operating System,...

  20. Kerberos authentication: The security answer for unsecured networks

    SciTech Connect (OSTI)

    Engert, D.E.

    1995-06-01

    Traditional authentication schemes do not properly address the problems encountered with today`s unsecured networks. Kerbmm developed by MIT, on the other hand is designed to operate in an open unsecured network, yet provide good authentication and security including encrypted session traffic. Basic Kerberos principles as well as experiences of the ESnet Authentication Pilot Project with Cross Realm. Authentication between four National Laboratories will also be described.

  1. Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules Presented at the PV Module Reliability Workshop, February 26 - 27 2013, Golden, Colorado pvmrw13_ps3_nrel_zhang.pdf (530.07 KB) More Documents & Publications US TG 4 Activities of QA Forum US & Japan TG 4 Activities of QA Forum High Temperature Reverse By-Pass Diodes Bias and Failures

  2. Regional Climate Vulnerabilities and Resilience Solutions | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Regional Climate Vulnerabilities and Resilience Solutions Regional Climate Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please ...

  3. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability...

  4. Heat exchanger bypass system for an absorption refrigeration system

    DOE Patents [OSTI]

    Reimann, Robert C.

    1984-01-01

    A heat exchanger bypass system for an absorption refrigeration system is disclosed. The bypass system operates to pass strong solution from the generator around the heat exchanger to the absorber of the absorption refrigeration system when strong solution builds up in the generator above a selected level indicative of solidification of strong solution in the heat exchanger or other such blockage. The bypass system includes a bypass line with a gooseneck located in the generator for controlling flow of strong solution into the bypass line and for preventing refrigerant vapor in the generator from entering the bypass line during normal operation of the refrigeration system. Also, the bypass line includes a trap section filled with liquid for providing a barrier to maintain the normal pressure difference between the generator and the absorber even when the gooseneck of the bypass line is exposed to refrigerant vapor in the generator. Strong solution, which may accumulate in the trap section of the bypass line, is diluted, to prevent solidification, by supplying weak solution to the trap section from a purge system for the absorption refrigeration system.

  5. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  6. Authentication of data for monitoring a comprehensive test ban treaty

    SciTech Connect (OSTI)

    Craft, R.L.; Draelos, T.J.

    1996-05-01

    The important issue of data integrity in the CTBT International Monitoring System (IMS) is discussed and a brief tutorial on data authentication techniques is offered. The utilization of data authentication as a solution to the data integrity problem is evaluated. Public key data authentication is recommended for multilateral monitoring regimes such as the CTBT. The ramifications and system considerations of applying data authentication at various locations in the IMS, or not at all, are reviewed in a data surety context. The paper concludes with a recommendation of authenticating data at all critical monitoring stations.

  7. Bypass diode for a solar cell

    DOE Patents [OSTI]

    Rim, Seung Bum; Kim, Taeseok; Smith, David D; Cousins, Peter J

    2013-11-12

    Methods of fabricating bypass diodes for solar cells are described. In once embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed on the first conductive region. In another embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed within, and surrounded by, an uppermost portion of the first conductive region but is not formed in a lowermost portion of the first conductive region.

  8. System and method for authentication of goods

    DOE Patents [OSTI]

    Kaish, Norman; Fraser, Jay; Durst, David I.

    1999-01-01

    An authentication system comprising a medium having a plurality of elements, the elements being distinctive, detectable and disposed in an irregular pattern or having an intrinsic irregularity. Each element is characterized by a determinable attribute distinct from a two-dimensional coordinate representation of simple optical absorption or simple optical reflection intensity. An attribute and position of the plurality of elements, with respect to a positional reference is detected. A processor generates an encrypted message including at least a portion of the attribute and position of the plurality of elements. The encrypted message is recorded in physical association with the medium. The elements are preferably dichroic fibers, and the attribute is preferably a polarization or dichroic axis, which may vary over the length of a fiber. An authentication of the medium based on the encrypted message may be authenticated with a statistical tolerance, based on a vector mapping of the elements of the medium, without requiring a complete image of the medium and elements to be recorded.

  9. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  10. U-084: Cisco Digital Media Manager Lets Remote Authenticated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Show and Share. Impact: A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges....

  11. Authenticating concealed private data while maintaining concealment

    DOE Patents [OSTI]

    Thomas, Edward V.; Draelos, Timothy J.

    2007-06-26

    A method of and system for authenticating concealed and statistically varying multi-dimensional data comprising: acquiring an initial measurement of an item, wherein the initial measurement is subject to measurement error; applying a transformation to the initial measurement to generate reference template data; acquiring a subsequent measurement of an item, wherein the subsequent measurement is subject to measurement error; applying the transformation to the subsequent measurement; and calculating a Euclidean distance metric between the transformed measurements; wherein the calculated Euclidean distance metric is identical to a Euclidean distance metric between the measurement prior to transformation.

  12. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  13. V-195: RSA Authentication Manager Lets Local Users View the Administra...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: RSA Authentication Manager Lets Local Users View the Administrative Account Password V-195: RSA Authentication Manager Lets Local Users View the Administrative Account Password...

  14. V-208: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system.

  15. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  16. V-131: Adobe Shockwave Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system

  17. EA-1262: McKay Bypass Canal Extension, Golden, Colorado

    Broader source: Energy.gov [DOE]

    This EA evaluates the environmental impacts for the proposal to extend the McKay Bypass Canal in order to route water from the existing Canal north of the Walnut Creek drainage on the east side of...

  18. Oil Bypass Filter Technology Performance Evaluation - First Quarterly Report

    SciTech Connect (OSTI)

    Zirker, L.R.; Francfort, J.E.

    2003-01-31

    This report details the initial activities to evaluate the performance of the oil bypass filter technology being tested by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program. Eight full-size, four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass systems from the puraDYN Corporation. Each bus averages about 60,000 miles a year. The evaluation includes an oil analysis regime to monitor the presence of necessary additives in the oil and to detect undesirable contaminants. Very preliminary economic analysis suggests that the oil bypass system can reduce life-cycle costs. As the evaluation continues and oil avoidance costs are quantified, it is estimated that the bypass system economics may prove increasingly favorable, given the anticipated savings in operational costs and in reduced use of oil and waste oil avoidance.

  19. V-224: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in...

  20. V-121: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

  1. V-207: Wireshark Multiple Denial of Service Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

  2. Multi-factor Authentication Update | The Ames Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Multi-factor Authentication Update There is a delay in the purchase of the multi-factor authentication software solution that will cause a lag in the planned implementation. The Laboratory is currently in negotiations to complete the purchase. Once complete, the implementation can begin.

  3. T-659: Update support for RSA Authentication Manager

    Broader source: Energy.gov [DOE]

    RSA posted SP4 Patch 4 of their Authentication Manager product 06/30/2011. There are a few pages of fixes in the README, but the most significant is that Authentication Manager can now be installed on Windows Server 2008 (both 32 and 64bit).

  4. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  5. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  6. Thermal Bypass Air Barriers in the 2009 International Energy Conservation

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Code - Building America Top Innovation | Department of Energy Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code - Building America Top Innovation Thermal Bypass Air Barriers in the 2009 International Energy Conservation Code - Building America Top Innovation Image of a San Antonio home. Since air leakage is so critical to home performance, Building America research consistently focused on promoting better air sealing and air barrier details, including field

  7. Bypass flow computations on the LOFA transient in a VHTR

    SciTech Connect (OSTI)

    Tung, Yu-Hsin; Johnson, Richard W.; Ferng, Yuh-Ming; Chieng, Ching-Chang

    2014-01-01

    Bypass flow in the prismatic gas-cooled very high temperature reactor (VHTR) is not intentionally designed to occur, but is present in the gaps between graphite blocks. Previous studies of the bypass flow in the core indicated that the cooling provided by flow in the bypass gaps had a significant effect on temperature and flow distributions for normal operating conditions. However, the flow and heat transports in the core are changed significantly after a Loss of Flow Accident (LOFA). This study aims to study the effect and role of the bypass flow after a LOFA in terms of the temperature and flow distributions and for the heat transport out of the core by natural convection of the coolant for a 1/12 symmetric section of the active core which is composed of images and mirror images of two sub-region models. The two sub-region models, 9 x 1/12 and 15 x 1/12 symmetric sectors of the active core, are employed as the CFD flow models using computational grid systems of 70.2 million and 117 million nodes, respectively. It is concluded that the effect of bypass flow is significant for the initial conditions and the beginning of LOFA, but the bypass flow has little effect after a long period of time in the transient computation of natural circulation.

  8. Public-key data authentication for treaty verification

    SciTech Connect (OSTI)

    Draelos, T.J.; Goldsmith, S.Y.

    1992-08-01

    A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication is important for support of both bilateral and multi-lateral treaties. 8 refs.

  9. Public-key data authentication for treaty verification

    SciTech Connect (OSTI)

    Draelos, T.J.; Goldsmith, S.Y.

    1992-01-01

    A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication is important for support of both bilateral and multi-lateral treaties. 8 refs.

  10. Centralized Authentication with Kerberos 5, Part I

    SciTech Connect (OSTI)

    Wachsmann, A

    2004-06-09

    Account administration in a distributed Unix/Linux environment can become very complicated and messy if done by hand. Large sites use special tools to deal with this problem. I will describe how even very small installations like your three computer network at home can take advantage of the very same tools. The problem in a distributed environment is that password and shadow files need to be changed individually on each machine if an account change occurs. Account changes include: password change, addition/removal of accounts, name change of an account (UID/GID changes are a big problem in any case), additional or removed login privileges to a (group of) computer(s), etc. In this article, I will show how Kerberos 5 solves the authentication problem in a distributed computing environment. A second article will describe a solution for the authorization problem.

  11. U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges

    Office of Energy Efficiency and Renewable Energy (EERE)

    A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system.

  12. Assessing the Security Vulnerabilities of Correctional Facilities

    SciTech Connect (OSTI)

    Morrison, G.S.; Spencer, D.S.

    1998-10-27

    The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

  13. Rankine cycle load limiting through use of a recuperator bypass

    DOE Patents [OSTI]

    Ernst, Timothy C.

    2011-08-16

    A system for converting heat from an engine into work includes a boiler coupled to a heat source for transferring heat to a working fluid, a turbine that transforms the heat into work, a condenser that transforms the working fluid into liquid, a recuperator with one flow path that routes working fluid from the turbine to the condenser, and another flow path that routes liquid working fluid from the condenser to the boiler, the recuperator being configured to transfer heat to the liquid working fluid, and a bypass valve in parallel with the second flow path. The bypass valve is movable between a closed position, permitting flow through the second flow path and an opened position, under high engine load conditions, bypassing the second flow path.

  14. Secure password-based authenticated key exchange for web services

    SciTech Connect (OSTI)

    Liang, Fang; Meder, Samuel; Chevassut, Olivier; Siebenlist, Frank

    2004-11-22

    This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

  15. INSTRUCTIONS FOR USING HSPD-12 AUTHENTICATED OUTLOOK WEB ACCESS...

    Broader source: Energy.gov (indexed) [DOE]

    172013 Page 1 INSTRUCTIONS FOR USING HSPD-12 AUTHENTICATED OUTLOOK WEB ACCESS (OWA) Outlook Web Access provides access to unencrypted email only and is suitable for use from any ...

  16. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  17. NSTB Summarizes Vulnerable Areas | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    NSTB Summarizes Vulnerable Areas Experts at the National SCADA Test Bed (NSTB) discovered ... Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems ...

  18. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

  19. Vulnerability Analysis of Energy Delivery Control Systems

    Broader source: Energy.gov (indexed) [DOE]

    ... Attackers can search for vulnerabilities in firewalls, ... organization, measured in terms of confidentiality, ... in which an adversary can enter the system and potentially ...

  20. US Energy Sector Vulnerabilities to Climate Change

    Broader source: Energy.gov (indexed) [DOE]

    Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND ... and International Affairs (DOE-PI) and the National Renewable Energy Laboratory (NREL). ...

  1. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E.

    1996-10-01

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  2. V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions December 12, 2012 - 2:00am Addthis PROBLEM:...

  3. U-179: IBM Java 7 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  4. Cycling firing method for bypass operation of bridge converters

    DOE Patents [OSTI]

    Zabar, Zivan

    1982-01-01

    The bridge converter comprises a number of switching elements and an electronic logic system which regulated the electric power levels by controlling the firing, i.e., the initiation of the conduction period of the switching elements. Cyclic firing of said elements allows the direct current to bypass the alternating current system with high power factor and negligible losses.

  5. Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules (Poster)

    SciTech Connect (OSTI)

    Zhang, Z.; Wohlgemuth, J.; Kurtz, S.

    2013-05-01

    This paper presents the result of high-temperature durability and thermal cycling testing and analysis for the selected diodes to study the detail of the thermal design and relative long-term reliability of the bypass diodes used to limit the detrimental effects of module hot-spot susceptibility.

  6. E-Labs - Learning with Authentic Data

    SciTech Connect (OSTI)

    Bardeen, Marjorie G.; Wayne, Mitchell

    2016-01-01

    the success teachers have had providing an opportunity for students to: • Organize and conduct authentic research. • Experience the environment of scientific collaborations. • Possibly make real contributions to a burgeoning scientific field. We've created projects that are problem-based, student driven and technology dependent. Students reach beyond classroom walls to explore data with other students and experts and share results, publishing original work to a worldwide audience. Students can discover and extend the research of other students, modeling the processes of modern, large-scale research projects. From start to finish e-Labs are student-led, teacher-guided projects. Students need only a Web browser to access computing techniques employed by professional researchers. A Project Map with milestones allows students to set the research plan rather than follow a step-by-step process common in other online projects. Most importantly, e-Labs build the learning experience around the students' own questions and let them use the very tools that scientists use. Students contribute to and access shared data, most derived from professional research databases. They use common analysis tools, store their work and use metadata to discover, replicate and confirm the research of others. This is where real scientific collaboration begins. Using online tools, students correspond with other research groups, post comments and questions, prepare summary reports, and in general participate in the part of scientific research that is often left out of classroom experiments. Teaching tools such as student and teacher logbooks, pre- and post-tests and an assessment rubric aligned with learner outcomes help teachers guide student work. Constraints on interface designs and administrative tools such as registration databases give teachers the "one-stop-shopping" they seek for multiple e-Labs. Teaching and administrative tools also allow us to track usage and assess the impact on

  7. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier; Duarte, Oscar; Requena, Ignacio; Zamorano, Montserrat

    2012-01-15

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  8. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment AgencyCompany Organization Climate and Development...

  9. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment (Redirected from CDKN-Colombia-Cartagena Vulnerability Assessment) Jump to: navigation, search Name Colombia-CDKN-Cartagena...

  10. U-273: Multiple vulnerabilities have been reported in Wireshark

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  11. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities The objective of safeguards is the timely detection of ...

  12. V-094: IBM Multiple Products Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple ...

  13. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Technical Report: Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities You are accessing a document from the ...

  14. Potential Vulnerability of US Petroleum Refineries to Increasing...

    Energy Savers [EERE]

    Potential Vulnerability of US Petroleum Refineries to Increasing Water Temperature andor Reduced Water Availability Potential Vulnerability of US Petroleum Refineries to ...

  15. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

  16. V-111: Multiple vulnerabilities have been reported in Puppet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerable system. SOLUTION: Update to a fixed version. Addthis Related Articles V-090: Adobe Flash Player AIR Multiple Vulnerabilities V-083: Oracle Java Multiple...

  17. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-191: Oracle Java Multiple Vulnerabilities U-105:Oracle Java SE Critical Patch Update Advisory T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities...

  18. OLADE-Central America Climate Change Vulnerability Program |...

    Open Energy Info (EERE)

    Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program AgencyCompany Organization Latin...

  19. India-Vulnerability Assessment and Enhancing Adaptive Capacities...

    Open Energy Info (EERE)

    Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

  20. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  1. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates

    Broader source: Energy.gov [DOE]

    A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases.

  2. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Authenticate Without a Valid Password T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid Password March 11, 2011 - 3:05pm Addthis PROBLEM: A ...

  3. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC)

  4. V-126: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system

  5. X.509 Authentication/Authorization in FermiCloud

    SciTech Connect (OSTI)

    Kim, Hyunwoo; Timm, Steven

    2014-11-11

    We present a summary of how X.509 authentication and authorization are used with OpenNebula in FermiCloud. We also describe a history of why the X.509 authentication was needed in FermiCloud, and review X.509 authorization options, both internal and external to OpenNebula. We show how these options can be and have been used to successfully run scientific workflows on federated clouds, which include OpenNebula on FermiCloud and Amazon Web Services as well as other community clouds. We also outline federation options being used by other commercial and open-source clouds and cloud research projects.

  6. Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Citrix_2FA_Authentication_12_3_2009.doc Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc Microsoft Word - Citrix_2FA_Authentication_12_3_2009.doc (453.3 KB) More Documents & Publications Citrix_2FA_Authentication_09.09 Using Two-Factor RSA Token with WebVPN User guide for remote access to VDI and Workplace using RSA token

  7. PURADYN Oil Bypass Filtration System Evaluation Test Plan

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Technologies & Infrastructure Department PURADYN OIL BYPASS FILTRATION SYSTEM EVALUATION TEST PLAN October 2002 Reviewed: INEEL Fleet Maintenance Supervisor (Thomas) Date Reviewed: INEEL Bus & Heavy Equipment Foreman (Murdock) Date Reviewed: INEEL Fleet Maintenance Department Manager (Bullock) Date Approved: INEEL Central/Idaho Falls Facilities Director (Winn) Date Reviewed: INEEL Test Engineer (Zirker) Date Reviewed: INEEL Project Manager (Francfort) Date Approved: INEEL TT&I

  8. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    JC3 JC3 RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security restrictions September 5, 2013 V-235:

  9. JCAP At A Glance - JCAP

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    JC3 Bulletin Archive JC3 Bulletin Archive RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security

  10. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    JC3 Bulletin Archive JC3 Bulletin Archive RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability has been reported in the CentralAuth extension for MediaWik that allows people to bypass certain security

  11. Proposed DSS-specific fields for the generic authentication information element

    SciTech Connect (OSTI)

    Tarman, T.D.

    1995-08-06

    This contribution proposes the format of the ``Algorithm-Specific Information`` and ``Signature`` fields within the ``Proposed Generic Authentication Information Element`` for authentication IEs based on the Digital Signature Standard (DSS). These fields are designed to allow various levels of authentication ``strength`` (or robustness), and many of these fields may be omitted in systems that optimize authentication performance by sharing common (public) Digital Signature Algorithm (DSA) parameters. This allows users and site security officers to design their authenticated signaling according to site security and performance requirements.

  12. Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations 2005 Diesel Engine Emissions Reduction (DEER) Conference Presentations and Posters 2005_deer_zirker.pdf (247.36 KB) More Documents & Publications Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Development of Partial Filter Technology for HDD Retrofit Comparing Emissions Benefits from Regulating

  13. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Controls | Department of Energy 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  14. High Temperature Reverse By-Pass Diodes Bias and Failures | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Reverse By-Pass Diodes Bias and Failures High Temperature Reverse By-Pass Diodes Bias and Failures Presented at the PV Module Reliability Workshop, February 26 - 27 2013, Golden, Colorado pvmrw13_ps3_memc_posbic.pdf (498.72 KB) More Documents & Publications US & Japan TG 4 Activities of QA Forum Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules US TG 4 Activities of QA Forum

  15. Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations...

    Broader source: Energy.gov (indexed) [DOE]

    More Documents & Publications Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Development of Partial Filter Technology for HDD ...

  16. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  17. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  18. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  19. U-173: Symantec Web Gateway Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system.

  20. Defining the questions: a research agenda for nontraditional authentication in arms control

    SciTech Connect (OSTI)

    Hauck, Danielle K; Mac Arthur, Duncan W; Smith, Morag K; Thron, Jonathan L; Budlong - Sylvester, Kory

    2010-01-01

    Many traditional authentication techniques have been based on hardware solutions. Thus authentication of measurement system hardware has been considered in terms of physical inspection and destructive analysis. Software authentication has implied hash function analysis or authentication tools such as Rose. Continuity of knowledge is maintained through TIDs and cameras. Although there is ongoing progress improving all of these authentication methods, there has been little discussion of the human factors involved in authentication. Issues of non-traditional authentication include sleight-of-hand substitutions, monitor perception vs. reality, and visual diversions. Since monitor confidence in a measurement system depends on the product of their confidences in each authentication element, it is important to investigate all authentication techniques, including the human factors. This paper will present an initial effort to identify the most important problems that traditional authentication approaches in safeguards have not addressed and are especially relevant to arms control verification. This will include a survey of the literature and direct engagement with nontraditional experts in areas like psychology and human factors. Based on the identification of problem areas, potential research areas will be identified and a possible research agenda will be developed.

