Minicursos do XII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais

Autores

Aldri dos Santos (ed.)
UFPR
Altair Santin (ed.)
PUCPR
Carlos Maziero (ed.)
UTFPR
Paulo André da S. Gonçalves (ed.)
UFPE

Sinopse

É com grande prazer e satisfação que apresentamos a seleção de Minicursos para a 12ª Edição do Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg). Em 2012, recebemos 13 submissões de propostas de minicursos, das quais 4 foram selecionadas para publicação e apresentação, representando assim uma taxa de aceitação de aproximadamente 31%.

Este livro reúne 4 capítulos produzidos pelos autores das propostas aceitas. O Capítulo 1 discute as vulnerabilidades em sistemas computacionais modernos, apresentando conceitos, exploits e mecanismos de proteção. O Capítulo 2 apresenta uma introdução à segurança de dispositivos móveis, utilizando como caso de estudo a plataforma Android. O Capítulo 3 discute a segurança em redes centradas em conteúdo, tendo como foco a apresentação de vulnerabilidades, ataques e contramedidas. Por fim, o Capítulo 4 discute a encriptação homomórfica, apresentando o estado da arte e os problemas ainda em aberto.

Capítulos:

1. Análise de vulnerabilidades em Sistemas Computacionais Modernos: Conceitos, Exploits e Proteções
Mateus Felipe Tymburibá Ferreira, Thiago de Souza Rocha, Gilbert Breves Martins, Eduardo Feitosa, Eduardo Souto
2. Introdução à Segurança de Dispositivos Móveis Modernos – Um Estudo de Caso em Android
Alexandre Melo Braga, Erick Nogueira do Nascimento, Lucas Rodrigues da Palma, Rafael Pereira Rosa
3. Segurança em Redes Centradas em Conteúdo: Vulnerabilidades, Ataques e Contramedidas
Igor C. G. Ribeiro, Flávio Q. Guimarães, Juliano F. Kazienko, Antonio A. de A. Rocha, Pedro B. Velloso, Igor M. Moraes, Célio V. N. Albuquerque
4. Encriptação homomórfica
Eduardo Morais, Ricardo Dahab

Downloads

Não há dados estatísticos.

Referências

Abliz, M. (2011). Denial of Service in Computer Networks: A Survey of Attacks and Defense Mechanisms. LAP Lambert Academic Publishing, Germany.

Alex Bain, John Mitchell, Rahul Sharma, Deian Stefan, and Joe Zimmerman. A Domain-Specific Language for Computing on Encrypted Data (Invited Talk). In Supratik Chakraborty and Amit Kumar, editors, IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2011), volume 13 of Leibniz International Proceedings in Informatics (LIPIcs), pages 6–24, Dagstuhl, Germany, 2011. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik.

Android 3.0”. Disponível em: [link]. Acessado em: 12 de Setembro de 2012.

Android Developers Project. (2012a). “Android Debugging Tools”. Disponível em: <http://developer.android.com/tools/debugging/index.html>. Acessado em: 05 de Setembro de 2012.

Android Developers Project. (2012b). “DDMS - Dalvik Debug Monitor Server”. Disponível em: <http://developer.android.com/tools/debugging/ddms.html>. Acessado em: 05 de Setembro de 2012.

Android Developers Project. (2012c). “Platforms Versions”. Disponível em: <http://developer.android.com/about/dashboards/index.html>. Acessado em: 10 de Setembro de 2012.

Android Developers Project. (2012d). “Proguard”. Disponível em: <http://developer.android.com/tools/help/proguard.html>. Acessado em: 06 de Setembro de 2012.

Android Developers Project. (2012e). “Profiling with Traceview and dmtracedump”. Disponível em: [link]. Acessado em: 05 de Setembro de 2012.

Android Open Source Project. (2012a). “Android Security Overview”. Android Open Source Project. Disponível em [link]. Acessado em: 12 de Setembro de 2012.

Android Open Source Project. (2012b). “Dalvik Technical Information”. Disponível em: <http://source.android.com/tech/dalvik/index.html>. Acessado em: 11 de Setembro de 2012.

Android Open Source Project. (2012c). “Notes on the implementation of encryption in Android 3.0”. Disponível em: [link]. Acessado em: 12 de Setembro de 2012.

Anley C., Heasman J., Lindner F., e Richarte G. (2004), “The Shellcoder’s Handbook: Discovering and Exploiting Security Holes”, Wiley.

