Minicursos do X Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais

Autores

Luciano Porto Barreto (ed.)

UFBA

André Luiz Moura dos Santos (ed.)

UECE

Rossana Maria de Castro Andrade (ed.)

UFC

DOI: https://doi.org/10.5753/sbc.9802.8

Sinopse

O Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg) é um evento científico promovido anualmente pela Sociedade Brasileira de Computação (SBC) e representa o principal fórum no país para a apresentação de pesquisas e atividades relevantes ligadas à segurança da informação e de sistemas. Este livro reúne os seis capítulos produzidos pelos autores das propostas de minicursos aceitas para apresentação no SBSeg 2010.

O Capítulo 1, "Gerenciamento de Identidades Federadas", analisa os desafios e as soluções para prover gerenciamento de identidades federadas às redes colaborativas.

O Capítulo 2, "Aspectos de segurança e privacidade em ambientes de Computação em Nuvem", explora o estado da arte nas áreas de segurança e privacidade no contexto de computação em nuvem. Inicialmente serão apresentados os aspectos fundamentais de computação em nuvem. Após uma revisão dos principais conceitos de segurança e privacidade, serão discutidos em maior profundidade os riscos e ameaças relevantes nos ambientes de nuvem, bem como as abordagens mais conhecidas para mitigá-los. Ao longo do texto serão discutidos problemas em aberto e tentativas de solução propostas na literatura.

O Capítulo 3, "Transformações de código para proteção de software", apresenta técnicas de transformação de código para proteção da propriedade intelectual e segurança dos dados contra ataques Man-At-The-End. A segurança convencional é normalmente atrelada com a confidencialidade do canal de comunicação, e esta é baseada em métodos de criptografia. Segurança baseada em proteção de software está associada a técnicas de ofuscação, marca d’água e tamper-proofing. O objetivo destas técnicas é dar maior credibilidade ao software em execução no sistema final assegurando que o software em execução comporte-se de maneira legítima.

O Capítulo 4, "Aspectos de Segurança na Interconexão de Redes Celulares e WLANs", explora exatamente os aspectos de segurança, mais precisamente a autenticação e a autorização, observados durante um handover entre WLANs e redes celulares, com foco nas redes 2G e 3G.

O Capítulo 5, "Introdução à segurança de aplicações para a TV digital interativa brasileira", descreve resultados preliminares obtidos pelo CPqD na avaliação de segurança de aplicações interativas para a TV digital brasileira. Foram avaliados os aspectos de programação segura, ambiente de execução segura dos aplicativos e segurança de receptores conectados a uma rede IP. Foi iniciado um trabalho de identificação e documentação de vulnerabilidades de programação insegura, de modo que vulnerabilidades em Lua encontrem paralelo em vulnerabilidades já conhecidas em outras linguagens de programação.

O Capítulo 6, "Estratégias de Contingência para Serviços de Tecnologia da Informação e Comunicação", apresenta os aspectos teóricos e práticos da gestão da continuidade de negócio com foco para a elaboração dos planos de recuperação de desastres.

Capítulos:

1. Gerenciamento de Identidades Federadas

Michelle S. Wangham, Emerson Ribeiro de Mello, Davi da Silva Böger, Marlon Guerios, Joni da Silva Fraga

Capítulo 1

2. Aspectos de segurança e privacidade em ambientes de Computação em Nuvem

Arlindo Marcon Jr, Marcos Laureano, Altair Santin, Carlos Maziero

Capítulo 2

3. Transformações de código para proteção de software

Davidson Rodrigo Boccardo, Raphael Carlos Santos Machado, Luiz Fernando Rust da Costa Carmo

Capítulo 3

4. Aspectos de Segurança na Interconexão de Redes Celulares e WLANs

Silas Leite Albuquerque, Paulo Roberto de Lira Gondim, Cláudio de Castro Monteiro

Capítulo 4

5. Introdução à segurança de aplicações para a TV digital interativa brasileira

Alexandre Melo Braga, Gilmara Santos Restani

Capítulo 5

6. Estratégias de Contingência para Serviços de Tecnologia da Informação e Comunicação

Leonardo L. Fagundes, Fernando Karl, Luis Baptista, Rafael Santos da Rosa

Capítulo 6

Downloads

Não há dados estatísticos.

Referências

Aarts, R. e Madsen, P. (2006). Liberty ID-WSF Interaction Service Specification v.2. Liberty Alliance Project. [link].

