Minicursos do XIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
Sinopse
O Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg) é um evento científico promovido anualmente pela Sociedade Brasileira de Computação (SBC). Nesta edição do SBSeg 2013, de um total de 10 submissões de propostas de minicursos foram selecionados quatro minicursos, representando assim uma taxa de aceitação de 40%.
Este livro reúne então 4 capítulos produzidos pelos autores das propostas de minicursos aceitas. O Capítulo 1 apresenta técnicas e recursos antiforense para a proteção de informações sensíveis, mas não para ocultar provas e evidências de atos ilícitos; O Capítulo 2, além de introduzir noções básicas das principais linhas de pesquisa pós-quântica, apresenta os estudos mais recentes nesta área visando a melhorias dos esquemas relacionados a tamanhos de chaves, overhead de assinaturas e criptogramas; O Capítulo 3 aborda a área de Segurança de Software com uma visão geral e mostra como adaptar e avaliar as soluções existentes no contexto de Sistemas Embarcados; Por fim, o Capítulo 4 descreve os principais desafios e soluções de segurança para prover autenticação e autorização na Internet das Coisas.
Capítulos:
Downloads
Referências
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., e Levkowetz, E. H. (2004). Extensible authentication protocol (eap). http://tools.ietf.org/html/rfc3748.
Ahson, Syed A; Ilyas, M. (2012). Near Field Communications Handbook. CRC Press.
Ajtai, M. (1996). Generating hard instances of lattice problems (extended abstract). In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, STOC ’96, pages 99–108, New York, NY, USA. ACM.
Akram, H. e Hoffmann, M. (2008a). Laws of identity in ambient environments: The hydra approach. In Mobile Ubiquitous Computing, Systems, Services and Technologies, 2008. UBICOMM’08. The Second International Conference on, pages 367–373. IEEE.
Akram, H. e Hoffmann, M. (2008b). Requirements analysis for identity management in ambient environments: The hydra approach. Context Awareness and Trust 2008, page 17.
Akram, H. e Hoffmann, M. (2008c). Supports for identity management in ambient environments-the hydra approach. In Systems and Networks Communications, 2008. ICSNC’08. 3rd International Conference on, pages 371–377. IEEE.
Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., and Cayirci, E. (2002). Wireless sensor networks: a survey. Computer networks, 38(4):393–422.
Akyildiz, I. F., Su,W., Sankarasubramaniam, Y., e Cayirci, E. (2002). Wireless sensor networks: a survey. Comput. Netw., 38(4):393–422.
Alabbadi, M. e Wicker, S. B. (1994). A digital signature scheme based on linear error-correcting block codes. In Proc. 4th International Advances in Cryptology Conference – ASIACRYPT ’94, pages 238–348.
Alam, S., Chowdhury, M. M., e Noll, J. (2011). Interoperability of security-enabled internet of things. Wireless Personal Communications, 61(3):567–586.
Aleph One (1996). Smashing the stack for fun and profit. Phrack magazine, 7(49):365.
Alhazmi, O. H., Malaiya, Y. K., and Ray, I. (2007). Measuring, analyzing and predicting security vulnerabilities in software systems. Computers & Security, 26(3):219–228.
Allen, F. E. (1970). Control flow analysis. In ACM Sigplan Notices, volume 5, pages 1–19. ACM.
Alliance, I. (2013). Ipso. https://www.ipso-alliance.or.
Aranha, D. F., Karam, M. M., Miranda, A., and Scarel, F. (2012). Software vulnerabilities in the Brazilian voting machine. Tech Report.
ARM Holdings (2008). ARM11 MPCore Processor Technical Reference Manual.
Atzori, L., Iera, A., and Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15):2787–2805.
Atzori, L., Iera, A., e Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15):2787–2805.
AUTOPSY (2013). Autopsy: Download. Disponível em http://www.sleuthkit.org/autopsy/download.php. Acesso em: Set. 2013.
Babai, L. (1986). On lovász lattice reduction and the nearest lattice point problem. Combinatorica, (6).
Babar, S., Mahalle, P., Stango, A., Prasad, N. R., e Prasad, R. (2010). Proposed security model and threat taxonomy for the internet of things (iot). In Meghanathan, N., Boumerdassi, S., Chaki, N., e Nagamalai, D., editors, CNSA, volume 89 of Communications in Computer and Information Science, pages 420–429. Springer.
Babar, S., Stango, A., Prasad, N., Sen, J., e Prasad, R. (2011). Proposed embedded security framework for internet of things (iot). In Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011 2nd International Conference on, pages 1–5. IEEE.
Baldi, M. e Chiaraluce, F. (2007). Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC code. In IEEE International Symposium on Information Theory – ISIT 2007, pages 2591–2595, Nice, France. IEEE.
Baldi, M., Chiaraluce, F., e Bodrato, M. (2008). A new analysis of the McEliece cryptosystem based on QC-LDPC codes. In Security and Cryptography for Networks – SCN 2008, volume 5229 of Lecture Notes in Computer Science, pages 246–262, Amalfi, Italia. Springer.
Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., and Vigna, G. (2008). Saner: Composing static and dynamic analysis to validate sanitization in web applications. In Security and Privacy, 2008. SP 2008. IEEE Symposium on, pages 387–401. IEEE.
Barbulescu, R., Gaudry, P., Joux, A., e Thomé, E. (2013). A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. HAL-INRIA technical report, http://hal.inria.fr/hal-00835446/.
Barik, R., Grothoff, C., Gupta, R., Pandit, V., and Udupa, R. (2006). Optimal bitwise register allocation using integer linear programming. In LCPC, volume 4382 of Lecture Notes in Computer Science, pages 267–282. Springer.
Baronti, P., Pillai, P., Chook, V. W. C., Chessa, S., Gotta, A., e Hu, Y. F. (2007). Wireless sensor networks: A survey on the state of the art and the 802.15.4 and zigbee standards. Computer communications, 30(7):1655–1695.
Barr, M. (1999). Programming embedded systems in C and C++. O’Reilly.
Bell, T. (1999). The concept of dynamic analysis. SIGSOFT Softw. Eng. Notes, 24(6):216–234.
Bellare, M. e Goldwasser, S. (1994). The complexity of decision versus search. SIAM Journal on Computing, 23:97–119.
Bellare, M. e Rogaway, P. (1995). Random oracles are practical: A paradigm for designing efficient protocols.
Bender, W., Gruhl, D., Morimoto, N. e Lu, A. (1996). Techniques for data hiding. IBM Systems Journal, Vol. 35(3-4). Páginas 313–336.
Berger, T. P., Cayrel, P.-L., Gaborit, P., e Otmani, A. (2009). Reducing key length of the McEliece cryptosystem. In Progress in Cryptology – Africacrypt 2009, Lecture Notes in Computer Science, pages 77–97, Gammarth, Tunisia. Springer.
Berghel, H. (2007). Hiding Data, Forensics and Anti-Forensics. Communications of the ACM, Vol. 50(4). Páginas 15-20.
Berghel, H., Hoelzer, D. e Sthultz, M. (2008). Data Hiding Tactics for Windows and Unix File Systems. Advances in Computers. Páginas 1-17.
Berinato, S. (2007). The Rise of Anti-Forensics. CSO Security and Risk. Disponível em: http://www.csoonline.com/article/221208/the-rise-of-anti-forensics. Acesso em: Set. 2013.
Berlekamp, E., McEliece, R., e van Tilborg, H. (1978). On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24(3):384–386.
Bernstein, D. J. (2011). List decoding for binary Goppa codes. In Coding and cryptology—third international workshop, IWCC 2011, Lecture Notes in Computer Science, pages 62–80, Qingdao, China. Springer.
Bernstein, D. J., Buchmann, J., e Dahmen, E. (2008a). Post-Quantum Cryptography. Springer, Heidelberg, Deutschland.
