Sharif Digital Repository

The expansion of technology and the increasing use of mobile devices and smartphones have aected various aspects of personal and social life. These include the use of personal mobile devices in enterprise environments called BYODs have a number of positive and negative eects. On the one hand, it would be more cost-eective for an organization or business environment for users to use their own devices, but on the other hand, it poses numerous security and information challenges that are important to manage. These include disrupting the user’s privacy or disseminating organization information to personal devices and thus violating the organization’s security policies. In this study, a model is... 

One of the applications of Internet of things (IoT) is its usage in the eHealth area. Various types of sensors (e.g., sensor to measure heart health, blood sugar levels, and respiratory) exist that not only provide required information for patients, but also send the health information to hospital staff through the network. Leveraging this technology in various intensive care units of hospital facilitate nurses and medical staff in monitoring of patients. However, moving towards these environments leads to new security challenges. One of the most important challenges is controlling access to sensors’ data and preserving patients privacy so that doctor and nurses should access patients’... 

An important class of applications which have been rapidly growing recently is the one that create and use time series data. These types of data sets are ordered based on the timestamps associated to their data items. In practice, traditional relational databases are unable to satisfy the requirements of these data sets; however, NoSQL databases with column-wide data structure are appropriate infrastructure for them. These databases are very efficient in read and write operations (especially for time series data, which are ordered) and are able to store unstructured data. Time series data may contain valuable and sensitive information; hence, they should be protected from the information... 

Nowadays large volume of sensitive data of organizations are stored in the databases. Thus, databases are attractive to the attackers to execute different types of attacks with different purposes. The useful information that attackers try to achieve in the preliminary steps of the attacks against the databases, is the database structure or schema. One of the popular approach to extract the schema of a database is to analyze the returned error messages from its DBMS. Hence, a solution to prevent schema disclosure via the error messages is customizing and modifying them. To achieve this goal, in this thesis, we propose a framework to handle and customize the error messages automatically and... 

Attacks on Android devices often take the form of repackaging. Attackers change a well-known app that has been downloaded from the app store, reverse engineer it, add some malicious payloads, and then upload the modified app to the app store. Because it is difficult for users to distinguish between the changed app and the original app, users can be easily duped. The malicious code inside the modified apps can launch attacks after they are installed, typically in the background. There are so many repackage detection method proposed during last years of researches in this area. developing an approach to detect android repackaged application should contains two main goal, speed and accuracy of... 

Privacy preserving data mining helps organizations and companies not only to deal with privacy concerns of customers and regular limitations, but also to benefit from collaborative data mining. Utilizing cryptographic techniques and secure multiparty computation (SMC) are among widely employed approaches for preserving privacy in distributed data mining. The general purpose of secure multiparty computation protocols to compute specific functions on private inputs of parties in a collaborative manner and without revealing their private inputs. Providing rigorous security proof of secure multiparty computation makes it a good choice for privacy preservation, despite of its cryptographic... 

Advanced Persistent Threats (APTs), use hybrid, slow, and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to make detection difficult for such detection systems. In addition, these attacks use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this... 

The long-term Attacks are some special multi-level attacks which remain inside of systems for a long time to finally perform the damage. One of the most famous kinds of these attacks is Advanced Persistent Threats. These kinds of attack are low-level, distributed inside of the network and their goal is stealing information or corrupting a process in the organization. Banks are one of the most vulnerable organizations which have suffered from these attacks, so the main purpose of this research is detecting them and give warning to the security admin. The goal of financial APTs is stealing money and to achieve that, they have to create some transactions and send them to the core banking. We... 

The emergence of semantic technology and its usage in different computational environments (especially the distributive environments) has increased the machine intelligence for more interoperability.This has resulted an abstraction (conceptual) layer above existing information and resources in these environments. Based on the unique characteristics of the semantic-aware environments, most of the proposed models for other environments are not applicable to this area, as they do not meet the security requirements of these environments. MA(DL)2-AM and SBAC are among the models that have satisfied a large portion of these requirements. Although documents are important assets of organizations... 

Today, smart devices have become an integral part of everyday life. The Android operating system is also the most popular operating system of these devices, and as a result, various malwares are produced and distributed for this operating system every day. This makes it especially important to investigate these malwares. This includes finding people involved in the development and distribution of malware, as well as discovering other malwares created by them. Discovering other involved entities, such as social media accounts, websites, Android store accounts, and taking steps to prevent malware from being distributed by them is another aspect of this story. In order to deal with organized... 