  1. Hardware device to physical structure binding and authentication

    DOE Patents [OSTI]

    Hamlet, Jason R.; Stein, David J.; Bauer, Todd M.

    2013-08-20

    Detection and deterrence of device tampering and subversion may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a binding of the hardware device and a physical structure. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generate an internal PUF value. Binding logic is coupled to receive the internal PUF value, as well as an external PUF value associated with the physical structure, and generates a binding PUF value, which represents the binding of the hardware device and the physical structure. The cryptographic fingerprint unit also includes a cryptographic unit that uses the binding PUF value to allow a challenger to authenticate the binding.

  2. Simultaneous Authentication and Certification of Arms-Control Measurement Systems

    SciTech Connect (OSTI)

    MacArthur, Duncan W. [Los Alamos National Laboratory; Hauck, Danielle K. [Los Alamos National Laboratory; Thron, Jonathan L. [Los Alamos National Laboratory

    2012-07-09

    Most arms-control-treaty-monitoring scenarios involve a host party that makes a declaration regarding its nuclear material or items and a monitoring party that verifies that declaration. A verification system developed for such a use needs to be trusted by both parties. The first concern, primarily from the host party's point of view, is that any sensitive information that is collected must be protected without interfering in the efficient operation of the facility being monitored. This concern is addressed in what can be termed a 'certification' process. The second concern, of particular interest to the monitoring party, is that it must be possible to confirm the veracity of both the measurement system and the data produced by this measurement system. The monitoring party addresses these issues during an 'authentication' process. Addressing either one of these concerns independently is relatively straightforward. However, it is more difficult to simultaneously satisfy host party certification concerns and monitoring party authentication concerns. Typically, both parties will want the final access to the measurement system. We will describe an alternative approach that allows both parties to gain confidence simultaneously. This approach starts with (1) joint development of the measurement system followed by (2) host certification of several copies of the system and (3) random selection by the inspecting party of one copy to be use during the monitoring visit and one (or more) copy(s) to be returned to the inspecting party's facilities for (4) further hardware authentication; any remaining copies are stored under joint seal for use as spares. Following this process, the parties will jointly (5) perform functional testing on the selected measurement system and then (6) use this system during the monitoring visit. Steps (1) and (2) assure the host party as to the certification of whichever system is eventually used in the monitoring visit. Steps (1), (3), (4), and (5

  3. Authenticated group Diffie-Hellman key exchange: theory and practice

    SciTech Connect (OSTI)

    Chevassut, Olivier

    2002-10-03

    Authenticated two-party Diffie-Hellman key exchange allows two principals A and B, communicating over a public network, and each holding a pair of matching public/private keys to agree on a session key. Protocols designed to deal with this problem ensure A (B resp.)that no other principals aside from B (A resp.) can learn any information about this value. These protocols additionally often ensure A and B that their respective partner has actually computed the shared secret value. A natural extension to the above cryptographic protocol problem is to consider a pool of principals agreeing on a session key. Over the years several papers have extended the two-party Diffie-Hellman key exchange to the multi-party setting but no formal treatments were carried out till recently. In light of recent developments in the formalization of the authenticated two-party Diffie-Hellman key exchange we have in this thesis laid out the authenticated group Diffie-Hellman key exchange on firmer foundations.

  4. Provably Secure Password-based Authentication in TLS

    SciTech Connect (OSTI)

    Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller,Bodo; Pointcheval, David

    2005-12-20

    In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.

  5. V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: ASUS RT-N66U Router AiCloud Security Bypass Security Issue V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue July 2, 2013 - 12:38am Addthis PROBLEM: ASUS RT-N66U...

  6. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  7. Rankine cycle condenser pressure control using an energy conversion device bypass valve

    DOE Patents [OSTI]

    Ernst, Timothy C; Nelson, Christopher R; Zigan, James A

    2014-04-01

    The disclosure provides a waste heat recovery system and method in which pressure in a Rankine cycle (RC) system of the WHR system is regulated by diverting working fluid from entering an inlet of an energy conversion device of the RC system. In the system, an inlet of a controllable bypass valve is fluidly coupled to a working fluid path upstream of an energy conversion device of the RC system, and an outlet of the bypass valve is fluidly coupled to the working fluid path upstream of the condenser of the RC system such that working fluid passing through the bypass valve bypasses the energy conversion device and increases the pressure in a condenser. A controller determines the temperature and pressure of the working fluid and controls the bypass valve to regulate pressure in the condenser.

  8. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system

  9. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security...

  10. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X...

  11. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  12. T-731:Symantec IM Manager Code Injection Vulnerability | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code...

  13. Vulnerability Analysis of Energy Delivery Control Systems (September 2011)

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems (September 2011) The Vulnerability Analysis of Energy Delivery Control Systems report, prepared by Idaho National Laboratory, describes the common vulnerabilities on energy sector control systems, and provides recommendations for vendors and owners of those systems to identify and reduce those risks. Vulnerability Analysis of Energy Delivery Control Systems (September 2011) (2.69 MB)

  14. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability

  15. U-013: HP Data Protector Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

  16. V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system

  17. T-564: Vulnerabilities in Citrix Licensing administration components

    Broader source: Energy.gov [DOE]

    The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

  18. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  19. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 74: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT

  20. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 0: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin

  1. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  2. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  3. U-212: RSA Authentication Manager Flaws Permit Cross-Site and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be ...

  4. Counterfeit-resistant materials and a method and apparatus for authenticating materials

    DOE Patents [OSTI]

    Ramsey, J. Michael; Klatt, Leon N.

    2000-01-01

    Fluorescent dichroic fibers randomly incorporated within a media provide an improved method for authentication and counterfeiting protection. The dichroism is provided by an alignment of fluorescent molecules along the length of the fibers. The fluorescent fibers provide an authentication mechanism of varying levels of capability. The authentication signature depends on four parameters; the x,y position, the dichroism and the local environment. The availability of so many non-deterministic variables makes production of counterfeit articles (e.g., currency, credit cards, etc.) essentially impossible. Counterfeit-resistant articles, an apparatus for authenticating articles, and a process for forming counterfeit-resistant media are also provided.

  5. Counterfeit-resistant materials and a method and apparatus for authenticating materials

    DOE Patents [OSTI]

    Ramsey, J. Michael; Klatt, Leon N.

    2001-01-01

    Fluorescent dichroic fibers randomly incorporated within a media provide an improved method for authentication and counterfeiting protection. The dichroism is provided by an alignment of fluorescent molecules along the length of the fibers. The fluorescent fibers provide an authentication mechanism of varying levels of capability. The authentication signature depends on four parameters, the x,y position, the dichroism and the local environment. The availability of so many non-deterministic variables makes production of counterfeit articles (e.g., currency, credit cards, etc.) essentially impossible Counterfeit-resistant articles, an apparatus for authenticating articles, and a process for forming counterfeit-resistant media are also provided&

  6. STEM Mentoring Café- Engaging Young Women in an Authentic Mentoring...

    Office of Environmental Management (EM)

    STEM Mentoring Caf- Engaging Young Women in an Authentic Mentoring Experience Melinda Higgins Albert Einstein Distinguished Educator Fellow, NASA Office of Education, ...

  7. V-163: Red Hat Network Satellite Server Inter-Satellite Sync...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    3: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass V-163: Red Hat Network Satellite Server Inter-Satellite Sync Remote Authentication Bypass May...

  8. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication...

  9. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection

  10. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  11. COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS Jason Stamp, John Dillinger, and William Young Networked Systems Survivability and Assurance Department Jennifer DePoy Information Operations Red Team & Assessments Department Sandia National Laboratories Albuquerque, NM 87185-0785 22 May 2003 (2 nd edition, revised 11 November 2003) Copyright © 2003, Sandia Corporation. All rights reserved. Permission is granted to display, copy, publish, and distribute this document in its

  12. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs

  13. Photovoltaic power generation system free of bypass diodes

    SciTech Connect (OSTI)

    Lentine, Anthony L.; Okandan, Murat; Nielson, Gregory N.

    2015-07-28

    A photovoltaic power generation system that includes a solar panel that is free of bypass diodes is described herein. The solar panel includes a plurality of photovoltaic sub-modules, wherein at least two of photovoltaic sub-modules in the plurality of photovoltaic sub-modules are electrically connected in parallel. A photovoltaic sub-module includes a plurality of groups of electrically connected photovoltaic cells, wherein at least two of the groups are electrically connected in series. A photovoltaic group includes a plurality of strings of photovoltaic cells, wherein a string of photovoltaic cells comprises a plurality of photovoltaic cells electrically connected in series. The strings of photovoltaic cells are electrically connected in parallel, and the photovoltaic cells are microsystem-enabled photovoltaic cells.

  14. Pre-test CFD Calculations for a Bypass Flow Standard Problem

    SciTech Connect (OSTI)

    Rich Johnson

    2011-11-01

    The bypass flow in a prismatic high temperature gas-cooled reactor (HTGR) is the flow that occurs between adjacent graphite blocks. Gaps exist between blocks due to variances in their manufacture and installation and because of the expansion and shrinkage of the blocks from heating and irradiation. Although the temperature of fuel compacts and graphite is sensitive to the presence of bypass flow, there is great uncertainty in the level and effects of the bypass flow. The Next Generation Nuclear Plant (NGNP) program at the Idaho National Laboratory has undertaken to produce experimental data of isothermal bypass flow between three adjacent graphite blocks. These data are intended to provide validation for computational fluid dynamic (CFD) analyses of the bypass flow. Such validation data sets are called Standard Problems in the nuclear safety analysis field. Details of the experimental apparatus as well as several pre-test calculations of the bypass flow are provided. Pre-test calculations are useful in examining the nature of the flow and to see if there are any problems associated with the flow and its measurement. The apparatus is designed to be able to provide three different gap widths in the vertical direction (the direction of the normal coolant flow) and two gap widths in the horizontal direction. It is expected that the vertical bypass flow will range from laminar to transitional to turbulent flow for the different gap widths that will be available.

  15. Evaluation of a Stirling engine heater bypass with the NASA Lewis nodal-analysis performance code

    SciTech Connect (OSTI)

    Sullivan, T.J.

    1986-05-01

    In support of the US Department of Energy's Stirling Engine Highway Vehicle Systems program, the NASA Lewis Research Center investigated whether bypassing the P-40 Stirling engine heater during regenerative cooling would improve the engine thermal efficiency. The investigation was accomplished by using the Lewis nodal-analysis Stirling engine computer model. Bypassing the P-40 Stirling engine heater at full power resulted in a rise in the indicated thermal efficiency from 40.6 to 41.0 percent. For the idealized (some losses not included) heater bypass that was analyzed, this benefit is not considered significant.

  16. T-550: Apache Denial of Service Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption).

  17. Vulnerability Analysis of Energy Delivery Control Systems

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the

  18. T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

    Broader source: Energy.gov [DOE]

    Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

  19. U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CTA 7.3.1 and later with Hotfix ESA-2012-034 Addthis Related Articles V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions V-036: EMC Smarts Network...

  20. Experimental and Analytic Study on the Core Bypass Flow in a Very High Temperature Reactor

    SciTech Connect (OSTI)

    Richard Schultz

    2012-04-01

    Core bypass flow has been one of key issues in the very high temperature reactor (VHTR) design for securing core thermal margins and achieving target temperatures at the core exit. The bypass flow in a prismatic VHTR core occurs through the control element holes and the radial and axial gaps between the graphite blocks for manufacturing and refueling tolerances. These gaps vary with the core life cycles because of the irradiation swelling/shrinkage characteristic of the graphite blocks such as fuel and reflector blocks, which are main components of a core's structure. Thus, the core bypass flow occurs in a complicated multidimensional way. The accurate prediction of this bypass flow and counter-measures to minimize it are thus of major importance in assuring core thermal margins and securing higher core efficiency. Even with this importance, there has not been much effort in quantifying and accurately modeling the effect of the core bypass flow. The main objectives of this project were to generate experimental data for validating the software to be used to calculate the bypass flow in a prismatic VHTR core, validate thermofluid analysis tools and their model improvements, and identify and assess measures for reducing the bypass flow. To achieve these objectives, tasks were defined to (1) design and construct experiments to generate validation data for software analysis tools, (2) determine the experimental conditions and define the measurement requirements and techniques, (3) generate and analyze the experimental data, (4) validate and improve the thermofluid analysis tools, and (5) identify measures to control the bypass flow and assess its performance in the experiment.

  1. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G.; Pedretti, Kevin Thomas Tauke; Mueller, Frank; Fiala, David; Brightwell, Ronald Brian

    2012-05-01

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  2. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan

    2014-01-15

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts

  3. January 2009 Memo on CPMS

    Office of Environmental Management (EM)

    High Impact Assessment Bulletins JC3 High

    Low Impact Assessment Bulletins JC3 Low

    Medium Impact Assessment Bulletins JC3 Medium

    JC3 JC3 RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability

  4. JCAP Industry Day - JCAP

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    High Impact Assessment Bulletins JC3 High

    Low Impact Assessment Bulletins JC3 Low

    Medium Impact Assessment Bulletins JC3 Medium

    JC3 JC3 RSS September 9, 2013 V-237: TYPO3 Security Bypass Vulnerabilities TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations September 6, 2013 V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability A vulnerability

  5. Top 10 Vulnerabilities of Control Systems and Their Associated Migitations

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2006) | Department of Energy Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. Top 10 Vulnerabilities of

  6. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of Indian Energy report assesses climate change and extreme weather vulnerabilities specific to tribal energy infrastructure and systems in the contiguous United States and Alaska. It includes information about the impacts from climate change and extreme weather events on both onsite and offsite

  7. T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

  8. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides practices that can help mitigate the potential risks that can occur to some electricity sector organizations. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED

  9. U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player

  10. GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material...

    National Nuclear Security Administration (NNSA)

    GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material May 29, 2014 GTRI's Remove Program works around the world to remove excess nuclear and radiological materials ...

  11. V-107: Wireshark Multiple Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  12. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Mitigations for Security Vulnerabilities Found in Control System Networks (425.98 KB) More Documents & Publications Cyber Assessment Methods for SCADA Security Introduction SCADA ...

  13. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Introduction SCADA Security for Managers and Operators DOE National SCADA Test Bed Program ...

  14. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems - 2011 Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

  15. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  16. U-172: OpenOffice.org Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

  17. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    France) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country France Coordinates...

  18. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

  19. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  20. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    :"","inlineLabel":"","visitedicon":"" Display map Period 2011-2014 References EU Smart Grid Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency...

  1. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

  2. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    on both onsite and offsite tribally owned and non-tribally owned energy infrastructure. ... Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  3. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct

  4. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This ... States government or any agency thereof. energy.govindianenergy | indianenergy@hq.doe.go...

  5. V-082: Novell GroupWise Client Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

  6. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

  7. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

  8. V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    source code repository Addthis Related Articles V-222: SUSE update for Filezilla V-157: Adobe Reader Acrobat Multiple Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws...

  9. U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

  10. V-062: Asterisk Two Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

  11. Costs of strikes between vulnerable missile forces

    SciTech Connect (OSTI)

    Canavan, G.H.

    1997-02-01

    This note derives the first and second strike magnitudes and costs for strikes between vulnerable missile forces with multiple warheads. The extension to mixes with invulnerable missiles is performed in a companion note. Stability increases as the number of weapons per missile is reduced. The optimal allocation of weapons between missiles and value is significant in predicting the stability impact of the reduction of the number of weapons per missile at large numbers of missiles, less significant in reducing the number of missiles for fixed weapons per missile. At low numbers of missiles, the stability indices for singlet and triplet configurations are comparable, as are the number of weapons each would deliver on value targets.

  12. MODELING UNDERGROUND STRUCTURE VULNERABILITY IN JOINTED ROCK

    SciTech Connect (OSTI)

    R. SWIFT; D. STEEDMAN

    2001-02-01

    The vulnerability of underground structures and openings in deep jointed rock to ground shock attack is of chief concern to military planning and security. Damage and/or loss of stability to a structure in jointed rock, often manifested as brittle failure and accompanied with block movement, can depend significantly on jointed properties, such as spacing, orientation, strength, and block character. We apply a hybrid Discrete Element Method combined with the Smooth Particle Hydrodynamics approach to simulate the MIGHTY NORTH event, a definitive high-explosive test performed on an aluminum lined cylindrical opening in jointed Salem limestone. Representing limestone with discrete elements having elastic-equivalence and explicit brittle tensile behavior and the liner as an elastic-plastic continuum provides good agreement with the experiment and damage obtained with finite-element simulations. Extending the approach to parameter variations shows damage is substantially altered by differences in joint geometry and liner properties.

  13. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton; Phillips, Cynthia A.

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  14. Holographic Labeling And Reading Machine For Authentication And Security Appications

    DOE Patents [OSTI]

    Weber, David C.; Trolinger, James D.

    1999-07-06

    A holographic security label and automated reading machine for marking and subsequently authenticating any object such as an identification badge, a pass, a ticket, a manufactured part, or a package is described. The security label is extremely difficult to copy or even to read by unauthorized persons. The system comprises a holographic security label that has been created with a coded reference wave, whose specification can be kept secret. The label contains information that can be extracted only with the coded reference wave, which is derived from a holographic key, which restricts access of the information to only the possessor of the key. A reading machine accesses the information contained in the label and compares it with data stored in the machine through the application of a joint transform correlator, which is also equipped with a reference hologram that adds additional security to the procedure.

  15. T-611: Cisco IOS OCSP Revoked Certificate Security Issue

    Broader source: Energy.gov [DOE]

    The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.

  16. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Let Remote Users Conduct Cross-Site Scripting Attacks | Department of Energy 51: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks May 8, 2013 - 12:06am Addthis PROBLEM: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks

  17. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  18. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  19. T-597: WordPress Multiple Security Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks.

  20. Investigation on the Core Bypass Flow in a Very High Temperature Reactor

    SciTech Connect (OSTI)

    Hassan, Yassin

    2013-10-22

    Uncertainties associated with the core bypass flow are some of the key issues that directly influence the coolant mass flow distribution and magnitude, and thus the operational core temperature profiles, in the very high-temperature reactor (VHTR). Designers will attempt to configure the core geometry so the core cooling flow rate magnitude and distribution conform to the design values. The objective of this project is to study the bypass flow both experimentally and computationally. Researchers will develop experimental data using state-of-the-art particle image velocimetry in a small test facility. The team will attempt to obtain full field temperature distribution using racks of thermocouples. The experimental data are intended to benchmark computational fluid dynamics (CFD) codes by providing detailed information. These experimental data are urgently needed for validation of the CFD codes. The following are the project tasks: • Construct a small-scale bench-top experiment to resemble the bypass flow between the graphite blocks, varying parameters to address their impact on bypass flow. Wall roughness of the graphite block walls, spacing between the blocks, and temperature of the blocks are some of the parameters to be tested. • Perform CFD to evaluate pre- and post-test calculations and turbulence models, including sensitivity studies to achieve high accuracy. • Develop the state-of-the art large eddy simulation (LES) using appropriate subgrid modeling. • Develop models to be used in systems thermal hydraulics codes to account and estimate the bypass flows. These computer programs include, among others, RELAP3D, MELCOR, GAMMA, and GAS-NET. Actual core bypass flow rate may vary considerably from the design value. Although the uncertainty of the bypass flow rate is not known, some sources have stated that the bypass flow rates in the Fort St. Vrain reactor were between 8 and 25 percent of the total reactor mass flow rate. If bypass flow rates are on the

  1. Oil Bypass Filter Technology Evaluation - Third Quarterly Report, April--June 2003

    SciTech Connect (OSTI)

    Laurence R. Zirker; James E. Francfort

    2003-08-01

    This Third Quarterly report details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy’s FreedomCAR & Vehicle Technologies Program. Eight full-size, four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass filter systems from the PuraDYN Corporation. The reported engine lubricating oil-filtering capability (down to 0.1 microns) and additive package of the bypass filter system is intended to extend oil-drain intervals. To validate the extended oil-drain intervals, an oil-analysis regime monitors the presence of necessary additives in the oil, detects undesirable contaminants and engine wear metals, and evaluates the fitness of the oil for continued service. The eight buses have accumulated 185,000 miles to date without any oil changes. The preliminary economic analysis suggests that the per bus payback point for the oil bypass filter technology should be between 108,000 miles when 74 gallons of oil use is avoided and 168,000 miles when 118 gallons of oil use is avoided. As discussed in the report, the variation in the payback point is dependant on the assumed cost of oil. In anticipation of also evaluating oil bypass systems on six Chevrolet Tahoe sport utility vehicles, the oil is being sampled on the six Tahoes to develop an oil characterization history for each engine.

