Minicursos da XVII Escola Regional de Redes de Computadores


Diego Luis Kreutz (ed.)
Rodrigo Brandão Mansilha (ed.)
Charles Christian Miers (ed.)


Este livro reúne os textos dos minicursos da XVII Escola Regional de Redes de Computadores e Sistemas Distribuídos (ERRC 2019), realizada em Alegrete/RS entre os dias 16 e 19 de setembro de 2019. Os minicursos da ERRC visam apresentar temas emergentes e relevantes nas áreas de Redes de Computadores, Sistemas Distribuídos e Segurança da Informação para profissionais, alunos de Pós-Graduação e alunos de Iniciação Científica.


1. Introdução aos Blockchains: Teoria e Prática
João Otávio Chervinski, Felipe Homrich Melchior, Rafael Fernandes, Guilherme Neri Bustamante Sa, Lucas Antunes, Diego Luis Kreutz, Rodrigo Brandão Mansilha
2. Introdução à Propriedades Básicas e Avançadas de Segurança da Informação
Diego Luis Kreutz, Sabrina Carlé Winckler, Rodrigo de Oliveira Barbosa, João Otávio Chervinski, Tadeu Sobral Jenuário
3. Introdução à linguagem de programação P4, o futuro das redes
Pedro Eduardo Camera, Alisson Borges Zanetti
4. Análise do tráfego de máquinas virtuais na rede de controle de nuvens computacionais baseadas em OpenStack
Charles Christian Miers, Guilherme Piêgas Koslovski, Maurício Aronne Pillon, Adnei Willian Donatti
5. Introdução à Web Application Firewalls (WAFs): Teoria e Prática
Felipe Homrich Melchior, Diego Luis Kreutz, Maurício Aronne Pillon, Fernando Flora, Isadora Ferrão, Rafael Fernandes, Thiago Escarrone, Douglas Macedo


Não há dados estatísticos.


Abbas, Q. E. and Sung-Bong, J. (2019). A Survey of Blockchain and Its Applications. In ICAIIC, pages 001–003.

Acunetix (2019). Web Application Vulnerability Report.

Adkisson, J. (2018). Why bitcoin is so volatile.

Aishwarya. K and Sankar, S. (2015). Traffic analysis using hadoop cloud. In 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pages 1–6.

Al-Jaroodi, J. and Mohamed, N. (2019). Blockchain in Industries: A Survey. IEEE Access, 7:36500–36515.

Alwen, J., Coretti, S., and Dodis, Y. (2019). The double ratchet: security notions, proofs, and modularization for the signal protocol. In Int. Conf. on the Theory and Applications of Cryptographic Techniques, pages 129–158.

Arkko, J., Norrman, K., Näslund, M., and Sahlin, B. (2015). A usim compatible 5g aka protocol with perfect forward secrecy. In 2015 IEEE Trustcom/BigDataSE/ISPA, volume 1, pages 1205–1209. IEEE.

Arsenault, C. (2017). Perfect Forward Secrecy – Why You Should Be Using It.

Bernat, V. (2011). TLS & Perfect Forward Secrecy.

Blattberg, E. (2014). New Jersey slaps MIT Bitcoin hackers with subpoena — and they’re fighting back.

Bohn, R. B., Messina, J., ai Liu, F., Tong, J., and Mao, J. (2011). Nist cloud computing reference architecture. 2011 IEEE World Congress on Services, pages 594–596.

Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., and Walker, D. (2014). P4: Programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev., 44(3):87–95.

Braun, H.-W. and Claffy, K. C. (1995). Web traffic characte- rization: an assessment of the impact of caching documents from ncsa’s web server. Computer Networks and ISDN Systems, 28(1):37 – 51. Selected Papers from the Se- cond World-Wide Web Conference.

Brumley, B. B. and Tuveri, N. (2011). Remote timing attacks are still practical. In ESORICS, pages 355–371.

Chandramouli, R. (2014). Security recommendations for hypervisor deployment. US Department of Commerce, National Institute of Standards and Technology.

Chen, D. and Zhao, H. (2012). Data security and privacy protection issues in cloud computing. In 2012 International Conference on Computer Science and Electronics Engineering, volume 1, pages 647–651.

Chen, W., Xu, Z., Shi, S., Zhao, Y., and Zhao, J. (2018). A survey of blockchain applications in different domains. In Proceedings of the ICBTA, pages 17– 21, New York, NY, USA. ACM. 3301407

Chowdhury, N. M. K. and Boutaba, R. (2010). A survey of network virtualization. Computer Networks, 54(5):862–876.