ABNT (2005). Tecnologia da Informação – Técnicas de Segurança - Código de Prática para a Gestão da Segurança da Informação. ABNT NBR ISO/IEC 27002:2005.

ABNT (2008). Gerenciamento de Serviços de TI Parte 1: Especificação. ABNT NBR ISO/IEC 2000-1:2008.

ABNT (2008). Gestão de Continuidade de Negócios Parte 1: Código de Prática. ABNT NBR 15991-1:2008.

ABNT (2008). Gestão de Continuidade de Negócios Parte 2: Requisitos. ABNT NBR 15991-2:2008.

ABNT NBR 15605-1 (2008). Associação Brasileira de Normas Técnicas. Televisão digital terrestre — Tópicos de Segurança. Parte 1: Controle de cópias. ABNT 2008. ISBN 978-85-07-01041-8

ABNT NBR 15605-2 (em preparação). Associação Brasileira de Normas Técnicas. Televisão digital terrestre — Tópicos de Segurança. Parte 2: Mecanismos de segurança para aplicativos interativos.

ABNT NBR 15606-2 (2007). Associação Brasileira de Normas Técnicas. Televisão digital terrestre – Codificação de dados e especificações de transmissão para radiodifusão digital. Parte 2: Ginga-NCL para receptores fixos e móveis – Linguagem de aplicação XML para codificação de aplicações. ABNT 2007. ISBN 978-85-07-00583-4.

Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, Ed. (2004). “Extensible Authentication Protocol (EAP)”. RFC 3748, June 2004.

Aboba, B., Simon, D., Eronen, P.(2008). “Extensible Authentication Protocol (EAP) Key Management Framework”. RFC 5247, August 2008.

Aboba, B., Calhoun, P.(2003). “RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)”. RFC 3579, September 2003.

Ahn, G.-J. e Ko, M. (2007). User-centric privacy management for federated identity management. International Conference on Collaborative Computing: Networking, Applications and Worksharing, 0:187–195.

Ahn, G.-J. e Lam, J. (2005). Managing privacy preferences for federated identity management. In DIM ’05: Proceedings of the 2005 workshop on Digital identity management, pages 28–36, New York, NY, USA. ACM.

Aiken, H.H.. “Proposed automatic calculating machine”. Unpublished manuscript, November, 1937. Also appeared in IEEE Spectrum, 1(8):62–69, Aug. 1964.

Akram, H. e Hoffmann, M. (2008). Supports for identity management in ambient environments - the hydra approach. In ICSNC ’08: Proceedings of the 2008 Third International Conference on Systems and Networks Communications, pages 371–377, Washington, DC, USA. IEEE Computer Society.

Anderson, R. (1993). Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security (Fairfax, Virginia, United States, November 03 - 05, 1993). CCS '93. ACM, New York, NY, 215-227.

Arkko, J., Haverinen, H.(2006). “Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)”. RFC 4187, January 2006.

Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., e Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4):50–58.

Aucsmith, D.. “Tamper resistant software: An implementation”. In: Ross J. Anderson, editor, Information Hiding, First International Workshop, pp. 317–333, Cambridge, U.K., May 1996. Lecture Notes in Computer Science, Vol. 1174.

Baker, D.. “Making a Secure Smart Grid a Reality”. Journal of Energy Security 2009.

Baldoni, R. (2010). Federated Identity Management Systems in e-Government: the Case of Italy. Electronic Government: An International Journal, 8(1).

Bartel, M., Boyer, J., e Fox, B. (2002). XML-Signature Syntax and Processing. W3C. http://www.w3.org/TR/xmldsig-core.

Bartolini, C., Stefanelli, C., Tortonesi, M. (2009). Business-impact analysis and simulation of critical incidents in IT service management. University of Ferrara, Ferrara, Italy.

BCI (2010). The Business Continuity Institute Good Practice Guidelines. Disponível em: http://www.thebcicertificate.org/bci_gpgdownload.html. Acessado em 21 de mar. de 2010.

Beaver, K. e Harold, R. (2004). The Practical Guide to HIPAA Privacy and Security Compliance. Auerbach Publications.

Bertino, E., Paci, F., Ferrini, R., e Shang, N. (2009). Privacy-preserving digital identity management for cloud computing. IEEE Data Engineering Bulletin, 32(1):21–27.

Bhargav-Spantzel, A., Camenisch, J., Gross, T., e Sommer, D. (2007). User centricity: a taxonomy and open issues. Journal of Computer Security, 15(5):493–527.

Bhattacharjee, R. (2009). An analysis of the cloud computing platform. MSc thesis, System Design and Management Program, Massachusetts Institute of Technology.

