Sharif Digital Repository

Semantic technology provides an abstraction layer above existing computational environments, especially the Web, to give information a well-defined meaning. Moving toward semantic-aware environments imposes new security requirements. One of the most important requirement is the authorization and security policy inference based on the existing semantic relationships in the abstract (conceptual) layer. Most of the authorization models proposed for these environments so far are incomplete and their inference rules are not guaranteed to be consistent, sound, and complete. To have a sound and complete system for policy specification and inference, in this thesis, a family of modal logics, called... 

In the secure data outsourcing scenario, verification of the reply of an unreliable server includes assessing the authenticity, completeness and it’s integrity. In this thesis, an efficient method, with emphasis on freshness, has been introduced to evaluate the correctness of the replies from a server. It takes in hand different application needs, inherent differences in the data, and different update mechanisms. This method evaluates freshness by using timestamps alongside the data being out sourced. Due to the requirement of verifying not only the freshness of the response, but the correctness of the timestamps as well, two general methods for evaluating and verifying the responses were... 

Growth of tools that ease sharing information and resources in social networks can cause privacy issues for the users. Protecting user’s personal information against unauthorized access is a crucial task, and it is considered as a first step for preserving user’s privacy in such networks. Policies, access control rules, and the way rules are applied to online social networks are issues that are less investigated and most existing frameworks have used simple models. Growth of users joining social networks and significant volume of resources shared in these networks make such environments suitable for using semantic technology. Semantic technology is used for modeling various resources, users,... 

Access control, which is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied, plays an important role in the system security. The existing of non-monotonicity property in a deduction and decision making process means that some of the previous deductions or decisions may be retracted by adding new information and premises. Based on the definition, in a non-monotonic access control system, adding new information or access control rules may invalidate some of the previous conclusions (permissions/prohibitions). The requirements such as decision making based on the imperfect information, supporting... 

The rapid growth and increase in complexity of modern network and communication systems have made a demand for protecting organizations’ sensitive data and resources from malicious intrusions. Attackers and intruders perform malicious attacks by exploiting vulnerabilities, weaknesses, and flaws in computer systems using novel and advanced techniques. Traditional security mechanisms, such as authentication, access control, and firewall cannot prevent these attacks. Therefore, Intrusion detection systems (IDSs) are employed to detect abnormal activities and monitor network traffic and hosts’ events. These systems suffer from several limitations, including generating a huge amount of alerts and... 

With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. A perfect intrusion detection system would be able to identify all the attacks without raising any false and non-relevant alarms. Unfortunately, false alarms are commonplace in intrusion detection systems. Non-relevant alerts, which are associated with attacks that were not successful, are also common. The process of identifying false and non-relevant alerts is called alert verification. Also nowadays, web applications are widely used in critical and important roles (e.g.,... 

With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. Alert Correlation systems are a possible solution for deep analysis of incoming alerts in response to potential attacks against enterprise networks. Although several known alert correlation systems have been proposed for this purpose so far, most of them do not support high amount of input due to their centralized architecture. In this thesis, we propose a system architecture and approach for alert correlation to be extensible, flexible, and modular. The architecture encompasses... 

Recently many organizations outsource their data to an external server due to easier data maintenance. One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes some challenges; namely, the number of keys needed to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies . Most of the existing proposed solutions address only some of these challenges, while they impose high overhead on both the data owner and users. Moreover, most of them address enfrocement of policies in form of access control matrix and... 

Insider threat is a significant security risk for organizations and hard to detect. Most of introduced detection methods need contextual data entries about users, or preprocessed user activity logs to detect insider threats while it is costly and time-consuming. In this thesis, we introduce a behavior analysis method that learns its context and detects multiple types of insider threats from raw logs and network traffic in real-time. This method, named XABA, learns user roles and exclusive behaviors, through analyzing raw logs related to each network session of the user. Then it checks for some abnormal patterns, and if so, triggers the appropriate alert. XABA is implemented on the big-stream... 

Differential privacy provides a powerful definition for protecting data privacy by adding noise. Differential privacy mechanisms add noise to the responses of queries made to a database. Differential privacy challenges the learning of useful information from a dataset without leaking any information about the individuals present in that dataset. However, studies have shown that these mechanisms make assumptions about the data that, if not met, can lead to privacy leaks. One of these assumptions is the lack of correlation between data. If an attacker is aware of the correlation between data, common mechanisms cannot guarantee differential privacy.This thesis proposes a solution for adding... 

Recent advances in Machine Learning and specially Deep Learning, have caused a dramatic increase in the use of these algorithms in different applications, such as sickness diagnosis, anomaly detection, malware detection, and etc. Since training deep neural networks requires a high cost in terms of both gathering loads of labeled data and computing and human resources, deep learning models are a part of an organization’s intellectual property and so, the importance of securing these models is increasing. One of the most important types of attacks that compromises the security of deep neural networks is black-box adversarial example attack. In adversarial example attacks, the adversary... 

