Sharif Digital Repository

Rules are used as a way of managing and configuring firewalls to fulfill security requirements in most cases. Managers have to specify their organizational security policies using low level and order-dependent rules. Furthermore, dependency of firewalls to the network topology, frequent changes in network topology (specially in dynamic networks), and lack of a method for analysis and verification of specified security policy may reduce to inconsistencies and security holes. Existence of a higher level environment for security policy specification can rectify part of the problems. In this paper we present a language for high level and formal specification of security policy in firewalls.... 

In this letter we studied the epidemic spreading on scale-free networks assuming a limited budget for immunization. We proposed a general model in which the immunity of an individual against the disease depends on its immunized friends in the network. Furthermore, we considered the possibility that each individual might be eager to pay a price to buy the vaccine and become immune against the disease. Under these assumptions we proposed an algorithm for improving the performance of all previous immunization algorithms. We also introduced a heuristic extension of the algorithm, which works well in scale-free networks  

Recommender systems has become increasingly important in online community for providing personalized services and products to users. Traditionally, performance of recommender algorithms has been evaluated based on accuracy and the focus of the research was on providing accurate recommendation lists. However, recently diversity and novelty of recommendation lists have been introduced as key issues in designing recommender systems. In general, novelty/diversity and accuracy do not go hand in hand. Therefore, designing models answering novelty/diversityaccuracy dilemma is one of the challenging problems in the context of practical recommender systems. In this paper, we first introduce the... 

Many technological networks can experience random and/or systematic failures in their components. More destructive situations can happen if the components have limited capacity, where the failure in one of them might lead to a cascade of failures in other components, and consequently break down the structure of the network. In this paper, the tolerance of cascaded failures was investigated in weighted networks. Three weighting strategies were considered including the betweenness centrality of the edges, the product of the degrees of the end nodes, and the product of their betweenness centralities. Then, the effect of the cascaded attack was investigated by considering the local weighted flow... 

Recurrent neural networks based on reservoir computing are increasingly being used in many applications. Optimization of the topological structure of the reservoir and the internal connection weights for a given task is one of the most important problems in reservoir computing. In this paper, considering the fact that one can construct a large matrix using Kronecker products of several small-size matrices, we propose a method to optimize the reservoir. Having a small number of parameters to optimize, a gradient based algorithm is applied to optimize parameters, and consequently the reservoir. In addition to reducing the number of parameters for optimization, potentially, the method is able... 

We consider electroencephalograms (EEGs) of healthy individuals and compare the properties of the brain functional networks found through two methods: unpartialized and partialized cross-correlations. The networks obtained by partial correlations are fundamentally different from those constructed through unpartial correlations in terms of graph metrics. In particular, they have completely different connection efficiency, clustering coefficient, assortativity, degree variability, and synchronization properties. Unpartial correlations are simple to compute and they can be easily applied to large-scale systems, yet they cannot prevent the prediction of non-direct edges. In contrast, partial... 

Schizophrenia is often considered as a dysconnection syndrome in which, abnormal interactions between large-scale functional brain networks result in cognitive and perceptual deficits. In this article we apply the graph theoretic measures to brain functional networks based on the resting EEGs of fourteen schizophrenic patients in comparison with those of fourteen matched control subjects. The networks were extracted from common-average-referenced EEG time-series through partial and unpartial cross-correlation methods. Unpartial correlation detects functional connectivity based on direct and/or indirect links, while partial correlation allows one to ignore indirect links. We quantified the... 

An advanced method using progressive concept of geometrical correspondence is applied to create a new wheel/rail contact model based on virtual penetration theory. The geometry and contact mechanism are solved simultaneously because of the independency in a defined correspondence. The model takes the penetrated profiles of wheel and rail and also associated creeps as inputs, and produces driving contact forces as output. The advantage of this model is that it doesn't require pretabulation of rigid contact situation. The method allows calculating flexible, non-elliptical, multiple contact patches during integration of the model. Consequently the rails with substructures can vibrate separately... 

Virtual organization (VO) is aimed to provide inter-organizational collaborations. Constructing a VO necessitates provision of security and access control requirements which cannot be satisfied using the traditional access control models. This is basically due to special features of VOs; such as temporality, unknown users, and diverse resources. In this paper, after expressing our assumption on a framework for VOs; the concept of organizational trust and reputation is used to establish an access control model for VOs. Each member of an organization inherits its organizational reputation. Resource providers announce the behavior of their interacting users to their organization manager.... 

Many real-world networks have a modular structure, and their component may undergo random errors and/or intentional attacks. More devastating situations may happen if the network components have a limited load capacity; the errors and attacks may lead to a cascading component removal process, and consequently, the network may lose its desired performance. In this brief, we investigate the tolerance of cascading errors and attacks in modular small-world networks. This brief studies the size of the largest connected component of the networks when cascading errors or attacks occur. The robustness of the network is tested as a function of both the intermodular connection and intramodular... 

