Minicursos do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais

Autores

Marco A. A. Henriques (ed.)
Unicamp
Routo Terada (ed.)
USP
Daniel Macêdo Batista (ed.)
USP

Sinopse

O Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg) é o principal fórum nacional para a apresentação de resultados de pesquisas e atividades relevantes ligadas à segurança da informação, de protocolos de dados e de sistemas.

Nesta edição do SBSeg (2019), 13 propostas de minicursos foram submetidas, um número significativo que demonstra a relevância e o interesse da comunidade em temas atuais da área. Dentre estas propostas, quatro foram selecionadas para publicação e apresentação, representando assim uma taxa de aceitação de 30%. Este livro reúne os quatro capítulos produzidos pelos autores das propostas de minicursos aceitas.

O Capítulo 1 trata de um dos grandes desafios para a segurança da informação na atualidade: a criação e manutenção confiáveis de uma identidade digital para cada usuário. Com o advento dos blockchains, novas possibilidades de atribuição e controle de identidades digitais surgiram e este capítulo busca trazer para os leitores uma discussão teórica e atividades práticas sobre emissão e gerenciamento de identificadores descentralizados, além de autenticação e revogação de credenciais.

O Capítulo 2 busca mostrar como a área de segurança pode se beneficiar dos enormes avanços obtidos recentemente nas áreas de ciência de dados e aprendizagem de máquina. O objetivo é conseguir descobrir informações relevantes do ponto de vista da segurança que podem estar ocultas em meio a uma grande quantidade de dados não suspeitos produzidos por ferramentas de segurança e pelos sistemas operacionais. Os conceitos-chave da área serão discutidos e vários exemplos práticos serão demonstrados com o uso de ferramentas gratuitas.

O Capítulo 3 traz uma abordagem mais profunda sobre blockchains, visto que esta ferramenta está se tornando cada vez mais utilizada em diversas áreas, inclusive a da segurança. Dentre as diversas tecnologias adotadas em blockchains, este capítulo dá ênfase ao mecanismo de consenso, um dos principais atores nos quesitos desempenho e segurança da cadeia. Os mecanismos de consenso mais utilizados atualmente exigem um grande poder computacional para operarem satisfatoriamente e proverem um nível de segurança aceitável. Neste contexto, serão apresentados e discutidos os principais tipos de blockchain e seus mecanismos de consenso, bem como experimentos que ilustram na prática diferentes aspectos de segurança nas implementações atuais.

Concluindo este livro, o Capítulo 4 põe o foco em outra face da segurança que tem chamado bastante a atenção da sociedade: trata-se das aplicações maliciosas que, após infectarem um dispositivo, buscam se ocultar das mais variadas formas a fim de escaparem da detecção por mecanismos de segurança e por perícias forenses, mesmo quando estão em execução. Este minicurso mostra a aplicação de técnicas de engenharia reversa para análise de aplicações maliciosas no ambiente Linux, as quais são exemplificadas tanto nos modos kernel como usuário com base em seu traço dinâmico de execução e em técnicas de depuração de código.

Capítulos:

1. Identidade Digital Descentralizada: Conceitos, aplicações, iniciativas, plataforma de desenvolvimento e implementação de caso de uso
Emilio Tissato Nakamura, Fernando Cezar Herédia Marino, José Reynaldo Formigoni Filho, Sérgio Luís Ribeiro, Vítor Padilha de Oliveira
2. Aprendizado de Máquina para Segurança: Algoritmos e Aplicações
Fabrício Ceschin, Luis S. Oliveira, André Grégio
3. Análise de mecanismos para consenso distribuído aplicados a Blockchain
Charles C. Miers, Guilherme P. Koslovski, Maurício A. Pillon, Marcos A. Simplício Jr., Tereza C. M. B. Carvalho, Bruno B. Rodrigues, João H. F. Battisti
4. Introdução à Engenharia Reversa de Aplicações Maliciosas em Ambientes Linux
Marcus Botacin, Lucas Galante, Otávio Silva, Paulo Lício de Geus

Downloads

Não há dados estatísticos.

Referências

A. Demers, D. Greene, C. Hauser, W. Irish, J. Larson, S. Shenker, H. Sturgis, D. Swinehart, and D. Terry, “Epidemic algorithms for replicated database maintenance,” in Proceedings of the Sixth Annual ACM Symposium on Principles of Distributed Computing, ser. PODC ’87. New York, NY, USA: ACM, 1987, pp. 1–12. [Online]. Available: http://doi.acm.org/10.1145/41840.41841

A. Kiayias and G. Panagiotakos, “On trees, chains and fast transactions in the blockchain,” Cryptology ePrint Archive, Report 2016/545, 2016, https://eprint.iacr.org/2016/545.

A. Rot and B. Blaicke, “Blockchain’s future role in cybersecurity. analysis of defensive and offensive potential leveraging blockchain-based platforms,” in 9th International Conference on Advanced Computer Information Technologies (ACIT), 2019.

A. Singh, T. Ngan, P. Druschel, and D. S. Wallach, “Eclipse Attacks on Overlay Networks: Threats and Defenses,” in Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications, Apr. 2006, pp. 1–12.

Aadhaar. ‘Unique Identification Authority of India’. Disponível: https://uidai.gov.in. Acessado Julho 2019.

Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., Corrado, G. S., Davis, A., Dean, J., Devin, M., Ghemawat, S., Goodfellow, I., Harp, A., Irving, G., Isard, M., Jia, Y., Jozefowicz, R., Kaiser, L., Kudlur, M., Levenberg, J., Mané, D., Monga, R., Moore, S., Murray, D., Olah, C., Schuster, M., Shlens, J., Steiner, B., Sutskever, I., Talwar, K., Tucker, P., Vanhoucke, V., Vasudevan, V., Viégas, F., Vinyals, O., Warden, P., Wattenberg, M., Wicke, M., Yu, Y., and Zheng, X. (2015). TensorFlow: Large-scale machine learning on heterogeneous systems. Software available from tensorflow.org.

ABNT/CEE-307. Blockchain e tecnologias de registro distribuídas – Conceitos e elementos da tecnologia Blockchain – Parte 6: Segurança, privacidade e identidade. Disponível em: [link]. Acesso em 09/08/2019.

Aelf, “aelf - A Multi-Chain Parallel Computing Blockchain Framework,” June 2018, Accessed: 2019-07-04. [Online]. Available: https://aelf.io/gridcn/aelf_whitepaper_EN.pdf?v=1.6

Afonso, V. M., de Amorim, M. F., Grégio, A. R. A., Junquera, G. B., and de Geus, P. L. (2015). Identifying android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques, 11(1):9–17.

Albert Bifet, Ricard Gavalda, G. H. B. P. (2018). Machine Learning for Data Streams with Practical Examples in MOA. MIT Press. https://moa.cms.waikato.ac.nz/book/.

Ali, M., Nelson, J., Shea, R., Freedman, M. J. ‘Blockstack: A Global Naming and Storage System Secured by Blockchains’. 2016 USENIX Annual Technical Conference (USENIX ATC 16), Denver, CO, 2016, pp. 181–194. Disponível: https://www.usenix.org/node/196209. Acessado Julho 2019.

Almeida, P., Oliveira, L., Britto, A., and Sabourin, R. (2015). Dealing with concept drifts using dynamic ensembles of classifiers. Tesis presented as partial requirement for the degree of Doctor. Graduate Program in Informatics, Sector of Exact Sciences, Universidade Federal do Paraná.

Alves, P., Brobecker, J., Evans, D., and Zaretskii, E. (2017). Gdb: The gnu project debugger. https://www.gnu.org/software/gdb/.

Android (2017). System and kernel security. [link]. Acessado em: Abril/2017.

AppArmor, W. (2019). Apparmor project wiki. http://wiki.apparmor.net.

Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., and Rieck, K. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In NDSS.

Aublin, P. L., Mokhtar, S., B., Quéma, V. ‘RBFT: Redundant Byzantine Fault Tolerance’. Distributed Computing Systems (ICDCS), 2013 IEEE 33rd International Conference on, 2013, pp. 297–306. Disponível: https://pakupaku.me/plaublin/rbft/5000a297.pdf. Acessado Maio 2019.

B. Curran, “What is delegated proof of stake consensus? (DPoS) complete beginner’s guide,” 2018.

B. Rodrigues, E. J. Scheid, R. Blum, T. Bocek, and B. Stiler, “Blockchain and Smart Contracts – From Theory to Practice,” in Tutorials of IEEE International Conference on Blockchain and Cryptocurrency. Seoul, South Korea: IEEE Computer Society Press, May 2019, p. 31. [Online]. Available: [link].

B. Rodrigues, T. Bocek, and B. Stiller, “Enabling a cooperative , multi-domain DDoS defense by a Blockchain signaling system (BloSS),” in Proc. of the 42nd IEEE Conference on Local Computer Networks 2017 (LCN) – Demos, 2017, pp. 1–3.

Baena-García, M., del Campo-Ávila, J., Fidalgo, R., Bifet, A., Gavaldà, R., and Morales-Bueno, R. (2006). Early drift detection method.

Beegle, L. E. (2007). Rootkits and their effects on information security. Inf. Sys. Sec., 16(3):164–176.

BENNET, Colin. Regulating privacy: data protection and public policy in Europe and United States. Ithaca, New York: Cornell University Press, 1992

Bifet, A. and Gavaldà, R. (2007). Learning from timechanging data with adaptive windowing. volume 7.

Bishop, C. M. (2006). Pattern Recognition and Machine Learning (Information Science and Statistics). Springer-Verlag, Berlin, Heidelberg.

Bitcoin. ‘Bitcoin Core’. Disponível: https://bitcoin.org/en/bitcoin-core/. Acessado Junho 2019.

BitCoin.org, “How does Bitcoin work?” Bitcoin Official website: https://bitcoin.org/en/how-it-works, 2018.

BlockchainHub. ‘Blockchains & Distributed Ledger Technologies’. Disponível: [link]. Acessado Junho 2019.

BNDES. ‘Internet das Coisas: Um plano de ação para o Brasil’. Disponível: [link]. Acessado Julho 2019.

Botacin, M. F., de Geus, P. L., and Grégio, A. R. A. (2018). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques, 14(1):87–98.

Botacin, M., de Geus, P. L., and Grégio, A. (2018). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques, 14(1):87–98.

BR, “Ethereum white paper made simple,” Blockchain Review, Tech. Rep., 2018, available: [link].