  2. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload...

    Energy Savers [EERE]

    Users Upload Files and Let Remote Users Conduct Cross-Site Scripting Attacks V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload Files and Let Remote Users ...

  3. AUTHENTICATED SENSOR INTERFACE DEVICE FOR JOINT USE SAFEGUARDS APPLICATIONS - CONCEPTS AND CHALLENGES

    SciTech Connect (OSTI)

    Poland, R.; Drayer, R.; Wilson, J.

    2013-08-12

    This paper will discuss the key features of the Authenticated Sensor Interface Device that collectively provide the ability to share data among a number of parties while ensuring the authentication of data and protecting both the operator’s and the IAEA’s interests. The paper will also discuss the development of the prototype, the initial testing with an accountancy scale, and future plans and challenges to implementation into the joint use and remote monitoring applications. As nuclear fuel cycle technology becomes more prevalent throughout the world and the capacity of plants increases, limited resources of the IAEA are being stretched near a breaking point. A strategy is to increase efficiency in safeguards monitoring using “joint use” equipment that will provide the facility operator process data while also providing the IAEA key safeguards data. The data, however, must be authenticated and validated to ensure the data have not been tampered with. The Authenticated Sensor Interface Device provides the capability to share data and can be a valuable component in the IAEA’s ability to collect accountancy data from scales in Uranium conversion and enrichment plants, as well as nuclear fuel fabrication plants. Likewise, the Authenticated Sensor Interface Device can be configured to accept a diverse array of input signals, ranging from analog voltage, to current, to digital interfaces and more. These modular capabilities provide the ability to collect authenticated, joint-use, data streams from various process monitoring sensors.

  4. Well devices with annulus check valve and hydraulic by-pass

    SciTech Connect (OSTI)

    Lawson, J.E.

    1984-05-22

    Hanger apparatus for suporting pipe in a well, the apparatus including both an annulus check valve, via which communication is established with the annulus between the suspended pipe and surrounding casing, and a pressure fluid by-pass, via which communication with a down-hole device such as a safety valve is established. Opening of the check valve and establishment of communication via the by-pass are accomplished by a simple stabbing operation with, e.g., a handling tool or a production upper body. Alternately, the check valve is opened by hydraulic pressure delivered via the production upper body.

  5. EFFECTS OF GRAPHITE SURFACE ROUGHNESS ON BYPASS FLOW COMPUTATIONS FOR AN HTGR

    SciTech Connect (OSTI)

    Rich Johnson; Yu-Hsin Tung; Hiroyuki Sato

    2011-07-01

    Bypass flow in a prismatic high temperature gas reactor (HTGR) occurs between graphite blocks as they sit side by side in the core. Bypass flow is not intentionally designed to occur in the reactor, but is present because of tolerances in manufacture, imperfect installation and expansion and shrinkage of the blocks from heating and irradiation. It is desired to increase the knowledge of the effects of such flow, which has been estimated to be as much as 20% of the total helium coolant flow. Computational fluid dynamic (CFD) simulations can provide estimates of the scale and impacts of bypass flow. Previous CFD calculations have examined the effects of bypass gap width, level and distribution of heat generation and effects of shrinkage. The present contribution examines the effects of graphite surface roughness on the bypass flow for different relative roughness factors on three gap widths. Such calculations should be validated using specific bypass flow measurements. While such experiments are currently underway for the specific reference prismatic HTGR design for the next generation nuclear plant (NGNP) program of the U. S. Dept. of Energy, the data are not yet available. To enhance confidence in the present calculations, wall shear stress and heat transfer results for several turbulence models and their associated wall treatments are first compared for flow in a single tube that is representative of a coolant channel in the prismatic HTGR core. The results are compared to published correlations for wall shear stress and Nusselt number in turbulent pipe flow. Turbulence models that perform well are then used to make bypass flow calculations in a symmetric onetwelfth sector of a prismatic block that includes bypass flow. The comparison of shear stress and Nusselt number results with published correlations constitutes a partial validation of the CFD model. Calculations are also compared to ones made previously using a different CFD code. Results indicate that

  6. T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

  7. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J; Pleszkoch, Mark G; Sayre, Kirk D; Linger, Richard C

    2012-01-01

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  8. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  9. U-191: Oracle Java Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes

  10. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  11. U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

  12. T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.

  13. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  14. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  15. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  16. T-542: SAP Crystal Reports Server Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.

  17. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate...

  18. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 9.0 or update to version 8.5.3 Fix Pack 4 when available Addthis Related Articles T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service...

  19. V-173: Plesk 0-Day Vulnerability | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro...

  20. U.S. Energy Sector Vulnerability Report | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support climate change preparedness and resilience planning -- and to advance the Energy Department's goal of promoting energy security -- the Department is assessing the threats of climate change and extreme weather to the Nation' energy system. Two reports have been released that examine the current and potential future impacts of climate change and extreme weather on the

  1. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 96: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can

  2. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  3. T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability

    Broader source: Energy.gov [DOE]

    It was found that the 'Change Password' page / screen of the Samba Web Administration Tool did not properly sanitize content of the user-provided "user" field, prior printing it back to the page content. A remote attacker could provide a specially-crafted URL, which once visited by an authenticated Samba SWAT user could allow the attacker to conduct cross-site scripting attacks (execute arbitrary HTML or script code).

  4. Novel Authentication of Monitoring Data Through the use of Secret and Public Cryptographic Keys

    SciTech Connect (OSTI)

    Benz, Jacob M.; Tolk, Keith; Tanner, Jennifer E.

    2014-07-21

    The Office of Nuclear Verification (ONV) is supporting the development of a piece of equipment to provide data authentication and protection for a suite of monitoring sensors as part of a larger effort to create an arms control technology toolkit. This device, currently called the Red Box, leverages the strengths of both secret and public cryptographic keys to authenticate, digitally sign, and pass along monitoring data to allow for host review, and redaction if necessary, without the loss of confidence in the authenticity of the data by the monitoring party. The design of the Red Box will allow for the addition and removal of monitoring equipment and can also verify that the data was collected by authentic monitoring equipment prior to signing the data and sending it to the host and for review. The host will then forward the data to the monitor for review and inspection. This paper will highlight the progress to date of the Red Box development, and will explain the novel method of leveraging both symmetric and asymmetric (secret and public key) cryptography to authenticate data within a warhead monitoring regime.

  5. V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability

    Broader source: Energy.gov [DOE]

    The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution

  6. T-607: Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability.

  7. Climate variability and climate change vulnerability and adaptation. Workshop summary

    SciTech Connect (OSTI)

    Bhatti, N.; Cirillo, R.R.; Dixon, R.K.

    1995-12-31

    Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

  8. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT

  9. Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

  10. Energy Department Issues Tribal Energy System Vulnerabilities to Climate

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Change and Extreme Weather Report, $6M for Native American Clean Energy Projects | Department of Energy Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects Energy Department Issues Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects September 2, 2015 - 3:30pm Addthis NEWS MEDIA CONTACT 202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy

  11. A photorespiratory bypass increases plant growth and seed yield in biofuel crop Camelina sativa

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Dalal, Jyoti; Lopez, Harry; Vasani, Naresh B.; Hu, Zhaohui; Swift, Jennifer E.; Yalamanchili, Roopa; Dvora, Mia; Lin, Xiuli; Xie, Deyu; Qu, Rongda; et al

    2015-10-29

    Camelina sativa is an oilseed crop with great potential for biofuel production on marginal land. The seed oil from camelina has been converted to jet fuel and improved fuel efficiency in commercial and military test flights. Hydrogenation-derived renewable diesel from camelina is environmentally superior to that from canola due to lower agricultural inputs, and the seed meal is FDA approved for animal consumption. However, relatively low yield makes its farming less profitable. Our study is aimed at increasing camelina seed yield by reducing carbon loss from photorespiration via a photorespiratory bypass. Genes encoding three enzymes of the Escherichia coli glycolatemore » catabolic pathway were introduced: glycolate dehydrogenase (GDH), glyoxylate carboxyligase (GCL) and tartronic semialdehyde reductase (TSR). These enzymes compete for the photorespiratory substrate, glycolate, convert it to glycerate within the chloroplasts, and reduce photorespiration. As a by-product of the reaction, CO2 is released in the chloroplast, which increases photosynthesis. Camelina plants were transformed with either partial bypass (GDH), or full bypass (GDH, GCL and TSR) genes. Furthermore, transgenic plants were evaluated for physiological and metabolic traits.« less

  12. Mechanism of RNA polymerase II bypass of oxidative cyclopurine DNA lesions

    SciTech Connect (OSTI)

    Walmacq, Celine; Wang, Lanfeng; Chong, Jenny; Scibelli, Kathleen; Lubkowska, Lucyna; Gnatt, Averell; Brooks, Philip J.; Wang, Dong; Kashlev, Mikhail

    2015-01-20

    In human cells, the oxidative DNA lesion 8,5'-cyclo-2'-deoxyadenosine (CydA) induces prolonged stalling of RNA polymerase II (Pol II) followed by transcriptional bypass, generating both error-free and mutant transcripts with AMP misincorporated immediately downstream from the lesion. Here, we present biochemical and crystallographic evidence for the mechanism of CydA recognition. Pol II stalling results from impaired loading of the template base (5') next to CydA into the active site, leading to preferential AMP misincorporation. Such predominant AMP insertion, which also occurs at an abasic site, is unaffected by the identity of the 5´-templating base, indicating that it derives from nontemplated synthesis according to an A rule known for DNA polymerases and recently identified for Pol II bypass of pyrimidine dimers. Subsequent to AMP misincorporation, Pol II encounters a major translocation block that is slowly overcome. The translocation block combined with the poor extension of the dA.rA mispair reduce transcriptional mutagenesis. Moreover, increasing the active-site flexibility by mutation in the trigger loop, which increases the ability of Pol II to accommodate the bulky lesion, and addition of transacting factor TFIIF facilitate CydA bypass. Thus, blocking lesion entry to the active site, trans-lesion A rule synthesis, and translocation block are common features of transcription across different bulky DNA lesions.

  13. Mechanism of RNA polymerase II bypass of oxidative cyclopurine DNA lesions

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Walmacq, Celine; Wang, Lanfeng; Chong, Jenny; Scibelli, Kathleen; Lubkowska, Lucyna; Gnatt, Averell; Brooks, Philip J.; Wang, Dong; Kashlev, Mikhail

    2015-01-20

    In human cells, the oxidative DNA lesion 8,5'-cyclo-2'-deoxyadenosine (CydA) induces prolonged stalling of RNA polymerase II (Pol II) followed by transcriptional bypass, generating both error-free and mutant transcripts with AMP misincorporated immediately downstream from the lesion. Here, we present biochemical and crystallographic evidence for the mechanism of CydA recognition. Pol II stalling results from impaired loading of the template base (5') next to CydA into the active site, leading to preferential AMP misincorporation. Such predominant AMP insertion, which also occurs at an abasic site, is unaffected by the identity of the 5´-templating base, indicating that it derives from nontemplated synthesismore » according to an A rule known for DNA polymerases and recently identified for Pol II bypass of pyrimidine dimers. Subsequent to AMP misincorporation, Pol II encounters a major translocation block that is slowly overcome. The translocation block combined with the poor extension of the dA.rA mispair reduce transcriptional mutagenesis. Moreover, increasing the active-site flexibility by mutation in the trigger loop, which increases the ability of Pol II to accommodate the bulky lesion, and addition of transacting factor TFIIF facilitate CydA bypass. Thus, blocking lesion entry to the active site, trans-lesion A rule synthesis, and translocation block are common features of transcription across different bulky DNA lesions.« less

  14. Regulatory Guide on Conducting a Security Vulnerability Assessment

    SciTech Connect (OSTI)

    Ek, David R.

    2016-01-01

    This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

  15. Vulnerability of the US to future sea level rise

    SciTech Connect (OSTI)

    Gornitz, V. . Goddard Inst. for Space Studies); White, T.W.; Cushman, R.M. )

    1991-01-01

    The differential vulnerability of the conterminous United States to future sea level rise from greenhouse climate warming is assessed, using a coastal hazards data base. This data contains information on seven variables relating to inundation and erosion risks. High risk shorelines are characterized by low relief, erodible substrate, subsidence, shoreline retreat, and high wave/tide energies. Very high risk shorelines on the Atlantic Coast (Coastal Vulnerability Index {ge}33.0) include the outer coast of the Delmarva Peninsula, northern Cape Hatteras, and segments of New Jersey, Georgia and South Carolina. Louisiana and sections of Texas are potentially the most vulnerable, due to anomalously high relative sea level rise and erosion, coupled with low elevation and mobile sediments. Although the Pacific Coast is generally the least vulnerable, because of its rugged relief and erosion-resistant substrate, the high geographic variability leads to several exceptions, such as the San Joaquin-Sacramento Delta area, the barrier beaches of Oregon and Washington, and parts of the Puget Sound Lowlands. 31 refs., 2 figs., 3 tabs.

  16. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  17. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J; Fernandez, Steven J

    2014-01-01

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events

  18. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  19. U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.

  20. T-592: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability

    Broader source: Energy.gov [DOE]

    Cisco Secure ACS operates as a centralized RADIUS and TACACS+ server, combining user authentication, user and administrator device access control, and policy control into a centralized identity networking solution.

  1. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  2. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  3. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  4. Vulnerability, Sensitivity, and Coping/Adaptive Capacity Worldwide

    SciTech Connect (OSTI)

    Malone, Elizabeth L.; Brenkert, Antoinette L.

    2009-10-01

    Research and analyses have repeatedly shown that impacts of climate change will be unevenly distributed and will affect various societies in various ways. The severity of impacts will depend in part on ability to cope in the short term and adapt in the longer term. However, it has been difficult to find a comparative basis on which to assess differential impacts of climate change. This chapter describes the Vulnerability-Resilience Indicator Model that uses 18 proxy indicators, grouped into 8 elements, to assess on a quantitative basis the comparative potential vulnerability and resilience of countries to climate change. The model integrates socioeconomic and environmental information such as land use, crop production, water availability, per capita GDP, inequality, and health status. Comparative results for 160 countries are presented and analyzed.

  5. Subsidence vulnerability in shallow room-and-pillar mines

    SciTech Connect (OSTI)

    Missavage, R.

    1985-07-01

    Concern over mining-related subsidence is inhibiting the development of surface land uses in previously mined areas and is constraining the recovery of coal resources in areas with established land uses that might be impacted by subsequent subsidence. The determination of subsidence vulnerability of mined-out areas (especially abandoned mine areas) can be a useful tool in the design and location of surface structures. A model has been developed for assessing subsidence vulnerability in shallow room-and-pillar mines based on the flexural rigidity and strength characteristics of the overlying strata. The model does not predict the subsidence profile or when the subsidence will occur. It only predicts those areas that are likely to subside. This paper briefly describes the model and its testing.

  6. Agenda: Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  7. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  8. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  9. Vulnerability Analysis of Energy Delivery Control Systems - 2011 |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Systems - 2011 Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy delivery systems has emerged as one of the Nation's most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques. The

  10. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  11. Temperature-based Instanton Analysis: Identifying Vulnerability in Transmission Networks

    SciTech Connect (OSTI)

    Kersulis, Jonas; Hiskens, Ian; Chertkov, Michael; Backhaus, Scott N.; Bienstock, Daniel

    2015-04-08

    A time-coupled instanton method for characterizing transmission network vulnerability to wind generation fluctuation is presented. To extend prior instanton work to multiple-time-step analysis, line constraints are specified in terms of temperature rather than current. An optimization formulation is developed to express the minimum wind forecast deviation such that at least one line is driven to its thermal limit. Results are shown for an IEEE RTS-96 system with several wind-farms.

  12. T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

  13. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This report was prepared as an account of work sponsored by an agency of the United States government. Neither the United States government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use

  14. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6 by ISA - The Instrumentation, Systems and Automation Society. Presented at 16th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference; http://www.isa.org Mitigations for Security Vulnerabilities Found in Control System Networks May Permann John Hammer Computer Security Researcher Computer Security Researcher Communications & Cyber Security Communications & Cyber Security Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 Kathy

  15. Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

    SciTech Connect (OSTI)

    Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

    2007-01-01

    Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.

  16. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  17. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

  18. Integrating end-to-end encryption and authentication technology into broadband networks

    SciTech Connect (OSTI)

    Pierson, L.G.

    1995-11-01

    BISDN services will involve the integration of high speed data, voice, and video functionality delivered via technology similar to Asynchronous Transfer Mode (ATM) switching and SONET optical transmission systems. Customers of BISDN services may need a variety of data authenticity and privacy assurances, via Asynchronous Transfer Mode (ATM) services Cryptographic methods can be used to assure authenticity and privacy, but are hard to scale for implementation at high speed. The incorporation of these methods into computer networks can severely impact functionality, reliability, and performance. While there are many design issues associated with the serving of public keys for authenticated signaling and for establishment of session cryptovariables, this paper is concerned with the impact of encryption itself on such communications once the signaling and setup have been completed. Network security protections should be carefully matched to the threats against which protection is desired. Even after eliminating unnecessary protections, the remaining customer-required network security protections can impose severe performance penalties. These penalties (further discussed below) usually involve increased communication processing for authentication or encryption, increased error rate, increased communication delay, and decreased reliability/availability. Protection measures involving encryption should be carefully engineered so as to impose the least performance, reliability, and functionality penalties, while achieving the required security protection. To study these trade-offs, a prototype encryptor/decryptor was developed. This effort demonstrated the viability of implementing certain encryption techniques in high speed networks. The research prototype processes ATM cells in a SONET OC-3 payload. This paper describes the functionality, reliability, security, and performance design trade-offs investigated with the prototype.

  19. Designing a minimum-functionality neutron and gamma measurement instrument with a focus on authentication

    SciTech Connect (OSTI)

    Karpius, Peter J; Williams, Richard B

    2009-01-01

    During the design and construction of the Next-Generation Attribute-Measurement System, which included a largely commercial off-the-shelf (COTS), nondestructive assay (NDA) system, we realized that commercial NDA equipment tends to include numerous features that are not required for an attribute-measurement system. Authentication of the hardware, firmware, and software in these instruments is still required, even for those features not used in this application. However, such a process adds to the complexity, cost, and time required for authentication. To avoid these added authenticat ion difficulties, we began to design NDA systems capable of performing neutron multiplicity and gamma-ray spectrometry measurements by using simplified hardware and software that avoids unused features and complexity. This paper discusses one possible approach to this design: A hardware-centric system that attempts to perform signal analysis as much as possible in the hardware. Simpler processors and minimal firmware are used because computational requirements are kept to a bare minimum. By hard-coding the majority of the device's operational parameters, we could cull large sections of flexible, configurable hardware and software found in COTS instruments, thus yielding a functional core that is more straightforward to authenticate.

  20. V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when

  1. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related

  2. Open cycle ocean thermal energy conversion steam control and bypass system

    DOE Patents [OSTI]

    Wittig, J. Michael; Jennings, Stephen J.