Bernstein, D. J., Lange, T., e Peters, C. (2008b). Attacking and defending the McEliece cryptosystem. In Post-Quantum Cryptography Workshop – PQCrypto 2008, volume 5299 of Lecture Notes in Computer Science, pages 31–46. Springer. http://www.springerlink.com/content/68v69185x478p53g.
Bernstein, D. J., Lange, T., e Peters, C. (2010). Wild McEliece. In Selected Areas in Cryptography – SAC 2010, volume 6544 of Lecture Notes in Computer Science, pages 143–158, Waterloo, Canada. Springer.
Bernstein, D., Lange, T., e Peters, C. (2011). Smaller decoding exponents: ball-collision decoding. In Advances in Cryptology – Crypto 2011, volume 6841 of Lecture Notes in Computer Science, pages 743–760, Santa Barbara, USA. Springer.
Bertoni, G., Daemen, J., Peeters, M., e Assche, G. V. (2007). Sponge functions. ECRYPT Hash Workshop 2007. Also available as public comment to NIST from http://www.csrc.nist.gov/pki/HashWorkshop/Public_Comments/2007_May.html.
Bhatkar, E., Duvarney, D. C., and Sekar, R. (2003). Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In USENIX Security, pages 105–120.
Bodik, R., Gupta, R., and Sarkar, V. (2000). ABCD: eliminating array bounds checks on demand. In PLDI, pages 321–333. ACM.
Boneh, D., Gentry, C., e Hamburg, M. (2007). Space-efficient identity based encryption without pairings. In FOCS, pages 647–657.
Bonetto, R., Bui, N., Lakkundi, V., Olivereau, A., Serbanati, A., e Rossi, M. (2012). Secure communication for smart iot objects: Protocol stacks, use cases and practical examples. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2012 IEEE International Symposium on a, pages 1–7. IEEE.
Braeken, A.,Wolf, C., e Preneel, B. (2005). A study of the security of unbalanced oil and vinegar signature schemes. In Topics in Cryptology – CT-RSA 2005, volume 3376 of Lecture Notes in Computer Science, pages 29–43. Springer.
Brakerski, Z. e Vaikuntanathan, V. (2011). Efficient fully homomorphic encryption from (standard) lwe. Electronic Colloquium on Computational Complexity (ECCC), 18:109.
Brezinski, D. e Killalea, T. (2002). Evidence Collection and Archiving. Disponível em: https://www.ietf.org/rfc/rfc3227.txt. Acesso em: Set. 2013.
Brumley, D., Song, D. X., cker Chiueh, T., Johnson, R., and Lin, H. (2007). RICH: Automatically protecting against integer-based vulnerabilities. In NDSS. USENIX.
Bruno R. Silva, Fernando M. Q. Pereira, L. B. O. A. A. F. L. (2013). Flow tracking: Uma ferramenta para detecção de vazamentos de informações sigilosas. In CBSoft. SBC.
Buchmann, J., Coronado, C., Dahmen, E., Döring, M., e Klintsevich, E. (2006). CMSS–an improved merkle signature scheme. In Progress in Cryptology – INDOCRYPT 2006, LNCS 4329, pages 349–363. Springe-Verlag.
Buchmann, J., Dahmen, E., e Hülsing, A. (2011b). XMSS-a practical secure signature scheme based on minimal security assumptions. In Cryptology ePrint Archive - Report 2011/484. ePrint.
Buchmann, J., Dahmen, E., e Schneider, M. (2008). Merkle tree traversal revisited. In Proceedings of the 2nd International Workshop on Post-Quantum Cryptography, pages 63–78. Springer-Verlag.
Buchmann, J., Dahmen, E., Ereth, S., Hülsing, A., e Rückert, M. (2011a). On the security of the winternitz one-time signature scheme. In German Research, pages 1–17.
Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., e Vuillaume, C. (2007). Merkle signatures with virtually unlimited signature capacity. In Applied Cryptography and Network Security - ACNS 2007, LNCS 4521, pages 31–45. Springer.
Buettner, M., Greenstein, B., Sample, A., Smith, J. R., e Wetherall, D. (2008). Revisiting smart dust with rfid sensor networks. In ACM Workshop on Hot Topics in Networks (HotNets-VII), 2008 7th. ACM.
BUTLER (2011). About the butler project. http://www.iot-butler.eu/about-butler.
Caro, R. J., Garrido, D., Plaza, P., Roman, R., Sanz, N., e Serrano, J. L. (2009). Smepp: A secure middleware for embedded p2p. In ICT Mobile and Wireless Communications Summit (ICTMobileSummit’ 09), Santander (Spain).
Carrier, B. (2005). File System Forensic Analysis. Addison Wesley Professional.
Carro, L. and Wagner, F. R. (2003). Sistemas computacionais embarcados. Jornadas de atualização em informática. Campinas: UNICAMP.
Carvey, H. (2009). Windows Forensic Analysis. DVD Toolkit. Syngress. 2nd Edition.
Cavoukian, A. (2012). Mobile near field communications: Keep it secure and private. Information Systems Security Association Journal, 10(8):12–17.
CERP-IoT (2010). Vision and challenges for realising the internet of things. [link].
Chappell, D. (2006). Introducing windows cardspace. Msnd technical articles, Microsoft Corporation. http://msdn.microsoft.com/en-us/library/aa480189.aspx.
Cole, E. (2003). Hiding in Plain Sight: Steganography and the Art of Covert Communication. “. John Wiley and Sons.
COMMUNITIES, C. C. O. T. E. (2008). Future networks and the internet: Early challenges regarding the internet of things. Technical report, CTEC.
Comparetti, P. M., Wondracek, G., Kruegel, C., and Kirda, E. (2009). Prospex: Protocol specification extraction. In Security and Privacy, 2009 30th IEEE Symposium on, pages 110–125. IEEE.
Cong, J., Fan, Y., Han, G., Lin, Y., Xu, J., Zhang, Z., and Cheng, X. (18-21 Jan. 2005). Bitwidth-aware scheduling and binding in high-level synthesis. Design Automation Conference, 2005. Proceedings of the ASP-DAC 2005. Asia and South Pacific, 2:856–861.
Contini, S., Lenstra, A. K., e Steinfeld, R. (2005). VSH, an Efficient and Provable Collision Resistant Hash Function. Cryptology ePrint Archive, Report 2005/193. http://eprint.iacr.org/.
Conzon, D., Bolognesi, T., Brizzi, P., Lotito, A., Tomasi, R., e Spirito, M. A. (2012). The virtus middleware: An xmpp based architecture for secure iot communications. In Computer Communications and Networks (ICCCN), 2012 21st International Conference on, pages 1–6. IEEE.
Courtois, N., Finiasz, M., e Sendrier, N. (2001). How to achieve a McEliece-based digital signature scheme. In Advances in Cryptology – Asiacrypt 2001, volume 2248 of Lecture Notes in Computer Science, pages 157–174, Gold Coast, Australia. Springer.
Courtois, N., Goubin, L., Meier, W., daniel Tacier, J., e Lab, C. C. (2002). Solving underdefined systems of multivariate quadratic equations. In Proceedings of Public Key Cryptography 2002, LNCS 2274, pages 211–227. Springer-Verlag.
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. (2005). The astrÉe analyzer. In ESOP’05.
Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., and Yakobowski, B. (2012). Frama-c: a software analysis perspective. In Proceedings of the 10th international conference on Software Engineering and Formal Methods, SEFM’12, pages 233–247, Berlin, Heidelberg. Springer-Verlag.
DAVID, D. and TIRI, K. (2005). Securing embedded systems.
DBAN (2013). Darik's Boot And Nuke. Disponível em: http://www.dban.org. Acesso em: Set. 2013.
