Sharif Digital Repository

The ever-increasing volume of data and the lack of computational and storage facilities have caused a managerial challenge to organizations. The existence of these challenges on the one hand and the increase of storage services on the other hand have compelled the organizations to delegate their storage and management of data to the server providers of cloud storage services. The outsourcing of data to servers obviates the need for purchasing exorbitant storage equipment and recruiting professional workforce in the organization. Since the organization’s data will be kept outside the organization’s ambience in case of using such services in form of outsourcing, and the data will not be under... 

Using database encryption to protect data in some situations where access control is not soleley enough is inevitable. Database encryption provides an additional layer of protecton to conventional access control techniques. It prevents unauthorized users, including intruders breaking into a network, from viewing the sensitive data. As a result data remains protected even in the event that database is successfully attacked or stolen. However, encryption and decryption of data result in database performance degradation. In the situation where all the information is stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an... 

Nowadays large volume of sensitive data of organizations are stored in the databases. Thus, databases are attractive to the attackers to execute different types of attacks with different purposes. The useful information that attackers try to achieve in the preliminary steps of the attacks against the databases, is the database structure or schema. One of the popular approach to extract the schema of a database is to analyze the returned error messages from its DBMS. Hence, a solution to prevent schema disclosure via the error messages is customizing and modifying them. To achieve this goal, in this thesis, we propose a framework to handle and customize the error messages automatically and... 

When organizations prefer to outsource their data, security protection of data will be more important. Using cryptography in addition to access control techniques is a natural way for saving confidentiality of data against untrusted server. However, encryption and decryption of data result in database performance degradation. In such a situation all the information stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an unwilling tradeoff between the security and performance is normally forced. The appropriate approaches to increase the performance are methods to deal directly with the encrypted data without firstly... 

Data outsourcing provides cost-saving and availability guarantees. However, privacy and confidentiality issues, disappoint owners from outsourcing their data. Although solutions such as CryptDB and SDB tried to provide secure and practical systems, their enforced limitations, made them useless in practice. Inability in search on encrypted data, is one of the most important existing challenges in such systems. Furthermore, the overhead of mechanisms such as FHEs, removes them from considering for any practical system. Indeed, special purpose encryptions would be the only usable mechanisms for such purposes. However, their limited functionality does not support some important required... 

SQL injection is one of the most important security threats in web applications with backend SQLbased database. An attacker can abuse an application’s vulnerability to change the queries sent from the application to the database. Many techniques and frameworks have been proposed for detecting and preventing SQL injection. But most of them cannot detect all types of SQL injection such as second-order attacks. In this thesis, we propose a new method to detect and prevent all types of this attack. The proposed method is a kind of anomaly-based intrusion detection methods and could be considered as a proxy between the application server and the database server. The proposed method, can detect...