Morteza Amini

Morteza Amini
Sharif University of Technology | SHARIF · Department of Computer Engineering

PhD

About

51
Publications
10,484
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
812
Citations

Publications

Publications (51)
Article
Full-text available
Targeted cyber attacks, which today are known as Advanced Persistent Threats (APTs), use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this weakness to escape from the detection systems. In these situations, the intruders...
Article
Sophisticated and targeted malwares, which today are known as Advanced Persistent Threats (APTs), use multi-step, distributed, hybrid and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correl...
Article
Today, many applications produce and use time series data. The data of this type may contain sensitive information. So they should be protected against unauthorized accesses. In this paper, security issues of time series data are identified and an access and inference control model for satisfying the identified security requirements is proposed. Us...
Article
Full-text available
One of the organizations’ main concerns is to protect sensitive data in database systems, especially the ones outsourced to untrusted service providers. An effective solution for this issue is to employ database encryption methods. Among different encryption approaches, Bucket-based method has the advantage of balancing security and performance of...
Article
Full-text available
Widespread growth in Android malwares stimulates security researchers to propose different methods for analyzing and detecting malicious behaviors in applications. Nevertheless, current solutions are ill-suited to extract the fine-grained behavior of Android applications accurately and efficiently. In this paper, we propose ServiceMonitor, a lightw...
Article
Full-text available
Online Social Networks (OSNs) are very popular and users share various information in these networks. To protect these resources from unauthorized access, these frameworks must support flexible access control mechanisms. Semantic technology provides new opportunities for this purpose. This paper proposes a Prioritized Ontology-Based Access Control...
Article
Two main security issues in software as a service (SaaS) delivery model of cloud environments are access control and privacy preserving in basic web services as well as composite services where we require to infer policies through the automatic composition of the policies specified for their constituting basic services. In this paper, we present a...
Article
Nowadays, a large volume of an organization's sensitive data is stored in databases making them attractive to attackers. The useful information attackers try to obtain in the preliminary steps, is the database structure or schema. One of the popular approaches to infer and extract the schema of a database is to analyze the returned error messages f...
Article
Full-text available
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a neces...
Article
Full-text available
Today, from information security perspective, prevention methods are not enough solely. Early Warning Systems (EWSs) are in the category of reactive methods. These systems are complementing Intrusion Detection Systems (IDSs) where their main goals include early detection of potential malicious behavior in large scale environments such as national l...
Conference Paper
Context-awareness is an essential requirement of modern access control models. Organization-Based Access Control (OrBAC) model is a powerful context-aware access control model defined by first-order logic. However, due to the monotonicity nature of the first-order logic, OrBAC suffers from the incapability of making decision based on incomplete con...
Conference Paper
Emerging tools that ease sharing information in online social networks (OSNs) can cause various privacy issues for users. Access control is the main security mechanism in OSNs which is used to tackle such issues. In this paper, a prioritized ontology based access control model for protecting users' information in OSNs is proposed. In the proposed m...
Conference Paper
Virtual organization (VO) is aimed to provide inter-organizational collaborations. Constructing a VO necessitates provision of security and access control requirements which cannot be satisfied using the traditional access control models. This is basically due to special features of VOs; such as temporality, unknown users, and diverse resources. In...
Article
The decentralized approach to security administration in new computing environments (e.g., pervasive computing and mobile environments) is based on apportioning the environment into multiple security domains. The security policies of each security domain are specified by an authority and enforced by a security agent. The requirements of cooperative...
Article
Semantic technology is widely used in distributed computational environments to increase interoperability and machine readability of information through giving semantics to the underlying information and resources. Semantic-awareness, distribution and interoperability of new generation of distributed systems demand an authorisation model and framew...
Conference Paper
An access control model for Semantic Web should take the semantic relationships among the entities, defined in the abstract conceptual level (i.e., ontology level), into account. Authorization and policy specification based on a logical model let us infer implicit security policies from the explicit ones based on the defined semantic relationships...
Article
Time plays a crucial role in access control for new computing environments, which is not supported in traditional access control models. In this paper, we propose a Generalized Temporal History Based Access Control (GTHBAC) model, aimed at integrating history-based constraints along with a generic access control model. GTHBAC enhances the specific...
Conference Paper
An access control model for semantic Web should be compatible with the corresponding semantic model. The access control procedure(s) should also take the semantic relationships between the entities (specified as ontologies) into account. Considering the benefits of logic-based models and the description logic foundation of semantic Web, in this pap...
Conference Paper
As semantic Web grows, security concerns increase. One concern is controlling accesses to resources in this environment. In order to infer whether the access is allowed or not, different information of different entities including contextual information should be involved. From access control point of view, we divide the entities in semantic Web in...
Article
Full-text available
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mecha...
Conference Paper
The decentralized security management in a pervasive computing environment, requires apportioning the environment into several security domains. In each security domain, an administrator (we call it authority) is responsible for specifying the security policies of the domain. Overlapping of security domains results in the requirement of cooperative...
Conference Paper
In order to overcome the shortcomings of the recent frameworks and mechanisms for semantic-based access control, this paper presents a semantic-based, context-aware, and multi-domain enabled framework implementing a semantic-based access control mechanism for Semantic Web. The access control framework is based on the MA(DL)2 model, which takes the...
Article
Mandatory access control has traditionally been employed as a robust security mechanism in critical environments like military ones. As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Aggregating mandatory models with context-awareness would provide us with ess...
Conference Paper
With technical advancement of location technologies and their widespread adoption, information regarding physical location of individuals is becoming more available, augmenting the development and growth of location-based services. As a result of such availability, threats to location privacy are increasing, entailing more robust and sophisticated...
Article
