En
  • دکتری (1397)

    مهندسی فناوری اطلاعات

    صنعتی امیرکبیر، تهران، ایران

  • کارشناسی‌ارشد (1389)

    امنیت اطلاعات

    صنعتی امیرکبیر، تهران، ایران

  • کارشناسی (1386)

    مهندسی فناوری اطلاعات

    صنعتی امیرکبیر، تهران، ایران

  • امنیت نرم‌افزار
  • تحلیل آسیب‌پذیری
  • روش‌های صوری در امنیت اطلاعات

    حسین همائی مدرک دکتری خود را در سال 1397 در رشته مهندسی فناوری اطلاعات از دانشگاه صنعتی امیرکبیر اخذ نمود. وی پیش از این موفق به اخذ کارشناسی مهندسی فناوری اطلاعات و کارشناسی ارشد امنیت اطلاعات از همین دانشگاه شده بود. او در حال حاضر استادیار دانشکده مهندسی برق و کامپیوتر در دانشگاه تربیت مدرس است. زمینه‌های تحقیقاتی مورد علاقه وی امنیت نرم‌افزار، تحلیل آسیب‌پذیری و روش‌های صوری در امنیت اطلاعات است.

    ارتباط

    رزومه

    Athena: A framework to automatically generate security test oracle via extracting policies from source code and intended software behaviour

    Hossein Homaei, Hamid Reza Shahriari
    Journal PapersInformation and Software Technology , Volume 107 , 2019 March 1, {Pages 112-124 }

    Abstract

    Context: Software security testing aims to check the security behaviour of a program. To determine whether the program behaves securely on a particular execution, we need an oracle who knows the expected security behaviour. Security test oracle decides whether test cases violate the intended security policies of the program. Thus, it is necessary for the oracle to model the detailed security policies. Unfortunately, these policies are usually poorly documented. Even worse, in some cases, the source code is the only available document of the program.Objective: We propose a method to automatically extract the intended security policies of the program under test from the source code and expected execution traces. We introduce a security test o

    OPEXA: analyser assistant for detecting over-privileged extensions

    Mina Sadat Khazaei, Hossein Homaei, Hamid Reza Shahriari
    Journal PapersIET Information Security , Volume 12 , Issue 6, 2018 June 6, {Pages 558-565 }

    Abstract

    Web browsers are enticing attack vectors because they provide an interface to the Internet. Extensions add capabilities to the browsers, and therefore are attractive to attackers. These capabilities are obtained through extension privileges. Some of these privileges are necessary for extensions to perform their claimed functionalities. However, an extension may have some unrequired privileges. Over-privileged extensions may be misused to compromise systems. The authors propose an Over-Privileged EXtension Analyser (OPEXA), to assist security experts in detecting suspicious extensions. OPEXA predicts the intended privileges of extensions based on their descriptions, which are stated by developers in natural language. They utilise this method

    Seven years of software vulnerabilities: The ebb and flow

    Hossein Homaei, Hamid Reza Shahriari
    Journal PapersIEEE Security & Privacy , Volume 15 , Issue 1, 2017 February 14, {Pages 58-65 }

    Abstract

    A seven-year study using National Vulnerability Database records determined not only which software vulnerabilities were the most common and most severe but also which ones should be prevented first to gain maximum benefit. By focusing on just seven vulnerability categories, security professionals could prevent 60 percent of all software vulnerabilities.

    Compositional Approach to Quantify the Vulnerability of Computer Systems

    Hossein Homaei, Hamid Reza Shahriari
    Journal PapersThe Computer Journal , Volume 54 , Issue 10, 2011 October , {Pages 1616-1631 }

    Abstract

    Although analyzing complex systems could be a complicated process, current approaches to quantify system security or vulnerability usually consider the whole system as a single component. In this paper, we propose a new compositional method to evaluate the vulnerability measure of complex systems. By the word composition we mean that the vulnerability measure of a complex system can be computed using pre-calculated vulnerability measures of its components. We define compatible systems to demonstrate which components could combine. Moreover, choice, sequential, parallel and synchronized parallel composition methods are defined and the measurement of the vulnerability in each case is presented. Our method uses a state machine to model the sys

    دروس نیمسال جاری

      داده ای یافت نشد

    دروس نیمسال قبل

    • كارشناسي ارشد
      روش هاي صوري در امنيت اطلاعات ( واحد)
      دانشکده مهندسی برق و کامپیوتر، گروه معماري سيستم هاي كامپيوتري
      داده ای یافت نشد
      داده ای یافت نشد
      داده ای یافت نشد
    • استعداد درخشان در مقطع کارشناسی ارشد در دانشگاه صنعتی امیرکبیر
    • استعداد درخشان در مقطع کارشناسی در دانشگاه صنعتی امیرکبیر
    • برگزیده سی و سومین جشنواره بین‌المللی خوارزمی

    مهم

    جدید

      اطلاعیه ای درج نشده است