Branco, R. R., Barbosa, G. N., and Neto, P. D. (2012). Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies. [link].

Brealey, R., Myers, S., Allen, F. ‘Princípios de Finanças Corporativas’. McGraw- Hill. 2013.

Breiman, L. (2001). Random forests. Mach. Learn., 45(1):5–32.

C-Jump (2017). 7. eflags individual bit flags. [link].

Cai, W., Wang, Z., Ernst, J., B., Hong, Z., Feng, C., Leung, V. C. M. ‘Decentralized Applications: The Blockchain Empowered Software System’. Disponível: [link]. Acessado Junho 2019.

Camenisch J., Lysyanskaya A. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In: Yung M. (eds) Advances in Cryptology — CRYPTO 2002. Disponível em [link]. Acesso em 10/09/2019.

Cameron, K. ‘The Laws of Identity’. Microsoft Corporation. Nov 2005. Disponível: http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf. Acessado Julho 2019.

Ceschin, F., Pinage, F., Castilho, M., Menotti, D., Oliveira, L. S., and Gregio, A. (2018). The need for speed: An analysis of brazilian malware classifers. IEEE Security Privacy, 16(6):31–41.

Cheng, B., Ming, J., Fu, J., Peng, G., Chen, T., Zhang, X., and Marion, J.-Y. (2018). Towards paving the way for large-scale windows malware analysis: Generic binary unpacking with orders-of-magnitude performance boost. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, pages 395–411, New York, NY, USA. ACM.

Chollet, F. et al. (2015). Keras. https://github.com/fchollet/keras.

Coindesk. ‘Understand the DAO Attack’. Disponível: http://www.coindesk.com/understanding-dao-hack-journalists/. Acessado Junho 2019.

Combs, G. (2012). Wireshark Network Analysis (Second Edition): The Official Wireshark Certified Network Analyst Study Guide. Laura Chappell University.

Coogan, K., Debray, S., Kaochar, T., and Townsend, G. (2009). Automatic static unpacking of malware binaries. In Proceedings of the 2009 16thWorking Conference on Reverse Engineering, WCRE ’09, pages 167–176, Washington, DC, USA. IEEE Computer Society.

Corbet, J., Rubini, A., and Kroah-Hartman, G. (2005). Linux Device Drivers, 3rd Edition. O’Reilly Media, Inc.

Corporation, N. D. (2015). About tomoyo linux. http://tomoyo.osdn.jp/about.html.en.

Cortes, C. and Vapnik, V. (1995). Support-vector networks. Machine Learning, 20(3):273–297.

COTS, Márcio, Oliveira, Ricardo. Lei Geral de Proteção de Dados Pessoais Comentada. 1ª. Edição. São Paulo: Thomson Reuters Brasil, 2018.

Cozzi, Graziano, Fratantonio, and Balzarotti (2018). Understanding linux malware. http://www.s3.eurecom.fr/~yanick/publications/2018_oakland_linuxmalware.pdf.

D. Boneh, C. Gentry, H. Shacham, B. Lynn. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In proceedings of Eurocrypt 2003. Disponível em <https://crypto.stanford.edu/~dabo/pubs/papers/aggreg.pdf>. Acesso em 10/09/2019.

D. K. Tosh, S. Shetty, X. Liang, C. A. Kamhoua, K. A. Kwiat, and L. Njilla, “Security implications of Blockchain cloud with analysis of block withholding attack,” in 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017.

Damri, G. and Vidyarthi, D. (2016). Automatic dynamic malware analysis techniques for linux environment. In 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pages 825–830.

Dan Boneh, Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, SIAM J. of Computing, Vol. 32, 2003

Dan Boneh; Ben Lynn & Hovav Shacham (2004). "Short Signatures from the Weil Pairing". Journal of Cryptology.

Dorri A.; Kanhere S.; Jurdak R.; Gauravaram P. ‘Blockchain for IoT security and privacy: The case study of a smart home’. IEEE. Disponível: http://ieeexplore.ieee.org/abstract/document/7917634. Acessado Maio 2019.

Duncan, R. and Schreuders, Z. C. (2019). Security implications of running windows software on a linux system using wine: a malware analysis study. Journal of Computer Virology and Hacking Techniques, 15(1):39–60.

Dunphy, P., Petitcolas, F., A., P. ‘A First Look at Identity Management Schemes on the Blockchain’. IEEE Security and Privacy Magazine. 2018.

Dwork, C. and Roth, A. (2014). The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci., 9(3–4):211–407.

e-Estonia. ‘e-identity solution’. Diponível: https://e-estonia.com/solutions/eidentity/id-card/. Acessado Maio 2019.

E. Larcheveque, A. Caswell, and A. Ferron, “BitID: Bitcoin authentication open protocol,” https://github.com/bitid/bitid, 2016.

E. Le Jamtel, “Swimming in the monero pools,” in 2018 11th International Conference on IT Security Incident Management IT Forensics (IMF), May 2018, pp. 110–114.

eliben (2017). Parsing elf and dwarf in python. https://github.com/eliben/pyelftools.

Ester, M., Kriegel, H.-P., Sander, J., and Xu, X. (1996). A densitybased algorithm for discovering clusters in large spatial databases with noise. In KDD.

