Browsing by Author "Hefny, Hesham"

Now showing 1 - 6 of 6

BOEM: A Model for Automating Detection and Evolution of Distributed Ontologies in Multi-Agent Environment
(Institute of Statistical Studies and Research, Department of Computer Sciences, Faculty of Computers and Information, Cairo University, 2017) Soliman, Ashraf; Salah, Akram; Hefny, Hesham
Knowledge gives a strong support to autonomous agents in multi-agent systems and thus the evolution of agent’s knowledge needs a great attention since it has a control on agents’ behaviors and has effect on their decisions making. The problem is to allow agents to detect and decide whether they need more domain knowledge and allow their knowledge to evolve consistently and automatically. This paper utilizes ontologies to represent the internal knowledge of agents instead of utilizing them only as a shared conceptualization. Consequently, the paper proposes a model of bottom-up instance-driven ontology evolution that allows the internal ontologies of agents to evolve automatically and consistently in run time based on agents’ interactions. Experiments are designed and implemented to evaluate our model in different situations. One of its results shows that an empty internal ontology of one agent could evolve automatically in runtime by 88.3% through its interactions with other agents. Moreover, a comparison between the proposed approach and literature review approaches is presented to compare between their different features and techniques. This paper is considered a step forward to automate ontology evolution for agents in multiagent environment.
Limitations of current security measures to address information leakage attacks
(International Journal of Computer Science and Information Security, 2014) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
Information leakage attacks represent a serious threat for their widespread and devastating effects. Their significance stems from the fact that they are committed by an organization’s authorized computer users, and/or processes executing on their behalf. The diverse avenues that could be exploited to carry out such attacks add another barrier towards addressing them. Based on literature review, this paper explores strengths of security measures intended to confront information leakage attacks, and focuses on pinpointing their respective limitations. It demonstrates that only few of them are capable of mitigating such attacks, whereas the rest suffer from conceptual and/or implementation-related limitations that render them vulnerable to circumvention. They are basically prone to high false positive and/or false negative rates, complex to apply, inflexible during execution, suffer from degraded performance, or require hardware modification. Most importantly, neither of them provides a remedy for new undete
Modeling Distribution and Exchange of Domain Knowledge in Multi-agent Environment
(Department of Computer Sciences, Faculty of Computers and Information, Cairo University, 2017) Soliman, Ashraf; Salah, Akram; Hefny, Hesham
Multi-agent systems often dedicate a shared centralized ontology as domain knowledge but unfortunately they completely neglect the decentralized nature of domain knowledge. This nature implies distributing domain knowledge on domain’s agents rather than centralize it in a shared ontology. This paper comes to embrace the trend of decentralizing domain knowledge by proposing the knowledge distribution model. Furthermore, the paper also proposes a knowledge exchange model in which a protocol and two types of queries are designed and implemented for exchange knowledge between agents. Different situations are presented to address the problem and the proposed model gives positive results in manipulating with all of these situations. Distributing knowledge, especially on autonomous agents, solves many problems of keeping and maintaining knowledge in one place which is a bottle neck of knowledge management.
A Novel Approach to Address Information Leakage Attacks Based on Machine Virtualization
(LJS Publishing, 2014) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
In a traditional non-virtualized computer system the whole software stack is highly vulnerable to security breaches. This is mainly caused by the coexistence of deployed security systems in the same space as the potentially compromised operating system and applications that often run with administrative privileges. In such a structure, compromising, bypassing, disabling, or even subverting deployed security systems become trivial. Machine virtualization provides a powerful abstraction for addressing information security issues. Its isolation, encapsulation, and partitioning properties can be leveraged to reduce computer systems’ susceptibility to security breaches. This paper demonstrates that machine virtualization when employed and synthesized with cryptography would preserve information confidentiality even in an untrusted machine. It presents a novel information security approach called Virtualized Anti-Information Leakage (VAIL). Its objective is to thwart malicious software and insiders’ information leakage attacks on sensitive files after decryption in potentially compromised computer systems. VAIL’s defenses are evaluated against a variety of information leakage attacks including: (1) direct attacks launched on sensitive files from an untrusted virtual machine, and a compromised virtual machine monitor; and (2) indirect attacks exploiting covert storage and timing channels. Based on the security evaluation, it is concluded that VAIL effectively complied with the security requirements, and met its objective.
A proposed approach to detect and thwart previously unknown code injection attacks
(IEEE, 2015) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
This paper presents a proposed approach called VAIL System Call Monitor (YSCM) to detect and thwart previously unknown code injection attacks. The idea is based on the fact that any process needs to correctly invoke CreateProcessO system calls, otherwise child-process creation will fail. YSCM intercepts and verifies CreateProcessO system call invocations from a monitored process. In case an unknown executable is detected in the first parameter of a call, this indicates its maliciousness. In response, YSCM encrypts that parameter value to render the call invalid, thereby thwarting adversaries' attacks by preventing the operating system from loading and executing the new malicious child process. YSCM runs in a microkernel-based virtual machine in order to achieve two-fold advantages: (1) isolate security-critical information from probable adversaries' attacks; and (2) exploit security-related and performance-related advantages associated with thin virtual machine monitors. The expected effectiveness of YSCM is high since it is circumvention-proof, and precise in extracting the normal behavior of applications chosen to be monitored.
A proposed covert channel based on memory reclamation
(IEEE, 2015) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
This paper proposes a covert channel that is specific to virtual machine monitors (VMMs); it is called VMM memory reclamation-based covert storage channel. The paper describes a prospective information leakage attack that can be launched on security-critical processes running in a targeted virtual machine (VM) using the discovered covert channel. This attack exploits a widely adopted VM dynamic memory allocation mechanism called ballooning to breach inter-VM isolation. It involves two cooperating malicious processes: the sender process and the receiver process executing in two VMs: the target VM and the attacking VM respectively. Both VMs run concurrently on top of the same bare-metal VMM. Both malicious processes have access to the dynamically-allocated shared physical memory that is managed by the VMM, and multiplexed between both VMs. The malicious processes exploit the shared memory as a communication medium to leak confidential data. Through VMM memory reclamation-based covert storage channel, the sender process and the receiver process cooperate to force the VMM to reclaim memory pages from the target VM and allocate them to the attacking VM as extra memory space, thereby leaking information from the sender process to the receiver process.