Birman, K., Chockler, G., e van Renesse, R. (2009). Toward a cloud computing research agenda. ACM SIGACT News, 40(2):68–80.

Blum M., Kannan S.. “Designing programs that check their work”. Journal of the ACM, 42(1):269–291, January 1995.

Boccardo, D. R.. “Context-Sensitive Analysis of x86 Obfuscated Executables” PhD thesis, Universidade Estadual Paulista, Departamento de Engenharia Elétrica - FEIS, 2009.

Boneh, D. e Waters, B. (2006). Conjunctive, subset, and range queries on encrypted data. Em Theory of Cryptography Conference (TCC), páginas 535–554. Springer.

Braga, A. M. (2007). Visão geral das boas práticas para construção de softwares seguros. Revista Técnica IPEP, São Paulo, SP, V. 7, N. 2, p. 65-78, jul./dez. 2007. ISSN 1807-8125.

Bragra A. M.; Restani, G. S. (2010). Hacking Ginga: uma avaliação de segurança da plataforma de aplicações interativas da TV digital brasileira Anais do X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (No prelo 2010).

Burr, W. E., Dodson, D. F., e Polk, W. T. (2006). Electronic authentication guideline. NIST Special Publication, 800:63.

Cachin, C., Keidar, I., e Shraer, A. (2009). Trusting the cloud. ACM SIGACT News, 40(2):81–86.

Calhoun, P., Loughney, J., Guttman, E., Zorn, G., Arkko, J.(2003). “Diameter Base Protocol”, RFC 3588, September 2003.

Camarinha-Matos, L. M., Afsarmanesh, H., e Ollus, M. (2008). Methods and Tools for Collaborative Networked Organizations, chapter Ecolead And Cno Base Concepts, pages 3–32. Springer.

Camenisch, J. e Pfitzmann, B. (2007). Security, Privacy, and Trust in Modern Data Management, chapter Federated Identity Management, pages 213–238. Springer Verlag.

Cameron, K. (2005). The laws of identity. http://www.identityblog.com/?p=352/#lawsofiden_topic3.

Carmody, S., Erdos, M., Hazelton, K., Hoehn, W., Morgan, B., Scavo, T., e Wasley, D. (2005). Incommon technical requirements and information. vol. 2005.

Caron, E., Desprez, F., Loureiro, D., e Muresan, A. (2009). Cloud computing resource management through a grid middleware. Em IEEE Conference on Cloud Computing.

Cegiela, R. (2006). Selecting Technology for Disaster Recovery. Warsaw University of Technology, Institute of Control and Computation Engineering, Warsaw, Poland.

Chadwick, D. (2009). Federated identity management. Foundations of Security Analysis and Design V, pages 96–120.

Chadwick, D. e Inman, G. (2009). Attribute aggregation in federated identity. IEEE Computer, pages 44–53.

Chamuczynski, P., Alfandi, O., Werner, C., Brosene, H., Hogrefe, D.(2008). “Performance Study of PANA Pre-authentication for Interdomain Handover”. In: Fourth International Conference on Networking and Services, ICNS 2008, March 2008.

Chang, H.; Atallah, Mikhail J.. “Protecting Software Code by Guards”. In: ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management, 2002, pp 160–175.

Chappell, D. (2006). Introducing windows cardspace. Msnd technical articles, Microsoft Corporation. http://msdn.microsoft.com/en-us/library/aa480189.aspx.

Chen, Y.; Venkatesan, R.; Cary, M.; Pang, R.; and Sinha, S.; and Jakubowski,M. H.. “Oblivious Hashing: A Stealthy Software Integrity Verification Primitive”. In: 5th International Workshop on Information Hiding, 2003, pp. 400–414.

Cho, W.; Lee, I.; Park, S.. “Against intelligent tampering: Software tamper resistance by extended control flow obfuscation”. In: Proc. World Multiconference on Systems, Cybernetics, and Informatics. International Institute of Informatics and Systematics, 2001.

Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., e Molina, J. (2009). Controlling data in the cloud: outsourcing computation without outsourcing control. Em ACM workshop on Cloud Computing Security, páginas 85–90, New York, NY, USA. ACM.

Christian Sven Collberg, Clark David Thomborson, and Douglas Wai Kok Low.. “Obfuscation techniques for enhancing software security”. U.S. Patent 6668325, December 2003.