Ethereum. ‘A Next-Generation Smart Contract and Decentralized Application Platform’. Disponível: https://github.com/ethereum/wiki/wiki/White-Paper. Acessado Maio 2019.

Ethereum. ‘How to Build a Democracy on the Blockchain’. Disponível: https://www.ethereum.org/dao. Acessado Junho 2019.

F. Armknecht, G. O. Karame, A. Mandal, F. Youssef, and E. Zenner, “Ripple: Overview and outlook,” in Trust and Trustworthy Computing, M. Conti, M. Schunter, and I. Askoxylakis, Eds. Cham: Springer International Publishing, 2015, pp. 163–180.

F. Greve, L. Sampaio, J. Abijaude, A. A. Coutinho, I. Brito, and S. Queiroz, Blockchain e a Revolução do Consenso sob Demanda. Sociedade Brasileira de Computação (SBC), 2018, ch. Minicursos do Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC).

Filho, D. S. F., Afonso, V. M., Martins, V. F., Grégio, A. R. A., de Geus, P. L., Jino, M., and dos Santos, R. D. C. (2011). Técnicas para análise dinâmica de malware. Minicurso do SBSEG. https://sbseg2011.redes.unb.br/resources/downloads/minicursos/91936.pdf.

Fradkin, D. and Muchnik, I. (2006). Support vector machines for classification. ”Discrete Methods in Epidemiology”, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 70:13–20.

Fremantle P.; Aziz B.; Kirkham T. ‘Enhancing IoT Security and Privacy with Distributed Ledgers - a Position Paper’. Maio 2019.

Fruhlinger, J. (2018). The mirai botnet explained: How teen scammers and cctv cameras almost brought down the internet. https://bit.ly/2Irz5e3.

G. Greenspan, “(white paper) decentralized financial system – Credits – v 2.1,” Credits, Tech. Rep., 2018, available: https://credits.com/Content/Docs/TechnicalWhitePaperCREDITSEng.pdf.

G. Greenspan, “Multichain private blockchain – white paper,” https://www.multichain.com/download/MultiChain-White-Paper.pdf, 2015.

G. Greenspan, “Multichain private blockchain,” 2018.

G. Kostarev, “Review of blockchain consensus mechanisms,” Jul. 2017. [Online]. Available: [link].

G. Wood, “Polkdaot: Vision for a Heterogeneous Multi-Chain Framework,” November 2016, Accessed: 2019-07-04. [Online]. Available: https://polkadot.network/PolkaDotPaper.pdf

G. Zyskind, O. Nathan, and A. . Pentland, “Decentralizing privacy: Using blockchain to protect personal data,” in 2015 IEEE Security and Privacy Workshops, May 2015, pp. 180–184.

Galante, L., Botacin, M., Grégio, A., and de Geus, P. L. (2018). Malicious linux binaries: A landscape. In Anais Estendidos do XVIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 213–222, Porto Alegre, RS, Brasil. SBC.

Gama, J. a., Žliobaite, I., Bifet, A., Pechenizkiy, M., and Bouchachia, A. (2014). A survey on concept drift adaptation. ACM Comput. Surv., 46(4):44:1–44:37.

Gama, J., Medas, P., Castillo, G., and Rodrigues, P. (2004). Learning with drift detection. In Bazzan, A. L. C. and Labidi, S., editors, Advances in Artificial Intelligence – SBIA 2004, pages 286–295, Berlin, Heidelberg. Springer Berlin Heidelberg.

Gandotra, E., Bansal, D., and Sofat, S. (2014). Malware analysis and classification: A survey. Journal of Information Security, 5(2):56–64.

Gebai, M. and Dagenais, M. R. (2018). Survey and analysis of kernel and userspace tracers on linux: Design, implementation, and overhead. ACM Comput. Surv., 51(2):26:1–26:33.

GNU (2018). magic - linux man pages. https://www.systutorials.com/docs/linux/man/5-magic/.

Grégio, A. R. A., Afonso, V. M., Filho, D. S. F., de Geus, P. L., Jino, M., and dos Santos, R. D. C. (2012). Pinpointing malicious activities through network and system-level malware execution behavior. In Murgante, B., Gervasi, O., Misra, S., Nedjah, N., Rocha, A. M. A. C., Taniar, D., and Apduhan, B. O., editors, Computational Science and Its Applications – ICCSA 2012, pages 274–285, Berlin, Heidelberg. Springer Berlin Heidelberg.

Grégio, A. R. A., Afonso, V. M., Filho, D. S. F., Geus, P. L. d., and Jino, M. (2015). Toward a Taxonomy of Malware Behaviors. The Computer Journal, 58(10):2758–2777.

Gron, A. (2017). Hands-On Machine Learning with Scikit-Learn and TensorFlow: Concepts, Tools, and Techniques to Build Intelligent Systems. O’Reilly Media, Inc., 1st edition.

Haykin, S. (2009). Neural Networks and Learning Machines. Number v. 10 in Neural networks and learning machines. Prentice Hall.

Histórias e Insumos. ‘Revolução do Período Neolítico. Disponível: http://www.historiaresumos.com/revolucao-periodo-neolitica. Acessado Junho de 2019.

Hoffmann, J., Rytilahti, T., Maiorca, D., Winandy, M., Giacinto, G., and Holz, T. (2016). Evaluating analysis tools for android apps: Status quo and robustness against obfuscation. pages 139–141.

