Sharif Digital Repository

Access control, which is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied, plays an important role in the system security. The existing of non-monotonicity property in a deduction and decision making process means that some of the previous deductions or decisions may be retracted by adding new information and premises. Based on the definition, in a non-monotonic access control system, adding new information or access control rules may invalidate some of the previous conclusions (permissions/prohibitions). The requirements such as decision making based on the imperfect information, supporting... 

Semantic technology provides an abstraction layer above existing computational environments, especially the Web, to give information a well-defined meaning. Moving toward semantic-aware environments imposes new security requirements. One of the most important requirement is the authorization and security policy inference based on the existing semantic relationships in the abstract (conceptual) layer. Most of the authorization models proposed for these environments so far are incomplete and their inference rules are not guaranteed to be consistent, sound, and complete. To have a sound and complete system for policy specification and inference, in this thesis, a family of modal logics, called... 

In the secure data outsourcing scenario, verification of the reply of an unreliable server includes assessing the authenticity, completeness and it’s integrity. In this thesis, an efficient method, with emphasis on freshness, has been introduced to evaluate the correctness of the replies from a server. It takes in hand different application needs, inherent differences in the data, and different update mechanisms. This method evaluates freshness by using timestamps alongside the data being out sourced. Due to the requirement of verifying not only the freshness of the response, but the correctness of the timestamps as well, two general methods for evaluating and verifying the responses were... 

Growth of tools that ease sharing information and resources in social networks can cause privacy issues for the users. Protecting user’s personal information against unauthorized access is a crucial task, and it is considered as a first step for preserving user’s privacy in such networks. Policies, access control rules, and the way rules are applied to online social networks are issues that are less investigated and most existing frameworks have used simple models. Growth of users joining social networks and significant volume of resources shared in these networks make such environments suitable for using semantic technology. Semantic technology is used for modeling various resources, users,... 

Recently many organizations outsource their data to an external server due to easier data maintenance. One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes some challenges; namely, the number of keys needed to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies . Most of the existing proposed solutions address only some of these challenges, while they impose high overhead on both the data owner and users. Moreover, most of them address enfrocement of policies in form of access control matrix and... 

Insider threat is a significant security risk for organizations and hard to detect. Most of introduced detection methods need contextual data entries about users, or preprocessed user activity logs to detect insider threats while it is costly and time-consuming. In this thesis, we introduce a behavior analysis method that learns its context and detects multiple types of insider threats from raw logs and network traffic in real-time. This method, named XABA, learns user roles and exclusive behaviors, through analyzing raw logs related to each network session of the user. Then it checks for some abnormal patterns, and if so, triggers the appropriate alert. XABA is implemented on the big-stream... 

The rapid growth and increase in complexity of modern network and communication systems have made a demand for protecting organizations’ sensitive data and resources from malicious intrusions. Attackers and intruders perform malicious attacks by exploiting vulnerabilities, weaknesses, and flaws in computer systems using novel and advanced techniques. Traditional security mechanisms, such as authentication, access control, and firewall cannot prevent these attacks. Therefore, Intrusion detection systems (IDSs) are employed to detect abnormal activities and monitor network traffic and hosts’ events. These systems suffer from several limitations, including generating a huge amount of alerts and... 

With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. A perfect intrusion detection system would be able to identify all the attacks without raising any false and non-relevant alarms. Unfortunately, false alarms are commonplace in intrusion detection systems. Non-relevant alerts, which are associated with attacks that were not successful, are also common. The process of identifying false and non-relevant alerts is called alert verification. Also nowadays, web applications are widely used in critical and important roles (e.g.,... 

With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. Alert Correlation systems are a possible solution for deep analysis of incoming alerts in response to potential attacks against enterprise networks. Although several known alert correlation systems have been proposed for this purpose so far, most of them do not support high amount of input due to their centralized architecture. In this thesis, we propose a system architecture and approach for alert correlation to be extensible, flexible, and modular. The architecture encompasses... 

In recent years, Internet of Things (IoT) devices have been rapidly increasing. The large number of these devices, along with their lower memory and processing power compared to other internet-connected devices, can expose IoT networks to various security threats. These threats undermine the data and communication infrastructure of these networks. Detecting attacks can be an effective factor in protecting IoT devices and networks. Among these attacks, Distributed Denial of Service (DDoS) attacks, which exploit vulnerabilities in the IoT infrastructure, can prevent users' access to network services through resource exhaustion, end-node saturation, and bandwidth saturation. This issue can be... 

Recent advances in Machine Learning and specially Deep Learning, have caused a dramatic increase in the use of these algorithms in different applications, such as sickness diagnosis, anomaly detection, malware detection, and etc. Since training deep neural networks requires a high cost in terms of both gathering loads of labeled data and computing and human resources, deep learning models are a part of an organization’s intellectual property and so, the importance of securing these models is increasing. One of the most important types of attacks that compromises the security of deep neural networks is black-box adversarial example attack. In adversarial example attacks, the adversary... 