De Souza, L. M. S., Spiess, P., Guinard, D., Köhler, M., Karnouskos, S., e Savio, D. (2008). Socrades: A web service based shop floor integration infrastructure. In The internet of things, pages 50–67. Springer.
Dhurjati, D., Kowshik, S., and Adve, V. (2006). Safecode: enforcing alias analysis for weakly typed languages. In PLDI ’06: Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation, pages 144–157, New York, NY, USA. ACM.
Dietz, W., Li, P., Regehr, J., and Adve, V. (2012). Understanding integer overflow in c/c++. In ICSE, pages 760–770. IEEE.
Dillon, H. (1999). Forensic scientists: A career in the crime lab. Disponível em: http://www.bls.gov/opub/ooq/1999/Fall/art01.pdf. Acesso em: Set. 2013.
Ding, J. e Schmidt, D. (2005). Rainbow, a new multivariable polynomial signature scheme. In International Conference on Applied Cryptography and Network Security – ACNS 2005, volume 3531 of Lecture Notes in Computer Science, pages 164–175. Springer.
DOD - Department of Defense (2001). Disposition of Unclassified DOD Computer Hard Drives. Disponível em: [link]. Acesso em: Set. 2013.
Dods, C., Smart, N., e Stam, M. (2005a). Hash based digital signature schemes. In Cryptography and Coding, pages 96–115. Springer Verlag LNCS 3796.
Dods, C., Smart, N., e Stam, M. (2005b). Hash-based digital signature schemes. In In Cryptography and Coding, LNCS 3796, pages 96–115. Springer.
Domenech, M. C. e Wangham, M. S. (2013). Uma infraestrutura de autenticação e de autorização para internet das coisas baseada no saml e xacml. In Segurança da Informação e de Sistemas Computacionais (SBSeg), 2013 13º Simpósio Brasileiro em. SBC.
Eckert, W. (1997). Introduction to Forensic Sciences. CRC Press (Originally published: New York: Elsevier, 1992).
EDT (Ensconce Data Technology, Inc.) (2006). Self-Inflicted Security Breaches Through Effective Hard Drive Sanitization. Disponível em: [link]. Acesso em: Set. 2013.
Ernst, M. D. (2003). Static and dynamic analysis: Synergy and duality. In WODA 2003: ICSE Workshop on Dynamic Analysis, pages 24–27. Citeseer.
Eronen, E. P. e Tschofenig, E. H. (2005). Pre-shared key ciphersuites for transport layer security (tls). http://tools.ietf.org/html/rfc4279.
ETSI (2011). Etsi ts 102 690 v1.1.1 – machine–to–machine communications (m2m); functional architecture. Technical report, ETSI.
Faugère, J.-C., Otmani, A., Perret, L., e Tillich, J.-P. (2010). Algebraic cryptanalysis of McEliece variants with compact keys. In Advances in Cryptology – Eurocrypt 2010, volume 6110 of Lecture Notes in Computer Science, pages 279–298, Nice, France. Springer.
Feenberg, D. (2003). Can Intelligence Agencies Read Overwritten Data? A response to Gutmann. Disponível em: http://www.nber.org/sysadmin/overwritten-data-guttman.html. Acesso em: Set. 2013.
Feliciano, G., Agostinho, L., Guimarães, E., e Cardozo1, E. (2011). Gerência de identidades federadas em nuvens:enfoque na utilização de soluções abertas. In Minicurso - SBSeg 2011 - Brasília - DF.
Fielding, R. T. e Taylor, R. N. (2002). Principled design of the modern web architecture. ACM Trans. Internet Technol., 2(2):115–150.
Folha (2008). Para agência dos EUA, Abadía traficou no Brasil. Disponível em http://www1.folha.uol.com.br/fsp/cotidian/ff1003200801.htm. Acesso em: Set. 2013.
Fongen, A. (2012). Identity management and integrity protection in the internet of things. In Emerging Security Technologies (EST), 2012 Third International Conference on, pages 111–114. IEEE.
Fu, Z., Jing, X., e Sun, S. (2011). Application-based identity management in m2m system. In Advanced Intelligence and Awareness Internet (AIAI 2011), 2011 International Conference on, pages 211–215. IEEE.
G1 (2010). Nem FBI consegue decifrar arquivos de Daniel Dantas, diz jornal. Disponível em [link]. Acesso em: Set. 2013.
G1 (2013) “Após fotos íntimas pararem na web, mulher diz sofrer preconceito diário”. Disponível em [link]. Acesso em: Set. 2013.
Gaborit, P. (2005). Shorter keys for code based cryptography. In International Workshop on Coding and Cryptography – WCC 2005, pages 81–91, Bergen, Norway. ACM Press.
Gallager, R. G. (1963). Low-density parity-check codes.
Garey, M. R. e Johnson, D. S. (1979). Computers and Intractability – A Guide to the Theory of NP-Completeness. W.H. Freeman and Company.
Garfinkel, S. (2007). Anti-Forensics: Techniques, Detection and Countermeasures. 2nd International Conference on i-Warface and Security. Disponível em: http://www.simson.net/clips/academic/2007.ICIW.AntiForensics.pdf. Acesso em: Set. 2013.
Garfinkel, S. L. e Shelat, A. (2003). Remembrance of data passed: a study of disk sanitization practices. IEEE Security & Privacy. Vol. 1(1). Páginas 17-27.
Garg, S., Gentry, C., e Halevi, S. (2013a). Candidate multilinear maps from ideal lattices. In EUROCRYPT, pages 1–17.
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., e Waters, B. (2013b). Candidate indistinguishability obfuscation and functional encryption for all circuits. IACR Cryptology ePrint Archive, 2013:451.
Gentry, C. (2009). A fully homomorphic encryption scheme. PhD thesis, Stanford University. https://crypto.stanford.edu/craig/.
Gentry, C. (2013). Encrypted messages from the heights of cryptomania. In TCC, pages 120–121.
Gentry, C., Peikert, C., e Vaikuntanathan, V. (2008). Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of the 40th annual ACM symposium on Theory of computing, STOC ’08, pages 197–206, New York, NY, USA. ACM.
Gentry, C., Sahai, A., e Waters, B. (2013). Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In CRYPTO (1), pages 75–92.
Gibson, J. K. (1996). The security of the Gabidulin public key cryptosystem. In Advances in Cryptology – Eurocrypt 1996, volume 1070 of Lecture Notes in Computer Science, pages 212–223, Zaragoza, Spain. Springer.
Goldreich, O., Goldwasser, S., e Halevi, S. (1997). Publickey cryptosystems from lattice reduction problems. In Advances in Cryptology— CRYPTO ’97, Lecture Notes in Computer Science, pages 112–131. Springer-Verlag.
Goppa, V. D. (1970). A new class of linear error correcting codes. Problemy Peredachi Informatsii, 6:24–30.
Gorlatova, M., Sharma, T., Shrestha, D., Xu, E., Chen, J., Skolnik, A., Piao, D., Kinget, P., Kymissis, J., Rubenstein, D., e Zussman, G. (2010). Prototyping energy harvesting active networked tags (enhants) with mica2 motes. In Sensor Mesh and Ad Hoc Communications and Networks (SECON), 2010 7th Annual IEEE Communications Society Conference on, pages 1–3.
Government of Canada (2006). Clearing And Declassifying Electronic Data Storage Devices. Communications Security Establishment. Disponível em: http://www.cse-cst.gc.ca/documents/publications/itsgcsti/itsg06-eng.pdf. Acesso em: Set. 2013.
Graf, S., Zholudev, V., Lewandowski, L., e Waldvogel, M. (2011). Hecate, managing authorization with restful xml. In Proceedings of the Second International Workshop on RESTful Design, pages 51–58. ACM.
Group, W. W. (2004). Web services architecture. http://www.w3.org/TR/ws-arch/.
