Sharif Digital Repository

One of the applications of Internet of things (IoT) is its usage in the eHealth area. Various types of sensors (e.g., sensor to measure heart health, blood sugar levels, and respiratory) exist that not only provide required information for patients, but also send the health information to hospital staff through the network. Leveraging this technology in various intensive care units of hospital facilitate nurses and medical staff in monitoring of patients. However, moving towards these environments leads to new security challenges. One of the most important challenges is controlling access to sensors’ data and preserving patients privacy so that doctor and nurses should access patients’... 

Cloud computing is a new computing environment where computing infrastructure, platform and software are provided as a service. Rapid growth of cloud environments has increased the importance of security requirements and challenges for both service providers and users in cloud. Two main security issues in software as a service (SaaS) delivery model are access control and privacy preserving in basic web services and also in composite services obtaining through the automatic composition and inference of policies from the ones specified for basic services. In this thesis, we present a privacy preserving access control model and framework for service composition in SaaS delivery model of cloud... 

Today, smart devices have become an integral part of everyday life. The Android operating system is also the most popular operating system of these devices, and as a result, various malwares are produced and distributed for this operating system every day. This makes it especially important to investigate these malwares. This includes finding people involved in the development and distribution of malware, as well as discovering other malwares created by them. Discovering other involved entities, such as social media accounts, websites, Android store accounts, and taking steps to prevent malware from being distributed by them is another aspect of this story. In order to deal with organized... 

The long-term Attacks are some special multi-level attacks which remain inside of systems for a long time to finally perform the damage. One of the most famous kinds of these attacks is Advanced Persistent Threats. These kinds of attack are low-level, distributed inside of the network and their goal is stealing information or corrupting a process in the organization. Banks are one of the most vulnerable organizations which have suffered from these attacks, so the main purpose of this research is detecting them and give warning to the security admin. The goal of financial APTs is stealing money and to achieve that, they have to create some transactions and send them to the core banking. We... 

Nowadays large volume of sensitive data of organizations are stored in the databases. Thus, databases are attractive to the attackers to execute different types of attacks with different purposes. The useful information that attackers try to achieve in the preliminary steps of the attacks against the databases, is the database structure or schema. One of the popular approach to extract the schema of a database is to analyze the returned error messages from its DBMS. Hence, a solution to prevent schema disclosure via the error messages is customizing and modifying them. To achieve this goal, in this thesis, we propose a framework to handle and customize the error messages automatically and... 

The security and convenience of digital payment methods have made them an essential part of people's daily lives. As a result, the possibility of using these methods in an offline environment without the need to communicate with the payment service provider is of great importance. To make this possible, a digital currency system should enable users to securely control their assets without the help of an intermediary and act according to established laws to combat financial crimes. Otherwise, this system will not be usable by the public or on a large scale. To solve this problem, a scheme with the possibility of offline payment by customers, prevention and detection of double spending by... 

The emergence of semantic technology and its usage in different computational environments (especially the distributive environments) has increased the machine intelligence for more interoperability.This has resulted an abstraction (conceptual) layer above existing information and resources in these environments. Based on the unique characteristics of the semantic-aware environments, most of the proposed models for other environments are not applicable to this area, as they do not meet the security requirements of these environments. MA(DL)2-AM and SBAC are among the models that have satisfied a large portion of these requirements. Although documents are important assets of organizations... 

In electronic health, data is stored and retrieved electronically at the local or national level for clinical, educational and administrative purposes. The importance of data from citizens, patients, professionals and providers of healthcare and policy-makers points of view make it a valuable asset. In recent years, we confront the emergence of the Internet of Things and its widespread use in electronic health. In this area, health sensors such as a heart rate sensor, a blood glucose sensor, or a respiratory sensor provide information about each person that can be sent through the network to the physician. Such a continuous remote monitoring allows physicians to take better care of patients... 

Smart grids are the new generation of power grids that combine the power distribution grid with the communications network. The purpose of these networks is to create a secure, two-way infrastructure for the transmission of power and information. The complex structure of smart grids, along with the inherent vulnerabilities of physical systems, old devices and protocols on the network and the need for backward compatibility, have created serious cyber risks to critical assets and infrastructures. The difference between these types of networks and conventional computer networks has made the security mechanisms developed in conventional computer networks not very suitable for these types of... 

In recent years, the increase in the pace of data generation and costs of maintaining personal servers resulted in the demands for cloud-based services. Map-Reduce model is a programming model for parallel computations in distributed environments such as public clouds. While this model facilitates the process of big data for customers, there are concerns that the integrity of computation is violated since cloud owners are motivated to reduce the costs. To solve this problem, different approaches are proposed in four general categories which there are constraints and flaws in each of them. These four categories are such as based on replication, watermarking, report analysis and based on... 