    1980-01-01

    Two sets of hinged control doors for regulating motive steam flow from an evaporator to a condenser alternatively through a set of turbine blades in a steam bypass around the turbine blades. The evaporator has a toroidal shaped casing situated about the turbine's vertical axis of rotation and an outlet opening therein for discharging motive steam into an annular steam flow path defined between the turbine's radially inner and outer casing structures. The turbine blades extend across the steam flow path intermediate the evaporator and condenser. The first set of control doors is arranged to prevent steam access to the upstream side of the turbine blades and the second set of control doors acts as a bypass around the blades so as to maintain equilibrium between the evaporator and condenser during non-rotation of the turbine. The first set of control doors preferably extend, when closed, between the evaporator casing and the turbine's outer casing and, when open, extend away from the axis of rotation. The second set of control doors preferably constitute a portion of the turbine's outer casing downstream from the blades when closed and extend, when open, toward the axis of rotation. The first and second sets of control doors are normally held in the open and closed positions respectively by locking pins which may be retracted upon detecting an abnormal operating condition respectively to permit their closing and opening and provide steam flow from the evaporator to the condenser.

  3. Electrical and thermal finite element modeling of arc faults in photovoltaic bypass diodes.

    SciTech Connect (OSTI)

    Bower, Ward Isaac; Quintana, Michael A.; Johnson, Jay

    2012-01-01

    Arc faults in photovoltaic (PV) modules have caused multiple rooftop fires. The arc generates a high-temperature plasma that ignites surrounding materials and subsequently spreads the fire to the building structure. While there are many possible locations in PV systems and PV modules where arcs could initiate, bypass diodes have been suspected of triggering arc faults in some modules. In order to understand the electrical and thermal phenomena associated with these events, a finite element model of a busbar and diode was created. Thermoelectrical simulations found Joule and internal diode heating from normal operation would not normally cause bypass diode or solder failures. However, if corrosion increased the contact resistance in the solder connection between the busbar and the diode leads, enough voltage potentially would be established to arc across micron-scale electrode gaps. Lastly, an analytical arc radiation model based on observed data was employed to predicted polymer ignition times. The model predicted polymer materials in the adjacent area of the diode and junction box ignite in less than 0.1 seconds.

  4. Taxonomy for Common-Cause Failure Vulnerability and Mitigation

    SciTech Connect (OSTI)

    Wood, Richard Thomas; Korsah, Kofi; Mullens, James Allen; Pullum, Laura L.

    2015-09-01

    Applying current guidance and practices for common-cause failure (CCF) mitigation to digital instrumentation and control (I&C) systems has proven problematic, and the regulatory environment has been unpredictable. The potential for CCF vulnerability inhibits I&C modernization, thereby challenging the long-term sustainability of existing plants. For new plants and advanced reactor concepts, concern about CCF vulnerability in highly integrated digital I&C systems imposes a design burden that results in higher costs and increased complexity. The regulatory uncertainty in determining which mitigation strategies will be acceptable (e.g., what diversity is needed and how much is sufficient) drives designers to adopt complicated, costly solutions devised for existing plants. To address the conditions that constrain the transition to digital I&C technology by the US nuclear industry, crosscutting research is needed to resolve uncertainty, demonstrate necessary characteristics, and establish an objective basis for qualification of digital technology for nuclear power plant (NPP) I&C applications. To fulfill this research need, Oak Ridge National Laboratory is investigating mitigation of CCF vulnerability for nuclear-qualified applications. The outcome of this research is expected to contribute to a fundamentally sound, comprehensive basis to qualify digital technology for nuclear power applications. This report documents the development of a CCF taxonomy. The basis for the CCF taxonomy was generated by determining consistent terminology and establishing a classification approach. The terminology is based on definitions from standards, guides, and relevant nuclear power industry technical reports. The classification approach is derived from identified classification schemes focused on I&C systems and key characteristics, including failure modes. The CCF taxonomy provides the basis for a systematic organization of key systems aspects relevant to analyzing the potential for

  5. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 | Princeton Plasma Physics Lab February 28, 2013, 4:15pm to 5:30pm Colloquia MBG Auditorium COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 Professor Nicholas K. Coch Queens College CUNY In the last two years. the

  6. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  7. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type

  8. V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities

    Broader source: Energy.gov [DOE]

    This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

  9. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  10. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  11. A preliminary assessment of beryllium dust oxidation during a wet bypass accident in a fusion reactor

    SciTech Connect (OSTI)

    Brad J. Merrill; Richard L. Moore; J. Phillip Sharp

    2008-09-01

    A beryllium dust oxidation model has been developed at the Idaho National Laboratory (INL) by the Fusion Safety Program (FSP) for the MELCOR safety computer code. The purpose of this model is to investigate hydrogen production from beryllium dust layers on hot surfaces inside a fusion reactor vacuum vessel (VV) during in-vessel loss-of-cooling accidents (LOCAs). This beryllium dust oxidation model accounts for the diffusion of steam into a beryllium dust layer, the oxidation of the dust particles inside this layer based on the beryllium-steam oxidation equations developed at the INL, and the effective thermal conductivity of this beryllium dust layer. This paper details this oxidation model and presents the results of the application of this model to a wet bypass accident scenario in the ITER device.

  12. Particle Image Velocimetry Measurements and Analysis of Bypass Data for a Scaled 6mm Gap

    SciTech Connect (OSTI)

    J.R. Wolf; T.E. Conder; R.R. Schultz

    2012-09-01

    The purpose of the fluid dynamics experiments in the MIR (Matched Index of-Refraction) flow system at Idaho National Laboratory (INL) is to develop benchmark databases for the assessment of Computational Fluid Dynamics (CFD) solutions of the momentum equations, scalar mixing, and turbulence models for the flow ratios between coolant channels and bypass gaps in the interstitial regions of typical prismatic standard fuel element (SFE) or upper reflector block geometries of typical Modular High-temperature Gas-cooled Reactors (MHTGR) in the limiting case of negligible buoyancy and constant fluid properties. The experiments will use optical techniques, primarily particle image velocimetry (PIV) in the INL Matched Index of Refraction (MIR) flow system.

  13. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  14. T-572: VMware ESX/ESXi SLPD denial of service vulnerability

    Broader source: Energy.gov [DOE]

    VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

  15. U-154: IBM Rational ClearQuest ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in IBM Rational ClearQuest. A remote user can cause arbitrary code to be executed on the target user's system.

  16. V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 85: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability V-185: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability June 25, 2013 - 12:41am Addthis PROBLEM: Apache OpenOffice SDK Oracle Java JavaDoc Spoofing Vulnerability PLATFORM: Apache OpenOffice SDK 3.x ABSTRACT: Apache has acknowledged a vulnerability in Apache OpenOffice SDK REFERENCE LINKS: Apache OpenOffice Secunia Advisory SA53963 Secunia Advisory SA53846 CVE-2013-1571 IMPACT ASSESSMENT:

  17. U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory

  18. U-225: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities in Citrix Access Gateway Plug-in for Windows can be exploited by malicious people to compromise a user's system.

  19. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  20. V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system.

  1. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  2. V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager

  3. T-656: Microsoft Office Visio DXF File Handling Arbitrary Code Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Microsoft Office Visio contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

  4. T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

    Broader source: Energy.gov [DOE]

    Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

  5. V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service)

  6. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.

  7. U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

  8. V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system

  9. V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

  10. T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

  11. U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure

  12. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment...

    Broader source: Energy.gov (indexed) [DOE]

    PROBLEM: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. PLATFORM: * BlackBerry Enterprise Server Express version...

  13. V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the

  14. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions...

  15. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  16. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    SciTech Connect (OSTI)

    Suski, N; Wuest, C

    2011-02-04

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre

  17. T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

  18. T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected.

  19. T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application.

  20. Method of treating emissions of a hybrid vehicle with a hydrocarbon absorber and a catalyst bypass system

    DOE Patents [OSTI]

    Roos, Bryan Nathaniel; Gonze, Eugene V; Santoso, Halim G; Spohn, Brian L

    2014-01-14

    A method of treating emissions from an internal combustion engine of a hybrid vehicle includes directing a flow of air created by the internal combustion engine when the internal combustion engine is spinning but not being fueled through a hydrocarbon absorber to collect hydrocarbons within the flow of air. When the hydrocarbon absorber is full and unable to collect additional hydrocarbons, the flow of air is directed through an electrically heated catalyst to treat the flow of air and remove the hydrocarbons. When the hydrocarbon absorber is not full and able to collect additional hydrocarbons, the flow of air is directed through a bypass path that bypasses the electrically heated catalyst to conserve the thermal energy stored within the electrically heated catalyst.

  1. Structural insight into dynamic bypass of the major cisplatin-DNA adduct by Y-family polymerase Dpo4

    SciTech Connect (OSTI)

    Wong, Jimson H.Y.; Brown, Jessica A.; Suo, Zucai; Blum, Paul; Nohmi, Takehiko; Ling, Hong

    2010-08-23

    Y-family DNA polymerases bypass Pt-GG, the cisplatin-DNA double-base lesion, contributing to the cisplatin resistance in tumour cells. To reveal the mechanism, we determined three structures of the Y-family DNA polymerase, Dpo4, in complex with Pt-GG DNA. The crystallographic snapshots show three stages of lesion bypass: the nucleotide insertions opposite the 3{prime}G (first insertion) and 5{prime}G (second insertion) of Pt-GG, and the primer extension beyond the lesion site. We observed a dynamic process, in which the lesion was converted from an open and angular conformation at the first insertion to a depressed and nearly parallel conformation at the subsequent reaction stages to fit into the active site of Dpo4. The DNA translocation-coupled conformational change may account for additional inhibition on the second insertion reaction. The structures illustrate that Pt-GG disturbs the replicating base pair in the active site, which reduces the catalytic efficiency and fidelity. The in vivo relevance of Dpo4-mediated Pt-GG bypass was addressed by a dpo-4 knockout strain of Sulfolobus solfataricus, which exhibits enhanced sensitivity to cisplatin and proteomic alterations consistent with genomic stress.

  2. U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Final Report

    SciTech Connect (OSTI)

    L. R. Zirker; J. E. Francfort; J. J. Fielding

    2006-03-01

    This Oil Bypass Filter Technology Evaluation final report documents the feasibility of using oil bypass filters on 17 vehicles in the Idaho National Laboratory (INL) fleet during a 3-year test period. Almost 1.3 million test miles were accumulated, with eleven 4-cycle diesel engine buses accumulating 982,548 test miles and six gasoline-engine Chevrolet Tahoes accumulating 303,172 test miles. Two hundred and forty oil samples, taken at each 12,000-mile bus servicing event and at 3,000 miles for the Tahoes, documented the condition of the engine oils for continued service. Twenty-eight variables were normally tested, including the presence of desired additives and undesired wear metals such as iron and chrome, as well as soot, water, glycol, and fuel. Depending on the assumptions employed, the INL found that oil bypass filter systems for diesel engine buses have a positive payback between 72,000 and 144,000 miles. For the Tahoes, the positive payback was between 66,000 and 69,000 miles.

  3. A photorespiratory bypass increases plant growth and seed yield in biofuel crop Camelina sativa

    SciTech Connect (OSTI)

    Dalal, Jyoti; Lopez, Harry; Vasani, Naresh B.; Hu, Zhaohui; Swift, Jennifer E.; Yalamanchili, Roopa; Dvora, Mia; Lin, Xiuli; Xie, Deyu; Qu, Rongda; Sederoff, Heike W.

    2015-10-29

    Camelina sativa is an oilseed crop with great potential for biofuel production on marginal land. The seed oil from camelina has been converted to jet fuel and improved fuel efficiency in commercial and military test flights. Hydrogenation-derived renewable diesel from camelina is environmentally superior to that from canola due to lower agricultural inputs, and the seed meal is FDA approved for animal consumption. However, relatively low yield makes its farming less profitable. Our study is aimed at increasing camelina seed yield by reducing carbon loss from photorespiration via a photorespiratory bypass. Genes encoding three enzymes of the Escherichia coli glycolate catabolic pathway were introduced: glycolate dehydrogenase (GDH), glyoxylate carboxyligase (GCL) and tartronic semialdehyde reductase (TSR). These enzymes compete for the photorespiratory substrate, glycolate, convert it to glycerate within the chloroplasts, and reduce photorespiration. As a by-product of the reaction, CO2 is released in the chloroplast, which increases photosynthesis. Camelina plants were transformed with either partial bypass (GDH), or full bypass (GDH, GCL and TSR) genes. Furthermore, transgenic plants were evaluated for physiological and metabolic traits.

  4. Experimental bypass of Lake Reality, Oak Ridge Y-12 Plant, Oak Ridge, Tennessee

    SciTech Connect (OSTI)

    1997-10-01

    Studies conducted by the Y-12 Reduction of Mercury in Plant Effluent (RMPE) Program and Y-12 Biological Monitoring and Abatement Program (BMAP) in 1995 and 1996 (Y/ER-251, Y/ER-277) identified concerns regarding Lake Reality`s effect on the transport and transformation of mercury in East Fork Poplar Creek (EFPC). The pond appeared to have two potentially adverse effects on mercury transport. First, it acted as a biochemical reactor, converting inorganic mercury in inflowing water to methylmercury, a more toxic substance with extremely high bioaccumulation potential in aquatic environments. Second, the pond appeared to trap mercury associated with suspended particulates during periods of stormflow, and slowly released that mercury via the export of resuspended particles during periods of baseflow. The net effect was to raise the day-to-day exposure of aquatic life to mercury in the stream downstream from the pond, and add to the calculated mercury loading of the stream under baseflow conditions. Scientific investigations thus indicated that diversion of the flow of EFPC around Lake Reality had the potential to reduce time-averaged concentrations of methylmercury and total mercury in the creek below its discharge, but that such diversion might also interfere with possible beneficial effects of the retention pond. Therefore, an experimental bypass of the pond was undertaken in late 1996 to evaluate the consequences of such an action before embarking on a more permanent change.

  5. A Decision Analysis Tool for Climate Impacts, Adaptations, and Vulnerabilities

    SciTech Connect (OSTI)

    Omitaomu, Olufemi A; Parish, Esther S; Nugent, Philip J

    2016-01-01

    Climate change related extreme events (such as flooding, storms, and drought) are already impacting millions of people globally at a cost of billions of dollars annually. Hence, there are urgent needs for urban areas to develop adaptation strategies that will alleviate the impacts of these extreme events. However, lack of appropriate decision support tools that match local applications is limiting local planning efforts. In this paper, we present a quantitative analysis and optimization system with customized decision support modules built on geographic information system (GIS) platform to bridge this gap. This platform is called Urban Climate Adaptation Tool (Urban-CAT). For all Urban-CAT models, we divide a city into a grid with tens of thousands of cells; then compute a list of metrics for each cell from the GIS data. These metrics are used as independent variables to predict climate impacts, compute vulnerability score, and evaluate adaptation options. Overall, the Urban-CAT system has three layers: data layer (that contains spatial data, socio-economic and environmental data, and analytic data), middle layer (that handles data processing, model management, and GIS operation), and application layer (that provides climate impacts forecast, adaptation optimization, and site evaluation). The Urban-CAT platform can guide city and county governments in identifying and planning for effective climate change adaptation strategies.

  6. Ultra Wideband (UWB) communication vulnerability for security applications.

    SciTech Connect (OSTI)

    Cooley, H. Timothy

    2010-07-01

    RF toxicity and Information Warfare (IW) are becoming omnipresent posing threats to the protection of nuclear assets, and within theatres of hostility or combat where tactical operation of wireless communication without detection and interception is important and sometimes critical for survival. As a result, a requirement for deployment of many security systems is a highly secure wireless technology manifesting stealth or covert operation suitable for either permanent or tactical deployment where operation without detection or interruption is important The possible use of ultra wideband (UWB) spectrum technology as an alternative physical medium for wireless network communication offers many advantages over conventional narrowband and spread spectrum wireless communication. UWB also known as fast-frequency chirp is nonsinusoidal and sends information directly by transmitting sub-nanosecond pulses without the use of mixing baseband information upon a sinusoidal carrier. Thus UWB sends information using radar-like impulses by spreading its energy thinly over a vast spectrum and can operate at extremely low-power transmission within the noise floor where other forms of RF find it difficult or impossible to operate. As a result UWB offers low probability of detection (LPD), low probability of interception (LPI) as well as anti-jamming (AJ) properties in signal space. This paper analyzes and compares the vulnerability of UWB to narrowband and spread spectrum wireless network communication.

  7. Climate change and health: Indoor heat exposure in vulnerable populations

    SciTech Connect (OSTI)

    White-Newsome, Jalonne L.; Sanchez, Brisa N.; Jolliet, Olivier; Zhang, Zhenzhen; Parker, Edith A.; Timothy Dvonch, J.; O'Neill, Marie S.

    2012-01-15

    Introduction: Climate change is increasing the frequency of heat waves and hot weather in many urban environments. Older people are more vulnerable to heat exposure but spend most of their time indoors. Few published studies have addressed indoor heat exposure in residences occupied by an elderly population. The purpose of this study is to explore the relationship between outdoor and indoor temperatures in homes occupied by the elderly and determine other predictors of indoor temperature. Materials and methods: We collected hourly indoor temperature measurements of 30 different homes; outdoor temperature, dewpoint temperature, and solar radiation data during summer 2009 in Detroit, MI. We used mixed linear regression to model indoor temperatures' responsiveness to weather, housing and environmental characteristics, and evaluated our ability to predict indoor heat exposures based on outdoor conditions. Results: Average maximum indoor temperature for all locations was 34.85 Degree-Sign C, 13.8 Degree-Sign C higher than average maximum outdoor temperature. Indoor temperatures of single family homes constructed of vinyl paneling or wood siding were more sensitive than brick homes to outdoor temperature changes and internal heat gains. Outdoor temperature, solar radiation, and dewpoint temperature predicted 38% of the variability of indoor temperatures. Conclusions: Indoor exposures to heat in Detroit exceed the comfort range among elderly occupants, and can be predicted using outdoor temperatures, characteristics of the housing stock and surroundings to improve heat exposure assessment for epidemiological investigations. Weatherizing homes and modifying home surroundings could mitigate indoor heat exposure among the elderly.

  8. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 86: IBM WebSphere Sensor Events Multiple Vulnerabilities U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities June 8, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM WebSphere Sensor Events PLATFORM: IBM WebSphere Sensor Events 7.x ABSTRACT: Some vulnerabilites have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks. Reference Links: Secunia ID 49413 No CVE references. Vendor URL IMPACT

  9. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 51: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities February 7, 2011 - 7:56am Addthis PROBLEM: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities. PLATFORM: Cisco WebEx recording players. Microsoft Windows, Apple Mac OS X, and Linux versions of the player are all affected. Affected versions of the players are those prior to client builds T27LC SP22 and

  10. V-007: McAfee Firewall Enterprise ISC BIND Record Handling Lockup Vulnerability

    Broader source: Energy.gov [DOE]

    McAfee has acknowledged a vulnerability in McAfee Firewall Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service).

  11. V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 2.3.0 or 1.2.19. Addthis Related Articles U-226: Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability V-062: Asterisk Two Denial of...

  12. Utilizing Semantic Big Data for realizing a National-scale Infrastructure Vulnerability Analysis System

    SciTech Connect (OSTI)

    Chinthavali, Supriya; Shankar, Mallikarjun

    2016-01-01

    Critical Infrastructure systems(CIs) such as energy, water, transportation and communication are highly interconnected and mutually dependent in complex ways. Robust modeling of CIs interconnections is crucial to identify vulnerabilities in the CIs. We present here a national-scale Infrastructure Vulnerability Analysis System (IVAS) vision leveraging Se- mantic Big Data (SBD) tools, Big Data, and Geographical Information Systems (GIS) tools. We survey existing ap- proaches on vulnerability analysis of critical infrastructures and discuss relevant systems and tools aligned with our vi- sion. Next, we present a generic system architecture and discuss challenges including: (1) Constructing and manag- ing a CI network-of-networks graph, (2) Performing analytic operations at scale, and (3) Interactive visualization of ana- lytic output to generate meaningful insights. We argue that this architecture acts as a baseline to realize a national-scale network based vulnerability analysis system.

  13. V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow.

  14. T-539: Adobe Acrobat, Reader, and Flash Player Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user. If the user holds elevated privileges, the attacker could execute arbitrary code that results in complete system compromise.