Gruschka, N. e Gessner, D. (2012). Project deliverable d4.2 - concepts and solutions for privacy and security in the resolution infrastructure. http://www.iot-a.eu/public/public-documents/d4.2/at_download/file.
GS1-EPCglobal (2009). The epcglobal architecture framework, epcglobal final version 1.3.
Gubbi, J., Buyya, R., Marusic, S., e Palaniswami, M. (2013). Internet of things (iot): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7):1645– 1660.
Guinard, D. e Trifa, V. (2009). Towards the web of things: Web mashups for embedded devices. In Workshop on Mashups, Enterprise Mashups and Lightweight Composition on the Web (MEM 2009).
Guinard, D., Fischer, M., e Trifa, V. (2010). Sharing using social networks in a composable web of things. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2010 8th IEEE International Conference on, pages 702–707.
Guinard, D., Trifa, V., Mattern, F., e Wilde, E. (2011). From the internet of things to the web of things: Resource-oriented architecture and best practices. In Uckelmann, D., Harrison, M., e Michahelles, F., editors, Architecting the Internet of Things, pages 97–129. Springer Berlin Heidelberg.
Gupta, M. R, Hoeschele, M. D. e Rogers M. K. (2006). Hidden Disk Areas: HPA and DCO. International Journal of Digital Evidence, Vol. 5, Issue 1. Disponível em: [link]. Acesso em: Set. 2013.
Gutmann, P. (1996). Secure Deletion of Data from Magnetic and Solid-State Memory. Sixth USENIX Security Symposium. Disponível em [link]. Acesso em: Set. 2013.
Gutmann, P. (2004). Cryptographic Security Architecture: Design and Verification. NewYork: Springer-Verlag.
Hamacher, V. C., Vranesic, Z., Zaky, S., and Manjikian, N. (2012). Computer organization and embedded systems. McGraw-Hill.
Han, Q. e Li, J. (2012). An authorization management approach in the internet of things. Journal of Information & Computational Science, 9(6):1705–1713.
Hannan, M. (2004). To Revisit: What is Forensic Computing? 2nd Australian Computer Network & Information Forensics Conference.
Hanumanthappa, P. e Singh, S. (2012). Privacy preserving and ownership authentication in ubiquitous computing devices using secure three way authentication. In Innovations in Information Technology (IIT), 2012 International Conference on, pages 107–112. IEEE.
Hardt, E. D. (2012). The oauth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.
Harris, R. (2006). Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. Digital Investigation, Vol. 3. Páginas 44–49. Elsevier.
Heer, T. M. (2006). Lhip - lightweight authentication for the host identity protocol. Master’s thesis, University of Tübingen.
HEIDI COMPUTERS LIMITED (2013). About Heidi Computers. Disponível em: http://heidi.ie/eraser/faq.php. Acesso em: Set. 2013.
Hennebert, C., Denis, B., Gall, F. L., Copigneaux, B., Clari, F., Sottile, F., Mauro, F., Smadja, P., Pascali, S., Preuveneers, D., Ramakrishnan, A., Sancho, J., Shrestha, A., Valla, M., Salazar, M. F., Monjas, M.-A., Macagnano, D., e Korhonen, J. (2013). D2.4 - selected technologies for the butler platform. http://www.iot-butler.eu/wp-content/plugins/download-monitor/download.php?id=22.
Henrique Nazaré Santos, Fernando Magno Quintão Pereira, L. B. O. (2013). Verificação estática de acessos a arranjos em c. In Anais do XIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, SBSEG 2013, Manaus, Brazil. Sociedade Brasileira de Computação (SBC).
HIDE (2010). Hide & Reveal. Disponível em http://hidereveal.ncottin.net/. Acesso em: Set. 2013.
Hoffstein, J., Pipher, J., e Silverman, J. H. (1998). Ntru: A ringbased public key cryptosystem. In Lecture Notes in Computer Science, pages 267–288. Springer-Verlag.
Hopcroft, J. E. (2008). Introduction to Automata Theory, Languages, and Computation, 3/E. Pearson Education India.
Horrow, S. e Sardana, A. (2012). Identity management framework for cloud based internet of things. In Proceedings of the First International Conference on Security of Internet of Things, pages 200–203. ACM.
Howard, M. and Thomlinson, M. (2007). Windows Vista ISV Security. Microsoft Corporation, April, 6.
Hu, V. C. e Scarfone, K. (2012). Guidelines for access control system evaluation metrics. Technical report, National Institute of Standards and Technology.
Hu, V. C., Ferraiolo, D., Kuhn, R., Friedman, A. R., Lang, A. J., Cogdell, M. M., Schnitzer, A., Sandlin, K., Miller, R., e Scarfone, K. (2013). Guide to attribute based access control (abac) definition and considerations (draft). Technical report, National Institute of Standards and Technology.
Huffman, W. e Pless, V. (2003). Fundamentals of Error-Correcting Codes. Cambridge University Press.
Hughes, G., Coughlin, T. e Commins, D. (2009). Disposal of Disk and Tape Data by Secure Sanitization. IEEE Security & Privacy. Vol. 7(4). Páginas 29-34.
Hummen, R., Ziegeldorf, J. H., Shafagh, H., Raza, S., e Wehrle, K. (2013). Towards viable certificate-based authentication for the internet of things. In Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy, pages 37–42.
IETF (2007). Ipv6 over low-power wireless personal area networks (6lowpans): overview, assumptions, problem statement, and goals. RFC4919. http://tools.ietf.org/html/rfc4919.
INFO (2008). Abadía usou e-mail cifrado para traficar. Disponível em http://info.abril.com.br/aberto/infonews/032008/10032008-3.shl. Acesso em: Set. 2013.
Intel Corporation. Intel 64 and ia-32 Architectures Software Developers Manual – System Programming Guide, part 1.
IoT-A (2009). Introduction. http://www.iot-a.eu/public.
ITU (2005). Itu internet reports 2005: The internet of things.
ITU (2009). Ngn identity management framework. Recommendation Y.2720.
J. Buchmann, E. D. e Szydlo, M. (2008). Hash-based digital signature schemes. In Post-Quantum Cryptography, pages 35–92. Springer.
James, D. (2006). Forensically Unrecoverable Hard Drive Data Destruction. Infosec Writers. Disponível em: [link]. Acesso em: Set. 2013.
Jara, A. J., Marin, L., Skarmeta, A. F., Singh, D., Bakul, G., e Kim, D. (2011). Secure mobility management scheme for 6lowpan id/locator split architecture. In Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2011 Fifth International Conference on, pages 310–315. IEEE.
Jardim, W. F. (2013). Gerenciamento de Resíduos Químicos. Universidade Estadual de Campinas – UNICAMP. Disponível em: http://lqa.iqm.unicamp.br/pdf/LivroCap11.PDF. Acesso em: Set. 2013.
JETICO (2013). BestCrypt Container Encryption. Disponível em: [link]. Acesso em: Set. 2013.
Jim, T., Morrisett, J. G., Grossman, D., Hicks, M. W., Cheney, J., and Wang, Y. (2002). Cyclone: A safe dialect of c. In Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference, ATEC ’02, pages 275–288, Berkeley, CA, USA. USENIX Association.
Jindou, J., Xiaofeng, Q., e Cheng, C. (2012). Access control method for web of things based on role and sns. In Computer and Information Technology (CIT), 2012 IEEE 12th International Conference on, pages 316–321. IEEE.
Jones, J. R. (2007). Estimating software vulnerabilities. Security & Privacy, IEEE, 5(4):28–32.
Jonhson, N. e Jajodia, S. (1998). Exploring Steganography: Seeing the Unseen. IEEE Computer. Vol. 31(2). Páginas 26-34
Juels, A. (2006). Rfid security and privacy: a research survey. Selected Areas in Communications, IEEE Journal on, 24(2):381–394.