Christodorescu,M.; Somesh, J.. “TestingMalware Detectors”. In: Proc. of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’04), July 11-14, 2004, Boston, Massachusetts, USA.

Clancy, T., Nakhjiri, M., Narayanan, V., Dondeti, L.(2008). “Handover Key Management and Re-Authentication Problem Statement”. RFC 5169, March 2008.

Clancy, T.(2008). “Secure Handover in Enterprise WLANs: CAPWAP, HOKEY, and IEEE 802.11r”. In: IEEE Wireless Communications, vol. 15, nr. 5, October 2008.

Clauß, S. e Köhntopp, M. (2001). Identity management and its support of multilateral security. Computer Networks, 37(2):205–219.

Cohen F.. “A short course on computer viruses"(2nd ed.). John Wiley & Sons, Inc., New York, 1994.

Cohen F.. “Computer viruses—theory and experiments". In: IFIP-TC11, Computers and Security, pages 22–35, 1987.

Cohen F.. “Current trends in computer viruses". In: International Symposium on Information Security, 1991.

Cohen F.. “Operating system protection through program evolution". Computer Security, 12(6):565–584, 1993.

Collberg C.; Thomborson C.. “Watermarking, tamper-proofing, and obfuscation — tools for software protection”. Technical Report TR00-03, The Department of Computer Science, University of Arizona, February 2000.

Collberg C.; Thomborson C.. “Watermarking, tamper-proofing, and obfuscation— tools for software protection”. In: IEEE Transactions on Software Engineering, New York, v. 28, n. 8, p. 735–746, 2002.

Collberg, C.,Thomborson, C.. “Software watermarking: Models and dynamic embeddings", In: Principles of Programming Languages 1999, POPL’99, San Antonio, TX, January 1999.

Collberg, C.; Debray, S.; Carter, E.; Huntwork, A.; Linn, C.; Stepp, M.. “Dynamic Path-Based Software Watermarking”. In: Proc. SIGPLAN ’04 Conf. on Prog. Language Design and Implementation (PLDI 04), June 2004.

Collberg, C.; Huntwork, A.; Carter, E.; Townsend G.. “Graph theoretic software watermarks: Implementation, analysis, and attacks”. In Workshop on Information Hiding, pp. 192-207, 2004. Springer-Verlag.

Collberg, C.; Thomborson, C; Low, D.. “Breaking abstractions and unstructuring data structures”. In: Proc. 1998 IEEE International Conference on Computer Languages, pages 28–38.

Collberg, C.; Thomborson, C; Low, D.. “Manufacturing cheap, resilient, and stealthy opaque constructs”. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL’98, San Diego, January 1998.

Collberg, C.; Thomborson, C.; Low, D.. “A taxonomy of obfuscating transformations". Technical Report 148, Department of Computer Science, The University of Auckland, New Zealand, July 1997.

Congdon, P., Aboba, B., Smith, A., Zorn, G., Roese, J.(2003). “IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines”. RFC 3580, September 2003.

Continuity Central (2006). Business Continuity Unwrapped, Disponível em: http://www.continuitycentral.com/feature0358.htm (em inglês), acessado em 21 de mar. de 2010.

Cousot, P.; Cousot, R.. “An abstract interpretation-based framework for software watermarking”. In: Proc. of Principles of Programming Languages, 2004, Venice, Italy. ACM.

CSA (2009). Security Guidance for Critical Areas of Focus in Cloud Computing – v2.1. Cloud Security Alliance.

CSA (2010a). Domain 12: Guidance for identity & access management v2.1. http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf.

CSA (2010b). Top Threats to Cloud Computing V1.0. Cloud Security Alliance.

CWE/SANS Top 25 (2010). CWE/SANS Top 25 Most Dangerous Programming

Dalton, C. I., Plaquin, D., Weidner, W., Kuhlmann, D., Balacheff, B., e Brown, R. (2009). Trusted virtual platforms: A key enabler for converged client devices. ACM SIGOPS Operating Systems Review, 43(1):36–43.

Damiani, E., di Vimercati, S. D. C., e Samarati, P. (2003). Managing multiple and dependable identities. In IEEE Internet Computing, pages 29–37. IEEE.

Davidson, R. L., Myhrvold, N.. “Method and system for generating and auditing a signature for a computer program", US Patent 5,559,884, September 1996. Assignee: Microsoft Corporation.

Dawes, S. S. e Pardo, T. A. (2008). Advances in Digital Government Technology, Human Factors, and Policy, chapter Building Collaborative Digital Government Systems Systemic: constraints and effective practices, pages 259–273. Springer US.

