Sharif Digital Repository

Security measurement models (SMMs) and their corresponding derived metrics form the main pillars of a systematic security measurement. Providing a desirable SMM is very challenging and has been investigated over the past two decades, so that numerous SMMs have been proposed and several surveys on SMMs have been performed. However, to the best of our knowledge, neither a systematic taxonomy nor a comprehensive comparison has yet been proposed for SMMs. This paper focuses on the comprehensive comparison of SMMs relying on a feature-based approach. The plurality and diversity of the compared SMMs enable us to deduce all the open issues. © 2021 Taylor & Francis Group, LLC  

Nowadays, security evaluation of software is a substantial matter in software world. Security level of software will be determined by wealth of data and operation which it provides for us. The security level is usually evaluated by a third party, named Software Security Certification Issuance Centers. It is important for software security evaluators to perform a sound and complete evaluation, which is a complicated process considering the increasing number of emerging threats. In this paper we propose a Threatened-based Software Security Evaluation method to improve the security evaluation process of software. In this method, we focus on existing threatened entities of software which in turn... 

The decentralized security management in a pervasive computing environment' requires apportioning the environment into several security domains. In each security domain' an administrator (we call it authority) is responsible for specifying the security policies of the domain. Overlapping of security domains results in the requirement of cooperative security management in the shared/ overlapping domains. To satisfy this requirement' we propose an abstract security model' as well as its supplementary calculus of composite authorities. The security model is based on deontic logic and is independent of the domains' heterogeneity. The model's policy language (we call it MASL) enables multiple... 

As a problem, generally, energy security components do not interfere with the calculation of the optimal energy supply situation. Energy security indices so-called ‘passive indices’ cannot illustrate comprehensive optimal situation. In this paper, we are looking to find a solution to make a framework of the impact of energy security on energy supply in order to obtain comprehensive analysis of the economic optimal point. Method is based on the competition of energy costs to meet demand during the study period. Threats that have been addressed in the energy security are seen as risky and stochastic parameters in the model. The nature of these parameters is of uncertainty type, therefore,... 

Rules are used as a way of managing and configuring firewalls to fulfill security requirements in most cases. Managers have to specify their organizational security policies using low level and order-dependent rules. Furthermore, dependency of firewalls to the network topology, frequent changes in network topology (specially in dynamic networks), and lack of a method for analysis and verification of specified security policy may reduce to inconsistencies and security holes. Existence of a higher level environment for security policy specification can rectify part of the problems. In this paper we present a language for high level and formal specification of security policy in firewalls.... 

This paper suggests a model and a definition for forward-secure authenticated key exchange (AKE) protocols, which can be satisfied without depending on the Diffie–Hellman assumption. The basic idea is to use keyevolving schemes (KES), where the long-term keys of the system get updated regularly and irreversibly. Protocols conforming to our model can be highly efficient, since they do not require the resource-intensive modular exponentiations of the Diffie–Hellman protocol. We also introduce a protocol, called FORSAKES, and prove rigorously that it is a forward-secure AKE protocol in our model. FORSAKES is a very efficient protocol, and can be implemented by merely using hash functions  

Many applications, such as e-passport, e-health, credit cards, and personal devices that utilize Radio frequency Identification (RFID) devices for authentication require strict security and privacy. However, RFID tags suffer from some inherent weaknesses due to restricted hardware capabilities and are vulnerable to eavesdropping, interception, or modification. The synchronization and untraceability characteristics are the major determinants of RFID authentication protocols. They are strongly related to privacy of tags and availability, respectively. In this paper, we analyze a new lightweight RFID authentication protocol, Song and Mitchell, in terms of privacy and security. We prove that not... 

An adjustable join (AdjoinAdjoin) scheme [4] is a symmetric-key primitive that enables a user to securely outsource his database to a server, and later to issue join queries for a pair of columns. When queries are extended to a list of columns, the 3Partition3Partition security of Adjoin schemes [8] does not capture the expected security. To address this deficiency, we introduce the syntax and security notion of multi-adjustable join (M-AdjoinM-Adjoin) schemes. We propose a new security notion for this purpose, which we refer to as M3PartitionM3Partition. The 3Partition3Partition security of AdjoinAdjoin extends to the M3PartitionM3Partition security of M-AdjoinM-Adjoin in a straightforward... 

Security measurement models (SMMs) and quantitative security metrics (QSMs) are crucial pillars of systematic security measurement. How to design the enhanced SMMs and effective QSMs has been seriously considered in recent years. However, to the best of our knowledge, a desirable SMM has not yet been provided to measure the security effectiveness of a national-level network (NLN) due to its specific attributes. NLN has three main attributes, including plurality and diversity of network components, continuous changes, and simultaneous functionalities. These attributes cause three major challenges to designing a desirable SMM for NLN, including complexity, dynamic measurement, and... 

