Sharif Digital Repository

Nowadays large volume of sensitive data of organizations are stored in the databases. Thus, databases are attractive to the attackers to execute different types of attacks with different purposes. The useful information that attackers try to achieve in the preliminary steps of the attacks against the databases, is the database structure or schema. One of the popular approach to extract the schema of a database is to analyze the returned error messages from its DBMS. Hence, a solution to prevent schema disclosure via the error messages is customizing and modifying them. To achieve this goal, in this thesis, we propose a framework to handle and customize the error messages automatically and... 

Cloud computing is a new computing environment where computing infrastructure, platform and software are provided as a service. Rapid growth of cloud environments has increased the importance of security requirements and challenges for both service providers and users in cloud. Two main security issues in software as a service (SaaS) delivery model are access control and privacy preserving in basic web services and also in composite services obtaining through the automatic composition and inference of policies from the ones specified for basic services. In this thesis, we present a privacy preserving access control model and framework for service composition in SaaS delivery model of cloud... 

Protecting sensitive data stored in database systems, especially in outsourced ones, has become a major concern in many organizations. One of the main possible solutions is to encrypt data before storing them on databases. Bucket-based encryption is among different approaches proposed to accomplish this goal which besides its various benefits, suffers from generating false-positive results. Multi-join queries are one of the most important operations in database systems and their usage grows rapidly in comparison to other types of queries by increasing the size of stored information. While using the decision support systems and data mining solutions are growing continuously, executing... 

An important class of applications which have been rapidly growing recently is the one that create and use time series data. These types of data sets are ordered based on the timestamps associated to their data items. In practice, traditional relational databases are unable to satisfy the requirements of these data sets; however, NoSQL databases with column-wide data structure are appropriate infrastructure for them. These databases are very efficient in read and write operations (especially for time series data, which are ordered) and are able to store unstructured data. Time series data may contain valuable and sensitive information; hence, they should be protected from the information... 

The rapid growth of Android operating system alongside its open-source nature has made it as the most popular operating system of mobile devices. On the other hand, regarding the increasing computational power of mobile devices, a wide variety of applications are coming to this type of devices. Meanwhile unfortunately many malicious softwares trying to keep up with other applications, are targeting this popular operating system. Therefore with regard to the fact that this type of devices usually store private and sensitive information of their users, security of mobile operating systems is considered very important. Having this matter in mind, the goal of this research work has been... 

SQL injection is one of the most important security threats in web applications with backend SQLbased database. An attacker can abuse an application’s vulnerability to change the queries sent from the application to the database. Many techniques and frameworks have been proposed for detecting and preventing SQL injection. But most of them cannot detect all types of SQL injection such as second-order attacks. In this thesis, we propose a new method to detect and prevent all types of this attack. The proposed method is a kind of anomaly-based intrusion detection methods and could be considered as a proxy between the application server and the database server. The proposed method, can detect... 

In recent years, the increase in the pace of data generation and costs of maintaining personal servers resulted in the demands for cloud-based services. Map-Reduce model is a programming model for parallel computations in distributed environments such as public clouds. While this model facilitates the process of big data for customers, there are concerns that the integrity of computation is violated since cloud owners are motivated to reduce the costs. To solve this problem, different approaches are proposed in four general categories which there are constraints and flaws in each of them. These four categories are such as based on replication, watermarking, report analysis and based on... 

Due to increasing web-based attacks against web applications and inefficiency of intrusion detection and prevention systems for detecting and preventing web attacks in the application layer, web application firewalls (WAF) developed to deal with this problem. There are most common attacks affecting today’s web applications like SQL Injection (SQLi), Cross-Site Scripting (XSS) and Logical attacks. The Logical attack focuses on the abuse or exploitation of a web application’s logic flow, and unlike SQLi and XSS, it depends on the web application functionality. Nowadays, there are a lot of methods for designing a WAF which are divided into two categories: Signature-based and Anomaly-based... 

Advanced Persistent Threats (APTs) by multi step , low-level and sometimes slowmoving behaviors try to hiding malicious behaviors. These attacks are complex, costly and the attacker violates the security policy explicitly or implicitly by distributing his or her behavior to multi agents and infiltrate trusted subjects. One of the challenges is the discovery of these attacks in the early stages of the attack and before the complete violation of confidentiality. the lack of deep intercepting of events, content with intrusion detection systems warnings, the lack of simultaneous tracking of host and network-level events and the lack of real-time processing is limitations of existing detection... 