  15. V-209:Cisco WAAS (Wide Area Application Services) Arbitrary Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.

  16. U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system

  17. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Broader source: Energy.gov (indexed) [DOE]

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions October 2015 U.S. Department of Energy Office of Energy Policy and Systems Analysis ...

  18. U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address.

  19. T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    IBM and Oracle Java products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

  20. U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather This report-part of the Administration's efforts to support national climate change adaptation planning through the Interagency Climate Change Adaptation Task Force and Strategic Sustainability Planning process established under Executive Order 13514 and to advance the U.S. Department of Energy's goal of promoting energy

  1. Vulnerability Assessments and Resilience Planning at Federal Facilities. Preliminary Synthesis of Project

    SciTech Connect (OSTI)

    Moss, R. H.; Delgado, A.; Malone, E L.

    2015-08-15

    U.S. government agencies are now directed to assess the vulnerability of their operations and facilities to climate change and to develop adaptation plans to increase their resilience. Specific guidance on methods is still evolving based on the many different available frameworks. Agencies have been experimenting with these frameworks and approaches. This technical paper synthesizes lessons and insights from a series of research case studies conducted by the investigators at facilities of the U.S. Department of Energy and the Department of Defense. The purpose of the paper is to solicit comments and feedback from interested program managers and analysts before final conclusions are published. The paper describes the characteristics of a systematic process for prioritizing needs for adaptation planning at individual facilities and examines requirements and methods needed. It then suggests a framework of steps for vulnerability assessments at Federal facilities and elaborates on three sets of methods required for assessments, regardless of the detailed framework used. In a concluding section, the paper suggests a roadmap to further develop methods to support agencies in preparing for climate change. The case studies point to several preliminary conclusions; (1) Vulnerability assessments are needed to translate potential changes in climate exposure to estimates of impacts and evaluation of their significance for operations and mission attainment, in other words into information that is related to and useful in ongoing planning, management, and decision-making processes; (2) To increase the relevance and utility of vulnerability assessments to site personnel, the assessment process needs to emphasize the characteristics of the site infrastructure, not just climate change; (3) A multi-tiered framework that includes screening, vulnerability assessments at the most vulnerable installations, and adaptation design will efficiently target high-risk sites and infrastructure

  2. Assessment of chemical vulnerabilities in the Hanford high-level waste tanks

    SciTech Connect (OSTI)

    Meacham, J.E.

    1996-02-15

    The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

  3. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Resilience Solutions | Department of Energy Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please view it in a modern browser. This report examines the current and potential future impacts of climate change and extreme weather on the U.S. energy sector at the regional level. It provides illustrative examples

  4. A Framework for Federated Two-Factor Authentication Enabling Cost-Effective Secure Access to Distributed Cyberinfrastructure

    SciTech Connect (OSTI)

    Ezell, Matthew A; Rogers, Gary L; Peterson, Gregory D.

    2012-01-01

    As cyber attacks become increasingly sophisticated, the security measures used to mitigate the risks must also increase in sophistication. One time password (OTP) systems provide strong authentication because security credentials are not reusable, thus thwarting credential replay attacks. The credential changes regularly, making brute-force attacks significantly more difficult. In high performance computing, end users may require access to resources housed at several different service provider locations. The ability to share a strong token between multiple computing resources reduces cost and complexity. The National Science Foundation (NSF) Extreme Science and Engineering Discovery Environment (XSEDE) provides access to digital resources, including supercomputers, data resources, and software tools. XSEDE will offer centralized strong authentication for services amongst service providers that leverage their own user databases and security profiles. This work implements a scalable framework built on standards to provide federated secure access to distributed cyberinfrastructure.

  5. Bypass Flow Computations using a One-Twelfth Symmetric Sector For Normal Operation in a 350 MWth VHTR

    SciTech Connect (OSTI)

    Richard W. Johnson; Hiroyuki Sato

    2012-10-01

    Significant uncertainty exists about the effects of bypass flow in a prismatic gas-cooled very high temperature reactor (VHTR). Bypass flow is the flow in the gaps between prismatic graphite blocks in the core. The gaps are present because of variations in their construction, imperfect installation and expansion and shrinkage from thermal heating and neutron fluence. Calculations are performed using computational fluid dynamics (CFD) for flow of the helium coolant in the gap and coolant channels along with conjugate heat generation and heat transfer in the fuel compacts and graphite. A commercial CFD code is used for all of the computations. A one-twelfth sector of a standard hexagonal block column is used for the CFD model because of its symmetry. Various scenarios are computed by varying the gap width from zero to 5 mm, varying the total heat generation rate to examine average and peak radial generation rates and variation of the graphite block geometry to account for the effects of shrinkage caused by irradiation. The calculations are for a 350 MWth prismatic reactor. It is shown that the effect of increasing gap width, while maintaining the same total mass flow rate, causes increased maximum fuel temperature while providing significant cooling to the near-gap region. The maximum outlet coolant temperature variation is increased by the presence of gap flow and also by an increase in total heat generation with a gap present. The effect of block shrinkage is actually to decrease maximum fuel temperature compared to a similar reference case.

  6. Modeling Vulnerability and Resilience to Climate Change: A Case Study of India and Indian States

    SciTech Connect (OSTI)

    Brenkert, Antoinette L.; Malone, Elizabeth L.

    2005-09-01

    The vulnerability of India and Indian states to climate change was assessed using the Vulnerability-Resilience Indicator Prototype (VRIP). The model was adapted from the global/country version to account for Indian dietary practices and data availability with regard to freshwater resources. Results (scaled to world values) show nine Indian states to be moderately resilient to climate change, principally because of low sulfur emissions and a relatively large percentage of unmanaged land. Six states are more vulnerable than India as a whole, attributable largely to sensitivity to sea storm surges. Analyses of results at the state level (Orissa, and comparisons between Maharashtra and Kerala, and Andhra Pradesh and Himachal Pradesh) demonstrate the value of VRIP analyses used in conjunction with other socioeconomic information to address initial questions about the sources of vulnerability in particular places. The modeling framework allows analysts and stakeholders to systematically evaluate individual and sets of indicators and to indicate where the likely vulnerabilities are in the area being assessed.

  7. U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 38: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability April 2, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco IOS XE 2.1.x Cisco IOS XE 2.2.x Cisco IOS XE 2.3.x Cisco IOS XE 2.4.x Cisco IOS XE 2.5.x Cisco IOS XE 2.6.x Cisco IOS XE 3.1.x Cisco IOS XE 3.3.x

  8. U-148: ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in GRScript18.dll and can be exploited to execute arbitrary Ruby commands.

  9. U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation - Sixth Quarterly Report, January - March 2004

    SciTech Connect (OSTI)

    U.S. Department of Energy; Larry Zirker

    2004-06-01

    This Oil Bypass Filter Technology Evaluation quarterly report (January-March 2004) details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program. Eight four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass filter systems from the puraDYN Corporation. The bypass filters are reported to have engine oil filtering capability of <1 micron and a built-in additive package to facilitate extended oil-drain intervals. This quarter, the heavy-duty buses traveled 88,747 miles, and as of the end of March 2004, the eight buses have accumulated 412,838 total test miles without requiring an oil change. This represents an avoidance of 34 oil changes, which equates to 1,199 quarts (300 gallons) of new oil not consumed and, furthermore, 1,199 quarts of waste oil not generated.

  10. V-159: RSA SecurID Agent Discloses Node Secret Encryption Key...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    has issued fixes. Addthis Related Articles U-267: RSA Authentication Agent 7.1 for Microsoft Windows and RSA Authentication Client 3.5 Access Control Vulnerability...

  11. Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman

    SciTech Connect (OSTI)

    Chevassut, Olivier; Milner, Joseph; Pointcheval, David

    2008-04-21

    The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on an analysis of relevant patents in the area.

  12. V-200: Apache Struts DefaultActionMapper Redirection and OGNL Security

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Vulnerabilities | Department of Energy 0: Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities V-200: Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities July 18, 2013 - 6:00am Addthis PROBLEM: Two weaknesses and multiple vulnerabilities have been reported in Apache Struts PLATFORM: Apache Struts 2.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct spoofing attacks and bypass certain

  13. U-199: Drupal Drag & Drop Gallery Module Arbitrary File Upload Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    The vulnerability is caused due to the sites/all/modules/dragdrop_gallery/upload.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.

  14. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  15. Seismic Vulnerability Evaluations Within The Structural And Functional Survey Activities Of The COM Bases In Italy

    SciTech Connect (OSTI)

    Zuccaro, G.; Cacace, F.; Albanese, V.; Mercuri, C.; Papa, F.; Pizza, A. G.; Sergio, S.; Severino, M.

    2008-07-08

    The paper describes technical and functional surveys on COM buildings (Mixed Operative Centre). This activity started since 2005, with the contribution of both Italian Civil Protection Department and the Regions involved. The project aims to evaluate the efficiency of COM buildings, checking not only structural, architectonic and functional characteristics but also paying attention to surrounding real estate vulnerability, road network, railways, harbours, airports, area morphological and hydro-geological characteristics, hazardous activities, etc. The first survey was performed in eastern Sicily, before the European Civil Protection Exercise 'EUROSOT 2005'. Then, since 2006, a new survey campaign started in Abruzzo, Molise, Calabria and Puglia Regions. The more important issue of the activity was the vulnerability assessment. So this paper deals with a more refined vulnerability evaluation technique by means of the SAVE methodology, developed in the 1st task of SAVE project within the GNDT-DPC programme 2000-2002 (Zuccaro, 2005); the SAVE methodology has been already successfully employed in previous studies (i.e. school buildings intervention programme at national scale; list of strategic public buildings in Campania, Sicilia and Basilicata). In this paper, data elaborated by SAVE methodology are compared with expert evaluations derived from the direct inspections on COM buildings. This represents a useful exercise for the improvement either of the survey forms or of the methodology for the quick assessment of the vulnerability.

  16. Taxonomy of USA east coast fishing communities in terms of social vulnerability and resilience

    SciTech Connect (OSTI)

    Pollnac, Richard B.; Seara, Tarsila; Colburn, Lisa L.; Jepson, Michael

    2015-11-15

    Increased concern with the impacts that changing coastal environments can have on coastal fishing communities led to a recent effort by NOAA Fisheries social scientists to develop a set of indicators of social vulnerability and resilience for the U.S. Southeast and Northeast coastal communities. A goal of the NOAA Fisheries social vulnerability and resilience indicator program is to support time and cost effective use of readily available data in furtherance of both social impact assessments of proposed changes to fishery management regulations and climate change adaptation planning. The use of the indicators to predict the response to change in coastal communities would be enhanced if community level analyses could be grouped effectively. This study examines the usefulness of combining 1130 communities into 35 relevant subgroups by comparing results of a numerical taxonomy with data collected by interview methods, a process herein referred to as “ground-truthing.” The validation of the taxonomic method by the method of ground-truthing indicates that the clusters are adequate to be used to select communities for in-depth research. - Highlights: • We develop a taxonomy of fishing communities based on vulnerability indicators. • We validate the community clusters through the use of surveys (“ground-truthing”). • Clusters differ along important aspects of fishing community vulnerability. • Clustering communities allows for accurate and timely social impact assessments.

  17. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. To address the facility-specific and site-specific vulnerabilities, responsible DOE and site-contractor line organizations have developed initial site response plans. These plans, presented as Volume 2 of this Management Response Plan, describe the actions needed to mitigate or eliminate the facility- and site-specific vulnerabilities identified by the CSV Working Group field verification teams. Initial site response plans are described for: Brookhaven National Lab., Hanford Site, Idaho National Engineering Lab., Lawrence Livermore National Lab., Los Alamos National Lab., Oak Ridge Reservation, Rocky Flats Plant, Sandia National Laboratories, and Savannah River Site.

  18. U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system. Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

  19. Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

    SciTech Connect (OSTI)

    Fesharaki, F.; Rizer, J.P.; Greer, L.S.

    1994-05-01

    The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

  20. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2010-08-25

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future.

  1. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions October 2015 U.S. Department of Energy Office of Energy Policy and Systems Analysis Acknowledgements This report was produced by the U.S. Department of Energy's Office of Energy Policy and Systems Analysis (DOE-EPSA) under the direction of Craig Zamuda. Matt Antes, C.W. Gillespie, Anna Mosby, and Beth Zotter of Energetics Incorporated provided analysis, drafting support, and technical editing.

  2. Outmigration of landlocked Atlantic salmon (Salmo salar) smolts and effectiveness of an angled trash rack/fish bypass structure at a small scale hydroelectric facility. [Salmo salar

    SciTech Connect (OSTI)

    Nettles, D.C.; Gloss, S.P.

    1985-01-01

    Modes of downstream passage (penstock, spillway, diversion chute) by Atlantic salmon (Salmo salar) smolts were monitored using radio telemetry to assess the effectiveness of an angled trash rack/fish bypass structure at a small hydroelectric dam on the Boquet River, New York. Telemetry of 170 Atlantic salmon smolts and visual observations of stocked smolts were used to determine aspects of Atlantic salmon outmigration behavior. Smolts initiated mass migrations after river temperatures reached or exceeded 10/sup 0/C. Many radio-tagged smolts interrupted movements upon reaching ponded waters and/or the dam. River flow did not (P > .05) affect the frequency of migratory movements, passages, or rate of movement. Migrations were of approximately 30 days duration. Passages at the dam occurred primarily at night (61%) with diurnal passages (17%) and crepuscular passages (17%) of secondary importance. Timing of 5% of the passages was undetermined. All passages which occurred when angled trash racks were in place were through the bypass or over the spillway. Six (6) passages occurred when trash racks perpendicular to the penstock were in place: 3 of these were penstock passages. The angled trash rack and bypass structure served to reduce entrainment.

  3. Vulnerability of larval and juvenile white sturgeon to barotrauma: can they handle the pressure?

    SciTech Connect (OSTI)

    Brown, Richard S.; Cook, Katrina V.; Pflugrath, Brett D.; Rozeboom, Latricia L.; Johnson, Rachelle C.; McLellan, Jason; Linley, Timothy J.; Gao, Yong; Baumgartner, Lee J.; Dowell, Frederick E.; Miller, Erin A.; White, Timothy A.

    2013-07-01

    Techniques were developed to determine which life stages of fish are vulnerable to barotrauma from expansion of internal gases during decompression. Eggs, larvae and juvenile hatchery-reared white sturgeon (Acipenser transmontanus; up to 91 days post hatch; dph), were decompressed to assess vulnerability to barotrauma and identify initial swim bladder inflation. Barotrauma related injury and mortality were first observed 9 dph, on the same day as initial exogenous feeding. However, barotrauma related injury did not occur again until swim bladder inflation 75 dph (visible from necropsy and x-ray radiographs). Swim bladder inflation was not consistent among individuals, with only 44% being inflated 91 dph. Additionally, swim bladder inflation did not appear to be size dependent among fish ranging in total length from 61-153 mm at 91 dph. The use of a combination of decompression tests and x-ray radiography was validated as a method to determine initial swim bladder inflation and vulnerability to barotrauma. Extending these techniques to other species and life history stages would help to determine fish susceptibility to hydroturbine passage and aid in fish conservation.

  4. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains a discussion of the chemical safety improvements planned or already underway at DOE sites to correct facility or site-specific vulnerabilities. The main part of the report is a discussion of each of the programmatic deficiencies; a description of the tasks to be accomplished; the specific actions to be taken; and the organizational responsibilities for implementation.

  5. Data management for geospatial vulnerability assessment of interdependencies in US power generation

    SciTech Connect (OSTI)

    Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S.

    2009-09-15

    Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

  6. Vulnerability and adaptation to severe weather events in the American southwest

    SciTech Connect (OSTI)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptation to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.

  7. Vulnerability and adaptation to severe weather events in the American southwest

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptationmore » to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.« less

  8. Application of artificial neural networks in power system security and vulnerability assessment

    SciTech Connect (OSTI)

    Qin Zhou; Davidson, J.; Fouad, A.A.

    1994-02-01

    In a companion paper the concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. Using the TEF method of transient stability analysis, the energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity to a changing system parameter p ([partial derivative][Delta]V/[partial derivative]p) as indicator of its trend with changing system conditions. These two indicators are combined to determine the degree of system vulnerability to contingent disturbances in a stability-limited power system. Thresholds for acceptable levels of the security indicator and its trend are related to the stability limits of a critical system parameter (plant generation limits). Operating practices and policies are used to determine these thresholds. In this paper the artificial neural networks (ANNs) technique is applied to the concept of system vulnerability within the recently developed framework, for fast pattern recognition and classification of system dynamic security status. A suitable topology for the neural network is developed, and the appropriate training method and input and output signals are selected. The procedure developed is successfully applied to the IEEE 50-generator test system. Data previously obtained by heuristic techniques are used for training the ANN.

  9. Two-subunit DNA escort mechanism and inactive subunit bypass in an ultra-fast ring ATPase

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Liu, Ninning; Chistol, Gheorghe; Bustamante, Carlos

    2015-10-09

    SpoIIIE is a homo-hexameric dsDNA translocase responsible for completing chromosome segregation in Bacillus subtilis . Here, we use a single-molecule approach to monitor SpoIIIE translocation when challenged with neutral-backbone DNA and non-hydrolyzable ATP analogs. We show that SpoIIIE makes multiple essential contacts with phosphates on the 5'→3' strand in the direction of translocation. Using DNA constructs with two neutral-backbone segments separated by a single charged base pair, we deduce that SpoIIIE’s step size is 2 bp. Finally, experiments with non-hydrolyzable ATP analogs suggest that SpoIIIE can operate with non-consecutive inactive subunits. We propose a two-subunit escort translocation mechanism thatmore » is strict enough to enable SpoIIIE to track one DNA strand, yet sufficiently compliant to permit the motor to bypass inactive subunits without arrest. We speculate that such a flexible mechanism arose for motors that, like SpoIIIE, constitute functional bottlenecks where the inactivation of even a single motor can be lethal for the cell.« less

  10. U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.

  11. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  12. Extending the Shared Socioeconomic Pathways for sub-national impacts, adaptation, and vulnerability studies

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Absar, Syeda Mariya; Preston, Benjamin L.

    2015-05-25

    The exploration of alternative socioeconomic futures is an important aspect of understanding the potential consequences of climate change. While socioeconomic scenarios are common and, at times essential, tools for the impact, adaptation and vulnerability and integrated assessment modeling research communities, their approaches to scenario development have historically been quite distinct. However, increasing convergence of impact, adaptation and vulnerability and integrated assessment modeling research in terms of scales of analysis suggests there may be value in the development of a common framework for socioeconomic scenarios. The Shared Socioeconomic Pathways represents an opportunity for the development of such a common framework. However,more » the scales at which these global storylines have been developed are largely incommensurate with the sub-national scales at which impact, adaptation and vulnerability, and increasingly integrated assessment modeling, studies are conducted. Our objective for this study was to develop sub-national and sectoral extensions of the global SSP storylines in order to identify future socioeconomic challenges for adaptation for the U.S. Southeast. A set of nested qualitative socioeconomic storyline elements, integrated storylines, and accompanying quantitative indicators were developed through an application of the Factor-Actor-Sector framework. Finally, in addition to revealing challenges and opportunities associated with the use of the SSPs as a basis for more refined scenario development, this study generated sub-national storyline elements and storylines that can subsequently be used to explore the implications of alternative subnational socioeconomic futures for the assessment of climate change impacts and adaptation.« less

  13. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  14. V-183: Cisco TelePresence TC and TE Bugs Let Remote Users Deny Service and Remote Adjacent Authenticated Users Gain Root Shell Access

    Broader source: Energy.gov [DOE]

    Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.

  15. Optimization Strategies for the Vulnerability Analysis of the Electric Power Grid

    SciTech Connect (OSTI)

    Pinar, A.; Meza, J.; Donde, V.; Lesieutre, B.

    2007-11-13

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (MINLP) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  16. Optimization strategies for the vulnerability analysis of the electric power grid.

    SciTech Connect (OSTI)

    Meza, Juan C.; Pinar, Ali; Lesieutre, Bernard; Donde, Vaibhav

    2009-03-01

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (minlp) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  17. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2008-12-30

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarán et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

  18. Evaluation of the Geotech Smart24 data acquisition system with active Fortezza crypto card data signing and authentication.

    SciTech Connect (OSTI)

    Hart, Darren M.