Apvrille, A. (2011). “An OpenBTS GSM Replication Jail for Mobile Malware”. Acessado em: [link]. Disponível em: 10 de Setembro de 2012.

Apvrille, A. (2012a). “Android Reverse Engineering Tools - From an anti-virus analyst’s perspective”. In InsomniHack’12.

Apvrille, A. (2012b). “Controlling Android / Zitmo by SMS commands”. Disponível em: [link]. Acessado em: 10 de Setembro de 2012.

Arianfar, S., Koponen, T., Raghavan, B. e Shenker, S. (2011). On Preserving Privacy in Content-Oriented Networks. Em ACM SIGCOMM Workshop on Information-Centric Networking, páginas 19–24.

Aviv, A. J.; Gibson, K.; Mossop, E.; Blaze, M.; Smith, J. M. (2010). “Smudge Attacks on Smartphone Touch Screens”. 4th USENIX Workshop on Offensive Technologies.

Avrim Blum, Adam Kalai, and Hal Wasserman. Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM, 50:506–519, July 2003.

Bansal, V.; Henein, N.; Hogben, G.; Nohl, K.; Mannino, J.; Papathanasiou, C.; Rueping, S.; Woods, B. (2011). “Smartphone Secure Development Guidelines for App Developers”. European Network and Information Security Agency (ENISA). Disponível em: [link]. Acessado em: 01 de Setembro de 2012.

Baugher, M., Davie, B., Narayanan, A. e Oran, D. (2012). Self- Verifying Names for Read-Only Named Data. Em INFOCOM Workshops’12, páginas 274–279.

Bishop, M. (2003). Computer Security: Art and Science. Addison- Wesley.

Björnheden, M. (2009). “The Android boot process from power on”. Disponível em: [link]. Acessado em: 12 de Setembro de 2012.

Blazakis, D. (2010), “Interpreter exploitation”. Em: Proceedings of the USENIX Workshop on Offensive Technologies.

Blexim (2002), “Basic Integer Overflow”. Disponível em: <https://www.phrack.org/60/p60-0x0a.txt>.

Bojinov, H., Boneh, D., Rich, C., Malchev, I. (2011). “Address Space Randomization for Mobile Devices”. Proceedings of the fourth ACM conference on Wireless network security. 127-138p.

Bornstein, D. (2008). “Dalvik VM Internals”. Google I/O 2008.

Bradshaw S. (2011), “Restricted Character Set Vulnserver Exploit Tutorial”, Infosec Institute. Diponível em: <http://resources.infosecinstitute.com/restricted-character-set-vulnserver/>

Brito, G. M., Velloso, P. B. e Moraes, I. M. (2012). Redes Orientadas a Conteúdo: Um Novo Paradigma para a Internet. Em Minicurso - Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuidos - SBRC, páginas 211–264.

Callaham, J. (2011). “Galaxy nexus android 4.0 face unlock broken by picture”. Disponível em: http://www.neowin.net/news/galaxy-nexus-android-40-faceunlockbroken-by-picture. Acessado em: 4 de Setembro de 2012.

Cannon, T. (2012). “Into The Droid: Gaining Access to Android User Data”. DefCon 20.

Che, H., Tung, Y. e Wang, Z. (2002). Hierarchical web caching systems: modeling, design and experimental results. IEEE Journal on Selected Areas in Communications, 20(7):1305 – 1314.

Chen, G., Kotz, D. (2000). “A survey of context-aware mobile computing research”. Dept. of Computer Science, Dartmouth College, Relatório Técnico TR2000-381.

Chien E., Szor P. (2002), “Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses”, Virus Bulletin Conference.

Coimbra, J. (2011), “Estudo da vulnerabilidade de Heap Overflow e medidas de proteção”. Disponível em [link].

Conover, M. (2002), “w00w00 on Heap Overflows.”. Disponível em:<http://www.w00w00.org/files/articles/heaptut.txt>.

Craig Gentry and Shai Halevi. Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. In FOCS, pages 107–109, 2011.

Craig Gentry and Shai Halevi. Implementing gentry’s fully-homomorphic encryption scheme. In Kenneth Paterson, editor, Advances in Cryptology – EUROCRYPT 2011, volume 6632 of Lecture Notes in Computer Science, pages 129–148. Springer Berlin / Heidelberg, 2011. 10.1007/978-3-642- 20465-4_9.