Kemp, B. M. e Smith, D. G. (2005). Use of bleach to eliminate contaminating DNA from the surface of bones and teeth. Forensic Science International, Vol. 154. Páginas 53-61. Disponível em: [link]. Acesso em: Set. 2013.
Kent, K., Chevalier, S., Grance, T. e Dand, H. (2006). Guide to Integrating Forensic Techniques into Incident Response - Recommendations of the National Institute of Standards and Technology. Disponível em [link]. Acesso em: Set. 2013.
Kipnis, A. e Shamir, A. (1998). Cryptanalysis of the oil and vinegar signature scheme. In Krawczyk, H., editor, Advances in Cryptology – Crypto 1998, volume 1462 of Lecture Notes in Computer Science, pages 257–266. Springer.
Kipnis, A., Patarin, J., e Goubin, L. (1999). Unbalanced oil and vinegar signature schemes. In Stern, J., editor, In Advances in Cryptology – EUROCRYPT 1999, volume 1592 of Lecture Notes in Computer Science, pages 206–222. Springer.
Kipnis, A., Patarin, J., e Goubin, L. (2003). Unbalanced oil and vinegar signature schemes – extended version.
Kissel, R., Scholl, M., Skolochenko, S. e Li, X. (2012). Guidelines for Media Sanitization Recommendations of the National Institute of Standards and Technology. Disponível em: http://permanent.access.gpo.gov/gpo29126/sp800-88-r1-draft.pdf. Acesso em: Set. 2013.
Konidala, D. M., Duc, D. N., Lee, D., e Kim, K. (2005). A capability-based privacypreserving scheme for pervasive computing environments. In Pervasive Computing and Communications Workshops, 2005. PerCom 2005 Workshops. Third IEEE International Conference on, pages 136–140. IEEE.
Koopman, P. (2004). Embedded system security. Computer, 37(7):95–97.
Kothmayr, T., Schmitt, C., Hu, W., Brunig, M., e Carle, G. (2012). A dtls based end-to-end security architecture for the internet of things with two-way authentication. In Local Computer Networks Workshops (LCN Workshops), 2012 IEEE 37th Conference on, pages 956–963. IEEE.
Lamport, L. (1979). Constructing digital signatures from a one way function. In SRI International. CSL-98.
Lattner, C. and Adve, V. (2005). Automatic Pool Allocation: Improving Performance by Controlling Data Structure Layout in the Heap. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’05), Chigago, Illinois.
Lenstra, A. K., Lenstra, H.W., e Lovász, L. (1982). Factoring polynomials with rational coefficients. Mathematische Annalen, 261(4):515–534.
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., e Waters, B. (2010). Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Gilbert, H., editor, Advances in Cryptology – EUROCRYPT 2010, volume 6110 of Lecture Notes in Computer Science, pages 62–91. Springer Berlin Heidelberg.
Lhairech-Lebreton, G., Coussy, P., Heller, D., and Martin, E. (2010). Bitwidth-aware high-level synthesis for designing low-power dsp applications. In ICECS, pages 531–534. IEEE.
Li, N., Wang, Q., e Deng, Z. (2010). Authentication framework of iiedns based on ldap & kerberos. In Broadband Network and Multimedia Technology (IC-BNMT), 2010 3rd IEEE International Conference on, pages 695–699. IEEE.
Li, P. and Regehr, J. (2010). T-check: bug finding for sensor networks. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, pages 174–185. ACM.
Lin, H., Yang, M., Long, F., Zhang, L., and Zhou, L. (2009). Modist: transparent model checking of unmodified distributed systems. In NSDI.
Liu, J., Xiao, Y., e Chen, C. P. (2012). Authentication and access control in the internet of things. In Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on, pages 588–592. IEEE.
Logozzo, F. and Fahndrich, M. (2008). Pentagons: a weakly relational abstract domain for the efficient validation of array accesses. In SAC, pages 184–188. ACM.
Lopes, M., Gabriel, M. e Bareta, G. (2006). Cadeia de Custódia: Uma Abordagem Preliminar. Disponível em: [link]. Acesso em: Set. 2013.
LUFTECH (2013). Incineradores. Disponível em: http://www.luftech.com.br/arquivos/incinerador.htm. Acesso em: Set. 2013.
Lyubashevsky, V., Peikert, C., e Regev, O. (2010). On ideal lattices and learning with errors over rings. Advances in Cryptology EUROCRYPT 2010, 6110/2010(015848):1?23.
MacWilliams, F. J. e Sloane, N. J. A. (1977). The theory of error-correcting codes, volume 16. North-Holland Mathematical Library, Amsterdam, The Netherlands.
Mahalle, P. N., Anggorojati, B., Prasad, N. R., e Prasad, R. (2012). Identity establishment and capability based access control (iecac) scheme for internet of things. In Wireless Personal Multimedia Communications (WPMC), 2012 15th International Symposium on, pages 187–191. IEEE.
Mahalle, P. N., Anggorojati, B., Prasad, N. R., e Prasad, R. (2013a). Identity authentication and capability based access control (iacac) for the internet of things. Journal of Cyber Security and Mobility, 1(4):309–348.
Mahalle, P. N., Prasad, N. R., e Prasad, R. (2013b). Object classification based context management for identity management in internet of things. International Journal of Computer Applications, 63(12).
Mahalle, P., Babar, S., Prasad, N. R., e Prasad, R. (2010). Identity management framework towards internet of things (iot): Roadmap and key challenges. In Recent Trends in Network Security and Applications, pages 430–439. Springer.
Mahlke, S., Ravindran, R., Schlansker, M., Schreiber, R., and Sherwood, T. (2001). Bitwidth cognizant architecture synthesis of custom hardware accelerators. Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, 20(11):1355–1371.
Maler, E. e Reed, D. (2008). The venn of identity: Options and issues in federated identity management. IEEE Security & Privacy, 6(2):16–23.
Mamun, A., Guo, G. e Bi, C. (2007). Hard Disk Drive - Mechatronics and Control. CRC Press.
Martinez, D., Blanes, F., Simo, J., e Crespo, A. (2008). Wireless sensor and actuator networks: Charecterization and case study for confined spaces healthcare applications. In Computer Science and Information Technology, 2008. IMCSIT 2008. International Multiconference on, pages 687–693.
Marwedel, P. (2011). Embedded system design. Springer.
Matyas, S., Meyer, C., e Oseas, J. (1985). Generating strong oneway functions with cryptographic algorithm. IBM Techn. Disclosure Bull.
MAXQ (2013). DeepCover Secure Microcontroller with Rapid Zeroization Technology and Cryptography. Disponível em: http://www.maximintegrated.com/. Acesso em: Set. 2013.
McEliece, R. (1978). A public-key cryptosystem based on algebraic coding theory. The Deep Space Network Progress Report, DSN PR 42–44. http://ipnpr.jpl.nasa.gov/progressreport2/42-44/44N.PDF. Acesso em: 18 de outubro de 2013.
McGraw, G. (2006). Software security: building security in, volume 1. Addison-Wesley Professional.
Means, R. L (2003). Alternate Data Streams: Out of the Shadows and into the Light. SANS Institute. Disponível em: [link]. Acesso em: Set. 2013.
Merkle, R. (1987). A digital signature based on a conventional encryption function. In Proceedings of Crypto ’87, pages 369–378. Springer.
Merkle, R. C. (1979). Secrecy, Authentication, and Public Key Systems. Stanford Ph.D. thesis.
Micciancio, D. e Peikert, C. (2012). Trapdoors for lattices: Simpler, tighter, faster, smaller. In Pointcheval, D. e Johansson, T., editors, Advances in Cryptology – EUROCRYPT 2012, volume 7237 of Lecture Notes in Computer Science, pages 700–718. Springer Berlin Heidelberg.
