@article { author = {Jalili, R.}, title = {Editorial}, journal = {The ISC International Journal of Information Security}, volume = {3}, number = {2}, pages = {67-68}, year = {2011}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2011.3.2.1}, abstract = {From the Editor-in-Chief}, keywords = {}, url = {https://www.isecure-journal.com/article_39187.html}, eprint = {https://www.isecure-journal.com/article_39187_02a72cd5e2c08752977e1ef03dc4906d.pdf} } @article { author = {Rogaway, P.}, title = {Constructing cryptographic definitions}, journal = {The ISC International Journal of Information Security}, volume = {3}, number = {2}, pages = {69-76}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.3.2.2}, abstract = {This paper mirrors an invited talk to ISCISC 2011. It is not a conventional paper so much as an essay summarizing thoughts on a little-talked-about subject. My goal is to intermix some introspection about definitions with examples of them, these examples drawn mostly from cryptography. Underpinning our discussion are two themes. The first is that definitions are constructed. They are invented by man, not unearthed from the maws of scientific reality. The second theme is that definitions matter. They have been instrumental in changing the character of modern cryptography, and, I suspect, have the potential to change the character of other fields as well.}, keywords = {}, url = {https://www.isecure-journal.com/article_39188.html}, eprint = {https://www.isecure-journal.com/article_39188_e0940a4c698e61601af3a094963afe69.pdf} } @article { author = {Farhadi, H. and AmirHaeri, M. and Khansari, M.}, title = {Alert correlation and prediction using data mining and HMM}, journal = {The ISC International Journal of Information Security}, volume = {3}, number = {2}, pages = {77-101}, year = {2011}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.3.2.3}, abstract = {Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which extracts useful and high-level alerts, and helps to make timely decisions when a security breach occurs. In this paper, we propose an alert correlation system consisting of two major components; first, we introduce an Attack Scenario Extraction Algorithm (ASEA), which mines the stream of alerts for attack scenarios. The ASEA has a relatively good performance, both in speed and memory consumption. Contrary to previous approaches, the ASEA combines both prior knowledge as well as statistical relationships. Second, we propose a Hidden Markov Model (HMM)-based correlation method of intrusion alerts, fired from different IDS sensors across an enterprise. We use HMM to predict the next attack class of the intruder, also known as plan recognition. This component has two advantages: Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations; Secondly, as we perform high-level prediction, the model is more robust against over-fitting. In contrast, other published plan-recognition methods try to predict exactly the next attacker action. We applied our system to DARPA 2000 intrusion detection scenario dataset. The ASEA experiment shows that it can extract attack strategies efficiently. We evaluated our plan-recognition component both with supervised and unsupervised learning techniques using DARPA 2000 dataset. To the best of our knowledge, this is the first unsupervised method in attack plan recognition.}, keywords = {Alert Correlation,Multistep Attack Scenario,Plan Recognition,Hidden Markov Model,Intrusion Detection,Stream Mining}, url = {https://www.isecure-journal.com/article_39189.html}, eprint = {https://www.isecure-journal.com/article_39189_db320a6fe3f9847fca93ce48c76a7766.pdf} } @article { author = {Derakhshandeh, Z. and Tork Ladani, B.}, title = {A model for specification, composition and verification of access control policies and its application to web services}, journal = {The ISC International Journal of Information Security}, volume = {3}, number = {2}, pages = {103-120}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.3.2.4}, abstract = {Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new independent formal model called Constrained Policy Graph (CPG) for specification of ACPs and their composition as well as verification of conflict or incompatibility among the ACPs is represented. It is shown how CPG can be used in modeling and verification of web service composition ACPs. Also the application of CPG for modeling policies in BPEL processes -as the most common composition method for web services- is illustrated.}, keywords = {Access Control Policy (ACP),Verification,Web Service Composition,BPEL,Constrained Policy Graph (CPG)}, url = {https://www.isecure-journal.com/article_39190.html}, eprint = {https://www.isecure-journal.com/article_39190_b336242ee5b0596f6d483b6191106c58.pdf} } @article { author = {Soltani, S. and Hadavi, M. and Jalili, R.}, title = {Separating indexes from data: a distributed scheme for secure database outsourcing}, journal = {The ISC International Journal of Information Security}, volume = {3}, number = {2}, pages = {121-133}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.3.2.5}, abstract = {Database outsourcing is an idea to eliminate the burden of database management from organizations. Since data is a critical asset of organizations, preserving its privacy from outside adversary and untrusted server should be warranted. In this paper, we present a distributed scheme based on storing shares of data on different servers and separating indexes from data on a distinct server. Shamir's secret sharing scheme is used for distributing data to data share servers. A B+-tree index on the order preserved encrypted values for each searchable attribute is stored in the index server. To process a query, the client receives responses including record numbers from the index server and asks these records from data share servers. The final result is computed by the client using data shares. While the proposed approach is secure against different database attacks, it supports exact match, range, aggregation, and pattern matching queries efficiently. Simulation results show the prominence of our approach in comparison with the bucketing scheme as it imposes lower computation and communication costs on the client.}, keywords = {Database Security,Database Outsourcing,Encrypted Database,Query on Encrypted Data}, url = {https://www.isecure-journal.com/article_39191.html}, eprint = {https://www.isecure-journal.com/article_39191_19d4d5b090dc1e3b21ce7f4d21469445.pdf} }