    2008-05-01

    Sandia National Laboratories has tested and evaluated Geotech Smart24 data acquisition system with active Fortezza crypto card data signing and authentication. The test results included in this report were in response to static and tonal-dynamic input signals. Most test methodologies used were based on IEEE Standards 1057 for Digitizing Waveform Recorders and 1241 for Analog to Digital Converters; others were designed by Sandia specifically for infrasound application evaluation and for supplementary criteria not addressed in the IEEE standards. The objective of this work was to evaluate the overall technical performance of the Geotech Smart24 digitizer with a Fortezza PCMCIA crypto card actively implementing the signing of data packets. The results of this evaluation were compared to relevant specifications provided within manufacturer's documentation notes. The tests performed were chosen to demonstrate different performance aspects of the digitizer under test. The performance aspects tested include determining noise floor, least significant bit (LSB), dynamic range, cross-talk, relative channel-to-channel timing, time-tag accuracy, analog bandwidth and calibrator performance.

  19. Movement and Injury Rates for Three Life Stages of Spring Chinook Salmon Oncorhynchus Tshawytscha : A Comparison of Submerged Orifices and an Overflow Weir for Fish Bypass in a Modular Rotary Drum Fish Screen : Annual Report 1995.

    SciTech Connect (OSTI)

    Abernethy, C. Scott; Neitzel, Duane A.; Mavros, William V.

    1996-03-01

    The Pacific Northwest National Laboratory (PNNL) evaluated the effectiveness of 6-in. and 2-in. submerged orifices, and an overflow weir for fish bypass at a rotary drum fish screening facility. A modular drum screen built by the Washington Department of Fish and Wildlife (WDFW) was installed at PNNL`s Aquatic Ecology research laboratory in Richland, Washington. Fry, subyearlings, and smolts of spring chinook salmon (Oncorhynchus tshawyacha) were introduced into the test system, and their movement and injury rates were monitored. A total of 33 tests (100 fish per test) that lasted from 24 to 48 hr were completed from 1994 through 1995. Passage rate depended on both fish size and bypass configuration. For fry/fingerling spring chinook salmon, there was no difference in passage rate through the three bypass configurations (2-in. orifice, 6-in. orifice, or overflow weir). Subyearlings moved sooner when the 6-in. orifice was used, with more than 50% exiting through the fish bypass in the first 8 hr. Smolts exited quickly and preferred the 6-in. orifice, with over 90% of the smolts exiting through the bypass in less than 2 hr. Passage was slightly slower when a weir was used, with 90% of the smolts exiting in about 4 hr. When the 2-in. orifice was used in the bypass, 90% of the smolts did not exit until after 8 hr. In addition, about 7% of the smolts failed to migrate from the forebay within 24 hr, indicating that smolts were significantly delayed when the 2-in. orifice was used. Few significant injuries were detected for any of the life stages. However, light descaling occurred on about 15% of chinook salmon smolts passing through the 2-in. orifice. Although a single passage through the orifice did not appear to cause significant scale loss or other damage, passing through several screening facilities with 2-in. orifices could cause cumulative injuries.

  20. Spring bypass assembly

    DOE Patents [OSTI]

    Jablonski, Henry; Roughgarden, Jeffrey D.

    1984-02-07

    Pipe clamp comprises two substantially semicircular rim halves biased toward each other by spring assemblies. Adjustable stop means limit separation of the rim halves when the pipe expands.

  1. A Climate Change Vulnerability Assessment Report for the National Renewable Energy Laboratory: May 23, 2014 -- June 5, 2015

    SciTech Connect (OSTI)

    Vogel, J.; O'Grady, M.; Renfrow, S.

    2015-09-03

    The U.S. Department of Energy's (DOE's) National Renewable Energy Laboratory (NREL), in Golden, Colorado, focuses on renewable energy and energy efficiency research. Its portfolio includes advancing renewable energy technologies that can help meet the nation's energy and environmental goals. NREL seeks to better understand the potential effects of climate change on the laboratory--and therefore on its mission--to ensure its ongoing success. Planning today for a changing climate can reduce NREL's risks and improve its resiliency to climate-related vulnerabilities. This report presents a vulnerability assessment for NREL. The assessment was conducted in fall 2014 to identify NREL's climate change vulnerabilities and the aspects of NREL's mission or operations that may be affected by a changing climate.

  2. Vulnerability of Karangkates dams area by means of zero crossing analysis of data magnetic

    SciTech Connect (OSTI)

    Sunaryo, E-mail: sunaryo.geofis.ub@gmail.com; Susilo, Adi

    2015-04-24

    Study with entitled Vulnerability Karangkates Dam Area By Means of Zero Crossing Analysis of Data Magnetic has been done. The study was aimed to obtain information on the vulnerability of two parts area of Karangkates dams, i.e. Lahor dam which was inaugurated in 1977 and Sutami dam inaugurated in 1981. Three important things reasons for this study are: 1). The dam age was 36 years old for Lahor dam and 32 years old for Sutami dam, 2). Geologically, the location of the dams are closed together to the Pohgajih local shear fault, Selorejo local fault, and Selorejo limestone-andesite rocks contact plane, and 3). Karangkates dams is one of the important Hydro Power Plant PLTA with the generating power of about 400 million KWH per year from a total of about 29.373MW installed in Indonesia. Geographically, the magnetic data acquisition was conducted at coordinates (112.4149oE;-8.2028oS) to (112.4839oE;-8.0989oS) by using Proton Precession Magnetometer G-856. Magnetic Data acquisition was conducted in the radial direction from the dams with diameter of about 10 km and the distance between the measurements about 500m. The magnetic data acquisition obtained the distribution of total magnetic field value in the range of 45800 nT to 44450 nT. Residual anomalies obtained by doing some corrections, including diurnal correction, International Geomagnetic Reference Field (IGRF) correction, and reductions so carried out the distribution of the total magnetic field value in the range of -650 nT to 700 nT. Based on the residual anomalies, indicate the presence of 2 zones of closed closures dipole pairs at located in the west of the Sutami dam and the northwest of the Lahor dam from 5 total zones. Overlapping on the local geological map indicated the lineament of zero crossing patterns in the contour of residual anomaly contour with the Pohgajih shear fault where located at about 4 km to the west of the Sutami dam approximately and andesite-limestone rocks contact where located

  3. Groundwaters of Florence (Italy): Trace element distribution and vulnerability of the aquifers

    SciTech Connect (OSTI)

    Bencini, A.; Ercolanelli, R.; Sbaragli, A.

    1993-11-01

    Geochemical and hydrogeological research has been carried out in Florence, to evaluate conductivity and main chemistry of groundwaters, the pattern of some possible pollutant chemical species (Fe, Mn, Cr, Cu, Pb, Zn, NO{sub 2}, NO{sub 3}), and the vulnerability of the aquifers. The plain is made up of Plio-Quaternary alluvial and lacustrine sediments for a maximum thickness of 600 m. Silts and clays, sometimes with lenses of sandy gravels, are dominant, while considerable deposits of sands, pebbles, and gravels occur along the course of the Arno river and its tributary streams, and represent the most important aquifer of the plain. Most waters show conductivity values around 1000-1200 {mu}S, and almost all of them have an alkaline-earth-bicarbonate chemical character. In western areas higher salt content of the groundwaters is evident. Heavy metal and NO{sub 2}, NO{sub 3} analyses point out that no important pollution phenomena affect the groundwaters; all mean values are below the maximum admissible concentration (MAC) for drinkable waters. Some anomalies of NO{sub 2}, NO{sub 3}, Fe, Mn, and Zn are present. The most plausible causes can be recognized in losses of the sewage system; use of nitrate compounds in agriculture; oxidation of well pipes. All the observations of Cr, Cu, and Pb are below the MAC; the median values of <3, 3.9, and 1.1 {mu}g/l, respectively, could be considered reference concentrations for groundwaters in calcareous lithotypes, under undisturbed natural conditions. Finally, a map of vulnerability shows that the areas near the Arno river are highly vulnerable, for the minimum thickness (or lacking) of sediments covering the aquifer. On the other hand, in the case of pollution, several factors not considered could significantly increase the self-purification capacity of the aquifer, such asdilution of groundwaters, bacteria oxidation of nitrogenous species, and sorption capacity of clay minerals and organic matter. 31 refs., 6 figs., 5 tabs.

  4. Movement of Fall Chinook Salmon Fry Oncorhynchus Tshawytscha : A Comparison of Approach Angles for Fish Bypass in a Modular Rotary Drum Fish Screen.

    SciTech Connect (OSTI)

    Neitzel, D.A.; Blanton, S.L.; Abernethy, C. Scott; Daly, D.S.

    1996-08-01

    The Pacific Northwest National Laboratory (PNNL) performed tests to determine whether a significant difference in fish passage existed between a 6-ft screening facility built perpendicularly to canal flow and an identical screening facility with the screen mounted at a 45-degree angle to the approach channel. A modular drum screen built by the Washington Department of Fish and Wildlife was installed at PNNL`s Aquatic Ecology research laboratory in Richland, Washington. Fall chinook salmon fry were introduced into the test system, and their movements were monitored. A total of 14 tests (400 fish per test) that lasted 20 hours were completed during April and May, 1996. There was no significant difference in fish passage rate through the two approach configurations. Attraction flow to the bypass across the face of the screen was more evident for the angled approach, although this did not appear to play a significant role in attracting fish to the bypass. Approach velocities at the face of the screen did not exceed the 0.4 fps criteria for either approach configuration and posed not threat to fish. No fish passed over, around, or through the drum screen during any test.

  5. Comparison of the effectiveness of surface flow and deep spill for bypassing Pacific salmon smolts (Oncorhynchus spp.) at Columbia River Basin hydropower dams

    SciTech Connect (OSTI)

    Ransom, B.H.; Steig, T.W.

    1995-12-31

    For Columbia River Basin hydropower dams with ice and trash sluiceways, the surface-skimming sluiceways have been seen as a possible means of safely bypassing downstream migrating Pacific salmon and steelhead smolts (Oncorhynchus spp.) around turbine units. Evaluations of downstream migrating smolts immediately upstream of dams have shown that smolts are typically surface oriented. This surface orientation results in a disproportionately high percentage of migrants passing through surface flow, if available. Also, the survivability of downstream migrants passing through surface flow has been estimated to be as high as 99%, compared to 80-90% through the turbines. From 1969 to 1994 studies of spillway and sluiceway effectiveness were conducted at nine different dams. In order to estimate overall bypass effectiveness, hydroacoustics were used to estimate the proportion of fish passing through the spillway (or sluiceway). Sluiceways were found to be more efficient than spillways in passing downstream migrants, but sluiceway effectiveness was limited by the relatively small proportion of river flow that could be passed (typically 2-5 kcfs), equivalent to 2-5% of total river flow. During spring, sluiceways typically produced a 13:1 ratio of percent total fish-to-percent total river flow passed. During summer the ratio was 8:1. By comparison, the deep flow of conventional spillways was less efficient, passing fish at approximately a 1:1 ratio of fish to flow.

  6. Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling

    SciTech Connect (OSTI)

    McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

    2009-03-26

    Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

  7. Thermal Analysis of the Vulnerability of the Spacesuit Battery Design to Short-Circuit Conditions (Presentation)

    SciTech Connect (OSTI)

    Kim, G. H.; Chaney, L.; Smith, K.; Pesaran, A.; Darcy, E.

    2010-04-22

    NREL researchers created a mathematical model of a full 16p-5s spacesuit battery for NASA that captures electrical/thermal behavior during shorts to assess the vulnerability of the battery to pack-internal (cell-external) shorts. They found that relocating the short from battery pack-external (experimental validation) to pack-internal (modeling study) causes substantial additional heating of cells, which can lead to cell thermal runaway. All three layers of the bank-to-bank separator must fail for the pack-internal short scenario to occur. This finding emphasizes the imperative of battery pack assembly cleanliness. The design is tolerant to pack-internal shorts when stored at 0% state of charge.

  8. Predicting target vessel location on robot-assisted coronary artery bypass graft using CT to ultrasound registration

    SciTech Connect (OSTI)

    Cho, Daniel S.; Linte, Cristian; Chen, Elvis C. S.; Bainbridge, Daniel; Wedlake, Chris; Moore, John; Barron, John; Patel, Rajni; Peters, Terry

    2012-03-15

    Purpose: Although robot-assisted coronary artery bypass grafting (RA-CABG) has gained more acceptance worldwide, its success still depends on the surgeon's experience and expertise, and the conversion rate to full sternotomy is in the order of 15%-25%. One of the reasons for conversion is poor pre-operative planning, which is based solely on pre-operative computed tomography (CT) images. In this paper, the authors propose a technique to estimate the global peri-operative displacement of the heart and to predict the intra-operative target vessel location, validated via both an in vitro and a clinical study. Methods: As the peri-operative heart migration during RA-CABG has never been reported in the literatures, a simple in vitro validation study was conducted using a heart phantom. To mimic the clinical workflow, a pre-operative CT as well as peri-operative ultrasound images at three different stages in the procedure (Stage{sub 0}--following intubation; Stage{sub 1}--following lung deflation; and Stage{sub 2}--following thoracic insufflation) were acquired during the experiment. Following image acquisition, a rigid-body registration using iterative closest point algorithm with the robust estimator was employed to map the pre-operative stage to each of the peri-operative ones, to estimate the heart migration and predict the peri-operative target vessel location. Moreover, a clinical validation of this technique was conducted using offline patient data, where a Monte Carlo simulation was used to overcome the limitations arising due to the invisibility of the target vessel in the peri-operative ultrasound images. Results: For the in vitro study, the computed target registration error (TRE) at Stage{sub 0}, Stage{sub 1}, and Stage{sub 2} was 2.1, 3.3, and 2.6 mm, respectively. According to the offline clinical validation study, the maximum TRE at the left anterior descending (LAD) coronary artery was 4.1 mm at Stage{sub 0}, 5.1 mm at Stage{sub 1}, and 3.4 mm at Stage

  9. Vulnerabilities and Opportunities at the Nexus of Electricity, Water and Climate

    SciTech Connect (OSTI)

    Frumhoff, Peter C.; Burkett, Virginia; Jackson, Robert B.; Newmark, Robin; Overpeck, Jonathan; Webber, Michael

    2015-08-01

    The articles in this special issue examine the critical nexus of electricity, water, and climate, emphasizing connections among resources; the prospect of increasing vulnerabilities of water resources and electricity generation in a changing climate; and the opportunities for research to inform integrated energy and water policy and management measures aimed at increasing resilience. Here, we characterize several major themes emerging from this research and highlight some of the uptake of this work in both scientific and public spheres. Underpinning much of this research is the recognition that water resources are expected to undergo substantial changes based on the global warming that results primarily from fossil energy-based carbon emissions. At the same time, the production of electricity from fossil fuels, nuclear power, and some renewable technologies (biomass, geothermal and concentrating solar power) can be highly water-intensive. Energy choices now and in the near future will have a major impact not just on the global climate, but also on water supplies and the resilience of energy systems that currently depend heavily on them.

  10. Development of an ASTM standard guide on performing vulnerability assessments for nuclear facilities

    SciTech Connect (OSTI)

    Wilkey, D.D.

    1995-09-01

    This paper describes an effort undertaken by subcommittee C26.12 (Safeguards) of the American Society for Testing and Materials (ASTM) to develop a standard guide for performing vulnerability assessments (VAs). VAs are performed to determine the effectiveness of safeguards and security systems for both domestic and international nuclear facilities. These assessments address a range of threats, including theft of nuclear material and sabotage, and use an array of methods. The approach to performing and documenting VAs is varied and is largely dependent upon the tools used to perform them. This diversity can lead to tools being misused, making validation of VAs more difficult. The development of a standard guide for performing VAs would, if generally accepted, alleviate these concerns. ASTM provides a forum for developing guides that includes a high level of peer review to assure that the result is acceptable to all potential users. Additionally, the ASTM is widely recognized for setting standards, and endorsement by the Society may increase the likelihood of acceptance by the nuclear community. The goal of this work is to develop a guide that is independent of the tools being used to perform the VA and applicable to the spectrum of threats described above.

  11. Vulnerabilities and opportunities at the nexus of electricity, water and climate

    SciTech Connect (OSTI)

    Frumhoff, Peter C.; Burkett, Virginia; Jackson, Robert B.; Newmark, Robin; Overpeck, Jonathan; Webber, Michael

    2015-08-04

    The articles in this special issue examine the critical nexus of electricity, water, and climate, emphasizing connections among resources; the prospect of increasing vulnerabilities of water resources and electricity generation in a changing climate; and the opportunities for research to inform integrated energy and water policy and management measures aimed at increasing resilience. Here, we characterize several major themes emerging from this research and highlight some of the uptake of this work in both scientific and public spheres. Underpinning much of this research is the recognition that water resources are expected to undergo substantial changes based on the global warming that results primarily from fossil energy-based carbon emissions. At the same time, the production of electricity from fossil fuels, nuclear power, and some renewable technologies (biomass, geothermal and concentrating solar power) can be highly water-intensive. Energy choices now and in the near future will have a major impact not just on the global climate, but also on water supplies and the resilience of energy systems that currently depend heavily on them.

  12. Vulnerabilities and opportunities at the nexus of electricity, water and climate

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Frumhoff, Peter C.; Burkett, Virginia; Jackson, Robert B.; Newmark, Robin; Overpeck, Jonathan; Webber, Michael

    2015-08-04

    The articles in this special issue examine the critical nexus of electricity, water, and climate, emphasizing connections among resources; the prospect of increasing vulnerabilities of water resources and electricity generation in a changing climate; and the opportunities for research to inform integrated energy and water policy and management measures aimed at increasing resilience. Here, we characterize several major themes emerging from this research and highlight some of the uptake of this work in both scientific and public spheres. Underpinning much of this research is the recognition that water resources are expected to undergo substantial changes based on the global warmingmore » that results primarily from fossil energy-based carbon emissions. At the same time, the production of electricity from fossil fuels, nuclear power, and some renewable technologies (biomass, geothermal and concentrating solar power) can be highly water-intensive. Energy choices now and in the near future will have a major impact not just on the global climate, but also on water supplies and the resilience of energy systems that currently depend heavily on them.« less

  13. ARM - Central Authentication Service

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Data Management Facility External Data Center Features and Releases Facility News Blogs: Air Time & Field Notes Meetings and Events Employment Research Highlights Data...

  14. Applicability of existing C3 (command, control and communications) vulnerability and hardness analyses to sentry system issues. Technical report

    SciTech Connect (OSTI)

    Lee, R.C.

    1983-01-13

    This report is a compilation of abstracts resulting from a literature search of reports relevant to Sentry Ballistic missile system C3 vulnerability and hardness. Primary sources consulted were the DOD Nuclear Information Analysis Center (DASIAC) and the Defense Technical Information Center (DTIC). Approximately 175 reports were reviewed and abstracted, including several related to computer programs for estimating nuclear effects on electromagnetic propagation. The reports surveyed were ranked in terms of their importance for Sentry C3 VandH issues.

  15. Extended defense systems :I. adversary-defender modeling grammar for vulnerability analysis and threat assessment.

    SciTech Connect (OSTI)

    Merkle, Peter Benedict

    2006-03-01

    Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenarios possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.

  16. Next-generation Algorithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience

    SciTech Connect (OSTI)

    Burchett, Deon L.; Chen, Richard Li-Yang; Phillips, Cynthia A.; Richard, Jean-Philippe

    2015-05-01

    This report summarizes the work performed under the project project Next-Generation Algo- rithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience. The goal of the project was to improve mathematical programming-based optimization technology for in- frastructure protection. In general, the owner of a network wishes to design a network a network that can perform well when certain transportation channels are inhibited (e.g. destroyed) by an adversary. These are typically bi-level problems where the owner designs a system, an adversary optimally attacks it, and then the owner can recover by optimally using the remaining network. This project funded three years of Deon Burchett's graduate research. Deon's graduate advisor, Professor Jean-Philippe Richard, and his Sandia advisors, Richard Chen and Cynthia Phillips, supported Deon on other funds or volunteer time. This report is, therefore. essentially a replication of the Ph.D. dissertation it funded [12] in a format required for project documentation. The thesis had some general polyhedral research. This is the study of the structure of the feasi- ble region of mathematical programs, such as integer programs. For example, an integer program optimizes a linear objective function subject to linear constraints, and (nonlinear) integrality con- straints on the variables. The feasible region without the integrality constraints is a convex polygon. Careful study of additional valid constraints can significantly improve computational performance. Here is the abstract from the dissertation: We perform a polyhedral study of a multi-commodity generalization of variable upper bound flow models. In particular, we establish some relations between facets of single- and multi- commodity models. We then introduce a new family of inequalities, which generalizes traditional flow cover inequalities to the multi-commodity context. We present encouraging numerical results. We also consider the directed edge

  17. GRiP - A flexible approach for calculating risk as a function of consequence, vulnerability, and threat.

    SciTech Connect (OSTI)

    Whitfield, R. G.; Buehring, W. A.; Bassett, G. W.