In recent years, one of the research interests is ensuring the integrity of computations done on data received from multiple data sources. Limited research has been done to ensure the integrity of computations that the output depends on data generated by different data sources. However, there are many solutions for systems that the input data is generated by a single data source. In this thesis, ensuring the integrity of multi-source aggregate functions and general functions are investigated in an untrusted server. To verify the integrity of aggregate functions, first of all, we present a construction for verifying the results of linear functions using the RSA signature. It should be noted... 

The expansion of technology and the increasing use of mobile devices and smartphones have aected various aspects of personal and social life. These include the use of personal mobile devices in enterprise environments called BYODs have a number of positive and negative eects. On the one hand, it would be more cost-eective for an organization or business environment for users to use their own devices, but on the other hand, it poses numerous security and information challenges that are important to manage. These include disrupting the user’s privacy or disseminating organization information to personal devices and thus violating the organization’s security policies. In this study, a model is... 

Advanced Persistent Threats (APTs) by multi step , low-level and sometimes slowmoving behaviors try to hiding malicious behaviors. These attacks are complex, costly and the attacker violates the security policy explicitly or implicitly by distributing his or her behavior to multi agents and infiltrate trusted subjects. One of the challenges is the discovery of these attacks in the early stages of the attack and before the complete violation of confidentiality. the lack of deep intercepting of events, content with intrusion detection systems warnings, the lack of simultaneous tracking of host and network-level events and the lack of real-time processing is limitations of existing detection... 

With the growing trend of IoT, especially in critical areas like health system and city management, and the expectations of even higher growth with the advent of 5G networks, the security and preserving of users' privacy in IoT has gained significant importance. Anomaly detection is one of the approaches to monitor IoT devices which enables the identification of anomalous behaviors. This anomalous behavior could indicate malware infection, physical malfunctions, or tampering.Deep learning has been a common approach for anomaly detection for the past few years. The solutions are mostly suggested in a special purpose manner and because they are based on a particular deep learning model, they... 

Advanced Persistent Threats (APTs), use hybrid, slow, and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to make detection difficult for such detection systems. In addition, these attacks use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this... 

Due to increasing web-based attacks against web applications and inefficiency of intrusion detection and prevention systems for detecting and preventing web attacks in the application layer, web application firewalls (WAF) developed to deal with this problem. There are most common attacks affecting today’s web applications like SQL Injection (SQLi), Cross-Site Scripting (XSS) and Logical attacks. The Logical attack focuses on the abuse or exploitation of a web application’s logic flow, and unlike SQLi and XSS, it depends on the web application functionality. Nowadays, there are a lot of methods for designing a WAF which are divided into two categories: Signature-based and Anomaly-based... 

Developing an android application from scratch is a time-consuming and expensive process, but modifying an existing and similar application is much easier. Modifying an android application, which is called repackaging, is done for different purposes. Cracking non-free android applications, modifying advertising libraries code, adding malicious payload to benign ones and redistributing known malwares are some of the important purposes. Existing methods for confronting android application repackaging can be divided into three categories: 1) based on comparing with the original application, 2) based on changing the original application, 3) based on changing the android platform. Methods in the... 

The widespread use of the Android operating system has made it an attractive target for attackers. In the field of malware identification and mitigation, the use of machine learning methods has seen significant advancements due to their ability to identify unknown malware. One of these methods is graph-based techniques in constructing malware detection systems, which have achieved high success rates in identifying malware. However, machine learning methods suffer from the vulnerability of being misled by adversarial examples. One important aspect in both malware detection systems and adversarial attacks is the limitations imposed on software modification. Any changes made to the application... 

With the increasing use of mobile smartphones, securing the information and protecting the mobile users’ privacy is one of the important subjects in this context. Android, as one of the most popular operating systems for smartphones, uses strategies to provide system security and user privacy; one of these strategies is permission system. Applications should get permissions from users to access their sensitive data. Most related researches and the android itself, focuses on granting or revoking permissions to the program in a way that it doesn’t misuse the user’s sensitive data, but most of the time, the purpose of accessing data is not obvious and the user doesn’t have enough knowledge... 

The rapid growth of Android operating system alongside its open-source nature has made it as the most popular operating system of mobile devices. On the other hand, regarding the increasing computational power of mobile devices, a wide variety of applications are coming to this type of devices. Meanwhile unfortunately many malicious softwares trying to keep up with other applications, are targeting this popular operating system. Therefore with regard to the fact that this type of devices usually store private and sensitive information of their users, security of mobile operating systems is considered very important. Having this matter in mind, the goal of this research work has been...