Sharif Digital Repository

Automatic translation of a high-level specification language to an executable implementation would be highly useful in maximizing the benefits of formal methods. We will introduce a set of translation functions to fill the specification-implementation gap in the domain of database applications. We chose Z, SQL and Delphi languages to illustrate our methodology. We extend Delphi libraries to support mathematical objects exist in Z. Then, based on the extended libraries, we extract the translation functions from Z to Delphi. The translation functions from Z to SQL are more easily extracted, because the mathematical foundation of Z has many properties in common with SQL. Based on the extracted... 

In this study, using the MCNPX computer code based on the Monte Carlo method, the properties of protection against gamma-rays of the glass system with the combination of (55-x)Bi2O3-15Pb3O4-20Al2O3-10ZnO-xTiO2 with certain concentrations (x= 0, 5, 10, 15, 20, 25, 30 and 35 mol percent) and in nano and micro dimensions by calculating several parameters related to photon attenuation such as half value layer (HVL), Tenth value layer (TVL), mean free range (MFP), mass attenuation coefficient (m), linear attenuation coefficient (l), effective atomic number (Zeff) and buildup factor (BF) for We investigated different energy levels in the range of 1500-100 keV. To verify the simulation results,... 

In this project, a method for cooperative search and localization of RF ground moving targets by a group of UAVs is developed. It should be noted that UAVs are just equipped with GPS and directional sensors. Since there is fuel constraint for UAVs, they take fuel from a tanker whenever they require. Moreover, searching method enables the UAVs to see different parts of the desired area with almost uniform distribution. In addition, the proposed approach enables the UAVs to perform a local search with the aim of finding the targets having lost their signal during localization mode. Finally, based upon a fueling decision function the UAVs take turn, approach to the fuel tanker, and start... 

Compound verbs (CVs) and its components, have been widely discussed in previous linguistics' researches as one of the most important and fundamental constructions of Persian language. Nevertheless most of the arguments and assumptions in those researches align with each other and studying CVs from another aspect with a different viewpoint has not been considered very much in order to solve nodes and issues in this area. We have endeavored in this thesis to review and criticize the portrayed definitions of the CVs, reconsider this construction and the syntactical and semantical roles of verbal and non-verbal elements in this combination from another point of view, and revise the previous... 

Data outsourcing provides cost-saving and availability guarantees. However, privacy and confidentiality issues, disappoint owners from outsourcing their data. Although solutions such as CryptDB and SDB tried to provide secure and practical systems, their enforced limitations, made them useless in practice. Inability in search on encrypted data, is one of the most important existing challenges in such systems. Furthermore, the overhead of mechanisms such as FHEs, removes them from considering for any practical system. Indeed, special purpose encryptions would be the only usable mechanisms for such purposes. However, their limited functionality does not support some important required... 

Data outsourcing As a cloud service, it is a solution to reduce the cost of data storage and management in small and medium organizations. One of the main concerns in this area is the privacy of data owners and the non-disclosure of information by curious (albeit trusted) public cloud service providers. Resolving this issue requires encrypting the data before sending it to the cloud server. Transferring all encrypted data to the cloud server and performing various queries after encryption imposes a lot of time, computational and storage overhead, which destroys the philosophy of outsourcing. One of the open research issues is the processing of join queries over encrypted data by the cloud... 

The ever-increasing volume of data and the lack of computational and storage facilities have caused a managerial challenge to organizations. The existence of these challenges on the one hand and the increase of storage services on the other hand have compelled the organizations to delegate their storage and management of data to the server providers of cloud storage services. The outsourcing of data to servers obviates the need for purchasing exorbitant storage equipment and recruiting professional workforce in the organization. Since the organization’s data will be kept outside the organization’s ambience in case of using such services in form of outsourcing, and the data will not be under... 

With the growing use of computer systems, especially in form of web applications, software development and customer requirements has become more complex. Modern computer systems are supposed to achieve non-functional requirements in addition to functional requirements. Non-functional requirements are also called software quality attributes. One of the most important quality attributes for today's software systems is performance. Today’s softwares due to the growing number of their users, need more efficiency than ever to properly meet the performance request.Storage components and databases are the most important factors in causing performance bottlenecks in web applications. Most of... 

An important class of applications which have been rapidly growing recently is the one that create and use time series data. These types of data sets are ordered based on the timestamps associated to their data items. In practice, traditional relational databases are unable to satisfy the requirements of these data sets; however, NoSQL databases with column-wide data structure are appropriate infrastructure for them. These databases are very efficient in read and write operations (especially for time series data, which are ordered) and are able to store unstructured data. Time series data may contain valuable and sensitive information; hence, they should be protected from the information... 

Infrastructural costs of data management, have led people and organizations to outsource their data. This approach is facing with some significant security challenges and risks. The goal of this research, is to present an architecture for secure outsourcing of data in a way that used methods, storage processes, query processing methods and access control mechanisms work together to preserve confidentiality and integrity of outsourced data. In this architecture, the main challenge is transparent placement of some components between client and server in order to prevent user from being aware of communication with a secured server. In order to create this degree of transparency, we need to pay... 