Hyperledger Indy. DKMS (Decentralized Key Management System) Design and Architecture V3. Disponível em: [link]. Acesso em: 09/08/2019.

Hyperledger, “An introduction to Hyperledger,” White Paper. Available: [link], 2018.

Hyperledger. ‘Hyperledger Indy’. Disponível: https://www.hyperledger.org/projects/hyperledger-indy. Acessado Maio 2019.

I. Clarke, O. Sandberg, B. Wiley, and T. W. Hong, “Freenet: A distributed anonymous information storage and retrieval system,” in Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability. Berlin, Heidelberg: Springer, 2001, pp. 46–66.

I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” CoRR, vol. abs/1311.0243, 2013. [Online]. Available: http://arxiv.org/abs/1311.0243

I. Eyal, “The Miner’s Dilemma,” in 2015 IEEE Symposium on Security and Privacy, May 2015, pp. 89–103.

I.-C. Lin and T.-C. Liao, “Survey of blockchain security issues and challenges,” International Journal of Network Secutiry, 2017.

IBM. ‘Blockchain sharing economy’. Disponível: [link]. Acessado Junho de 2019.

Imperva. ‘Breaking Down Mirai: An IoT DDoS Botnet Analysis’. Disponível: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html. Acessado Maio 2019.

ISO/IEC. ‘ISO/IEC 24760-1:2019 – Information technology – Security techniques – A framework for identity management – Part1: Terminology and concepts’. May 2019. Disponível: https://www.iso.org/standard/77582.html. Acessado Julho 2019.

Isohara, T., Takemori, K., Miyake, Y., Qu, N., and Perrig, A. (2010). Lsm-based secure system monitoring using kernel protection schemes. In 2010 International Conference on Availability, Reliability and Security, pages 591–596.

J-S Coron. On the Exact Security of Full Domain Hash. CRYPTO 2000. Disponível em <https://www.iacr.org/archive/crypto2000/18800229/18800229.pdf>. Acesso em 10/09/2019.

J. Benet, “IPFS: content addressed, versioned, P2P file system,” arXiv preprint ar- Xiv:1407.3561, 2014, see also https://ipfs.io.

J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies,” in 2015 IEEE Symposium on Security and Privacy, May 2015, pp. 104–121.

J. Garay and A. Kiayias, “SoK: A consensus taxonomy in the blockchain era,” Cryptology ePrint Archive, Report 2018/754, 2018, https://eprint.iacr.org/2018/754.

J. Kwon, “Tendermint: Consensus without mining - v0.6,” White Paper. Available: http://docplayer.net/50173080-Tendermint-consensus-without-mining.html, 2014.

Jahoda, M., Krátký, R., Prpic?, M., C? apek, T., Wadeley, S., Ruseva, Y., and Svoboda, M. (2017). A guide to securing red hat enterprise linux: System auditing. [link].

Jianjun, S., Jiaqi, Y., Kem Z. K. ‘Blockchain-based sharing services: What blockchain technology can contribute to smart cities’. Financial Innovation, 2:26, DOI 10.1186/ s40854-016-0040-y. 2016.

Jordan, M. I. (2017). The kernel trick, advanced topics in learning & decision making. [link], accessed in July 2017.

Jun Zhou J.; Cao Z., Dong X.; Vasilakos A. ‘Security and Privacy for Cloud- Based IoT: Challenges’. IEEE. Disponível: http://ieeexplore.ieee.org/xpl/tocresult.jsp?isnumber=7823317. Acessado Maio 2019.

Kernel.org (2017). The linux man-pages projects. https://www.kernel.org/doc/man-pages/.

Koret, J. and Bachaalany, E. (2015). The Antivirus Hacker’s Handbook. Wiley Publishing, 1st edition.

Kormann D, Rubin A. Risks of the passport single signon protocol. IEEE Computer Networks 2000. Disponível em <https://www.cs.jhu.edu/~rubin/courses/sp03/papers/passport.pdf>. Acesso em 10/09/2019.

L. Lamport, R. Shostak, and M. Pease, “The byzantine generals problem,” ACM Transactions on Programming Languages and Systems, vol. 4, no. 3, pp. 382–401, 1982, availble: https://people.eecs.berkeley.edu/~luca/cs174/byzantine.pdf.

LEORATTI, Alexandre. Para ministro do STJ, LGPD gera ‘mais dúvidas do que certezas’. Jota, 11/12/2018. Disponível em: <https://www.jota.info/justica/lgpdrevisao-jurisprudencia-stj-11122018>. Acesso em: 02/02/2019.

Lundkvist, C., Heck, R., Torstensson J., Mitton, Z., Sena, M. ‘uPort: A Platform for Self-Sovereign Identity’. Feb 2017. Disponível: http://blockchainlab.com/pdf/uPort_whitepaper_DRAFT20161020.pdf. Acessado: Julho 2019.

M. Castro and B. Liskov, “Practical byzantine fault tolerance,” in Proc. of the 3rd Symposium on Operating Systems Design and Implementation (OSDI). Berkeley, CA, USA: USENIX Association, 1999, pp. 173–186.

M. E. Peck, “Blockchains: How they work and why they’ll change the world,” IEEE Spectrum, vol. 54, no. 10, pp. 26–35, October 2017.