Chudnov, A., Collins, N., Cook, B., Dodds, J., Huffman, B., MacCárthaigh, C., Magill, S., Mertens, E., Mullen, E., Tasiran, S., Tomb, A., and Westbrook, E. (2018). Continuous Formal Verification of Amazon s2n. In Computer Aided Verification, pages 430–446. Springer.

Cimpanu, C. (2019). Security bug would have allowed hackers access to Google’s internal network.

Clincy, V. and Shahriar, H. (2018). Web Application Firewall: Network Security Models and Configuration. In 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), volume 01, pages 835–836.

CloudLab (2019).

Cohn-Gordon, K., Cremers, C., and Garratt, L. (2016). On post-compromise security. In IEEE 29th CSF, pages 164–178. IEEE.

Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., and Milner, K. (2018). On ends-to-ends encryption: Asynchronous group messaging with strong security guarantees. In ACM SIGSAC CCS, pages 1802–1819.

Cointopper (2018). Difference between asic, gpu and cpu mining.

Convergência Digital (2016). Ataques hackers provocaram um prejuízo de R$ 30 bilhões no Brasil.

Cremers, C. and Feltz, M. (2012). Beyond eck: Perfect forward secrecy under actor compromise and ephemeral-key reveal. In ESORICS, pages 734–751. Springer.

Cremers, C. J. F. (2006). Scyther: Semantics and verification of security protocols. Eindhoven University of Technology Eindhoven.

Dai, H., Zheng, Z., and Zhang, Y. (2019). Blockchain for internet of things: A survey. CoRR, abs/1906.00245.

Dainotti, A., Pescape, A., and Ventre, G. (2006). A packet-level characterization of network traffic. In 2006 11th International Workshop on ComputerAided Modeling, Analysis and Design of Communication Links and Networks, pages 38–45.

Dawson, M. (2018). Red Hat Global Customer Tech Outlook 2019: Automation, cloud, & security lead funding priorities.

Dierks, T. and Rescorla, E. (2008). The transport layer security (tls) protocol version 1.2. RFC 5246, RFC Editor.

Escarrone, T., Kreutz, D., and Fiorenza, M. (2019). Uma Primeira Analise do Ecosistema HTTPS no Brasil. In 4o Workshop Regional de Segurança da Informação e de Sistemas Computacionais.

Eskandari, S., Leoutsarakos, A., Mursch, T., and Clark, J. (2018). A first look at browser-based cryptojacking. arXiv preprint arXiv:1803.02887.

Ferrão, I. G. (2018). Análise black-box de ferramentas de segurança na Web. Trabalho de conlusão de curso, Curso de Ciência da Computação, Universidade Federal Do Pampa.

Ferrão, I. G., de Macedo, D. D. J., and Kreutz, D. (2018). Investigação o do Impacto de Frameworks de Desenvolvimentode Software na Segurança de Sistemas Web. In 3o Workshop Regional de Segurança da Informação e de Sistemas Computacionais (WRSeg).

Funk, R., Epp, N., and A., C. C. (2018). Anomaly-based Web Application Firewall using HTTP-specific features and One-Class SVM. Revista Eletrônica Argentina-Brasil de Tecnologias da Informação e da Comunicação, 2(1).

Gibb, G., Varghese, G., Horowitz, M., and McKeown, N. (2013). Design principles for packet parsers. In Architectures for Networking and Communications Systems, pages 13–24, San Jose, CA, USA. IEEE.

Gill, P., Arlitt, M., Li, Z., and Mahanti, A. (2007). Youtube traffic characterization: A view from the edge. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, IMC ’07, pages 15–28, New York, NY, USA. ACM.

Gong, Y., Huang, W., Wang, W., and Lei, Y. (2015). A survey on software defined networking and its applications. Frontiers of Computer Science, 9(6):827–845.

HackerOne (2019). The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types.

Haleplidis, E., Hadi Salim, J., Denazis, S., and Koufopavlou, O. (2015). Towards a network abstraction model for sdn. Journal of Network and Systems Management, 23(2):309–327.

Hancock, D. and van der Merwe, J. (2016). Hyper4: Using p4 to virtualize the programmable data plane. In Proceedings of the 12th International on Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’16, pages 35–49, New York, NY, USA. ACM.

Hoffman, P. (2005). Algorithms for Internet Key Exchange version 1 (IKEv1). RFC 4109, RFC Editor.

Homsirikamol, E., Morawiecki, P., Rogawski, M., and Sre- brny, M. (2012). Security margin evaluation of SHA-3 contest finalists through SAT- based attacks. In IFIP Int. Conf. on Comp. Inf. Sys. and Ind. Man., pages 56–67.