Craig Gentry, Shai Halevi, and Nigel P. Smart. Fully homomorphic encryption with polylog overhead. In EUROCRYPT, pages 465–482, 2012.

Craig Gentry, Shai Halevi, and Nigel P. Smart. Homomorphic evaluation of the aes circuit. Cryptology ePrint Archive, Report 2012/099, 2012. http://eprint.iacr.org/.

Craig Gentry, Shai Halevi, Chris Peikert, and Nigel P. Smart. Ring switching in bgv-style homomorphic encryption. Cryptology ePrint Archive, Report 2012/240, 2012. http://eprint.iacr.org/.

Craig Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009. https://crypto.stanford.edu/craig.

Craig Gentry. Fully homomorphic encryption using ideal lattices. In STOC ’09: Proceedings of the 41st annual ACM symposium on Theory of computing, pages 169–178, New York, NY, USA, 2009. ACM.

Cugliari, A., Graziano, M. (2010), “Smashing the stack in 2010: Report for the Computer Security exam at the Politecnico di Torino ”, Disponível em: <http://www.mgraziano.info/docs/stsi2010.pdf>.

D.S. Dummit and R.M. Foote. Abstract algebra. Wiley, 2004.

Damele, B. (2009), "DEP bypass with SetProcessDEPPolicy()". Disponível em: [link].

Damien Stehlé and Ron Steinfeld. Faster fully homomorphic encryption. In ASIACRYPT, pages 377–394, 2010.

Dan Boneh and David Mandell Freeman. Homomorphic signatures for polynomial functions. In EUROCRYPT, pages 149–168, 2011.

Dan Boneh, Eu-Jin Goh, and Kobbi Nissim. Evaluating 2-dnf formulas on ciphertexts. In Joe Killian, editor, Proceedings of Theory of Cryptography Conference 2005, volume 3378 of LNCS, pages 325–342. Springer, 2005.

Daniel Sandler, Kyle Derr, and Dan S. Wallach. Votebox: A tamperevident, verifiable electronic voting system. In USENIX Security Symposium, pages 349–364, 2008.

DiBenedetto, S., Gasti, P., Tsudik, G. e Uzun, E. (2012). ANDaNA: Anonymous Named Data Networking Application. páginas 251–260.

Ding, Y., Wei, T., Wang,T., Liang, Z. and Zou, W. 2010. “Heap Taichi: exploiting memory allocation granularity in heap-spraying attacks”. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10). ACM, New York, NY, USA, 327-336.

Dingledine, R., Mathewsonn, N. e Syverson, P. (2004). Tor: The second-generation onion router. Em The 13th USENIX Security Symposium, páginas 21–21.

Doerte K. Rappe. Homomorphic cryptosystems and their applications. Cryptology ePrint Archive, Report 2006/001, 2006. http://eprint.iacr.org/.

Dwivedi, H., Clark, C., Thiel, D. (2010). “Mobile Application Security”. McGraw-Hill Companies. 432p.

Eeckhoutte, P. (2009), "Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR". Disponível em: [link].

Eeckhoutte, P. (2010), "Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s [TM] Cube". Disponível em: [link].

Eeckhoutte, P. (2010), “Exploit writing tutorial part 9 : Introduction to Win32 shellcoding”. Disponível em [link].

Eeckhoutte, P. (2011), "Exploit writing tutorial part 11 : Heap Spraying Demystified". Disponível em: [link].

Enck, W., Octeau, D., McDaniel, Patrick and Chaudhuri, S. (2011). “A Study of Android Application Security”. Proceedings of the 20th USENIX Security Symposium.

Engebretson, P. (2011), "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy", Syngress

Erickson, J. (2009), “Hacking”. Digerati books.

Estados Unidos da América Computer Emergency Response Team/Coordination Center, Carnegie Mellon University (2011), “CERT Statistics (Historical)”. Disponível em: <http://www.cert.org/stats/>.

Estados Unidos da América. (2005), “Cyber Security: A Crisis of Prioritization”. Disponível em: [link].

Felt, A. P., Finifter, M., Chin, E., Hanna, S. and Wagner, D. (2011). “A survey of mobile malware in the wild”. Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. ACM.

Felten, E. W. e Schneider, M. A. (2000). Timing attacks on web privacy. Em ACM Conference on Computer and Communications Security, páginas 25–32.

Filiol, E. (2011). “Dynamic Cryptographic Backdoors”. CanSecWest 2011, Vancouver, Canada.