M. Swan, Blockchain: Blueprint for a New Economy. "O’Reilly Media, Inc.", Jan. 2015.

M.F.X.J. Oberhumer, László Molnár, J. F. R. (2018). Upx the ultimate packer for executables. https://upx.github.io/.

Makarov, S. (2019). Systemtap overview. http://sourceware.org/systemtap.

Manning, C. D., Raghavan, P., and Schütze, H. (2008a). Introduction to Information Retrieval. Cambridge University Press, New York, NY, USA.

Manning, C. D., Raghavan, P., and Schütze, H. (2008b). Introduction to Information Retrieval. Cambridge University Press, Cambridge, UK.

Matloff, N. and Salzman, P. J. (2008). The Art of Debugging with GDB, DDD, and Eclipse. No Starch Press, San Francisco, CA, USA.

McCutchan, J. (2005). inotify - monitoring filesystem events. http://man7.org/linux/man-pages/man7/inotify.7.html.

McKinsey. ‘Blockchain beyond the hype: What is the strategic business value?’. Disponível: [link]. Acessado Junho 2019.

McKinsey. ‘Using blockchain to improve data management in the public sector’. Disponível: https://www.mckinsey.com/business-functions/digital-mckinsey/ourinsights/ using-blockchain-to-improve-data-management-in-the-public-sector. Acessado Maio 2019.

Mellish, C. (2017). Machine learning, lecture notes. http://www.inf.ufpr.br/lesoliveira/aprendizado/machine_learning.pdf, accessed in July 2017.

Michie, D., Spiegelhalter, D. J., Taylor, C. C., and Campbell, J., editors (1994). Machine Learning, Neural and Statistical Classification. Ellis Horwood, Upper Saddle River, NJ, USA.

Mikolov, T., Chen, K., Corrado, G., and Dean, J. (2013a). Efficient estimation of word representations in vector space. CoRR, abs/1301.3781.

Mikolov, T., Sutskever, I., Chen, K., Corrado, G., and Dean, J. (2013b). Distributed representations of words and phrases and their compositionality. CoRR, abs/1310.4546.

Milgram, J., Cheriet, M., and Sabourin, R. (2006). “One Against One” or “One Against All”: Which One is Better for Handwriting Recognition with SVMs? In Lorette, G., editor, Tenth International Workshop on Frontiers in Handwriting Recognition, La Baule (France). Université de Rennes 1, Suvisoft. http://www.suvisoft.com.

Mitchell, T. M. (1997). Machine Learning. McGraw-Hill, Inc., New York, NY, USA, 1 edition.

Montiel, J., Read, J., Bifet, A., and Abdessalem, T. (2018). Scikitmultiflow: A multi-output streaming framework. Journal of Machine Learning Research, 19(72):1–5.

Morris, J. (2013a). Linux security module framework. https://www.linux.com/learn/overview-linux-kernel-security-features.

Morris, J. (2013b). Selinux project wiki. http://selinuxproject.org.

N. Theriault. Index calculus attack for hyperelliptic curves of small genus, 2003. Disponível em [link]. Acesso em 10/08/2019.

Nakamoto, S. ‘A Peer-to-Peer Electronic Cash System’. Disponível: https://www.bitcoin.org/bitcoin.pdf. Acessado Maio 2019.

NAKAMURA, E.T., RIBEIRO, S.L. ‘Context-Based Blockchain Platform Definition and Analysys Methodology’. The 18th International Conference on Security and Management (SAM19), Las Vegas, United States, July 2019.

namecoin, “Name coin,” 2018. [Online]. Available: https://namecoin.org/

NIST, FIPS 180-4: Secure Hash Standard (SHS), National Institute of Standards and Technology, Gaithersburg, MD, USA, August 2015.

O’Donnell, The Current and Future State of Digital Wallets. 1ª. Edição. Canadá: Creative Commons, 2019.

O’Neill, R. E. (2016). Learning Linux Binary Analysis. Packt Publishing.

Oktavianto, D. and Muhardianto, I. (2013). Cuckoo Malware Analysis. Packt Publishing.

Oster, P. (2019). Cve-2016-5195. https://nvd.nist.gov/vuln/detail/CVE-2016-5195.

OWI. ‘Blockchain and Identity in 2018: A Year of Promise and Pilots’. Disponível: [link]. Acessado Julho de 2019.

P. J. Taylor, T. Dargahi, A. Dehghantanha, R. M. Parizi, and K.-K. R. Choo, “A systematic literature review of blockchain cyber security,” Digital Communications and Networks, 2019. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S2352864818301536

P. Mell and T. Grance, “(SP 800-145) the NIST definition of cloud computing,” National Institute of Standards & Technology, Gaithersburg, MD, United States, Tech. Rep., 2011.

P. Tasca and C. Tessone, “A taxonomy of blockchain technologies: Principles of identification and classification,” Ledger, vol. 4, no. 0, 2019. [Online]. Available: http://www.ledgerjournal.org/ojs/index.php/ledger/article/view/140

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikitlearn: Machine learning in Python. Journal of Machine Learning Research, 12:2825– 2830.

Peter Steiner. ‘On the Internet nobody knows you are a dog’. Disponível: https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you%27re_a_dog. Acessado Julho de 2019.

Peterson, W. W. and Brown, D. T. (1961). Cyclic codes for error detection. Proceedings of the IRE, 49(1):228–235.