Microsoft Support. A detailed description of the data execution prevention (dep) feature in windows xp service pack 2, windows xp tablet pc edition 2005, and windows server 2003. @ONLINE. 4 http://support.microsoft.com/kb/875352/EN-US/.
Microsoft Support. Microsoft. /SAFESEH Compiler Switch.
Miller, V. S. (1986). Use of elliptic curves in cryptography. In Advances in Cryptology — Crypto ’85, pages 417–426, New York. Springer-Verlag.
Miorandi, D., Sicari, S., De Pellegrini, F., e Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7):1497–1516.
Misoczki, R., Sendrier, N., Tilllich, J.-P., e Barreto, P. S. L. M. (2012). MDPC-McEliece: New McEliece variants from moderate density parity-check codes. Cryptology ePrint Archive, Report 2012/409. http://eprint.iacr.org/2012/409.
Misra, D. K. (1987). A quasi-static analysis of open-ended coaxial lines (short paper). Microwave Theory and Techniques, IEEE Transactions on, 35(10):925– 928.
Mock, M. (2003). Dynamic analysis from the bottom up. In WODA 2003 ICSE Workshop on Dynamic Analysis, page 13. Citeseer.
Molnar, D., Li, X. C., and Wagner, D. A. (2009). Dynamic test generation to find integer bugs in x86 binary linux programs. In Proc. USENIX security symposium.
Monico, C., Rosenthal, J., e Shokrollahi, A. (2000). Using low density parity check codes in the McEliece cryptosystem. In IEEE International Symposium on Information Theory – ISIT 2000, page 215, Sorrento, Italy. IEEE.
Montenegro, G., Kushalnagar, N., Hui, J., e Culler, D. (2007). Rfc4944 - transmission of ipv6 packets over ieee 802.15.4 networks. https://datatracker.ietf.org/doc/rfc4944/.
Morais, E. M. e Dahab, R. (2012). Encriptação homomórfica. SBSeg.
Moskowitz, R. (2012). Hip diet exchange (dex). http://tools.ietf.org/html/draft-moskowitz-hip-dex-00.
Moskowitz, R., Nikander, P., Jokela, E. P., e Henderson, T. (2008). Host identity protocol. http://www.ietf.org/rfc/rfc5201.txt.
Mukasey, M. B., Sedgwick, J. L. e Hagy, D. W. (2001). Electronic Crime Scene Investigation: A Guide for First Responders. U.S. Department of Justice - 2nd Edition. Disponível em: http://www.ncjrs.gov/pdffiles1/nij/219941.pdf. Acesso em: Set. 2013.
Nagarakatte, S., Zhao, J., Martin, M. M., and Zdancewic, S. (2009). Softbound: Highly compatible and complete spatial safety for c. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation.
Nagarakatte, S., Zhao, J., Martin, M. M., and Zdancewic, S. (2010). Cets: compiler enforced temporal safety for c. SIGPLAN Not., 45(8):31–40.
Nethercote, N. and Seward, J. (2007). Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Not., 42(6):89– 100.
Nguyen, P. e Regev, O. (2006). Learning a parallelepiped: Cryptanalysis of ggh and ntru signatures. In Vaudenay, S., editor, Advances in Cryptology - EUROCRYPT 2006, volume 4004 of Lecture Notes in Computer Science, pages 271– 288. Springer Berlin Heidelberg.
Nguyen, T.-D., Al-Saffar, A., e Huh, E.-N. (2010). A dynamic id-based authentication scheme. In Networked Computing and Advanced Information Management (NCM), 2010 Sixth International Conference on, pages 248–253. IEEE.
Niederreiter, H. (1986). Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory, 15(2):159–166.
Nilsson, J. W. and Riedel, S. A. (2009). Circuitos Eletricos, volume 8. Pearson Prentice Hall.
NIST (2007). Digital Signature Standard (DSS). FIPS PUB-186-2, http://csrc.nist.gov/publications/fips.
Nogueira, M., Santos, A., Torres, J., Zanella, A., e Danielewicz, Y. (2011). Gerência de identidade na internet do futuro. In Minicurso - SBRC 2011 - Campo Grande - MS.
Nolan, R., O’Sullivan, C., Branson, J. e Waits, C. (2005). First Responders Guide to Computer Forensics. CERT Training and Education. Disponível em: http://www.cert.org/archive/pdf/FRGCF_v1.3.pdf. Acesso em: Set. 2013.
NSA - NATIONAL SECURITY AGENCY (2012). Evaluated Products List - Degausser. Disponível em: [link]. Acesso em: Set. 2013.
NSA - National Security Agency (2013). NSA/CSS Storage Device Declassification Manual. Disponível em: [link]. Acesso em: Set. 2013.
NXP (2013). Designed for high-security smart card applications requiring highly reliably solutions. Disponível em: [link]. Acesso em: Set. 2013.
O’Handely, R. C. (2000). Modern Magnetic Materials: Principles and Applications”. John Wiley and Sons.
OASIS (2003). A brief introduction to xacml. [link].
OASIS (2008). Security assertion markup language (saml) v2.0 - technical overview. [link].
Oliveira, A. K. D. S. e López, J. (2013). Implementação em software do esquema de assinatura digital de merkle e suas variantes. SBSeg.
OpenID (2007). Openid authentication 2.0 - final. http://openid.net/specs/openid-authentication-2_0.html.
OPENIoT (2012). Eu ict open iot project. http://openiot.eu/?q=node/1.
Otmani, A., Tillich, J.-P., e Dallot, L. (2010). Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes. Mathematics in Computer Science, 3(2):129–140.
Ottenstein, K. J., Ballance, R. A., and MacCabe, A. B. (1990). The program dependence web: a representation supporting control-, data-, and demand-driven interpretation of imperative languages. In PLDI. ACM.
Patarin, J. (1996). Hidden fields equations (hfe) and isomorphisms of polynomials (ip): Two new families of asymmetric algorithms. In Maurer, U., editor, Advances in Cryptology – EUROCRYPT ’96, volume 1070 of Lecture Notes in Computer Science, pages 33–48. Springer Berlin Heidelberg.
Patarin, J. (1997). The oil and vinegar signature scheme. In Dagstuhl Workshop on Cryptography. transparencies.
Patarin, J. e Goubin, L. (1997). Trapdoor one-way permutations and multivariate polynomials. In Proc. of ICICS’97, LNCS 1334, pages 356–368. Springer.
Patarin, J., Goubin, L., e Courtois, N. (1998). Improved algorithms for isomorphisms of polynomials. In Advances in Cryptology – EUROCRYPT ’98 (Kaisa Nyberg, Ed, pages 184–200. Springer-Verlag.
Patterson, J. R. C. (1995). Accurate static branch prediction by value range propagation. In PLDI, pages 67–78. ACM.
Patterson, N. J. (1975). The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory, 21(2):203–207.
PaX Team (2000). Pax Non-eXecutable Stack (nx) @ONLINE. http://pax.grsecurity.net/docs/noexec.txt.
PaX Team (2001). Pax address space layout randomization (aslr) @ONLINE. http://pax.grsecurity.net/docs/aslr.txt.
Peikert, C. (2009). Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In Proceedings of the 41st annual ACM symposium on Theory of computing, STOC ’09, pages 333–342, New York, NY, USA. ACM.
Pereira, F. M. Q. and Palsberg, J. (2008). Register allocation by puzzle solving. In PLDI, pages 216–226. ACM.
Peron, C. S. J. e Legary, M. (2008). Digital anti-forensics: emerging trends in data transformation techniques. Seccuris Labs. Disponível em: http://www.ide.bth.se/~andersc/kurser/DVC013/PDFs/Seccuris-Antiforensics.pdf. Acesso em: Set. 2013.