With the advent of semantic technology, access control cannot be done in a safe way unless the access decision takes into account the semantic relationships among the entities in a semantic-aware environment. The SBAC model (semantic based access control model) considers this issue in its decision making process. However, time plays a crucial role...
Conference Paper
Full-text available
With the advent of semantic technology, access control cannot be done in a safe way unless the access decision takes into account the semantic relationships among the entities in a semantic-aware environment. SBAC model considers this issue in its decision making process. However, time plays a crucial role in new computing environments which is not...
Conference Paper
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments like military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes may be required in some environments. More...
Conference Paper
By the immense growth of the Web-based social networks (WBSNs), the role of trust in connecting people together through WBSNs is getting more important than ever. In other words, since the probability of malicious behavior in WBSNs is increasing, it is necessary to evaluate the reliability of a person before trying to communicate with. Hence, it is...
Conference Paper
In multi-domain environments, authorization policies for each administrative domain are determined by either one administrator or through cooperation of multiple administrators. Proposed logic-based models for multi-domain environments' authorization neither consider an administrator as the legislator of a policy in policies' representation nor spe...
Conference Paper
Full-text available
Traditionally, to handle security for stand-alone computers and small networks, user authentication and access control mechanisms would be almost enough. However, considering distributed networks such as the Internet and pervasive environments, these kinds of approaches are confronted with flexibility challenges and scalability problems. This is ma...
Conference Paper
Traditionally, to handle security for stand-alone computers and small networks, user authentication and access control mechanisms would be almost enough. However, considering distributed networks such as the Internet and pervasive environments , these kinds of approaches confront with flexibility challenges and scalability problems. This is mainly...
Chapter
Authorization policies for an administrative domain or a composition of multiple domains in multi-domain environments are determined by either one administrator or multiple administrators’ cooperation. Several logic-based models for multi-domain environments’ authorization have been proposed; however, they have not considered administrators and adm...
Article
Full-text available
In distributed system, especially in pervasive environments, security requirements have became inexpressible. Expressiveness of an access control system is tightly dependent to access control model. In traditional access control models, security requirements were expressed using core model terms which could be confining. This paper tries to introdu...
Article
With the advent of semantic technology, access control cannot be done in a safe way unless the access decision takes into account the semantic relationships between entities in a semantic-aware environment. SBAC model considers this issue in the decision making process. However, time plays a crucial role in new computing environments which is not s...
Conference Paper
Full-text available
In pervasive computing environments, a user can access resources and services from any where and at any time; thus a key security challenge in these environments is the design of an effective access control model which is aware of context modifications. Changes in context may trigger changes in authorizations. In this paper, we propose a new contex...
Conference Paper
Role-Based Access Control (RBAC) model is naturally suitable to organizations where users are assigned organizational roles with well-defined privileges. However, due to the large number of users in nowadays online services of organizations and enterprises, assigning users to roles is a tiresome task and maintaining user-role assignment up- to-date...
Conference Paper
As a security principle, separation of duty (SoD) is widely considered in computer security. In the role-based access control(RBAC) model, separation of duty constraints enforce conflict of interest policies. There are two main types of separation of duty policies in RBAC, Static SoD (SSoD) and Dynamic SoD (DSoD). In RBAC, Statically Mutually Exclu...
Conference Paper
Full-text available
Pervasive computing environments introduce new requirements in expressiveness and flexibility of access control policies which are almost addressable leveraging contextual information. Although context-awareness augments the expressiveness of policies, it increases the probability of arising conflicts. Generally, context-aware authorizations are de...
Conference Paper
Role based access control (RBAC) model is naturally suitable to organizations where users are assigned organizational roles with well-defined privileges. Nowadays, many organizations and enterprises such as banks, insurance industry and utility companies, provide online services to their very large number of users. This shows that assigning users t...
Conference Paper
Full-text available
High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access control mo...
Article
With the growing rate of network attacks, intelligent methods for detecting new attacks have attracted increasing interest. The RT-UNNID system, introduced in this paper, is one such system, capable of intelligent real-time intrusion detection using unsupervised neural networks. Unsupervised neural nets can improve their analysis of new data over t...
Article
Full-text available
Semantic Web is a vision for future of the current Web which aims at automation, integration and reuse of data among different Web applications. Access to resources on the Semantic Web can not be con-trolled in a safe way unless the access decision takes into account the semantic relationships among entities in the data model under this en-vironmen...
Conference Paper
Full-text available
Although the prevention of Distributed Denial of Service (DDoS) attacks is not possible, detection of such attacks plays main role in preventing their progress. In the flooding attacks, especially new sophisticated DDoS, the attacker floods the network traffic toward the target computer by sending pseudo-normal packets. Therefore, multi-purpose IDS...
Article
Full-text available
Semantic Web is the vision for future of current Web which aims at automation, integration and reuse of data among different Web applications. The shift to Semantic Web applications poses new require-ments for security mechanisms especially in the access control models as a critical component of security systems. Access to resources can not be cont...
Article
Full-text available
This paper introduces the Unsupervised Neural Net based Intrusion Detector (UNNID) system, which detects network-based intrusions and attacks using unsupervised neural networks. The system has facilities for training, testing, and tunning of unsupervised nets to be used in intrusion detection. Using the system, we tested two types of unsupervised A...
Article
Full-text available
Security policy specification and inference in semantic-aware environments (e.g., Se-mantic Web) is one of the main concerns in them. MA(DL) 2 logical languages family is proposed to facilitate specification of security policies and also inference of im-plicit ones following the semantic relationships defined in the conceptual (abstract) layer of t...
Article
Semantic technology provides an abstraction layer above existing computational envi-ronments, especially the Web, to give information a well-defined meaning. Moving toward semantic-aware environments imposes new security requirements. One of the most important requirement is the authorization and security policy inference based on the existing sema...

Network

Cited By