Data outsourcing is an approach to delegate the burden of data management to external servers. In spite of its clear advantages, data outsourcing requires security assurances including data confidentiality, query result correctness, and access control enforcement. Research proposals have identified solutions with disparate assumptions for different security requirements. It is a real obstacle towards having an integrated solution through the combination of existing approaches. The practicality of data outsourcing to the cloud is seriously affected by this challenge. In this thesis, a unified view based on secret sharing is proposed to simultaneously achieve confidentiality, correctness, and... 

Protecting sensitive data stored in database systems, especially in outsourced ones, has become a major concern in many organizations. One of the main possible solutions is to encrypt data before storing them on databases. Bucket-based encryption is among different approaches proposed to accomplish this goal which besides its various benefits, suffers from generating false-positive results. Multi-join queries are one of the most important operations in database systems and their usage grows rapidly in comparison to other types of queries by increasing the size of stored information. While using the decision support systems and data mining solutions are growing continuously, executing... 

One important problem in query optimization in centralized and decentralized databases is optimizing queries containing common sub-expressions, known as multi-query optimization. In processing these queries, the goal is to process a group of queries together and find a global execution plan with minimum cost for the query set. In most of researches which have approached this problem the focus were on exhaustive algorithms. Since size of the problem space for these algorithms grows exponential with query set size, these approaches are impractical. In this research we have presented six algorithms based on Ant Colony Optimization metaheuristic. We have compared the efficiency of these methods... 

Recently XML has become a standard for data representation and the preferred method of encoding structured data for exchange over the Internet. Moreover it is frequently used as a logical format to store structured and semi-structured data in databases. In this research we focus on semantic modeling for XML data and we propose a model-driven approach for modeling and designing XML databases. In the approach data is modeled without considering representation and implementation details in a platform independent model.
We use Object-Role Modeling as the platform independent model. We specify a formal meta-model of this model in Alloy and we validate instance models by checking... 

In recent years, there has been a trend toward outsourcing data to the cloud provider. These companies must tackle the data security challenges. Generally these parties are assumed to be honest but curious. In past years, the research communities have been investigating different solution to ensure confidentiality.
In addition to data confidentiality access and pattern confidentiality is a high-priority issue in some cases so. potential adversary should be unable to drive information from the observed access pattern to the outsourced data. Despite the fact that there are more investigation in the field of data confidentiality, concern over data security are the rise in outsourcing data,... 

SQL injection is one of the most important security threats in web applications with backend SQLbased database. An attacker can abuse an application’s vulnerability to change the queries sent from the application to the database. Many techniques and frameworks have been proposed for detecting and preventing SQL injection. But most of them cannot detect all types of SQL injection such as second-order attacks. In this thesis, we propose a new method to detect and prevent all types of this attack. The proposed method is a kind of anomaly-based intrusion detection methods and could be considered as a proxy between the application server and the database server. The proposed method, can detect... 

Nowadays large volume of sensitive data of organizations are stored in the databases. Thus, databases are attractive to the attackers to execute different types of attacks with different purposes. The useful information that attackers try to achieve in the preliminary steps of the attacks against the databases, is the database structure or schema. One of the popular approach to extract the schema of a database is to analyze the returned error messages from its DBMS. Hence, a solution to prevent schema disclosure via the error messages is customizing and modifying them. To achieve this goal, in this thesis, we propose a framework to handle and customize the error messages automatically and... 

Recently, many organizations outsource their data on an external server to rescue the trouble of data maintenance. But, data owners do not trust in the external server to enforce defined access control policies. In recent years, many researches was dedicated to cryptographic access control on outsourced data, in order to solve this problem. We introduce a method based on Attribute-based Encryption to enforce access control on outsourced data. In this method we consider policy updating and administrative access control. As a result The owner is not only able to change access control policies on outsourced data but also to define administrative rights (grant/revoke) for some admin users. Our... 

One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes three challenges; 1) the average number of keys needed to access authorized resources, 2) efficient update of policies, and 3) confidentiality of data owner’s access control policies. Most of the existing proposed solutions address only one of these challenges, while they impose high overhead on both the data owner and users. Such an overhead prevents the model to be implemented in practical applications. In this thesis, we propose an approach to address all the aforementioned challenges with acceptable overhead. In this approach, which is based on selective... 

While data outsourcing provides some benefits, it suffers from new privacy and security concerns, mainly about the confidentiality and integrity of the stored sensitive data, as well as enforcing access control policies. Current solutions to these aims are not comprehensive and consider only one aspect of security requirements. A secure DBMS architecture is introduced that simultaneously considers confidentiality, integrity and access control enforcement requirements. The transparency of security functions from data owner, service providers, and applications facilitates the operationality of the solution.Additionally, a new indexing technique for character encrypted data is proposed that...