Fu, K., Kaashoek, M. F. e Mazières, D. (2002). Fast and secure distributed read-only file system. ACM Trans. Comput. Syst., 20(1):1–24.

Gadaleta F., Younan Y. and W. Joosen W. (2010), "BuBBle: A JavaScript engine level countermeasure against heap-spraying attacks". In Proceedings of ESSoS, pages 1-17.

Gasti, P., Tsudik, G., Uzun, E. e Zhang, L. (2012). DoS & DDoS in Named-Data Networking. Em submissão.

Ghodsi, A., Koponen, T., Raghavan, B., Shenker, S., Singla, A. e Wilcox, J. (2011a). Information-Centric Networking: Seeing the Forest for the Trees. Em ACM Workshop on Hot Topics in Networks - HotNets, páginas 11–16.

Ghodsi, A., Koponen, T., Rajahalme, J., Sarolahti, P. e Shenker, S. (2011b). Naming in Content-Oriented Architectures. Em ACM SIGCOMM workshop on Information-centric networking, páginas 1–6.

Harper A., Harris S., Ness J., Eagle C., Lenkey G., Williams T. (2011), "Gray Hat Hacking: The Ethical Hacker’s Handbook", McGraw-Hill.

Heyman, A. (2011). “First SpyEye Attack on Android Mobile Platform now on the Wild”. Disponível em: <http://www.trusteer.com/blog/first-spyeye-attack-androidmobile-platform-now-wild>. Acessado em: 5 de Setembro de 2012.

Hoglund, G., Macgraw, G. (2006), “Como Quebrar Códigos: a Arte de Explorar (e Proteger) Software”, Pearson Education do Brasil.

Hoog, A. (2011). “Android Forensics: Investigation, Analysis and Mobile Security for Google Android”. Editora Elsevier. 432p.

Hopper, A. (2000). “Sentient Computing”. Philosophical Transactions of the Royal Society of London, v. 358.

Hsu, F. Huang, C. Hsu, C. Ou, C. Chen, Chiu, P. (2010), “HSP: A solution against heap sprays”, Journal of Systems and Software, Volume 83, Issue 11.

Huang, J. (2012). “Understanding the Dalvik Virtual Machine”. Google Technology User Groups, Taipei 2012. Disponível em: [link]. Acessado em: 11 de Setembro de 2012.

Ioannidis, J. e Bellovin, S. M. (2001). Pushback: Router-Based Defense Against DDoS Attacks.

Jacobson, V., Smetters, D. K., Thornton, J. D. e Plass, M. F. (2009). Networking named content. Em International Conference on emerging Networking Experiments and Technologies - CoNEXT.

Jacobson, V., Thornton, J. D., Plass, M., Briggs, N., Braynard, R. e Smetters, D. K. (2012). Networking Named Content. Communications of the ACM, 55(1):117–124.

Jakev (2012a). “Debugging Android Apps with Native Code - Part 1”. Disponível em: [link]. Acessado em: 10 de Setembro de 2012.

Jakev (2012b). “Debugging Android Apps with Native Code - Part 2”. Disponível em: [link]. Acessado em: 10 de Setembro de 2012.

Jean-Sébastien Coron, Avradip Mandal, David Naccache, and Mehdi Tibouchi. Fully homomorphic encryption over the integers with shorter public keys. In Proceedings of the 31st annual conference on Advances in cryptology, CRYPTO’11, pages 487–504, Berlin, Heidelberg, 2011. Springer-Verlag.

Jean-Sebastien Coron, David Naccache, and Mehdi Tibouchi. Optimization of fully homomorphic encryption. Cryptology ePrint Archive, Report 2011/440, 2011. http://eprint.iacr.org/.

Johny P., Bhagyavathi M., Swarnalatha P. (2012), "Porting Legacy Systems of 16bit to 64bit", International Journal of Emerging Trends in Engineering and Development, número 2, vol. 4.

Jurczyk, M. (2012), "Windows X86 System Call Table (NT/2000/XP/2003/Vista/2008/7/8)". Disponível em: [link].

Kang, S., Lee, J., Jang, H., et al. (2008). “SeeMon: scalable and energy-efficient context monitoring framework for sensor-rich mobile environments”. Proceedings of the 6th international conference on Mobile systems, applications, and services. ACM.

Karin, A. (2006), “Automatic Malware Signature Generation”. Disponível em: <http://web.it.kth.se/~cschulte/teaching/theses/ICT-ECS-2006-122.pdf>.

