Autenticação Contínua de Usuários em Aplicações Seguras na Web
Abstract
Secure web applications are high reliant of their user authentication. The access data, in general “username” and “password”, can be easily stolen from inadvertent users, common practice nowadays. Using these authentication data, the attacker passes the initial authentication phase as a legitimate user, what turns the task to detect this intrusion in a non trivial mission. In this scenario, a continuous analysis of the application use is extremely important and a complement to the initial authentication. This work presents a method of continuous authentication based in a metric of confidence for secure web applications.
References
GAMBETTA, D. "Trust: Making and Breaking Cooperative Relations", capítulo 13. Disponível em <http://www.sociology.ox.ac.uk/papers/trustbook.html>. Acesso em: Fev. 2005.
THE INTERNET ENGINEERING TASK FORCE (IETF), "RFC 2616 Hypertext Transfer Protocol HTTP/1.1", Jun.1999, Disponível em: [link]. Acesso em: Nov.2004.
INTERNET FRAUD COMPLAINT CENTER, "IFCC Annual Internet Fraud Report", Dec. 2002. Disponível em: [link]. Acesso em Jun. 2004.
JONES, S. and MARSH S. "Human-Computer-Human Interaction: Trust in CSCW". ACM SIGCHI Bulletin, V.29, n.3, p.36-40, Jul. 1997.
MARSH, S. "Formalising Trust as a Computional Concept". Ph.D.Thesis. Department of Mathematics and Computer Science, University of Stirling. 1994.
PLATZER, C. "Trust-Based security in web services". Master's Thesis - Technical University of Vienna. Austria 2004.
RUGGIERO, W. V. "Modelo de Segurança para redes Ad.Hoc". 97p. Tese (Livre-Docência) - Escola Politécnica, Universidade de São Paulo. São Paulo, 2002.
SCHNEIER, B., "Segurança.com: Segredos e mentiras sobre a proteção na vida digital". Tradução Daniel Vieira. Rio de Janeiro: Campus, 2001. 385 p.
SHANKAR, N. e ARBAUGH, C. "On Trust for Ubiquitous Computing". Workshop on Security on Ubiquitous Computing (UBICOMP'02): Göteborg, Sweden. Set. 2002.
STALLINGS, W., "Data and Computer Communications". Fifth Ed. Prentice Hall, 1996. 798p.
THE INTERNET ENGINEERING TASK FORCE (IETF), "RFC 2616 Hypertext Transfer Protocol HTTP/1.1", Jun.1999, Disponível em: [link]. Acesso em: Nov.2004.
INTERNET FRAUD COMPLAINT CENTER, "IFCC Annual Internet Fraud Report", Dec. 2002. Disponível em: [link]. Acesso em Jun. 2004.
JONES, S. and MARSH S. "Human-Computer-Human Interaction: Trust in CSCW". ACM SIGCHI Bulletin, V.29, n.3, p.36-40, Jul. 1997.
MARSH, S. "Formalising Trust as a Computional Concept". Ph.D.Thesis. Department of Mathematics and Computer Science, University of Stirling. 1994.
PLATZER, C. "Trust-Based security in web services". Master's Thesis - Technical University of Vienna. Austria 2004.
RUGGIERO, W. V. "Modelo de Segurança para redes Ad.Hoc". 97p. Tese (Livre-Docência) - Escola Politécnica, Universidade de São Paulo. São Paulo, 2002.
SCHNEIER, B., "Segurança.com: Segredos e mentiras sobre a proteção na vida digital". Tradução Daniel Vieira. Rio de Janeiro: Campus, 2001. 385 p.
SHANKAR, N. e ARBAUGH, C. "On Trust for Ubiquitous Computing". Workshop on Security on Ubiquitous Computing (UBICOMP'02): Göteborg, Sweden. Set. 2002.
STALLINGS, W., "Data and Computer Communications". Fifth Ed. Prentice Hall, 1996. 798p.
Published
2005-09-26
How to Cite
VÉRAS, Alisson L. M.; RUGGIERO, Wilson V..
Autenticação Contínua de Usuários em Aplicações Seguras na Web. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 5. , 2005, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2005
.
p. 40-51.
DOI: https://doi.org/10.5753/sbseg.2005.21522.