One of the applications of Internet of things (IoT) is its usage in the eHealth area. Various types of sensors (e.g., sensor to measure heart health, blood sugar levels, and respiratory) exist that not only provide required information for patients, but also send the health information to hospital staff through the network. Leveraging this technology in various intensive care units of hospital facilitate nurses and medical staff in monitoring of patients. However, moving towards these environments leads to new security challenges. One of the most important challenges is controlling access to sensors’ data and preserving patients privacy so that doctor and nurses should access patients’... 

Advanced Persistent Threats (APTs), use hybrid, slow, and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to make detection difficult for such detection systems. In addition, these attacks use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this... 

The emergence of semantic technology and its usage in different computational environments (especially the distributive environments) has increased the machine intelligence for more interoperability.This has resulted an abstraction (conceptual) layer above existing information and resources in these environments. Based on the unique characteristics of the semantic-aware environments, most of the proposed models for other environments are not applicable to this area, as they do not meet the security requirements of these environments. MA(DL)2-AM and SBAC are among the models that have satisfied a large portion of these requirements. Although documents are important assets of organizations... 

Privacy preserving data mining helps organizations and companies not only to deal with privacy concerns of customers and regular limitations, but also to benefit from collaborative data mining. Utilizing cryptographic techniques and secure multiparty computation (SMC) are among widely employed approaches for preserving privacy in distributed data mining. The general purpose of secure multiparty computation protocols to compute specific functions on private inputs of parties in a collaborative manner and without revealing their private inputs. Providing rigorous security proof of secure multiparty computation makes it a good choice for privacy preservation, despite of its cryptographic... 

The expansion of technology and the increasing use of mobile devices and smartphones have aected various aspects of personal and social life. These include the use of personal mobile devices in enterprise environments called BYODs have a number of positive and negative eects. On the one hand, it would be more cost-eective for an organization or business environment for users to use their own devices, but on the other hand, it poses numerous security and information challenges that are important to manage. These include disrupting the user’s privacy or disseminating organization information to personal devices and thus violating the organization’s security policies. In this study, a model is... 

Today, smart devices have become an integral part of everyday life. The Android operating system is also the most popular operating system of these devices, and as a result, various malwares are produced and distributed for this operating system every day. This makes it especially important to investigate these malwares. This includes finding people involved in the development and distribution of malware, as well as discovering other malwares created by them. Discovering other involved entities, such as social media accounts, websites, Android store accounts, and taking steps to prevent malware from being distributed by them is another aspect of this story. In order to deal with organized... 

Developing an android application from scratch is a time-consuming and expensive process, but modifying an existing and similar application is much easier. Modifying an android application, which is called repackaging, is done for different purposes. Cracking non-free android applications, modifying advertising libraries code, adding malicious payload to benign ones and redistributing known malwares are some of the important purposes. Existing methods for confronting android application repackaging can be divided into three categories: 1) based on comparing with the original application, 2) based on changing the original application, 3) based on changing the android platform. Methods in the... 

Smart grids are the new generation of power grids that combine the power distribution grid with the communications network. The purpose of these networks is to create a secure, two-way infrastructure for the transmission of power and information. The complex structure of smart grids, along with the inherent vulnerabilities of physical systems, old devices and protocols on the network and the need for backward compatibility, have created serious cyber risks to critical assets and infrastructures. The difference between these types of networks and conventional computer networks has made the security mechanisms developed in conventional computer networks not very suitable for these types of... 

The long-term Attacks are some special multi-level attacks which remain inside of systems for a long time to finally perform the damage. One of the most famous kinds of these attacks is Advanced Persistent Threats. These kinds of attack are low-level, distributed inside of the network and their goal is stealing information or corrupting a process in the organization. Banks are one of the most vulnerable organizations which have suffered from these attacks, so the main purpose of this research is detecting them and give warning to the security admin. The goal of financial APTs is stealing money and to achieve that, they have to create some transactions and send them to the core banking. We... 

In recent years, one of the research interests is ensuring the integrity of computations done on data received from multiple data sources. Limited research has been done to ensure the integrity of computations that the output depends on data generated by different data sources. However, there are many solutions for systems that the input data is generated by a single data source. In this thesis, ensuring the integrity of multi-source aggregate functions and general functions are investigated in an untrusted server. To verify the integrity of aggregate functions, first of all, we present a construction for verifying the results of linear functions using the RSA signature. It should be noted... 

With the increasing use of mobile smartphones, securing the information and protecting the mobile users’ privacy is one of the important subjects in this context. Android, as one of the most popular operating systems for smartphones, uses strategies to provide system security and user privacy; one of these strategies is permission system. Applications should get permissions from users to access their sensitive data. Most related researches and the android itself, focuses on granting or revoking permissions to the program in a way that it doesn’t misuse the user’s sensitive data, but most of the time, the purpose of accessing data is not obvious and the user doesn’t have enough knowledge...