Kennedy, D., O’Gorman, J., Kearns, D. and Aharoni, M. (2011), “Metasploit The Penetration Tester’s Guide”. No Starch Press.

Kephart, J. O. and Chess, D. M. (2003). “The vision of autonomic computing”. Computer, IEEE, v. 36, n. 1, p. 41–50.

Koponen, T., Shenker, S., Stoica, I., Chawla, M., Chun, B., Ermolinsky, A. e Kim, K. (2007). A data-oriented (and beyond) network architecture. Em ACM SIGCOMM, páginas 181–192.

Kurose, J. (2012). Content-centric networking: technical perspective. Communications of the ACM, 55(1):116–116.

Labovitz, C., Iekel-Johnson, S., MacPherson, D., Oberheide, J., Jahanian, F., Kalyanaraman, S., Padmanabhan, V. N., Ramakrishnan, K. K., Shorey, R. e Voelker, G. M. (2010). Internet inter-domain traffic. Em ACM SIGCOMM, páginas 75–86.

Lafortune, E. (2012). “Proguard”. Disponível em: <http://proguard.sourceforge.net/>. Acessado em: 06 de Setembro de 2012.

Lagutin, D., Visala, K. e Tarkoma, S. (2010). Publish/Subscribe for Internet: PSIRP Perspective. Em Towards the Future Internet - Emerging Trends from European Research, chapter 8, páginas 75–84. IOS Press.

László Babai. On lovász’ lattice reduction and the nearest lattice point problem. Combinatorica, 6(1):1–13, 1986.

Laufer, R. P., Moraes, I. M., Velloso, P. B., Bicudo, M. D. D., Campista, M. E. M., Cunha, D. O., Costa, L. H. M. K. e Duarte, O. C. M. B. (2005). Negação de Serviço: Ataques e Contramedidas. Em Minicurso - Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais - SBSeg, páginas 1–63.

Le Berre, S. Cauquil, D. (2009), "Bypassing SEHOP". Disponível em: <http://www.sysdream.com/sites/default/files/sehop_en.pdf>.

Le, L. (2010), "Payload Already Inside: Data Reuse For Rop Exploits". Em: Black Hat USA 2010.

Li, Y. (2012). “Android. Not compatible”. Disponível em: http://www.symantec.com/security_response/writeup.jsp?docid=2012-050307-2712-99. Acessado em: 20 de Agosto de 2012.

Lineberry, A., Richardson, D. L., Wyatt, T. (2010). “These Aren't The Permissions You're Looking For”. DefCon 18, 2010.

M. Fellows and N. Koblitz. Combinatorial cryptosystems galore! In G. L. Mullen and P. J.-S. Shiue, editors, Finite Fields: Theory, Applications, and Algorithms, volume 168 of Contemporary Mathematics, pages 51– 61. AMS, 1994.

Malm, S.; Osborne, L. (2012) “Mobile phone companies can predict future movements of users by building a profile of their lifestyle”. Disponível em: [link]. Acessado em: 10 de Setembro de 2012.

Marten van Dijk, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan. Fully homomorphic encryption over the integers. Cryptology ePrint Archive, Report 2009/616, 2009. http://eprint.iacr.org/.

Maslennikov, D. (2011). “Zeus-in-the-Mobile - Facts and Theories”. Disponível em: [link]. Acessado em: 05 de de Setembro de 2012.

Matenaar, F., Schulz, P. (2012). “BtDetect - Detecting Android Sandboxes”. Disponível em: <http://www.dexlabs.org/blog/btdetect>. Acessado em: 10 de Setembro de 2012.

Maynor, D. and Mookhey, K. (2007), "Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research".

Maziero, C. (2011), “Sistemas Operacionais V - Gerência de Memória”, Disponível em: <http://dainf.ct.utfpr.edu.br/~maziero/lib/exe/fetch.php/so:socap05.pdf>.

McNally, R., Yiu, K., Duncan, G. and Damien, G. (2012), “Fuzzing: The State of the Art”. Australian Government.

Michael Naehrig, Kristin Lauter, and Vinod Vaikuntanathan. Can homomorphic encryption be practical? In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, CCSW ’11, pages 113–124, New York, NY, USA, 2011. ACM.

Michael Naehrig, Kristin Lauter, and Vinod Vaikuntanathan. Can homomorphic encryption be practical? In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, CCSW ’11, pages 113–124, New York, NY, USA, 2011. ACM.