Plurasight, “Blockchain architecture,” 2017. [Online]. Available: https://www.pluralsight.com/guides/blockchain-architecture

Purdy, G. N. (2004). Linux iptables Pocket Reference. O’Reilly.

R. C. Merkle, “Protocols for public key cryptosystems,” in IEEE Symposium on Security and Privacy, April 1980, pp. 122–134.

R. Patterson, “Alternatives for Proof of Work, Part 2: Proof of Activity, Proof of Burn, Proof of Capacity, and Byzantine Generals — Bytecoin Blog,” Mar. 2016. [Online]. Available: https://web.archive.org/web/20160304055454/ https://bytecoin.org/blog/proof-of-activity-proof-of-burn-proof-of-capacity/

REED, Drummond. The Story of SSI Open Standards Background on the Foundation of Self Sovereign Identity: DIDs, DKMS, DID Auth and Verifiable Credentials. 26 April 2018 SSIMeetup.org Disponível em: <https://ssimeetup.org/story-open-ssi-standards-drummond-reedevernym-webinar-1/>. Acesso em:092/08/2019.

Rehurek, R. and Sojka, P. (2010). Software Framework for Topic Modelling with Large Corpora. In Proceedings of the LREC 2010 Workshop on New Challenges for NLP Frameworks, pages 45–50, Valletta, Malta. ELRA. http://is.muni.cz/publication/884893/en.

Remillano, A. I. (2018). Cryptocurrency-mining malware targets linux systems, uses rootkit for stealth. https://tinyurl.com/y3yyv5oo.

RIBEIRO, S. L., NAKAMURA, E. T. ‘Context-Based Blockchain Platform Definition and Analysys Methodology – Results from the application in the BlockIoT Project’. International Conference on Advances in Cyber Security, Penang, Malaysia, 2019.

Rogers, S. and Girolami, M. A. (2011). A First Course in Machine Learning. Chapman and Hall / CRC machine learning and pattern recognition series. CRC Press.

Rolf Oppliger. Microsoft .NET Passport and identity management. Information Security Technical Report, 2004.

Rong, X. (2014). word2vec parameter learning explained. CoRR, abs/1411.2738.

Rossow, C., Dietrich, C. J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., and Steen, M. v. (2012). Prudent practices for designing malware experiments: Status quo and outlook. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP ’12, pages 65–79, Washington, DC, USA. IEEE Computer Society.

S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” International Journal of Network Secutiry, 2008. [Online]. Available: "https://bitcoin.org/bitcoin.pdf"

S. Report, “Funcionários são responsáveis por nove em cada dez violações de dados na nuvem,” May 2019. [Online]. Available: [link].

S. Shetty, V. Red, C. Kamhoua, K. Kwiat, and L. Njilla, “Data provenance assurance in the cloud using blockchain,” in Disruptive Technologies in Sensors and Sensor Systems, vol. 10206. International Society for Optics and Photonics, May 2017, p. 102060I. [Online]. Available: [link].

S. Weyergraf, S. B. (2015). Ht editor. http://hte.sourceforge.net/index.html.

Saxe, J. and Sanders, H. (2018). Malware Data Science: Attack Detection and Attribution. No Starch Press, San Francisco, CA, USA.

Schubert, E., Sander, J., Ester, M., Kriegel, H. P., and Xu, X. (2017). Dbscan revisited, revisited: Why and how you should (still) use dbscan. ACM Trans. Database Syst., 42(3):19:1–19:21.

Sebastián, M., Rivera, R., Kotzias, P., and Caballero, J. (2016). Avclass: A tool for massive malware labeling. In Monrose, F., Dacier, M., Blanc, G., and Garcia-Alfaro, J., editors, Research in Attacks, Intrusions, and Defenses, pages 230–253, Cham. Springer International Publishing.

Seide, F. and Agarwal, A. (2016). Cntk: Microsoft’s opensource deep-learning toolkit. pages 2135–2135.

ShoCard SITA. ‘Travel Identity of the Future – White Paper’. 2016. Disponível: [link]. Acessado Junho 2019.

Shulman, B. (2016). A tour of sentiment analysis techniques: Getting a baseline for sunny side up. [link].

Sikorski, M. and Honig, A. (2012). Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco, CA, USA, 1st edition.

Simmonds, C. (2015). Mastering Embedded Linux Programming, chapter Linking with libraries: static and dynamic linking. Packt Publishing.

Skoudis, E. and Zeltser, L. (2003). Malware: Fighting Malicious Code. Prentice Hall PTR, Upper Saddle River, NJ, USA.

Sovrin e Evernym. What Goes on the Ledger? Disponível em: <https://sovrin.org/wp-content/uploads/2018/10/What-Goes-On-The-Ledger.pdf>. Acesso em: 02/02/2019.

Sovrin. ‘Technical Architecture Diagrams’. Disponível: https://forum.sovrin.org/t/technical-architecture-diagrams/62/3. Acessado Junho 2019.

Spengler, B. (2019). Grsecurity features. https://grsecurity.net/features.php.

Symantec (2019). 2019 internet security threat report. https://www.symantec.com/security-center/threat-report.