Hong, G., Yang, Z., Yang, S., Zhang, L., Nan, Y., Zhang, Z., Yang, M., Zhang, Y., Qian, Z., and Duan, H. (2018). How you get shot in the back: A systematical study about cryptojacking in the real world. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1701– 1713. ACM.

Hoy, M. B. (2017). An introduction to the blockchain and its implications for libraries and medicine. Medical reference services quarterly, 36(3):273–279.

Huang, T., Yu, F. R., and Liu, Y.-j. (2016). Special issue on future network: Software-defined networking. Frontiers of Information Technology & Electronic Engineering, 17(7):603–605.

IEEE (2017). Special Report on Blockchain World. IEEE Spectrum, 10.

Jadeja, Y. and Modi, K. (2012). Cloud computing - concepts, architecture and challenges. In 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET), pages 877–880.

Jefferys, K. (2018). The Problem With ASICs.

Jenuario, T., Chervinski, J. O., Paz, G., and Kreutz, D. (2019). Verificação Automática de Protocolos de Segurança com a ferramenta Scyther. In 4o Workshop Regional de Segurança da Informação e de Sistemas Computacionais.

Kim, B. H., Koo, J. H., and Lee, D. H. (2006). Robust e-mail protocols with perfect forward secrecy. IEEE Communications Letters, 10(6):510–512.

Kivinen, T. and Kojo, M. (2003). More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). RFC 3526, RFC Editor.

Krawczyk, H. and Eronen, P. (2010). HMAC-based extract-and-expand key derivation function (HKDF). RFC 5869, RFC Editor. http: //

Krawczyk, H., Bellare, M., and Canetti, R. (1997). HMAC: Keyed-Hashing for Message Authentication. RFC 2104, RFC Editor.

Krebs, B. (2018). Who and what is coinhive?

Kreutz, D., Ramos, F. M. V., Veríssimo, P. E., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2015). Software-defined networking: A comprehensive survey. In Proceedings of the IEEE, volume 105, pages 14–76, Singapore. IEEE Computer Society.

Kreutz, D., Ramos, F. M. V., Veríssimo, P. E., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2015). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1):14–76.

Kreutz, D., Yu, J., Esteves-Verissimo, P., Magalhaes, C., and Ramos, F. M. V. (2017). The KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure. ArXiv e-prints.

Kreutz, D., Yu, J., Esteves-Veríssimo, P., Magalhães, C., and Ramos, F. M. V. (2018). The kiss principle in software-defined networking: A framework for secure communications. IEEE Security Privacy, 16(5):60–70.

Kreutz, D., Yu, J., Ramos, F. M. V., and Esteves-Verissimo, P. (2019). ANCHOR: Logically centralized security for software-defined networks. ACM Trans. Priv. Secur., 22(2):8:1–8:36.

Kreutz, D., Yu, J., Ramos, F., and Esteves-Verissimo, P. (2017). ANCHOR: logically-centralized security for Software-Defined Networks. ArXiv e-prints.

Krombholz, K., Hobel, H., Huber, M., and Weippl, E. (2015). Advanced social engineering attacks. J. of Inf. Sec. and applications, 22:113–122.

Krutz, R. L. and Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.

Lehmann, A. and Tackmann, B. (2018). Updatable encryption with post-compromise security. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 685–716. Springer.

Leskin, P. (2018). The 21 scariest data breaches of 2018. Último acesso em: 2019-04-05.

Li, L., Sun, J., Liu, Y., Sun, M., and Dong, J. (2018). "a formal specification and verification framework for timed security protocols". IEEE Trans. on Soft. Engineering, 44(8):725–746.

Ling, Z., Fu, X., Jia, W., Yu, W., Xuan, D., and Luo, J. (2013). Novel packet size-based covert channel attacks against anonymizer. IEEE Transactions on Computers, 62(12):2411–2426.

Machado, R., Kreutz, D., Paz, G., and Rodrigues, G. (2019). Vazamentos de Dados: Histórico, Impacto Socioeconômico e as Novas Leis de Proteção de Dados. In 4o Workshop Regional de Segurança da Informação e de Sistemas Computacionais.

Machado, R., Kreutz, D., Paz, G., and Rodrigues, G. (2019). Vazamentos de Dados: Histórico, Impacto Socioeconômico e as Novas Leis de Proteção de Dados. In 4o Workshop Regional de Segurança da Informação e de Sistemas Computacionais.