    2011-04-08

    Get a GRiP (Gravitational Risk Procedure) on risk by using an approach inspired by the physics of gravitational forces between body masses! In April 2010, U.S. Department of Homeland Security Special Events staff (Protective Security Advisors [PSAs]) expressed concern about how to calculate risk given measures of consequence, vulnerability, and threat. The PSAs believed that it is not 'right' to assign zero risk, as a multiplicative formula would imply, to cases in which the threat is reported to be extremely small, and perhaps could even be assigned a value of zero, but for which consequences and vulnerability are potentially high. They needed a different way to aggregate the components into an overall measure of risk. To address these concerns, GRiP was proposed and developed. The inspiration for GRiP is Sir Isaac Newton's Universal Law of Gravitation: the attractive force between two bodies is directly proportional to the product of their masses and inversely proportional to the squares of the distance between them. The total force on one body is the sum of the forces from 'other bodies' that influence that body. In the case of risk, the 'other bodies' are the components of risk (R): consequence, vulnerability, and threat (which we denote as C, V, and T, respectively). GRiP treats risk as if it were a body within a cube. Each vertex (corner) of the cube represents one of the eight combinations of minimum and maximum 'values' for consequence, vulnerability, and threat. The risk at each of the vertices is a variable that can be set. Naturally, maximum risk occurs when consequence, vulnerability, and threat are at their maximum values; minimum risk occurs when they are at their minimum values. Analogous to gravitational forces among body masses, the GRiP formula for risk states that the risk at any interior point of the box depends on the squares of the distances from that point to each of the eight vertices. The risk value at an interior (movable) point will be

  18. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  19. U-206: WordPress Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in WordPress. A remote authenticated user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote authenticated user can obtain potentially sensitive information.

  20. Use of the HPI Model 2080 pulsed neutron detector at the LANSCE complex - vulnerabilities and counting statistics

    SciTech Connect (OSTI)

    Jones, K.W.; Browman, A.

    1997-01-01

    The BPI Model 2080 Pulsed Neutron Detector has been used for over seven years as an area radiation monitor and dose limiter at the LANSCE accelerator complex. Operating experience and changing environments over this time have revealed several vulnerabilities (susceptibility to electrical noise, paralysis in high dose rate fields, etc.). Identified vulnerabilities have been connected; these modifications include component replacement and circuit design changes. The data and experiments leading to these modifications will be presented and discussed. Calibration of the instrument is performed in mixed static gamma and neutron source fields. The statistical characteristics of the Geiger-Muller tubes coupled with significantly different sensitivity to gamma and neutron doses require that careful attention be paid to acceptable fluctuations in dose rate over time during calibration. The performance of the instrument has been modeled using simple Poisson statistics and the operating characteristics of the Geiger-Muller tubes. The results are in excellent agreement with measurements. The analysis and comparison with experimental data will be presented.

  1. Development of a novel technique to assess the vulnerability of micro-mechanical system components to environmentally assisted cracking.

    SciTech Connect (OSTI)

    Enos, David George; Goods, Steven Howard

    2006-11-01

    Microelectromechanical systems (MEMS) will play an important functional role in future DOE weapon and Homeland Security applications. If these emerging technologies are to be applied successfully, it is imperative that the long-term degradation of the materials of construction be understood. Unlike electrical devices, MEMS devices have a mechanical aspect to their function. Some components (e.g., springs) will be subjected to stresses beyond whatever residual stresses exist from fabrication. These stresses, combined with possible abnormal exposure environments (e.g., humidity, contamination), introduce a vulnerability to environmentally assisted cracking (EAC). EAC is manifested as the nucleation and propagation of a stable crack at mechanical loads/stresses far below what would be expected based solely upon the materials mechanical properties. If not addressed, EAC can lead to sudden, catastrophic failure. Considering the materials of construction and the very small feature size, EAC represents a high-risk environmentally induced degradation mode for MEMS devices. Currently, the lack of applicable characterization techniques is preventing the needed vulnerability assessment. The objective of this work is to address this deficiency by developing techniques to detect and quantify EAC in MEMS materials and structures. Such techniques will allow real-time detection of crack initiation and propagation. The information gained will establish the appropriate combinations of environment (defining packaging requirements), local stress levels, and metallurgical factors (composition, grain size and orientation) that must be achieved to prevent EAC.

  2. Integrated Vulnerability and Impacts Assessment for Natural and Engineered Water-Energy Systems in the Southwest and Southern Rocky Mountain Region

    SciTech Connect (OSTI)

    Tidwell, Vincent C.; Wolfsberg, Andrew; Macknick, Jordan; Middleton, Richard

    2015-01-01

    In the Southwest and Southern Rocky Mountains (SWSRM), energy production, energy resource extraction, and other high volume uses depend on water supply from systems that are highly vulnerable to extreme, coupled hydro-ecosystem-climate events including prolonged drought, flooding, degrading snow cover, forest die off, and wildfire. These vulnerabilities, which increase under climate change, present a challenge for energy and resource planners in the region with the highest population growth rate in the nation. Currently, analytical tools are designed to address individual aspects of these regional energy and water vulnerabilities. Further, these tools are not linked, severely limiting the effectiveness of each individual tool. Linking established tools, which have varying degrees of spatial and temporal resolution as well as modeling objectives, and developing next-generation capabilities where needed would provide a unique and replicable platform for regional analyses of climate-water-ecosystem-energy interactions, while leveraging prior investments and current expertise (both within DOE and across other Federal agencies).

  3. V-102: SUSE update for flash-player

    Broader source: Energy.gov [DOE]

    This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  4. Evaluation of the Geotech SMART24BH 20Vpp/5Vpp data acquisition system with active fortezza crypto card data signing and authentication.

    SciTech Connect (OSTI)

    Rembold, Randy Kai; Hart, Darren M.

    2009-09-01

    Sandia National Laboratories has tested and evaluated Geotech SMART24BH borehole data acquisition system with active Fortezza crypto card data signing and authentication. The test results included in this report were in response to static and tonal-dynamic input signals. Most test methodologies used were based on IEEE Standards 1057 for Digitizing Waveform Recorders and 1241 for Analog to Digital Converters; others were designed by Sandia specifically for infrasound application evaluation and for supplementary criteria not addressed in the IEEE standards. The objective of this work was to evaluate the overall technical performance of two Geotech SMART24BH digitizers with a Fortezza PCMCIA crypto card actively implementing the signing of data packets. The results of this evaluation were compared to relevant specifications provided within manufacturer's documentation notes. The tests performed were chosen to demonstrate different performance aspects of the digitizer under test. The performance aspects tested include determining noise floor, least significant bit (LSB), dynamic range, cross-talk, relative channel-to-channel timing, time-tag accuracy/statistics/drift, analog bandwidth.

  5. A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange

    SciTech Connect (OSTI)

    Emmanuel, Bresson; Olivier, Chevassut; David, Pointcheval

    2005-10-01

    The IEEE 802 standards ease the deployment of networkinginfrastructures and enable employers to accesscorporate networks whiletraveling. These standards provide two modes of communication calledinfrastructure and ad-hoc modes. A security solution for the IEEE802.11's infrastructure mode took several years to reach maturity andfirmware are still been upgraded, yet a solution for the ad-hoc modeneeds to be specified. The present paper is a first attempt in thisdirection. It leverages the latest developments in the area ofpassword-based authentication and (group) Diffie-Hellman key exchange todevelop a provably-secure key-exchange protocol for IEEE 802.11's ad-hocmode. The protocol allows users to securely join and leave the wirelessgroup at time, accommodates either a single-shared password orpairwise-shared passwords among the group members, or at least with acentral server; achieves security against dictionary attacks in theideal-hash model (i.e. random-oracles). This is, to the best of ourknowledge, the first such protocol to appear in the cryptographicliterature.

  6. U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks

    Office of Energy Efficiency and Renewable Energy (EERE)

    Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate.

  7. U-015: CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands

    Broader source: Energy.gov [DOE]

    Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  8. Plug Detector Bypass Breaker Guard

    DOE Patents [OSTI]

    Horton, Joel Richard; Dearstone, Robert Link

    2000-01-01

    A method and apparatus wherein the apparatus is a container having an inner chamber, an inlet, an outlet, a breaker assembly having at least one blade within the inner chamber of the container and a motor for driving the blade. Material is supplied to the inner chamber of the container through the inlet of the container and the breaker assembly is operated to reduce any clumped material into unclumped material which is then dispensed from the container through the outlet of the container.

  9. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

    Broader source: Energy.gov [DOE]

    BlackBerry advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

  10. JC3 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    11, 2013 V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods...

  11. JC3 Bulletin Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    11, 2013 V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods...

  12. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    SciTech Connect (OSTI)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grasses (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.

  13. U-129: RSA enVision Bugs Permit Cross-Site Scripting, SQL Injection, and Directory Traversal Attacks

    Office of Energy Efficiency and Renewable Energy (EERE)

    Several vulnerabilities were reported in RSA enVision. A remote user can access the system. A remote authenticated user can conduct cross-site scripting attacks. A remote authenticated user can inject SQL commands. A remote authenticated user can view files on the target system.

  14. Hawaii Energy Strategy: Program guide. [Contains special sections on analytical energy forecasting, renewable energy resource assessment, demand-side energy management, energy vulnerability assessment, and energy strategy integration

    SciTech Connect (OSTI)

    Not Available

    1992-09-01

    The Hawaii Energy Strategy program, or HES, is a set of seven projects which will produce an integrated energy strategy for the State of Hawaii. It will include a comprehensive energy vulnerability assessment with recommended courses of action to decrease Hawaii's energy vulnerability and to better prepare for an effective response to any energy emergency or supply disruption. The seven projects are designed to increase understanding of Hawaii's energy situation and to produce recommendations to achieve the State energy objectives of: Dependable, efficient, and economical state-wide energy systems capable of supporting the needs of the people, and increased energy self-sufficiency. The seven projects under the Hawaii Energy Strategy program include: Project 1: Develop Analytical Energy Forecasting Model for the State of Hawaii. Project 2: Fossil Energy Review and Analysis. Project 3: Renewable Energy Resource Assessment and Development Program. Project 4: Demand-Side Management Program. Project 5: Transportation Energy Strategy. Project 6: Energy Vulnerability Assessment Report and Contingency Planning. Project 7: Energy Strategy Integration and Evaluation System.

  15. Cognitive decision errors and organization vulnerabilities in nuclear power plant safety management: Modeling using the TOGA meta-theory framework

    SciTech Connect (OSTI)

    Cappelli, M.; Gadomski, A. M.; Sepiellis, M.; Wronikowska, M. W.

    2012-07-01

    In the field of nuclear power plant (NPP) safety modeling, the perception of the role of socio-cognitive engineering (SCE) is continuously increasing. Today, the focus is especially on the identification of human and organization decisional errors caused by operators and managers under high-risk conditions, as evident by analyzing reports on nuclear incidents occurred in the past. At present, the engineering and social safety requirements need to enlarge their domain of interest in such a way to include all possible losses generating events that could be the consequences of an abnormal state of a NPP. Socio-cognitive modeling of Integrated Nuclear Safety Management (INSM) using the TOGA meta-theory has been discussed during the ICCAP 2011 Conference. In this paper, more detailed aspects of the cognitive decision-making and its possible human errors and organizational vulnerability are presented. The formal TOGA-based network model for cognitive decision-making enables to indicate and analyze nodes and arcs in which plant operators and managers errors may appear. The TOGA's multi-level IPK (Information, Preferences, Knowledge) model of abstract intelligent agents (AIAs) is applied. In the NPP context, super-safety approach is also discussed, by taking under consideration unexpected events and managing them from a systemic perspective. As the nature of human errors depends on the specific properties of the decision-maker and the decisional context of operation, a classification of decision-making using IPK is suggested. Several types of initial situations of decision-making useful for the diagnosis of NPP operators and managers errors are considered. The developed models can be used as a basis for applications to NPP educational or engineering simulators to be used for training the NPP executive staff. (authors)

  16. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grassesmore » (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.« less

  17. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... systems in hydroelectric dams; water treatment systems; electric power transmission, distribution, and generation; petroleum storage and refineries; and transportation systems. ...

  18. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... to increase power grid reliability and resilience, but also provides adversaries with the ... in industrial control systems for electricity generationtransmissiondistribution ...

  19. Sensor Authentication: Embedded Processor Code

    SciTech Connect (OSTI)

    2012-09-25

    Described is the c code running on the embedded Microchip 32bit PIC32MX575F256H located on the INL developed noise analysis circuit board. The code performs the following functions: Controls the noise analysis circuit board preamplifier voltage gains of 1, 10, 100, 000 Initializes the analog to digital conversion hardware, input channel selection, Fast Fourier Transform (FFT) function, USB communications interface, and internal memory allocations Initiates high resolution 4096 point 200 kHz data acquisition Computes complex 2048 point FFT and FFT magnitude. Services Host command set Transfers raw data to Host Transfers FFT result to host Communication error checking

  20. Sensor Authentication: Embedded Processor Code

    Energy Science and Technology Software Center (OSTI)

    2012-09-25

    Described is the c code running on the embedded Microchip 32bit PIC32MX575F256H located on the INL developed noise analysis circuit board. The code performs the following functions: Controls the noise analysis circuit board preamplifier voltage gains of 1, 10, 100, 000 Initializes the analog to digital conversion hardware, input channel selection, Fast Fourier Transform (FFT) function, USB communications interface, and internal memory allocations Initiates high resolution 4096 point 200 kHz data acquisition Computes complex 2048more » point FFT and FFT magnitude. Services Host command set Transfers raw data to Host Transfers FFT result to host Communication error checking« less

  1. Approach for assessing coastal vulnerability to oil spills for prevention and readiness using GIS and the Blowout and Spill Occurrence Model

    SciTech Connect (OSTI)

    Nelson, J. R.; Grubesic, T. H.; Sim, L.; Rose, K.; Graham, J.

    2015-08-01

    Increasing interest in offshore hydrocarbon exploration has pushed the operational fronts associated with exploration efforts further offshore into deeper waters and more uncertain subsurface settings. This has become particularly common in the U.S. Gulf of Mexico. In this study we develop a spatial vulnerability approach and example assessment to support future spill prevention and improve future response readiness. This effort, which is part of a larger integrated assessment modeling spill prevention effort, incorporated economic and environmental data, and utilized a novel new oil spill simulation model from the U.S. Department of Energy’s National Energy Technology Laboratory, the Blowout and Spill Occurrence Model (BLOSOM). Specifically, this study demonstrated a novel approach to evaluate potential impacts of hypothetical spill simulations at varying depths and locations in the northern Gulf of Mexico. The simulations are analyzed to assess spatial and temporal trends associated with the oil spill. The approach itself demonstrates how these data, tools and techniques can be used to evaluate potential spatial vulnerability of Gulf communities for various spill scenarios. Results of the hypothetical scenarios evaluated in this study suggest that under conditions like those simulated, a strong westward push by ocean currents and tides may increase the impacts of deep water spills along the Texas coastline, amplifying the vulnerability of communities on the local barrier islands. Ultimately, this approach can be used further to assess a range of conditions and scenarios to better understand potential risks and improve informed decision making for operators, responders, and stakeholders to support spill prevention as well as response readiness.

  2. Approach for assessing coastal vulnerability to oil spills for prevention and readiness using GIS and the Blowout and Spill Occurrence Model

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Nelson, J. R.; Grubesic, T. H.; Sim, L.; Rose, K.; Graham, J.

    2015-08-01

    Increasing interest in offshore hydrocarbon exploration has pushed the operational fronts associated with exploration efforts further offshore into deeper waters and more uncertain subsurface settings. This has become particularly common in the U.S. Gulf of Mexico. In this study we develop a spatial vulnerability approach and example assessment to support future spill prevention and improve future response readiness. This effort, which is part of a larger integrated assessment modeling spill prevention effort, incorporated economic and environmental data, and utilized a novel new oil spill simulation model from the U.S. Department of Energy’s National Energy Technology Laboratory, the Blowout and Spillmore » Occurrence Model (BLOSOM). Specifically, this study demonstrated a novel approach to evaluate potential impacts of hypothetical spill simulations at varying depths and locations in the northern Gulf of Mexico. The simulations are analyzed to assess spatial and temporal trends associated with the oil spill. The approach itself demonstrates how these data, tools and techniques can be used to evaluate potential spatial vulnerability of Gulf communities for various spill scenarios. Results of the hypothetical scenarios evaluated in this study suggest that under conditions like those simulated, a strong westward push by ocean currents and tides may increase the impacts of deep water spills along the Texas coastline, amplifying the vulnerability of communities on the local barrier islands. Ultimately, this approach can be used further to assess a range of conditions and scenarios to better understand potential risks and improve informed decision making for operators, responders, and stakeholders to support spill prevention as well as response readiness.« less

  3. Approach for assessing coastal vulnerability to oil spills for prevention and readiness using GIS and the Blowout and Spill Occurrence Model

    SciTech Connect (OSTI)

    Nelson, J. R.; Grubesic, T. H.; Sim, L.; Rose, K.; Graham, J.

    2015-08-01

    Increasing interest in offshore hydrocarbon exploration has pushed the operational fronts associated with exploration efforts further offshore into deeper waters and more uncertain subsurface settings. This has become particularly common in the U.S. Gulf of Mexico. In this study we develop a spatial vulnerability approach and example assessment to support future spill prevention and improve future response readiness. This effort, which is part of a larger integrated assessment modeling spill prevention effort, incorporated economic and environmental data, and utilized a novel new oil spill simulation model from the U.S. Department of Energy’s National Energy Technology Laboratory, the Blowout and Spill Occurrence Model (BLOSOM). Specifically, this study demonstrated a novel approach to evaluate potential impacts of hypothetical spill simulations at varying depths and locations in the northern Gulf of Mexico. The simulations are analyzed to assess spatial and temporal trends associated with the oil spill. The approach itself demonstrates how these data, tools and techniques can be used to evaluate potential spatial vulnerability of Gulf communities for various spill scenarios. Results of the hypothetical scenarios evaluated in this study suggest that under conditions like those simulated, a strong westward push by ocean currents and tides may increase the impacts of deep water spills along the Texas coastline, amplifying the vulnerability of communities on the local barrier islands. Ultimately, this approach can be used further to assess a range of conditions and scenarios to better understand potential risks and improve informed decision making for operators, responders, and stakeholders to support spill prevention as well as response readiness.

  4. Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 2, Working Group Assessment Team reports; Vulnerability development forms; Working group documents

    SciTech Connect (OSTI)

    Not Available

    1993-11-01

    The Secretary of Energy`s memorandum of August 19, 1993, established an initiative for a Department-wide assessment of the vulnerabilities of stored spent nuclear fuel and other reactor irradiated nuclear materials. A Project Plan to accomplish this study was issued on September 20, 1993 by US Department of Energy, Office of Environment, Health and Safety (EH) which established responsibilities for personnel essential to the study. The DOE Spent Fuel Working Group, which was formed for this purpose and produced the Project Plan, will manage the assessment and produce a report for the Secretary by November 20, 1993. This report was prepared by the Working Group Assessment Team assigned to the Hanford Site facilities. Results contained in this report will be reviewed, along with similar reports from all other selected DOE storage sites, by a working group review panel which will assemble the final summary report to the Secretary on spent nuclear fuel storage inventory and vulnerability.