Trust management is a new security solution for situations that there is not enough information about the members of a system. As other security solutions, trust management solutions are not secure against attacks and malicious behaviors. Collusion is one of the most destructive malicious behaviors in these systems. Colluders seek to unfairly affect the trust system. Most of the trust models are vulnerable against this malicious behavior or consider only a limited set of collusion scenarios to resist. Some other mitigation approaches are specific to a trust model and cannot be used by other models. One of the methods to implement trust is exploiting reputation. Reputation systems can be... 

In order to control accesses in semantic environments, a semantic-based access control and policy specification language should be choosen. Upon to them, some security mechanisms should be designed and implemented. Several access control models and policy specification languages have been arisen, but seldom have focused on designing mechanisms to satisfy their models in any environment. In this thesis, we focus on implementation aspects of access control in semantic environments. We chose semantic web as our studying environment and an extension of the SBAC model named MA(DL)2 as our access control model. To control accesses in the selected environment, we divide semantic web into some... 

Providing anonymity in communications is one of the major requirements for the preserving the privacy of users using communication networks. There are several protocols for transmitting anonymous message in public communication networks. DC-Nets can be considered as an important solution to anonymous communications because they provide perfect anonymity; however, their high message and bit complexity is a major obstacle in their practical usage. All DC-Net based protocols provide anonymity of sender and receiver by establishing some anonymous channels for transmission of messages. Each execution of the DC-Net protocol acts as an anonymous channel, which only one participant can send his... 

The quality is the last word of customer satisfaction concept. The structure and the main goal of many of large and small companies have been formed with systems aggregate related to process and product quality. Whereas quality is not achieved only under the protection of inspecting and controlling, then the quality management standards have been designed and produced to control all the activities and organization effective processes. Quality management standards in auto industries have been developed with increasing of customer desire and their severity simultaneously. Which the set of some standards such as ISO 9000, QS 9000, VDA, … and the most ISO TS 16949 requirements have been used.... 

The classical economic batch quantity (EBQ) model assumes that all produced items have a perfect quality. But in real-life production systems, generation of defective items is inevitable. A portion of these defective items is considered to be scrap , while the other is assumed to be reworkable and reworking them can reduce costs and increase productivity. In this thesis we have studied the economic batch quantity for a single stage production system with rework and scrapping . We want to satisfy the customer demand and minimize total costs of the system like set up costs , production costs , rework costs , holding costs , shortage costs and scrapping costs . In the first chapter of this... 

Based on the latest statistical figures, more than 50 billion Rials worth of medical equipment exists in Iran’s medical centers. In spite of this, Breakdown maintenance is used in all hospitals, which means that the equipment is utilized as long as it is not out of order and only in such a situation, i.e. a breakdown, the necessary repair operation is conducted on the equipment. In fact, no maintenance is carried out to prevent a breakdown, while the “prevention from breakdown” concept has long been introduced in the majority of industries in many countries including Iran and its positive impacts are undisputable. This thesis aims at proposing a solution for the implementation of a “planned... 

Applied pi calculus is a variant of the pi calculus with extensions for modeling cryptographic protocols. In such a calculus, the security guarantees are usually stated as equivalences. While process calculi provide a natural means to describe the protocols themselves, epistemic logics are often better suited for expressing certain security properties such as secrecy and anonymity. These methods studied in this work to investigation the verification of privacy properties in security protocols. And finally, a new approach is introduced to bridge the gap between these two approaches: using the set of traces generated by a process as models. In this method an epistemic logic has constructs for... 

EOQ and EPQ models have been among the most important and commonly used techniques for about 100 and 60 years respectively .But, they are involved in some assumptions that sometimes prevent them from being implemented in real situation of industry and production. One of these unrealistic assumptions is that all of items received or produced are of perfect quality. In order to overcome this constraint and make the mentioned models closer to the real environmentsome researches have been done. To this end,following the previous attemptsin this project we assumed to have destructive inspections and existence of imperfect and rejected items after rework. In our models, considering 3 circumstances... 

Portfolio is a collection of different stocks for investment. The investors' objectives in portfolio formation are to get the highest return against exposure to the lowest risk. Portfolio Optimization Problem is one of the most complicated problems in investment and finance. It may be simply explained as follows: Let's imagine a set of N stocks for selection. We would like to see what percentage of the total amount of investment should be dedicated to each stock to maximize portfolio's total return and minimize its total risk.
Portfolio Optimization Problem is a NP-Hard problem and generally there exists no polynomial-time deterministic algorithm to find a precise solution to such a...