Microsoft (2006), "A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003". Disponível em: [link].

Microsoft (2010), “On the effectiveness of DEP and ASLR”. Disponível em: [link].

Microsoft (2010), “Windows ISV Software Security Defenses”. Disponível em: <http://msdn.microsoft.com/en-us/library/bb430720.aspx>.

Microsoft (2012), “/SAFESEH (Image has Safe Exception Handlers)”. Disponível em: <http://msdn.microsoft.com/enus/library/9a89h429%28v=vs.110%29.aspx>.

Microsoft. (2012), "Enhanced Mitigation Experience Toolkit v3.0 User Guide". Disponível em: <http://www.microsoft.com/enus/download/details.aspx?id=29851>.

Microsoft. (2012), “Microsoft Security Toolkit Delivers New BlueHat Prize Defensive Technology”. Disponível em: <http://www.microsoft.com/en-us/news/Press/2012/Jul12/07-25BlueHatPrizePR.aspx>.

Microsoft. (2012), “O Kit de Ferramentas Avançado de Experiência de Redução”. Disponível em: <http://support.microsoft.com/kb/2458544>.

Miller, M. (2004), “Safely Searching Process Virtual Address Space”. Disponível em: <http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf>.

Miller, M. (2009), "Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP". Disponível em: [link].

Miller, M., Johnson, K.(2005), "Bypassing Windows Hardware-enforced Data Execution Prevention". Disponível em: <http://www.uninformed.org/?v=2&a=4>.

Moura, A. e Rebiha, R. (2009), “Automated Malware Invariant Generation”. Em: International Conference on Forensic Computer Science (ICoFCS).

MSDN (2012), “Running 32-bit Applications”, Disponível em: <http://msdn.microsoft.com/en-us/library/aa384249%28v=vs.85%29>.

Mullaney, C. (2012). “Android.Bmaster: A Million-Dollar Mobile Botnet”. Disponível em: <http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobilebotnet>. Acessado em: 31 de Agosto de 2012.

Myers, M., Ankney, R., Malpani, A., Galperin, S. e Adams, C. (1999). X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. IETF Network Working Group RFC 2560.

N.P. Smart and F. Vercauteren. Fully homomorphic encryption with relatively small key and ciphertext sizes. Cryptology ePrint Archive, Report 2009/571, 2009. http://eprint.iacr.org/.

N.P. Smart and F. Vercauteren. Fully homomorphic simd operations. Cryptology ePrint Archive, Report 2011/133, 2011. http://eprint.iacr.org/.

Neuman, C., Kohl, J., Yu, T., Hartman, S. e Raeburn, K. (1993). The Kerberos Network Authentication Service (V5). Relatório técnico.

Nick Howgrave-Graham. Approximate integer common divisors. In CaLC, pages 51–66, 2001.

Nico Döttling, Thilo Mie, Jörn Müller-Quade, and Tobias Nilges. Basing obfuscation on simple tamper-proof hardware assumptions. Cryptology ePrint Archive, Report 2011/675, 2011. http://eprint.iacr.org/.

Oberheide, J., Jahanian, F. (2010). “When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments”. Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications.

Oberheide, J., Miller, C. (2012). “Dissecting Google Bouncer”. SummerCon 2012.

Oded Goldreich, Shafi Goldwasser, and Shai Halevi. Public-key cryptosystems from lattice reduction problems. In CRYPTO, pages 112–131, 1997.

Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of the thirty-seventh annual ACM symposium on Theory of computing, STOC ’05, pages 84–93, New York, NY, USA, 2005. ACM.

One, A., (1996), “Smashing The Stack For Fun And Profit”, Em: Revista eletrônica "Phrack", vol. 7, nº 49,.

Orman, H., Streak, P. (2003), “The Morris worm: a fifteen-year perspective”, Security & Privacy, IEEE, [s. L.], pg. 35-43.

Osborne, J., Diquet, A. (2012). “When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning”. Black Hat USA 2012.

OWASP. (2008). “OWASP Testing Guide”. OWASP EU Summit 2008. Percoco, N. J., Schulte, S. (2012). “Adventures in BouncerLand: Failures of Automated Malware Detection within Mobile Application Markets”. Black Hat USA 2012.

OWASP. (2011). “OWASP Mobile Security Project: Top 10 Mobile Risks”. Disponível em: [link]. Acessado em: 06 de Setembro de 2012.