  5. Replication Bypass of the trans-4-Hydroxynonenal-Derived (6S,8R,11S)-1,N[superscript 2]-Deoxyguanosine DNA Adduct by the Sulfolobus solfataricus DNA Polymerase IV

    SciTech Connect (OSTI)

    Banerjee, Surajit; Christov, Plamen P.; Kozekova, Albena; Rizzo, Carmelo J.; Egli, Martin; Stone, Michael P.

    2014-10-02

    trans-4-Hydroxynonenal (HNE) is the major peroxidation product of {omega}-6 polyunsaturated fatty acids in vivo. Michael addition of the N{sub 2}-amino group of dGuo to HNE followed by ring closure of N1 onto the aldehyde results in four diastereomeric 1,N{sub 2}-dGuo (1,N{sub 2}-HNE-dGuo) adducts. The (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct was incorporated into the 18-mer templates 5'-d(TCATXGAATCCTTCCCCC)-3' and d(TCACXGAATCCTTCCCCC)-3', where X = (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct. These differed in the identity of the template 5'-neighbor base, which was either Thy or Cyt, respectively. Each of these templates was annealed with either a 13-mer primer 5'-d(GGGGGAAGGATTC)-3' or a 14-mer primer 5'-d(GGGGGAAGGATTCC)-3'. The addition of dNTPs to the 13-mer primer allowed analysis of dNTP insertion opposite to the (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct, whereas the 14-mer primer allowed analysis of dNTP extension past a primed (6S,8R,11S)-HNE-1,N{sub 2}-dGuo:dCyd pair. The Sulfolobus solfataricus P2 DNA polymerase IV (Dpo4) belongs to the Y-family of error-prone polymerases. Replication bypass studies in vitro reveal that this polymerase inserted dNTPs opposite the (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct in a sequence-specific manner. If the template 5'-neighbor base was dCyt, the polymerase inserted primarily dGTP, whereas if the template 5'-neighbor base was dThy, the polymerase inserted primarily dATP. The latter event would predict low levels of Gua {yields} Thy mutations during replication bypass when the template 5'-neighbor base is dThy. When presented with a primed (6S,8R,11S)-HNE-1,N{sub 2}-dGuo:dCyd pair, the polymerase conducted full-length primer extension. Structures for ternary (Dpo4-DNA-dNTP) complexes with all four template-primers were obtained. For the 18-mer:13-mer template-primers in which the polymerase was confronted with the (6S,8R,11S)-HNE-1,N{sub 2}-dGuo adduct, the (6S,8R,11S)-1,N{sub 2}-dGuo lesion remained in the ring

  6. Locality-Driven Dynamic GPU Cache Bypassing

    SciTech Connect (OSTI)

    Li, Chao; Song, Shuaiwen; Dai, Hongwen; Sidelnik, A.; Hari, Siva; Zhou, Huiyang

    2015-06-07

    This paper presents novel cache optimizations for massively parallel, throughput-oriented architectures like GPUs. Based on the reuse characteristics of GPU workloads, we propose a design that integrates such efficient locality filtering capability into the decoupled tag store of the existing L1 D-cache through simple and cost-effective hardware extensions.

  7. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  8. T-593: Microsoft Internet Explorer unspecified code execution

    Broader source: Energy.gov [DOE]

    Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process.

  9. Plutonium working group report on environmental, safety and health vulnerabilities associated with the department`s plutonium storage. Volume II, Appendix B, Part 9: Oak Ridge site site team report

    SciTech Connect (OSTI)

    1994-09-01

    This report provides the input to and results of the Department of Energy (DOE) - Oak Ridge Operations (ORO) DOE Plutonium Environment, Safety and Health (ES & H) Vulnerability Assessment (VA) self-assessment performed by the Site Assessment Team (SAT) for the Oak Ridge National Laboratory (ORNL or X-10) and the Oak Ridge Y-12 Plant (Y-12) sites that are managed by Martin Marietta Energy Systems, Inc. (MMES). As initiated (March 15, 1994) by the Secretary of Energy, the objective of the VA is to identify and rank-order DOE-ES&H vulnerabilities associated for the purpose of decision making on the interim safe management and ultimate disposition of fissile materials. This assessment is directed at plutonium and other co-located transuranics in various forms.

  10. V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code | Department of Energy 6: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code January 24, 2013 - 6:00am Addthis PROBLEM: Several vulnerabilities were reported in

  11. FUEL CASK IMPACT LIMITER VULNERABILITIES

    SciTech Connect (OSTI)

    Leduc, D; Jeffery England, J; Roy Rothermel, R

    2009-02-09

    Cylindrical fuel casks often have impact limiters surrounding just the ends of the cask shaft in a typical 'dumbbell' arrangement. The primary purpose of these impact limiters is to absorb energy to reduce loads on the cask structure during impacts associated with a severe accident. Impact limiters are also credited in many packages with protecting closure seals and maintaining lower peak temperatures during fire events. For this credit to be taken in safety analyses, the impact limiter attachment system must be shown to retain the impact limiter following Normal Conditions of Transport (NCT) and Hypothetical Accident Conditions (HAC) impacts. Large casks are often certified by analysis only because of the costs associated with testing. Therefore, some cask impact limiter attachment systems have not been tested in real impacts. A recent structural analysis of the T-3 Spent Fuel Containment Cask found problems with the design of the impact limiter attachment system. Assumptions in the original Safety Analysis for Packaging (SARP) concerning the loading in the attachment bolts were found to be inaccurate in certain drop orientations. This paper documents the lessons learned and their applicability to impact limiter attachment system designs.

  12. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management ...

  13. Vulnerability to closing of Hormuz

    SciTech Connect (OSTI)

    Not Available

    1984-03-07

    Tankers carrying roughly 8-million barrels per day (mmb/d) of crude oil, or some 16% of the non-communist world's oil supply, pass through the Strait of Hormuz. Experts agree that just 3-mmb/d of that could be exported through alternate routes. If the war between Iran and Iraq should result in their completely halting each other's production, this relatively limited supply curtailment would reduce world oil production by over 3.4-mmb/d. Since the two have not caused such mutual disaster during four years of war, many observers believe there has been a deliberate avoidance of the jugular squeeze. Nevertheless, the two combatants appear capable not only of cutting off their oil production, but escalating fighting to the point where Gulf traffic would be impeded. Potential results from a prolonged Iran-Iraq crisis are viewed in three scenarios. Also included in this issue are brief summaries of: (1) Mexico's new energy plan, internationalism, and OPEC; (2) update on Argentina's energy resource developments; (3) Venezuela: belt tightening; (4) Western Hemisphere oil production declines; (5) (6) days of oil supply for Canada, USA, Japan, France, Italy, and UK; and (6) US Department of Defense fuel consumption. The Energy Detente fuel price/tax series and principal industrial fuel prices are included for March for countries of the Eastern Hemisphere.

  14. User Authentication Policy | Argonne Leadership Computing Facility

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Users of the Argonne production systems are required to use a CRYPTOCard one time password... are: Something you know (for example, a password); Something you have (for example, an ID ...

  15. Transducer Signal Noise Analysis for Sensor Authentication

    SciTech Connect (OSTI)

    John M. Svoboda; Mark J. Schanfein

    2012-07-01

    The abstract is being passed through STIMS for submision to the conference. International safeguards organizations charged with promoting the peaceful use of nuclear energy employ unattended and remote monitoring systems supplemented with onsite inspections to ensure nuclear materials are not diverted for weaponization purposes. These systems are left unattended for periods of several months between inspections. During these periods physical security means are the main deterrent used to detect intentional monitoring system tampering. The information gathering components are locked in secure and sealed rooms. The sensor components (i.e. neutron and gamma detectors) are located throughout the plant in unsecure areas where sensor tampering could take place during the periods between inspections. Sensor tampering could allow the diversion of nuclear materials from the accepted and intended use to uses not consistent with the peaceful use of nuclear energy. A method and an apparatus is presented that address the detection of sensor tampering during the periods between inspections. It was developed at the Idaho National Laboratory (INL) for the Department of Energy (DOE) in support of the IAEA. The method is based on the detailed analysis of the sensor noise floor after the sensor signal is removed. The apparatus consists of a 2.1” x 2.6” electronic circuit board containing all signal conditioning and processing components and a laptop computer running an application that acquires and stores the analysis results between inspection periods. The sensors do not require any modification and are remotely located in their normal high radiation zones. The apparatus interfaces with the sensor signal conductors using a simple pass through connector at the normal sensor electronics interface package located in the already secure and sealed rooms. The apparatus does not require hardening against the effects of radiation due to its location. Presented is the apparatus design, the analysis method, and the test results as applied to tamper detection using three HE3 neutron sensors and two gamma sensors designed and built for safeguards monitoring.

  16. T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System

    Office of Energy Efficiency and Renewable Energy (EERE)

    PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions may also be affected.

  17. T-531: The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500

    Broader source: Energy.gov [DOE]

    The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.

  18. Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 3, Site team reports

    SciTech Connect (OSTI)

    Not Available

    1993-11-01

    A self assessment was conducted of those Hanford facilities that are utilized to store Reactor Irradiated Nuclear Material, (RINM). The objective of the assessment is to identify the Hanford inventories of RINM and the ES & H concerns associated with such storage. The assessment was performed as proscribed by the Project Plan issued by the DOE Spent Fuel Working Group. The Project Plan is the plan of execution intended to complete the Secretary`s request for information relevant to the inventories and vulnerabilities of DOE storage of spent nuclear fuel. The Hanford RINM inventory, the facilities involved and the nature of the fuel stored are summarized. This table succinctly reveals the variety of the Hanford facilities involved, the variety of the types of RINM involved, and the wide range of the quantities of material involved in Hanford`s RINM storage circumstances. ES & H concerns are defined as those circumstances that have the potential, now or in the future, to lead to a criticality event, to a worker radiation exposure event, to an environmental release event, or to public announcements of such circumstances and the sensationalized reporting of the inherent risks.

  19. T-657: Drupal Prepopulate- Multiple vulnerabilities

    Broader source: Energy.gov [DOE]

    The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances.

  20. V-214: Mozilla Firefox Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors....

  1. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-05-14

    The order establishes the policy, process and procedures for control of sensitive use control information in nuclear weapon data (NWD) categories Sigma 14 and Sigma 15 to ensure that dissemination of the information must be restricted to individuals with valid need to know. Supersedes DOE M 452.4-1A

  2. U-100: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  3. Introduction to SCADA Protection and Vulnerabilities

    SciTech Connect (OSTI)

    Ken Barnes; Briam Johnson; Reva Nickelson

    2004-03-01

    Even though deregulation has changed the landscape of the electric utility industry to some extent, a typical large electric utility still owns power generation facilities, power transmission and distribution lines, and substations. Transmission and distribution lines form the segments or spokes of a utility’s grid. Power flow may change through these lines, but control of the system occurs at the nodes of the grid, the generation facilities, and substations. This section discusses each of these node types in more detail as well as how each is controlled.

  4. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... Cambridge Energy Research Associates (IHS CERA 2010) similarly estimates that by 2030, ... Cambridge: Cambridge University Press. http:amap.noacia. AMS (American Meteorological ...

  5. Vulnerability and Mitigation Studies for Infrastructure

    SciTech Connect (OSTI)

    Glascoe, L; Noble, C; Morris, J

    2007-08-02

    The summary of this presentation is that: (1) We do end-to-end systems analysis for infrastructure protection; (2) LLNL brings interdisciplinary subject matter expertise to infrastructure and explosive analysis; (3) LLNL brings high-fidelity modeling capabilities to infrastructure analysis for use on high performance platforms; and (4) LLNL analysis of infrastructure provides information that customers and stakeholders act on.

  6. Protection of Use Control Vulnerabilities and Design

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-03-11

    This manual establishes a general process and provides direction for controlling access to and disseminating Sigma 14 and 15 nuclear weapon data (NWD) at the Department of Energy (DOE). It supplements DOE O 452.4A, Security and Control of Nuclear Explosives and Nuclear Weapons, dated 12-17-01, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and nuclear weapons. Cancels DOE M 452.4-1. Canceled by DOE O 452.7, 5-14-2010

  7. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-07-01

    This Manual establishes a general process and provides direction for controlling access and dissemination of Sigma 14 and 15 Weapon Data at the Department of Energy (DOE). It supplements DOE O 452.4, SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND NUCLEAR WEAPONS, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and U.S. nuclear weapons. Canceled by DOE M 452.4-1A. Does not cancel other directives.

  8. Energy Department Issues Tribal Energy System Vulnerabilities...

    Broader source: Energy.gov (indexed) [DOE]

    202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy issued a report today showing that threats to tribal energy infrastructure are expected to increase as climate change ...

  9. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June ...

  10. Introduction to SCADA Protection and Vulnerabilities (Technical...

    Office of Scientific and Technical Information (OSTI)

    large electric utility still owns power generation facilities, power transmission and ... of the system occurs at the nodes of the grid, the generation facilities, and substations. ...

  11. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    This is because of the region's unique topographic, oceanographic, geologic, and demographic factors. In addition, hurricanes become more dangerous as they increase their...

  12. EIS-0352: U.S. 93 Hoover Dam Bypass Project

    Broader source: Energy.gov [DOE]

    The Western Area Power Administration (WAPA) served as a cooperating agency for this Federal Highway Administration Environmental Impact Statement (EIS) due to WAPA’s role in the relocation of several transmission lines. The Federal Highway Administration (FHWA) prepared an Environmental Impact Statement (EIS) for construction of a new segment of U.S. Highway 93 for the purpose of improving congestion and hazardous vehicle/pedestrian conflicts where the highway crosses the Colorado River over Hoover Dam. As a cooperating agency for the EIS, WAPA proposed modifications to its transmission system and facilities to accommodate the construction of the new highway and bridge spanning the Colorado River.

  13. Thermal Bypass Air Barriers in the 2009 International Energy...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    have been mandated to include this vitally important energy efficiency measure. ... Homes Case Study: Ravenwood Homes and Energy Smart Home Plans, Inc., Cape Coral, Florida ...

  14. DEVELOPMENT OF BYPASSED OIL RESERVES USING BEHIND CASING RESISTIVITY MEASUREMENTS

    SciTech Connect (OSTI)

    Michael G. Conner; Jeffrey A. Blesener

    2005-02-07

    Tubing and rods of the S.P. Pedro-Nepple No.1 well were pulled and the well was prepared for running of Schlumberger's Cased Hole Formation Resistivity Tool (CHFR) in selected intervals. The CHFR tool was successfully run and data was captured. The CHFR formation resistivity readings were compared to original open hole resistivity measurements. Separation between the original and CHFR resistivity curves indicate both swept and un-swept sand intervals. Both watered out sand intervals and those with higher remaining oil saturation have been identified. Due to the nature of these turbidite sands being stratigraphically continuous, both the swept and unswept layers have been correlated across to one of the four nearby offset shallow wells. As a result of the cased hole logging, one well was selected for a workover to recomplete high oil saturated shallow sand intervals. During the second report period, well S.P. Pedro-Nepple No.2 was plugged back with cement excluding the previously existing production interval, squeeze cemented behind casing, selectively perforated in the shallower ''Bell'' zone and placed on production to develop potential new oil reserves and increase overall well productivity. Prior workover production averaged 3.0 BOPD for the previous six-months. Post workover well production was marginally increased to 3.7 BOPD on average for the following six months.

  15. Development of Bypassed Oil Reserves Using Behind Casing Resistivity Measurements

    SciTech Connect (OSTI)

    Michael G. Conner

    2004-02-14

    Tubing and rods of the S.P. Pedro-Nepple No.1 well were pulled and the well was prepared for running of Schlumberger's Cased Hole Formation Resistivity Tool (CHFR) in selected intervals. The CHFR tool was successfully run and data was captured. The CHFR formation resistivity readings were compared to original open hole resistivity measurements. Separation between the original and CHFR resistivity curves indicate both swept and un-swept sand intervals. Both watered out sand intervals and those with higher remaining oil saturation have been identified. Due to the nature of these turbidite sands being stratigraphically continuous, both the swept and unswept layers have been correlated across to one of the four nearby offset shallow wells. As a result of the cased hole logging, one well was selected for a workover to recomplete and test suspected oil saturated shallow sand intervals. Well S.P. Pedro-Nepple No.2 was plugged back with cement excluding the previously existing production interval, squeeze cemented behind casing, selectively perforated in the shallower ''Bell'' zone and placed on production to develop potential new oil reserves and increase overall well productivity. Prior workover production averaged 3.0 BOPD for the previous six-months from the original ''Meyer'' completion interval. Post workover well production was increased to 5.3 BOPD on average for the following fifteen months. In December 2005, a bridge plug was installed above the ''Bell'' zone to test the ''Foix'' zone. Another cement squeeze was performed behind casing, selectively perforated in the shallower ''Foix'' zone and placed on production. The ''Foix'' test has produced water and a trace of oil for two months.

  16. DEVELOPMENT OF BYPASSED OIL RESERVES USING BEHIND CASING RESISTIVITY MEASUREMENTS

    SciTech Connect (OSTI)

    Michael G. Conner; Jeffrey A. Blesener

    2006-04-02

    Tubing and rods of the S.P. Pedro-Nepple No.1 well were pulled and the well was prepared for running of Schlumberger's Cased Hole Formation Resistivity Tool (CHFR) in selected intervals. The CHFR tool was successfully run and data was captured. The CHFR formation resistivity readings were compared to original open hole resistivity measurements. Separation between the original and CHFR resistivity curves indicate both swept and un-swept sand intervals. Both watered out sand intervals and those with higher remaining oil saturation have been identified. Due to the nature of these turbidite sands being stratigraphically continuous, both the swept and unswept layers have been correlated across to one of the four nearby offset shallow wells. As a result of the cased hole logging, one well was selected for a workover to recomplete and test suspected oil saturated shallow sand intervals. Well S.P. Pedro-Nepple No.2 was plugged back with cement excluding the previously existing production interval, squeeze cemented behind casing, selectively perforated in the shallower ''Bell'' zone and placed on production to develop potential new oil reserves and increase overall well productivity. Prior workover production averaged 3.0 BOPD for the previous six-months from the original ''Meyer'' completion interval. Post workover well production was increased to 5.3 BOPD on average for the following fifteen months. In December 2005, a bridge plug was installed above the ''Bell'' zone to test the ''Foix'' zone. Another cement squeeze was performed behind casing, selectively perforated in the shallower ''Foix'' zone and placed on production. The ''Foix'' test has produced water and a trace of oil for two months.

  17. Exhaust bypass flow control for exhaust heat recovery

    DOE Patents [OSTI]

    Reynolds, Michael G.

    2015-09-22

    An exhaust system for an engine comprises an exhaust heat recovery apparatus configured to receive exhaust gas from the engine and comprises a first flow passage in fluid communication with the exhaust gas and a second flow passage in fluid communication with the exhaust gas. A heat exchanger/energy recovery unit is disposed in the second flow passage and has a working fluid circulating therethrough for exchange of heat from the exhaust gas to the working fluid. A control valve is disposed downstream of the first and the second flow passages in a low temperature region of the exhaust heat recovery apparatus to direct exhaust gas through the first flow passage or the second flow passage.

  18. Stage 3 bucket shank bypass holes and related method

    DOE Patents [OSTI]

    Leone, Sal Albert; Eldrid, Sacheverel Quentin; Lupe, Douglas Arthur

    2002-01-01

    In a multi-stage turbine wherein at least one turbine wheel supports a row of buckets for rotation, and wherein the turbine wheel is located axially between first and second annular fixed arrays of nozzles, a cooling air circuit for purging a wheelspace between the turbine wheel and the second fixed annular array of nozzles comprising a flowpath through a shank portion of one or more buckets connecting a wheelspace between the turbine wheel and the first fixed annular array of nozzles with the wheelspace between the turbine wheel and the second fixed annular array of nozzles.

  19. STEM Mentoring Café- Engaging Young Women in an Authentic Mentoring...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    role in choosing a career path. In addition, the more students identify with same-sex experts the more likely they will be to pursue a STEM career. So not only did the STEM...

  20. Instructions for using HSPD-12 Authenticated Outlook Web Access...

    Broader source: Energy.gov (indexed) [DOE]

    Provides instructions for remote Outlook access using HSPD-12 Badge. HSPD-12 Badge Instructions (388.34 KB) More Documents & Publications User Guide for Remote Access to VDI...