Marinoff, N. (2018). South korea is trialing blockchain voting — here’s what that means.

Mathur, N. (2018). Cybersecurity: Cryptojacking attacks exploded by 8,500% in 2017, says report.

McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). Openflow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev., 38(2):69–74.

McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). Openflow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev., 38(2):69–74.

medfar87 (2018). Cryptocurrency Growth & Adoption Statistics.

Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., and Savage, S. (2013). A fistful of bitcoins: characterizing payments among men with no names. In ACM IMC, pages 127–140. ACM.

Melchior, F., Kreutz, D., and Fiorenza, M. (2019). Web Application Firewalls (WAFs): o impacto do número de regras na latência das requisições Web. In 4o Workshop Regional de Segurança da Informação e de Sistemas Computacionais.

Mell, P. M. and Grance, T. (2011). Sp 800-145. the nist definition of cloud computing.

Meyer, C., Somorovsky, J., Weiss, E., Schwenk, J., Schinzel, S., and Tews, E. (2014). Revisiting SSL/TLS implementations: New bleichenbacher side channels and attacks. In 23rd USENIX Security Symposium, pages 733–748.

Min, T., Wang, H., Guo, Y., and Cai, W. (2019). Blockchain Games: A Survey. CoRR, abs/1906.05558.

Moosa, A. and Alsaffar, E. M. (2008). Proposing a Hybridintelligent Framework to Secure e-Government Web Applications. In Proceedings of the 2Nd International Conference on Theory and Practice of Electronic Governance, ICEGOV ’08, pages 52–59, New York, NY, USA. ACM.

Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.

Nguyen, T. T. T. and Armitage, G. (2008). A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys Tutorials, 10(4):56–76.

NIST (2018). Hash functions.

Olnes, S., Ubacht, J., and Janssen, M. (2017). Blockchain in government: Benefits and implications of distributed ledger technology for information sharing. Government Information Quarterly, 34(3):355 – 364.

OPEN NETWORK FOUNDATION (2016). Sdn architecture - a primer. Disponível em: Acessado: 1908-2019.

OpenStack (2019a). Openstack documentation.

OpenStack (2019b). What is openstack?

Panizzon, G., Battisti, J. H. F., Koslovski, G. P., Pillon, M. A., and Miers, C. C. (2019). A Taxonomy of container security on computational clouds: concerns and solutions. Revista de Informática Teórica e Aplicada, 26(1):47–59.

Pfaff, B., Pettit, J., Koponen, T., Jackson, E. J., Zhou, A., Rajahalme, J., Gross, J., Wang, A., Stringer, J., Shelar, P., Amidon, K., and Casado, M. (2015). The design and implementation of open vswitch. In Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation, NSDI’15, pages 117– 130, Berkeley, CA, USA. USENIX Association.

Poettering, B. and Rösler, P. (2018). Asynchronous ratcheted key exchange. Cryptology ePrint Archive.

Popov, S. (2014). The tangle.

Portinari, N. (2018). Ataques hackers são mais temidos por empresas que inflação e austeridade.

project, A. C. (2019). Apache cloudstack open source cloud computing.

Rao, G. R. K., Prasad, R. S., and Ramesh, M. (2016). Neutralizing Cross-Site Scripting Attacks Using Open Source Technologies. In Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, ICTCS ’16, pages 24:1–24:6, New York, NY, USA. ACM.

Rauchberger, J., Schrittwieser, S., Dam, T., Luh, R., Buhov, D., Pötzelsberger, G., and Kim, H. (2018). The other side of the coin: A framework for detecting and analyzing web-based cryptocurrency mining campaigns. In Proceedings of the 13th Int. Conf. on Availability, Reliability and Security, page 18. ACM.

Razzaq, A., Hur, A., Shahbaz, S., Masood, M., and Ahmad, H. F. (2013). Critical analysis on web application firewall solutions. In 2013 IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS), pages 1–6.

Rescorla, E. (1999). Diffie-hellman key agreement method. RFC 2631, RFC Editor.

Rescorla, E. (2018). The transport layer security (tls) protocol version 1.3. RFC 8446, RFC Editor.

Rietz, R., König, H., Ullrich, S., and Stritter, B. (2016). Firewalls for the Web 2.0. In 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), pages 242–253.

Rivest, R. L., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126.

Romani, B. (2016). : 6 casos de ataque hacker.

Rüth, J., Zimmermann, T., Wolsing, K., and Hohlfeld, O. (2018). Digging into Browser-based Crypto Mining. In ACM IMC, pages 70–76. ACM.