In this paper, we consider to seek vulnerabilities and we conduct possible attacks on the crucial and essential parts of Android OSs architecture including the framework and the Android kernel layers. As a regard, we explain the Binder component of Android OS from security point of view. Then, we demonstrate how to penetrate into the Binder and control data exchange mechanism in Android OS by proposing a kernel level attack model based on the hooking method. As a result, by implementing the attack model, it is illustrated that the Android processes are detectable and the data can be extracted from any process and system calls. © 2016 IEEE  

Security techniques have been designed to obtain certain objectives. One of the most important objectives all security mechanisms try to achieve is the availability, which insures that network services are available to various entities in the network when required. But there has not been any certain parameter to measure this objective in network. In this paper we consider availability as a security parameter in ad-hoc networks. However this parameter can be used in other networks as well. We also present the connectivity coefficient of nodes in a network which shows how important is a node in a network and how much damage is caused if a certain node is compromised  

[No abstract available]  

In this paper we introduce two innovative image and video watermarking algorithms. The paper's main emphasis is on the use of chaotic maps to boost the algorithms' security and resistance against attacks. By encrypting the watermark information in a one dimensional chaotic map, we make the extraction of watermark for potential attackers very hard. In another approach, we select embedding positions by a two dimensional chaotic map which enables us to satisfactorily distribute watermark information throughout the host signal. This prevents concentration of watermark data in a corner of the host signal which effectively saves it from being a target for attacks that include cropping of the... 

The decentralized approach to security administration in new computing environments (e.g., pervasive computing and mobile environments) is based on apportioning the environment into multiple security domains. The security policies of each security domain are specified by an authority and enforced by a security agent. The requirements of cooperative administration in such Multi-Security-Domain (MSD) environments, for shared or subdomains, induced us to propose an MSD cooperation framework within a logical security policy language (called MASL) in this paper. MASL is a variation of deontic logic that enables multiple authorities to specify their domain policies, including obligations and... 

Security in mobile handsets of telecommunication standards such as GSM, Project 25 and TETRA is very important, especially when governments and military forces use handsets and telecommunication devices. Although telecommunication could be quite secure by using encryption, coding, tunneling and exclusive channel, attackers create new ways to bypass them without the knowledge of the legitimate user. In this paper we introduce a new, simple and economical circuit to warn the user in cases where the message is not encrypted because of manipulation by attackers or accidental damage. This circuit not only consumes very low power but also is created to sustain telecommunication devices in aspect... 

Designing an efficient and secure electronic voting (e-voting) protocol without the presence of trusted authorities, known as decentralized voting protocols, is one of the most interesting and challenging problems in cryptography. In these protocols the outcome of the protocol is computed by voters collaborating with each other. We provide a rigorous proof of security of a decentralized e-voting protocol proposed by Khader et al. in the Universal Composability (UC) Framework. This protocol is the state-of-the-art decentralized e-voting protocol in terms of efficiency and security, whose security has only been justified against a set of desired properties required in e-voting protocols. For... 

The applications of available transfer capability (ATC) have received considerable attention in restructured power systems. System operators calculate and post ATC values for different time intervals considering power system operation issues, including security issues. On the other hand, competitive electricity market has added economic issues to transmission services such that they could have different price, type (recallable/non-recallable) and curtailment cost. The inclusion of economic issues in ATC calculation to obtain NATC and RATC has not been sufficiently addressed yet. This paper presents a method to calculate ATC on a weekly base in restructured power systems which incorporates... 

Spreading networks and increasing their complexity has complicated the task of security analysis. Accordingly, automatic verification approaches have received more attention recently. In this paper, we modeled a network including a set of hosts (clients and servers) using the process algebra CSP in order to verify the Transmission Control Protocol (TCP) behavior against an active intruder. The model is verified using the FDR tool and as a result, some attack scenarios violating the security are found. The scenarios showes how an intruder can compromise the server trust to its clients. As the model is modular, extendable, and scalable, more complex attack scenarios (combination of simple... 

In this paper, we present design and implementation of TCvisor, a new trusted hypervisor. To this end, TCvisor provides a secure storage with different isolated view per user by using para-passthrough and combined key. In this regard, virtualization technology of processors has been used for complete isolation from operating system. By combining TPM base key, user's password and geo function key, TCvisor provides a secure storage in an environment with split data. We have applied feature wise security analysis TCvisor's secure storage from software system layers point then we have compared performance of TCvisor to selected candidates of existing layers