Differential privacy provides a powerful definition for protecting data privacy by adding noise. Differential privacy mechanisms add noise to the responses of queries made to a database. Differential privacy challenges the learning of useful information from a dataset without leaking any information about the individuals present in that dataset. However, studies have shown that these mechanisms make assumptions about the data that, if not met, can lead to privacy leaks. One of these assumptions is the lack of correlation between data. If an attacker is aware of the correlation between data, common mechanisms cannot guarantee differential privacy.This thesis proposes a solution for adding... 

Trust management is a new security solution for situations that there is not enough information about the members of a system. As other security solutions, trust management solutions are not secure against attacks and malicious behaviors. Collusion is one of the most destructive malicious behaviors in these systems. Colluders seek to unfairly affect the trust system. Most of the trust models are vulnerable against this malicious behavior or consider only a limited set of collusion scenarios to resist. Some other mitigation approaches are specific to a trust model and cannot be used by other models. One of the methods to implement trust is exploiting reputation. Reputation systems can be... 

In order to control accesses in semantic environments, a semantic-based access control and policy specification language should be choosen. Upon to them, some security mechanisms should be designed and implemented. Several access control models and policy specification languages have been arisen, but seldom have focused on designing mechanisms to satisfy their models in any environment. In this thesis, we focus on implementation aspects of access control in semantic environments. We chose semantic web as our studying environment and an extension of the SBAC model named MA(DL)2 as our access control model. To control accesses in the selected environment, we divide semantic web into some... 

Providing anonymity in communications is one of the major requirements for the preserving the privacy of users using communication networks. There are several protocols for transmitting anonymous message in public communication networks. DC-Nets can be considered as an important solution to anonymous communications because they provide perfect anonymity; however, their high message and bit complexity is a major obstacle in their practical usage. All DC-Net based protocols provide anonymity of sender and receiver by establishing some anonymous channels for transmission of messages. Each execution of the DC-Net protocol acts as an anonymous channel, which only one participant can send his... 

The classical economic batch quantity (EBQ) model assumes that all produced items have a perfect quality. But in real-life production systems, generation of defective items is inevitable. A portion of these defective items is considered to be scrap , while the other is assumed to be reworkable and reworking them can reduce costs and increase productivity. In this thesis we have studied the economic batch quantity for a single stage production system with rework and scrapping . We want to satisfy the customer demand and minimize total costs of the system like set up costs , production costs , rework costs , holding costs , shortage costs and scrapping costs . In the first chapter of this... 

Based on the latest statistical figures, more than 50 billion Rials worth of medical equipment exists in Iran’s medical centers. In spite of this, Breakdown maintenance is used in all hospitals, which means that the equipment is utilized as long as it is not out of order and only in such a situation, i.e. a breakdown, the necessary repair operation is conducted on the equipment. In fact, no maintenance is carried out to prevent a breakdown, while the “prevention from breakdown” concept has long been introduced in the majority of industries in many countries including Iran and its positive impacts are undisputable. This thesis aims at proposing a solution for the implementation of a “planned... 

Hub and Spoke networks come into play when considering direct link between all origins and destinations is either impossible or expensive in a transportation system. In this kind of problems, some nodes are chosen as hub from all origin and destination nodes to collect flows and then distribute them. Implementing hub network leads to minimizing transportation cost, sorting flows and conveying them in economies of scale. Otherwise, shipping flows directly may cause decreasing the travelling distance and the delivery time consequently. In this dissertation, combination of hub network and direct shipment is investigated. To obtain the optimal hub locations and direct links between non-hub nodes... 

In real life, we can not always expect agents and authorities to have the same desires. Also when it comes to conflicts, agents always tend to break the authorities’ norms to follow their own strategies. Hence we can not expect strict norms to model an actual real life situation.In this article we introduce punishment normative systems, based on multi-agent Marokov chain processes (MMDPs). We try to extend the punishment idea to be also applicable on long-run and infinite strategies. We consider a version of the multi-agent model that is widely used in different situations and then provide an algorithm to find a fair normative system that distributes obligations equally on the agents, while... 

This research deals with a supply chain consisting of one vendor and several retailers. Every retailer orders a fixed discrete quantity in fixed discrete time intervals. Order quantity and order cycle of each retailer could be different from the others. The vendor orders the required quantity to a supplier to fulfill the received demands. Also the vendor orders a discrete quantity, which will be immediately received at the vendor’s warehouse. In this supply chain system, the lead-time is assumed to be zero and shortage is allowed for vendor. The aim is to find minimum vendor’s inventory cost. We proposed a backward Dynamic Programming algorithm for the model. The algorithm creates vendor’s...