Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD
Abstract
Search engines like Shodan play an important role in the device mapping process and vulnerability tracking. However, the integration, the coding and the analysis processing by domain experts may be complex due to the large volume of data generated by these systems. Our work features a new, high-level abstraction for efficient analysis and an API for easy data integration. In our abstraction, code complexity is hidden by using a set of functional operators close to the domain area. We validated the usability of our library based on a case study involving critical vulnerabilities to the LGPD. Our results identified many accessible databases and systems being exposed for months with multiple high-risk confidentiality flaws.
References
Al-Alami, H. et al. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. In Int. Conf. on the Applications of Inf. Tech. in Developing Renewable Energy Processes Systems.
Bennett, C. et al. (2021). Empirical scanning analysis of Censys and Shodan. In Workshop on Measurements, Attacks, and Defenses for the Web.
Daskevics, A. e Nikiforova, A. (2021). ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In Int. Conf. on Intelligent Data Science Technologies and Applications, pages 38–45.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proc. of ACM SIGSAC Conf. on Computer and Comm. Security.
Huq, N. et al. (2017). US Cities Exposed in Shodan. Technical report, Trend Micro. Disponível em: https://bit.ly/3HOrXGXf. Acessado em 26/05/2023.
IBM Security (2021). Cost of a data breach report 2022. Technical report, IBM. Disponível em: https://ibm.co/3M7gXH6. Acessado em 26/05/2023.
Li, R. et al. (2020). A Survey on Cyberspace Search Engines. In China Cyber Security Annual Conference, pages 206–214.
Nobre, J., Lopes, R., Gomes, M., e de Oliveira, N. (2019). Segurança da Informação para Internet das Coisas (IoT): uma Abordagem sobre a Lei Geral de Proteção de Dados (LGPD). Revista Eletrônica de Iniciação Científica em Computação, 17(4).
Novianto, B. et al. (2021). Vulnerability Analysis of Internet Devices from Indonesia Based on Exposure Data in Shodan. IOP Conf. Series: Materials Science and Engineering, 1115(1).
Raikar, M. M. e Maralappanavar, M. S. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540.
Silva, R. D. e Borges, L. (2021). A implementação da Lei Geral de Proteção de Dados: Um estudo de caso sobre a LGPD na cooperativa de crédito na cidade de Franca-SP. Revista Eletrônica de Computação Aplicada, 2(2).
Bennett, C. et al. (2021). Empirical scanning analysis of Censys and Shodan. In Workshop on Measurements, Attacks, and Defenses for the Web.
Daskevics, A. e Nikiforova, A. (2021). ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In Int. Conf. on Intelligent Data Science Technologies and Applications, pages 38–45.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proc. of ACM SIGSAC Conf. on Computer and Comm. Security.
Huq, N. et al. (2017). US Cities Exposed in Shodan. Technical report, Trend Micro. Disponível em: https://bit.ly/3HOrXGXf. Acessado em 26/05/2023.
IBM Security (2021). Cost of a data breach report 2022. Technical report, IBM. Disponível em: https://ibm.co/3M7gXH6. Acessado em 26/05/2023.
Li, R. et al. (2020). A Survey on Cyberspace Search Engines. In China Cyber Security Annual Conference, pages 206–214.
Nobre, J., Lopes, R., Gomes, M., e de Oliveira, N. (2019). Segurança da Informação para Internet das Coisas (IoT): uma Abordagem sobre a Lei Geral de Proteção de Dados (LGPD). Revista Eletrônica de Iniciação Científica em Computação, 17(4).
Novianto, B. et al. (2021). Vulnerability Analysis of Internet Devices from Indonesia Based on Exposure Data in Shodan. IOP Conf. Series: Materials Science and Engineering, 1115(1).
Raikar, M. M. e Maralappanavar, M. S. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540.
Silva, R. D. e Borges, L. (2021). A implementação da Lei Geral de Proteção de Dados: Um estudo de caso sobre a LGPD na cooperativa de crédito na cidade de Franca-SP. Revista Eletrônica de Computação Aplicada, 2(2).
Published
2023-09-18
How to Cite
PONCE, Lucas M. et al.
Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 15-28.
DOI: https://doi.org/10.5753/sbseg.2023.233114.