In this paper, we present an algorithm for enhancing synchronizability of dynamical networks with prescribed degree distribution. The algorithm takes an unweighted and undirected network as input and outputs a network with the same node-degree distribution and enhanced synchronization properties. The rewirings are based on the properties of the Laplacian of the connection graph, i.e., the eigenvectors corresponding to the second smallest and the largest eigenvalues of the Laplacian. A term proportional to the eigenvectors is adopted to choose potential edges for rewiring, provided that the node-degree distribution is preserved. The algorithm can be implemented on networks of any sizes as... 

An access control model for Semantic Web should take the semantic relationships among the entities, defined in the abstract conceptual level (i.e., ontology level), into account. Authorization and policy specification based on a logical model let us infer implicit security policies from the explicit ones based on the defined semantic relationships in the domains of subjects, objects, and actions. In this paper, we propose a logic based access control model for specification and inference of history-constrained access policies in conceptual level of Semantic Web. The proposed model (named TDLBAC-2) enables authorities to state policy rules based on the history of users' accesses using a... 

An access control model for Semantic Web should be compatible with the corresponding semantic model. The access control procedure(s) should also take the semantic relationships between the entities (specified as ontologies) into account. Considering the benefits of logic-based models and the description logic foundation of Semantic Web, in this paper, we propose an access control model based on a temporal variant of description logics (TL-ALCF). This logical schema enables us to express history constrained policies to enrich the policy-base with dynamic properties based on previous accesses. The specification of each component of the model as well as the approach to define history... 

Adaptive application detection in today's high-bandwidth networks is resource consuming and inaccurate due to the high volume, velocity, and variety characteristics of the networks traffic. To generate a robust classifier for identifying applications over encrypted traffic, we proposed DSCA as a DPI-based Stream Classification Algorithm. DSCA utilizes applications detected by the DPI, Deep Packet Inspection technique, as ground truth data and updates the classification model accordingly. To reduce the classification algorithms overhead without accuracy reduction, a feature selection method, named CfsSubsetEval, is deployed in DSCA. The proposed approach is implemented via the MOA tool and... 

In UMTS mobile networks, there are some circumstances that the International Mobile Subscriber Identity (IMSI) of a user is conveyed in clear-text over the radio interface. Such situations violate the anonymity of users. In this paper, we introduce an Improved User Identity Confidentiality (IUIC) mechanism which attempts to avoid the drawback and makes users more anonymous. We give the role of IMSI to anonymous tickets in such a way that IMSI is never exposed on the radio interface or over any other link. Our IUIC mechanism, employs symmetric cryptography based on the existing network access security features of UMTS. Its implementation, security, and performance issues are also considered.... 

Since the failure of resources fatally affects processor allocation, a fault tolerant service is essential in the interconnection networks. In this paper, a new fault tolerant method is proposed and evaluated in the hybrid processor allocation scheme, which we have introduced in our previous work. Our task consists of two independent phases. First, the allocation process executes to allocate an efficient set of processors to the requested submesh. The second phase comes to work when the faulty nodes are detected in the allocated spaces. The selected processor allocation scheme allows jobs to be executed without waiting, provided that the number of processors is sufficient in the system and... 

As a security principle, separation of duty (SoD) is widely considered in computer security. In the role-based access control(RBAC) model, separation of duty constraints enforce conflict of interest policies. There are two main types of separation of duty policies in RBAC, Static SoD (SSoD) and Dynamic SoD (DSoD). In RBAC, Statically Mutually Exclusive Role (SMER) constraints are used to enforce Static Separation of Duty policies. Dynamic Separation of duty policies, like SSoD policies, are intended to limit the permissions that are available to a user. However, DSoD policies differ from SSoD policies by the context in which these limitations are imposed. A DSoD policy limits the... 

Role-Based Access Control (RBAC) model is naturally suitable to organizations where users are assigned organizational roles with well-defined privileges. However, due to the large number of users in nowadays online services of organizations and enterprises, assigning users to roles is a tiresome task and maintaining user-role assignment up- to-date is costly and error-prone. Additionally, with the increasing number of users, RBAC may have problems in prohibiting cheat and changing roles of users. In order to categorize information and formulate security policies, human decision making is required which is naturally fuzzy in the real world. This leads using a fuzzy approach to address the... 

Role Based Access Control (RBAC) model is naturally suitable to organizations where users are assigned organizational roles with well-defined privileges. Nowadays, many organizations and enterprises such as banks, insurance industry and utility companies, provide online services to their veiy large number of users. This shows that assigning users to roles is a intolerable task and maintaining user-role assignment up-to-date is costly and error-prone. Also, with the increasing number of users, RBAC may have problems in prohibiting cheat and changing roles of users. To overcome these problems, user-role assignment decision can be made based on how much we trust him/her. In this paper, we... 

In multi-domain environments, authorization policies for each administrative domain are determined by either one administrator or through cooperation of multiple administrators. Proposed logic-based models for multi-domain environments' authorization neither consider an administrator as the legislator of a policy in policies' representation nor specify the domain of a policy explicitly. Considering legislators in policy specification provides the possibility of presenting composite administration and utilizing administrators' characteristics in policy analysis such as conflict resolution. In this paper, we propose the syntax, proof theory, and semantics of a logic in which administrators are...