OWASP. (2012). “Category:Attack”. Disponível em <https://www.owasp.org/index.php/Category:Attack>. Acessado em: 16 de Setembro de 2012.

Parvez, A. (2009) “Buffer Overflow in the Microsoft Windows Environment”. Disponível em: <http://www.ma.rhul.ac.uk/static/techrep/2009/RHUL-MA-2009-06.pdf>.

Patrick Schmidt. Fully homomorphic encryption: Overview and cryptanalysis. Diploma thesis, TU Darmstadt, Jul 2011.

Peter Mell and Tim Grance. The nist definition of cloud computing. National Institute of Standards and Technology, 53(6):50, 2009.

Pinto, A. S., Pedrini, H., Schwartz, W. R., Rocha, A. (2012). "Video-Based Face Spoofing Detection through Visual Rhythm Analysis". XXV SIBGRAPI, Conference on Graphics, Patterns and Images.

Popescu, B. C., Steen, M. v., Crispo, B., Tanenbaum, A. S., Sacha, J. e Kuz, I. (2005). Securely Replicated Web Documents. Em IEEE International Parallel and Distributed Processing Symposium - IPDPS, páginas 102–104.

Pournaghshband, V. e Natarajan, K. Em International Conference on Security and Management - SAM.

R L Rivest, L Adleman, and M L Dertouzos. On data banks and privacy homomorphisms, in r. a. demillo et al. In Eds.), Foundations of Secure Computation, pages 169–179. Academic Press, 1978.

R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 26:96–99, January 1983.

Rad, B. B. e Masrom, M. (2010), “Metamorphic Virus Variants Classification Using Opcode Frequency Histogram”. LATEST TRENDS on COMPUTERS. vol 1. pg. 147-155.

Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP ’11, pages 85–100, New York, NY, USA, 2011. ACM.

Ratanaworabhan P., Livshits B. and Zorn B., (2009), “NOZZLE: a defense against heap-spraying code injection attacks”. Em: Proceedings of the 18th conference on USENIX security symposium (SSYM'09).

Rd, D. E. E. e Jones, P. E.

Recx (2011) “The Curious Case of VirtualAlloc, ASLR and an SDL”. Disponível em: <http://recxltd.blogspot.com.br/2011/12/curious-case-of-virtualallocaslr-and.html>.

Reddy, S., Burke, J., Estrin, D., Hansen, M. and Srivastava, M. (2008). “Determining transportation mode on mobile phones”. Wearable Computers, 2008. ISWC 2008. 12th IEEE International Symposium on.

Repret (2012), “Bypassing EMET 3.5′s ROP Mitigations”. Disponível em: <https://repret.wordpress.com/2012/08/08/bypassing-emet-3-5s-ropmitigations/>.

Ridley, S., Lawler, S. (2012). “Advanced ARM Exploitation”. Black Hat USA 2012. Satyanarayanan, M. (2001). “Pervasive computing: Vision and challenges”. Personal Communications, IEEE, v. 8, n. 4, p. 10–17.

S. Goldwasser and S. Micali. Probabilistic Encryption and How To Play Mental Poker Keeping Secret All Partial Information. In Proc. 14th. ACM Symp. on Theory of Computing, pages 270–299. ACM, 1982.

SANS (2012), “Buffer Overflows for Dummies”. SANS Institute - pg. 19 Disponível em: <http://www.sans.org/reading_room/whitepapers/threats/bufferoverflows-dummies_481>.

Satyanarayanan, M. (2010). “Mobile computing: the next decade”. In Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond.

Schwartz, W. R., Rocha, A., Pedrini, H. (2011). “Face Spoofing Detection through Partial Least Squares and Low-Level Descriptors”. Joint Conference on Biometrics, Outubro de 2011, pp. 1–8.

Schwetzingen, T. L. (2010). Security & Scalability of Content- Centric Networking. Tese de mestrado, Technische Universitat Darmstadt.

Serna, F. J. (2012). “The Info Leak Era On Software Exploitation”. Black Hat USA 2012.

Shirey, R. (2000). Internet Security Glossary.

Sintsov, A. (2010), "JIT-SPRAY Attacks & Advanced Shellcode". Em: HITBSecConf 2010, Amsterdam.

Sintsov, A. (2010), “Writing JIT-Spray Shellcode for fun and profit”. Disponível em: [link].

Six, J. (2012). “Application Security for the Android Platform: Processes, Permissions, and Other Safeguards”. Gravenstein Highway North, Sebastopol, CA, EUA: O'Reilly. 100p.