Petzoldt, A., Bulygin, S., e Buchmann, J. (2010a). CyclicRainbow – a multivariate signature scheme with a partially cyclic public key. In Gong, G. e Gupta, K., editors, Progress in Cryptology – Indocrypt 2010, volume 6498 of Lecture Notes in Computer Science, pages 33–48. Springer Berlin Heidelberg.
Petzoldt, A., Bulygin, S., e Buchmann, J. (2010b). Cyclicrainbow - a multivariate signature scheme with a partially cyclic public key. In Gong, G. e Gupta, K. C., editors, INDOCRYPT, volume 6498 of Lecture Notes in Computer Science, pages 33–48. Springer.
Petzoldt, A., Bulygin, S., e Buchmann, J. (2010c). Selecting parameters for the Rainbow signature scheme. In Sendrier, N., editor, Post-Quantum Cryptography Workshop – PQCrypto 2010, volume 6061 of Lecture Notes in Computer Science, pages 218–240. Springer Berlin / Heidelberg. Extended Version: http://eprint.iacr.org/2010/437.
Petzoldt, A., Bulygin, S., e Buchmann, J. (2011). Linear recurring sequences for the UOV key generation. In International Conference on Practice and Theory in Public Key Cryptography – PKC 2011, volume 6571 of Lecture Notes in Computer Science, pages 335–350. Springer Berlin Heidelberg.
Piper, F. e Murphy, S. (2002). Cryptography: A Very Short Introduction. Oxford University Press.
Pop, A. R. and Specialist, S. S. (2010). Dep/aslr implementation progress in popular third-party windows applications.
Prazeres, C. V. S. e do Prado Filho, T. G. (2013). Gestão de identidade, autenticação e autorização na web das coisas - relatório técnico de acompanhamento. Technical report, Rede Nacional de Ensino e Pesquisa.
Preneel, B. (1983). Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven.
Presidência da República (2012) “LEI Nº 12.737, Dispõe sobre a tipificação criminal de delitos informáticos”. Disponível em [link]. Acesso em: Set. 2013.
Quadros, G. S. and Pereira, F. M. Q. (2011). Static detection of address leaks. In SBSeg, pages 23–37.
Quadros, G. S. and Pereira, F. M. Q. (2012a). Dynamic detection of address leaks. In Anais do XII Simpósio Brasileiro em Segurança da Informação e de Sistemas de Computacionais, SBESEG 2012.
Quadros, G. S. and Pereira, F. M. Q. (2012b). A static analysis tool to detect address leaks. In CBSoft – Tools.
Quisquater, J.-J., Guillou, L., Annick, M., e Berson, T. (1989). How to explain zero-knowledge protocols to your children. In Proceedings on Advances in cryptology, CRYPTO ’89, pages 628–631, New York, NY, USA. Springer-Verlag New York, Inc.
Rabin, M. O. (1978). Foundations of secure computation, chapter Digitalized signatures. Academic Press.
Recordon, D. e Reed, D. (2006). Openid 2.0: a platform for user-centric identity management. In Proceedings of the second ACM workshop on Digital identity management, DIM ’06, pages 11–16, New York, NY, USA. ACM.
Regev, O. (2010). The learning with errors problem (invited survey). In IEEE Conference on Computational Complexity, pages 191–204. IEEE Computer Society.
Rescorla, E. e Modadugu, N. (2012). Datagram transport layer security version 1.2. http://tools.ietf.org/html/rfc6347.
Richarte, G. et al. (2002). Four different tricks to bypass stackshield and stackguard protection. World Wide Web, http://www1.corest.com/files/files/11/StackGuardPaper.pdf.
Rivest, R. L., Shamir, A., e Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21:120–126.
Robertson, W. K., Kruegel, C., Mutz, D., and Valeur, F. (2003). Run-time detection of heap-based overflows. In LISA, volume 3, pages 51–60.
Rodrigues, R. E., Campos, V. H. S., and Pereira, F. M. Q. (2013). A fast and low overhead technique to secure programs against integer overflows. In CGO, pages 1–11. ACM.
Roman, R., Lopez, J., e Najera, P. (2011a). A cross-layer approach for integrating security mechanisms in sensor networks architectures. Wireless Communications and Mobile Computing, 11:267–276.
Roman, R., Najera, P., e Lopez, J. (2011b). Securing the internet of things. Computer, 44(9):51–58.
Rotondi, D., Seccia, C., e Piccione, S. (2011). Access control & iot: Capability based authorization access control system. In 1st IoT International Forum.
Rus, S., Rauchwerger, L., and Hoeflinger, J. (2003). Hybrid analysis: Static & dynamic memory reference analysis. International Journal of Parallel Programming, 31(4):251–283.
Sahai, A. e Waters, B. (2012). Attribute-based encryption for circuits from multilinear maps. CoRR, abs/1210.5287.
Saied, Y. B. e Olivereau, A. (2012a). D-hip: A distributed key exchange scheme for hip-based internet of things. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2012 IEEE International Symposium on a, pages 1–7. IEEE.
Saied, Y. B. e Olivereau, A. (2012b). Hip tiny exchange (tex): A distributed key exchange scheme for hip-based internet of things. In Communications and Networking (ComNet), 2012 Third International Conference on, pages 1–8. IEEE.
Saint-Andre, E. P. (2004). Extensible messaging and presence protocol (xmpp): Core. http://www.ietf.org/rfc/rfc3920.txt.
Sakimura, N., Bradley, J., Jones, M. B., de Medeiros, B., e Mortimore, C. (2013). Openid connect basic client profile 1.0 - draft 28. http://openid.net/specs/openid-connect-basic-1_0.html.
Santos, M. d. L., Domenech, M. C., e Wangham, M. S. (2013). Gestão de identidades na web das coisas: Um estudo de caso em saúde eletrônica. In Segurança da Informação e de Sistemas Computacionais (SBSeg), 2013 13o Simpósio Brasileiro em. SBC.
Sasnauskas, R., Landsiedel, O., Alizai, M. H.,Weise, C., Kowalewski, S., and Wehrle, K. (2010). Kleenet: discovering insidious interaction bugs in wireless sensor networks before deployment. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, pages 186– 196. ACM.
Schaffers, H., Komninos, N., Pallot, M., Trousse, B., Nilsson, M., e Oliveira, A. (2011). Smart cities and the future internet: Towards cooperation frameworks for open innovation. In Domingue, J., Galis, A., Gavras, A., Zahariadis, T., Lambert, D., Cleary, F., Daras, P., Krco, S., Müller, H., Li, M.-S., Schaffers, H., Lotz, V., Alvarez, F., Stiller, B., Karnouskos, S., Avessta, S., e Nilsson, M., editors, The Future Internet, volume 6656 of Lecture Notes in Computer Science, pages 431–446. Springer Berlin Heidelberg.
Schwartz, E. J., Avgerinos, T., and Brumley, D. (2011). Q: Exploit hardening made easy. In USENIX Security Symposium.
Seitz, L., Selander, G., e Gehrmann, C. (2013). Authorization framework for the internet-of-things. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), IEEE 14th International Symposium and Workshops on a, pages 1–6. IEEE.
SEM – Security Engineered Machinery (2005). Hard Drive Destruction Model 22 HDD SEM. Disponível em: [link]. Acesso em: Set. 2013.
Sendrier, N. (2011). Decoding one out of many. In Yang, B.-Y., editor, Post-Quantum Cryptography, volume 7071 of Lecture Notes in Computer Science, pages 51–67. Springer Berlin / Heidelberg. 10.1007/978-3-642-25405-5-4.
Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D. (2012). Addresssanitizer: a fast address sanity checker. In USENIX, pages 28–28. USENIX Association.
Shacham, H. (2007). The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In CCS, pages 552–561. ACM.