Dawoud, W., Potsdam, G., Takouna, I., e Meinel, C. (2010). Infrastructure as a service security: Challenges and solutions. Em 7th International Conference on Informatics and Systems (INFOS).

De Capitani di Vimercati, S. e Samarati, P. (2006). Privacy in the electronic society. Em International Conference on Information Systems Security (ICISS), Kolkata, India. invited talk.

de Mello, E. R. (2009). Um modelo para confiança dinâmica em ambientes orientados a serviço. PhD thesis, Universidade Federal de Santa Catarina.

de Mello, E. R., Wangham, M. S., da Silva Fraga, J., Camargo, E., e da Silva Böger, D. (2009). Model for authentication credentials translation in service oriented architecture. Transactions on Computational Sciences Journal, 5430:68–86.

Deming, W. Edwards (1986). Out of the Crisis. MIT Center for Advanced Engineering Study. ISBN 0-911379-01-0.

Dierks, T., Rescorla, E.(2008). “The Transport Layer Security (TLS) Protocol Version 1.2”. RFC 5246, August 2008.

Doelitzscher, F., Reich, C., e Sulistio, A. (2010). Designing cloud services adhering to government privacy laws. Em International Symposium on Trust, Security and Privacy for Emerging Applications.

DRII (2010). Disaster Recovery International Institute: Professional Practices. Disponível em: https://www.drii.org/docs/profprac_details.pdf. Acessado em 21 de mar. de 2010.

Dutta, A., Famolari, D., Das, S., Ohba, Y., Fajardo, V., Taniuchi, K., Lopez, R., Schulzrinne, H.(2008). “Media-Independent Pre-Authentication Supporting Secure Interdomain Handover Optimization”. In: IEEE Wireless Communications, vol. 15, nr. 2, April 2008.

Dutta, A., Fajardo, V., Ohba, Y., Taniuchi, K., Schulzrinne, H.(2010). “A Framework of Media-Independent Pre-Authentication (MPA) for Inter-domain Handover Optimization”. draft-irtf-mobopts-mpa-framework-07, April 2010, trabalho em andamento.

EclipseFoundation (2010). Higgins open source identity framework. http://www.eclipse.org/higgins/.

Erickson, J. S., Spencer, S., Rhodes, M., Banks, D., Rutherford, J., Simpson, E., Belrose, G., e R., R. P. (2009). Content-centered collaboration spaces in the cloud. IEEE Internet Computing, páginas 34–42.

Ernst & Young (2010). Insights in it risk – top privacy issues for 2010.

Eronen, P.(2006). “IKEv2 Mobility and Multihoming Protocol (MOBIKE)”. RFC 4555, June 2006.

Errors. Version 2.0, 2010. Disponível on-line nas URLs http://www.sans.org/top25-programming-errors-e-cwe.mitre.org/top25

ETSI TS 133 234 (2010). “Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Wireless Local Area Network (WLAN) interworking security”. V. 9.2.0, Release 9, July 2010

Etsion, Y., Ben-Nun, T., e Feitelson, D. (2009). A global scheduling framework for virtualization environments. Em IEEE Symposium on Parallel and Distributed Processing.

Eucalyptus (2010). Eucalyptus – the open source cloud plataform. http://open.eucalyptus.com.

Farrell, N.. “Mac Display Eater kills home files”. The Inquirer (February 27 , 2007), http://www.theinquirer.net/default.aspx?article=37824.

Ferrie, P.. “Anti-Unpacker Tricks”. In: 2nd International CARO Workshop, 2008, The Netherlands.

FIPS 140-2 (2001). Security Requirements for Criptographic Modules - FIPS PUB 140-2. Computer Security Division.

Fischer-Hübner, S. (2001). IT-Security and Privacy: Design and use of privacy-enhancing security mechanisms. Em Goos, G., Hartmanis, J., e van Leeuwen, J., editores, Lecture Notes in Computer Science, volume 1958. Springer-Verlang.

Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yegin, A.(2008). “Protocol for Carrying Authentication for Network Access (PANA)”. RFC 5191, May 2008.

Foster, I., Zhao, Y., Raicu, I., e Lu, S. (2008). Cloud computing and grid computing 360-degree compared. Em Grid Computing Environments Workshop.

Funk, P., Blake-Wilson, S.(2008). "Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)". RFC 5281, August 2008.

Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. Em Annual ACM Symposium on Theory of computing, páginas 169–178, New York, NY, USA. ACM.