Smetters, D. e Jacobson, V. (2009). Securing Network Content. Relatório Técnico TR-2009-1, Xerox Palo Alto Research Center - PARC.

Sotirov, A., Dowd, M. (2008), "Bypassing Browser Memory Protections: Setting back browser security by 10 years". Disponível em: [link].

Stallings, W. (2006). Cryptography and Network Security - Principles and Practice, 4th Edition. Prentice Hall.

Strazzere, T. (2012). “Dex Education: Practicing Safe Dex”. BlackHat 2012.

Sutton, M., Greene, A., Pedram, A. (2007), “Fuzzing Brute Force Vulnerability Discovery”. Addison-Wesley.

Telegraph, I. e Committee, T. C. (1991). CCITT Recommendation X.800: Data Communication Networks: Open Systems Interconnection (OSI); Security, Structure and Applications : Security Architecture for Open Systems Interconnection for CCITT Applications. International Telecommunication Union.

Teso (2011), “Exploiting Format String Vulnerabilities”. Disponível em: <http://crypto.stanford.edu/cs155old/cs155-spring08/papers/formatstring-1.2.pdf>.

Tomas Sander and Christian F. Tschudin. Protecting mobile agents against malicious hosts. In Mobile Agents and Security, pages 44–60, 1998.

Ulbrich, H. (2009), “Universidade Hacker”. Digerati books.

Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. Advances in Cryptology EUROCRYPT 2010, 6110/2010(015848):1?23, 2010.

Vidas, T., Votipka, D., Christin, N. (2011) “All Your Droid Are Belong To Us: A Survey of Current Android Attacks”. USENIX, WOOT, 2011.

Wählisch, M., Schmidt, T. C. e Vahlenkamp, M. (2012). Backscatter from the Data Plane - Threats to Stability and Security in Information-Centric Networking. Em http://arxiv.org/abs/1205.4778.

Weiser, M. (1991). “The computer for the 21 st century”. ACM SIGMOBILE mobile computing and communications review, v. 3, n. 3, p. 3–11.

Werthmann, T., (2006), “Survey on Buffer Overflow Attacks and Countermeasures”, Em: SEMINAR SS 2006, 140., Bochum.

Wever, B. (2009), "Shellcode: finding the base address of kernel32 in Windows 7". Disponível em: <http://skypher.com/index.php/2009/07/22/shellcodefinding-kernel32-in-windows-7/>.

Whitfield Diffie and Martin E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976.

Wilcox-O’Hearn, Z. (2003). Names: Decentralized, secure, human-meaningful: Choose two. [link].

Wilhelm, T. (2009), “Professional Penetration Testing”, Syngress.

Yi, C., Afanasyev, A., Wang, L., Zhang, B. e Zhang, L. (2012). Adaptive Forwarding in Named Data Networking. ACM SIGCOMM Computer Communication Review, 42(3):62–67.

Young, W. , McHugh, J. (1987), "Coding for a believable specification to implementation mapping". Em: Proceedings of the IEEE Symposium on Security and Privacy.

Zhang, L., Estrin, D., Bruke, J., Jacobson, V., Thornton, J., Smetters, D., Zhang, B., Tsudik, G., Claffy, K., Massey, D., Papadopoulos, C., Abdelzaher, T., Wang, L., Crowley, P. e Yeh, E. (2010). Named Data Networking (NDN) Project. Relatório Técnico NDN-0001, NDN.

Zhou, Y., Jiang, X. (2012). “Dissecting android malware: Characterization and evolution”. 2012 IEEE Symposium on Security and Privacy.

Zimmermann, P. R. (1995). The official PGP user’s guide. MIT Press.

Zvika Brakerski and Vinod Vaikuntanathan. Efficient fully homomorphic encryption from (standard) lwe. Electronic Colloquium on Computational Complexity (ECCC), 18:109, 2011.

Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. Fully homomorphic encryption without bootstrapping. Electronic Colloquium on Computational Complexity (ECCC), 18:111, 2011.

Zvika Brakerski. When homomorphism becomes a liability. Cryptology ePrint Archive, Report 2012/225, 2012. http://eprint.iacr.org/.

Capa para Minicursos do XII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
Data de publicação
19/11/2012

Detalhes sobre o formato disponível para publicação: Volume Completo

Volume Completo
ISBN-13 (15)
978-85-7669-264-5