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., and Boneh, D. (2004a). On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security, CCS ’04, pages 298–307, New York, NY, USA. ACM.
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., and Boneh, D. (2004b). On the Effectiveness of Address-Space Randomization. In Proceedings of the 11th ACM conference on Computer and communications security, pages 298–307. ACM.
Shah, A. (2008). Laptops Lost Like Hot Cakes At US Airports. CIO Magazine. Disponível em: [link]. Acesso em: Set. 2013.
Shor, P. W. (1997). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput., 26:1484–1509.
Silva, E. F., Fernandes, N. C., Rodriguez, N., Magalhaes, L. C. S., e Saade, D. C. M. (2013). Gestão de identidade em redes experimentais para a internet do futuro. In Minicurso - SBRC2013 - Brasília - DF.
Slade, R. (2004). Software Forensics: Collecting Evidence from the Scene of a Digital Crime”. McGraw-Hill Professional.
Solar Designer (1997). Return-to-libc Attack.
Souza, M. R. S., Guillon, C., Pereira, F. M. Q., and da Silva Bigonha, M. A. (2011). Dynamic elimination of overflow tests in a trace compiler. In CC, pages 2–21.
Steel, C. (2006). Windows Forensics: The Field Guide for Corporate Computer Investigations. John Wiley and Sons.
Stehlé, D. e Steinfeld, R. (2011). Making ntru as secure as worst-case problems over ideal lattices. In Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology, EUROCRYPT’11, pages 27–47, Berlin, Heidelberg. Springer-Verlag.
Stephenson, M., Babb, J., and Amarasinghe, S. (2000). Bitwidth analysis with application to silicon compilation. In PLDI, pages 108–120. ACM.
Stern, J. (1989). A method for finding codewords of small weight. Coding Theory and Applications, 388:106–133.
Stern, J. (1995). Can one design a signature scheme based on errorcorrecting codes? Lecture Notes in Computer Science, 917:424–??
Sumant Kowshik, D. D. and Adve, V. (2002). Ensuring Code Safety Without Runtime Checks for Real-Time Control Systems. In Proc. Int’l Conf. on Compilers Architecture and Synthesis for Embedded Systems, 2002, Grenoble, France.
Sutherland, I., Evans, J., Tryfonas, T. e Blyth, A. (2008). Acquiring Volatile Operating System Data Tools and Techniques. ACM SIGOPS Operating Systems Review. Vol. 42(3). Páginas 65-73.
Szydlo, M. (2003). Merkle tree traversal in log space and time. In Prepint version, 2003.
Tallam, S. and Gupta, R. (2003). Bitwidth aware global register allocation. In POPL, pages 85–96, New York, NY, USA. ACM.
Tanner, R. M. (2001). Spectral graphs for quasi-cyclic LDPC codes. In IEEE International Symposium on Information Theory – ISIT 2001, page 226, Washington, DC, USA. IEEE.
TECHNET - Microsoft Corporation (2003). How NTFS Works. Disponível em: http://technet.microsoft.com/en-us/library/cc781134.aspx. Acesso em: Set. 2013.
TERRA (2008). Abadia usava Hello Kitty para enviar ordens. Disponível em [link]. Acesso em: Set. 2013.
Thomae, E. (2012). A generalization of the Rainbow band separation attack and its applications to multivariate schemes. Cryptology ePrint Archive, Report 2012/223. http://eprint.iacr.org/2012/223.
Tran, M., Etheridge, M., Bletsch, T., Jiang, X., Freeh, V., and Ning, P. (2011). On the expressiveness of return-into-libc attacks. In Recent Advances in Intrusion Detection, pages 121–141. Springer.
Tripp, O., Pistoia, M., Fink, S. J., Sridharan, M., and Weisman, O. (2009). Taj: effective taint analysis of web applications. In ACM Sigplan Notices, volume 44, pages 87–97. ACM.
TRUECRYPT (2013). Truecrypt. Disponível em: http://www.truecrypt.org. Acesso em: Set. 2013.
Ulbrich, H. C. e Valle, J. D. (2004). Universidade H4ck3r. São Paulo: Digerati, 4th Edition.
Umaña, V. G. e Leander, G. (2010). Practical key recovery attacks on two McEliece variants. In International Conference on Symbolic Computation and Cryptography – SCC 2010, Egham, UK. Springer.
US-CERT (2008). Computer Forensics. Disponível em: http://www.us-cert.gov/reading_room/forensics.pdf. Acesso em: Set. 2013.
USAID (1995). DoD 5220.22-M National Industrial Security Program Operating Manual. Disponível em: [link]. Acesso em: Set. 2013.
Venet, A. and Brat, G. (2004). Precise and efficient static array bound checking for large embedded c programs. SIGPLAN Not., 39:231–242.
Wagner, D. and Dean, R. (2001). Intrusion detection via static analysis. In Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on, pages 156–168. IEEE.
Wang, H. e Wang, S. (2004). Cyber Warfare: Steganography vs. Steganalysis. Communications of the ACM - Voting systems, Vol. 47(10). Páginas 76-82.
Wang, T., Wei, T., Lin, Z., and Zou, W. (2009). Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In Proc. of Network and Distributed System Security Symposium (NDSS). Citeseer.
Wangham, M. S., de Mello, E. R., da Silva Böger, D., Guerios, M., e da Silva Fraga, J. (2010). Gerenciamento de identidades federadas. In Minicurso - SBSeg 2010 - Fortaleza - CE.
Warren, H. S. (2002). Hacker’s Delight. Addison-Wesley Longman Publishing Co., Inc.
Wieschebrink, C. (2006). Two NP-complete problems in coding theory with an application in code based cryptography. In IEEE International Symposium on Information Theory – ISIT 2006, pages 1733–1737, Seattle, USA. IEEE.
Winternitz, R. S. (1983). Producing a one-way hash function from des. In Advances in Cryptology: Proceedings of CRYPTO ’83, pages 203–207. Plenum.
Wolf, C. e Preneel, B. (2005). Taxonomy of public key schemes based on the problem of multivariate quadratic equations. IACR Cryptology ePrint Archive, 2005:77.
Xiang, C. e Li, X. (2012). General analysis on architecture and key technologies about internet of things. In Software Engineering and Service Science (ICSESS), 2012 IEEE 3rd International Conference on, pages 325–328.
Xiaohui, X. (2012). Research on safety certification and control technology in internet of things. In Computational and Information Sciences (ICCIS), 2012 Fourth International Conference on, pages 518–521. IEEE.
Yan, L., Zhang, Y., Yang, L., e Ning, H. (2008). The Internet of Things: from RFID to the next-generation pervasive networked systems. Auerbach Publications.
Yasuda, T., Sakurai, K., e Takagi, T. (2012). Reducing the key size of Rainbow using non-commutative rings. In Topics in Cryptology – CT-RSA 2012, volume 7178 of Lecture Notes in Computer Science, pages 68–83. Springer.
Zadjmool, R. (2004). Hidden Threat: Alternate Data Streams. Disponível em: http://www.windowsecurity.com/articles/Alternate_Data_Streams.html. Acesso em: Set. 2013.
Zeng, D., Guo, S., e Cheng, Z. (2011). The web of things: A survey (invited paper). Journal of Communications, 6(6).
Zhang, G. e Liu, J. (2011). A model of workflow-oriented attributed based access control. International Journal of Computer Network and Information Security (IJCNIS), 3(1):47–53.
Zurita, M. E. Projeto de sistemas embarcados. Universidade Federal do Piauí, Curso de Engenharia Elétrica, Campus Universitário Ministro Petrônio Portela.
Detalhes sobre o formato disponível para publicação: Volume Completo
© O(s) autor(es), 2013.
Esse trabalho foi publicado de acordo com os termos da licença Creative Commons Attribution 4.0 International License
.