Rutishauser, D. (2017). About TLS Perfect Forward Secrecy and Session Resumption.

Saad, M., Khormali, A., and Mohaisen, A. (2018). End-to-End Analysis of In-Browser Cryptojacking. arXiv preprint arXiv:1809.02152.

Santiago da Silva, J., Boyer, F.-R., and Langlois, J. P. (2018). P4-compatible high-level synthesis of low latency 100 gb/s streaming packet parsers in fpgas. In Proceedings of the 2018 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, FPGA ’18, pages 147–152, New York, NY, USA. ACM.

Scarfone, K., Souppaya, M., and Hoffman, P. (2011). Guide to security for full virtualization technologies. NIST Special Publication, 800:125.

Schwartz, D., Youngs, N., Britto, A., et al. (2014). The Ripple protocol consensus algorithm.

Shete, S. and Dongre, N. (2017). Analysis amp; auditing of network traffic in cloud environment. In 2017 International Conference on Intelligent Computing and Control Systems (ICICCS), pages 97–100.

Singh, J. J., Samuel, H., and Zavarsky, P. (2018). Impact of Paranoia Levels on the Effectiveness of the ModSecurity Web Application Firewall. In 2018 1st International Conference on Data Intelligence and Security (ICDIS), pages 141–144.

Singh, S. and Jha, R. K. (2017). A survey on software defined networking: Architecture for next generation network. Journal of Network and Systems Management, 25(2):321–374.

Sood, K. and Xiang, Y. (2017). The controller placement problem or the controller selection problem? Journal of Communications and Information Networks, 2(3):1–9.

Srokosz, M., Rusinek, D., and Ksiezopolski, B. (2018). A New WAF-Based Architecture for Protecting Web Applications Against CSRF Attacks in Malicious Environment. In 2018 Federated Conference on Computer Science and Information Systems (FedCSIS), pages 391–395.

Sun, H.-M., Hsieh, B.-T., and Hwang, H.-J. (2005). Secure e-mail protocols providing perfect forward secrecy. IEEE Communications Letters, 9(1):58–60.

Thornburgh, T. (2004). Social engineering: the dark art. In 1st annual conf. on Information security curriculum development, pages 133–135. ACM.

Times, N. Y. (2018). Cybersecurity Firm Finds Way to Alter WhatsApp Messages.

Tschorsch, F. and Scheuermann, B. (2016). Bitcoin and beyond: A technical survey on decentralized digital currencies. IEEE Communi- cations Surveys & Tutorials, 18(3):2084–2123.

Vilela, G. S. (2006). Caracterização de tráfego utilizando classificação de fluxos de comunicação. Mestre em ciências em engenharia de sistemas e computação, Universidade Federal do Rio de Janeiro, Rio de Janeiro, Brasil.

Williamson, C. (2001). Internet traffic measurement. IEEE Internet Computing, 5(6):70–74.

Xia, W., Wen, Y., Foh, C. H., Niyato, D., and Xie, H. (2015). A survey on software-defined networking. IEEE Communications Surveys Tutorials, 17(1):27– 51.

Xie, J., Tang, H., Huang, T., Yu, F. R., Xie, R., Liu, J., and Liu, Y. (2019). A Survey of Blockchain Technology Applied to Smart Cities: Research Issues and Challenges. IEEE Communications Surveys Tutorials, 21(3):2794–2830.

Yang, R., Yu, F. R., Si, P., Yang, Z., and Zhang, Y. (2019). Integrated Blockchain and Edge Computing Systems: A Survey, Some Research Issues and Challenges. IEEE Communications Surveys Tutorials, 21(2):1508–1532.

Yang, W.-H. and Shieh, S.-P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8):727 – 733.

Yu, J., Ryan, M., and Cremers, C. (2018). DECIM: Detecting Endpoint Compromise In Messaging. IEEE Trans. on Information Forensics and Security, 13(1):106–118.

Zenger, C. T., Pietersz, M., and Paar, C. (2016). Preventing relay attacks and providing perfect forward secrecy using physec on 8-bit μc. In IEEE ICC, pages 110–115.

Zhang, Y., Juels, A., Reiter, M. K., and Ristenpart, T. (2014). Crosstenant side-channel attacks in paas clouds. In ACM SIGSAC CCS, pages 990–1003.

Zheng, Z., Xie, S., Dai, H.-N., Chen, X., and Wang, H. (2018).

Capa para Minicursos da XVII Escola Regional de Redes de Computadores
Data de publicação

Detalhes sobre o formato disponível para publicação: Volume Completo

Volume Completo
ISBN-13 (15)