In electronic health, data is stored and retrieved electronically at the local or national level for clinical, educational and administrative purposes. The importance of data from citizens, patients, professionals and providers of healthcare and policy-makers points of view make it a valuable asset. In recent years, we confront the emergence of the Internet of Things and its widespread use in electronic health. In this area, health sensors such as a heart rate sensor, a blood glucose sensor, or a respiratory sensor provide information about each person that can be sent through the network to the physician. Such a continuous remote monitoring allows physicians to take better care of patients... 

Due to increasing web-based attacks against web applications and inefficiency of intrusion detection and prevention systems for detecting and preventing web attacks in the application layer, web application firewalls (WAF) developed to deal with this problem. There are most common attacks affecting today’s web applications like SQL Injection (SQLi), Cross-Site Scripting (XSS) and Logical attacks. The Logical attack focuses on the abuse or exploitation of a web application’s logic flow, and unlike SQLi and XSS, it depends on the web application functionality. Nowadays, there are a lot of methods for designing a WAF which are divided into two categories: Signature-based and Anomaly-based... 

The widespread use of the Android operating system has made it an attractive target for attackers. In the field of malware identification and mitigation, the use of machine learning methods has seen significant advancements due to their ability to identify unknown malware. One of these methods is graph-based techniques in constructing malware detection systems, which have achieved high success rates in identifying malware. However, machine learning methods suffer from the vulnerability of being misled by adversarial examples. One important aspect in both malware detection systems and adversarial attacks is the limitations imposed on software modification. Any changes made to the application... 

With the increasing use of mobile smartphones, securing the information and protecting the mobile users’ privacy is one of the important subjects in this context. Android, as one of the most popular operating systems for smartphones, uses strategies to provide system security and user privacy; one of these strategies is permission system. Applications should get permissions from users to access their sensitive data. Most related researches and the android itself, focuses on granting or revoking permissions to the program in a way that it doesn’t misuse the user’s sensitive data, but most of the time, the purpose of accessing data is not obvious and the user doesn’t have enough knowledge... 

SQL injection is one of the most important security threats in web applications with backend SQLbased database. An attacker can abuse an application’s vulnerability to change the queries sent from the application to the database. Many techniques and frameworks have been proposed for detecting and preventing SQL injection. But most of them cannot detect all types of SQL injection such as second-order attacks. In this thesis, we propose a new method to detect and prevent all types of this attack. The proposed method is a kind of anomaly-based intrusion detection methods and could be considered as a proxy between the application server and the database server. The proposed method, can detect... 

In recent years, one of the research interests is ensuring the integrity of computations done on data received from multiple data sources. Limited research has been done to ensure the integrity of computations that the output depends on data generated by different data sources. However, there are many solutions for systems that the input data is generated by a single data source. In this thesis, ensuring the integrity of multi-source aggregate functions and general functions are investigated in an untrusted server. To verify the integrity of aggregate functions, first of all, we present a construction for verifying the results of linear functions using the RSA signature. It should be noted... 

Advanced Persistent Threats (APTs) by multi step , low-level and sometimes slowmoving behaviors try to hiding malicious behaviors. These attacks are complex, costly and the attacker violates the security policy explicitly or implicitly by distributing his or her behavior to multi agents and infiltrate trusted subjects. One of the challenges is the discovery of these attacks in the early stages of the attack and before the complete violation of confidentiality. the lack of deep intercepting of events, content with intrusion detection systems warnings, the lack of simultaneous tracking of host and network-level events and the lack of real-time processing is limitations of existing detection... 

Protecting sensitive data stored in database systems, especially in outsourced ones, has become a major concern in many organizations. One of the main possible solutions is to encrypt data before storing them on databases. Bucket-based encryption is among different approaches proposed to accomplish this goal which besides its various benefits, suffers from generating false-positive results. Multi-join queries are one of the most important operations in database systems and their usage grows rapidly in comparison to other types of queries by increasing the size of stored information. While using the decision support systems and data mining solutions are growing continuously, executing... 

Developing an android application from scratch is a time-consuming and expensive process, but modifying an existing and similar application is much easier. Modifying an android application, which is called repackaging, is done for different purposes. Cracking non-free android applications, modifying advertising libraries code, adding malicious payload to benign ones and redistributing known malwares are some of the important purposes. Existing methods for confronting android application repackaging can be divided into three categories: 1) based on comparing with the original application, 2) based on changing the original application, 3) based on changing the android platform. Methods in the... 

Smart grids are the new generation of power grids that combine the power distribution grid with the communications network. The purpose of these networks is to create a secure, two-way infrastructure for the transmission of power and information. The complex structure of smart grids, along with the inherent vulnerabilities of physical systems, old devices and protocols on the network and the need for backward compatibility, have created serious cyber risks to critical assets and infrastructures. The difference between these types of networks and conventional computer networks has made the security mechanisms developed in conventional computer networks not very suitable for these types of...