T. Chen, X. Li, X. Luo, and X. Zhang, “Under-Optimized Smart Contracts Devour Your Money,” arXiv:1703.03994 [cs], Mar. 2017, arXiv: 1703.03994. [Online]. Available: http://arxiv.org/abs/1703.03994

T. E. Foundation, “Ethereum homestead documentation,” 2018.

Tam, K., Feizollah, A., Anuar, N. B., Salleh, R., and Cavallaro, L. (2017). The evolution of android malware and android analysis techniques. ACM Comput. Surv., 49(4):76:1–76:41.

Tapscott, D.; Tapscott, A. ‘Blockchain Revolution: How the Technology Behind Bitcoin is Changing Money, Business, and the World’. Maio de 2016.

Tasiopoulos, V. G. and Katsikas, S. K. (2014). Bypassing antivirus detection with encryption. In Proceedings of the 18th Panhellenic Conference on Informatics, PCI ’14, pages 16:1–16:2, New York, NY, USA. ACM.

TechTarget. ‘Details emerging on Dyn DNS DDoS attack, Mirai IoT botnet’. Disponível: [link]. Acessado Maio 2019.

The Linux Kernel doc. (2017). Linux system calls implementation. https://linux-kernel-labs.github.io/master/lectures/syscalls.html.

The Security Ledger. ‘Mirai, The Internet of Things Bot, Goes Open Source’. Disponível: [link]. Acessado Maio 2019.

The White House. ‘National Strategy for Trusted Identities in Cyberspace: Enhancing Online Choice, Efficiency, Security, and Privacy’, Apr 2011. Disponível: https://www.hsdl.org/?view&did=7010. Acessado Julho 2019.

Theano Development Team (2016). Theano: A Python framework for fast computation of mathematical expressions. arXiv e-prints, abs/1605.02688.

Tobin, A., Reed, D. ‘The Inevitable Rise of Self-Sovereign Identity’. The Sovrin Foundation. March 2017. Disponível: [link]. Acessado Julho 2019.

United Nations. ‘Transforming our world: the 2030 agenda for sustainable development’. Sep 2015. Disponível: [link]. Acessado Julho 2019.

V. Buterin, “Ethereum white paper – a next generation smart contract & decentralized application platform,” Ethereum.org, Tech. Rep., 2018, available: [link].

V. Buterin, “On public and private blockchains,” 2015. [Online]. Available: https://blog.ethereum.org/2015/08/07/on-public-and-private-blockchains/

Vecchia, E. D. and Coral, L. (2014). Linux remote evidence colector – uma ferramenta de coleta de dados utilizando a metodologia live forensics. Anais do SBSEG 2014, pages 586–597.

Venezla, P. (2012). A world without Linux: Where would Apache, Microsoft – even Apple be today? [link]. Acessado em: Abril/2017.

W3C – DID. ‘Decentralized Identifiers (DIDs)’. Disponível: https://w3cccg.github.io/did-spec/. Acessado Maio 2019.

W3C Community Group. Decentralized Identifiers (DIDs) v0.13 - Data Model and Syntaxes. Disponível em: <https://w3c-ccg.github.io/did-spec/#introduction>. Acesso em: 09/08/2019.

W3C. Decentralized Identifiers (DIDs) v0.13. Disponível em: <https://w3cccg.github.io/did-spec/>. Acesso em: 09/08/2019.

Wang, D., Ming, J., Chen, T., Zhang, X., and Wang, C. (2018). Cracking iot device user account via brute-force attack to sms authentication code. In Proceedings of the First Workshop on Radical and Experiential Security, RESEC ’18, pages 57–60, New York, NY, USA. ACM.

Wang, S., Schlobach, S., and Klein, M. (2011). Concept drift and how to identify it. Web Semantics: Science, Services and Agents on the World Wide Web, 9(3):247 – 265. Semantic Web Dynamics Semantic Web Challenge, 2010.

Wong, R. (2018). Mastering Reverse Engineering: Re-engineer your ethical hacking skills. Packt.

X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the security of blockchain systems,” Future Generation Computer Systems, Aug. 2017. [Online]. Available: https://linkinghub.elsevier.com/retrieve/pii/S0167739X17318332

Yocom, N., Turner, J., and Davis, K. (2004). The Definitive Guide to Linux Network Programming (Expert’s Voice). Apress.

Yonts, J. (2010). Building a Malware Zoo. The SANS Institute.

Z. Chang, G. Sison, J. J. (2017). Erebus resurfaces as linux ransomware. https://tinyurl.com/y6qwxs3q.

Z. Zheng, S. Xie, H.-N. Dai, X. Chen, and H. Wang, “Blockchain challenges and opportunities: a survey,” International Journal of Web and Grid Services, vol. 14, no. 4, pp. 352–375, 2018.

Zooko, W. ‘Names: Distributed, Secure, Human-Readable: Choose Two’. May 2017. Disponível: [link]. Acessado Junho 2019.

ZYSKING, Guy et al, ‘Decentralizing Privacy: Using Blockchain to Protect Personal Data’ (2015) IEEE Security and Privacy Workshops.

ZYSKING, Guy et al, ‘Decentralizing Privacy: Using Blockchain to Protect Personal Data’ (2015) IEEE Security and Privacy Workshops.

Capa para Minicursos do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
Data de publicação
02/09/2019

Detalhes sobre o formato disponível para publicação: Volume Completo

Volume Completo
ISBN-13 (15)
978-65-87003-89-4