Giffin J. T.; Christodorescu M.; Kruger L. “Strengthening software selfchecksumming via self-modifying code". In: 21st Annual Computer Security Applications Conference, 2005, pp. 23–32, IEEE Computer Society.

Ginga-NCL Virtual STB. Máquina virtual Linux para VMWare e simulador de receptor com Ginga-NCL. Disponível on-line na URL http://www.gingancl.org.br

Goodspeed et al.. “Low level Design Vulnerabilities in Wireless Control System Hardware”, S4 2009 papers.

Gottschalk, P. e Solli-Saether, H. (2008). Stages of e-government interoperability. Electronic Government: An International Journal, 5(3):310–320.

GOV.BR (2010). Programa de governo eletrônico brasileiro (gov.br). http://www.governoeletronico.gov.br.

Goyal, P. e Mikkilineni, R. (2009). Policy-based event-driven servicesoriented architecture for cloud services operation & management. Em IEEE International Conference on Cloud Computing, páginas 135–138. IEEE Computer Society.

Grobauer, B., Walloschek, T., e Stöcker, E. (2010). Understanding Cloud-Computing Vulnerabilities. IEEE Security and Privacy.

Grossman, R. (2009). The case for cloud computing. IT Professional, 11(2).

Gruschka, N. e Iacono, L. (2009). Vulnerable cloud: SOAP message security validation revisited. Em IEEE International Conference on Web Services.

Hallam-Baker, P. e Mysore, S. H. (2005). XML Key Management Specification (XKMS 2.0). W3C – Proposed Recommendation.

Hansen, M., Schwartz, A., e Cooper, A. (2008). Privacy and identity management. Security Privacy, IEEE, 6(2):38–45.

Hardekopf, B.; Lin, C.. “The ant and the grasshopper: Fast and accurate pointer analysis for millions of lines of code”. SIGPLAN Not., 42(6):290–299, 2007.

Haverinen, H., Ed., and J. Salowey, Ed.(2006). “Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)”. RFC 4186, January 2006.

Hayes, B. (2008). Cloud computing. Communications of the ACM, 51(7):9–11.

Hinde, S. (2003). Privacy legislation: a comparison of the US and european approaches. Computers & Security, 22(5):378–387.

Hodges, J. e Morgan, R. (2002). Lightweight Directory Access Protocol (v3): Technical Specification. RFC3377. IETF.

Hoeper, K., Decugis, S., Zorn, G., Wu, Q., Taylor, T.(2010). “Handover Keying (HOKEY) Architecture Design”. draft-hoeper-hokey-arch-design-03, July 2010, trabalho em andamento.

Hoeper, K., Nakhjiri, M., Ohba, Y.(2010). “Distribution of EAP-Based Keys for Handover and Re-Authentication”. RFC 5749, March 2010.

Holz T.; Raynal F.. “Detecting honeypots and other suspicious environments”. In: Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, U.S. Military Academy, West Point, NY, June 2005.

Horne, B.; Matheson, L.; Sheehan, C.; Tarjan, R. E.. “Dynamic self-checking techniques for improved tamper resistance”. In: Security and Privacy in Digital Rights Management, ACM CCS-8 Workshop DRM 2001, Philadelphia, November 2001. Springer-Verlag, LNCS 2320.

Horne,W. G.; Matheson, L. R.; Sheehan, C.; Tarjan, R. E.. “Software self-checking systems and methods”. U.S. Application 20030023856, January 2003. Assigned to InterTrust Technologies Corporation.

Housley, R., Polk, W., Ford, W., e Solo, D. (2002). Internet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC 3280.

Howard, M and LeBlanc, D (2002). Writing Secure Code, Second Edition. December 04, 2002. ISBN 9780735617223

Husdal (2008). Ericsson versus Nokia – the now classic case of supply chain disruption. Disponível em: [link]. Acessado em 21 de mar. de 2010.

IBM (2005). Federated Identity Management and Web Services Security with IBM Tivoli Security Solutions. IBM, second edition.

IBM Global Services (2007). Continuidade de negócios e resiliência” Disponível em: http://www.ibm.com/br/services/bcr/. Acessado em 21 de mar. de 2010.

IDA Pro - Disassembler. 2009. Data Rescue, Liege, Belgium. Available from Internet: <http://www.datarescue.com 2009. Último acesso July 2009>.

IEEE Standard 802.1X (2004). “IEEE Standard for Local and metropolitan area networks Port-Based Network Access Control”.

IEEE Standard 802.21 (2008). “IEEE Standard for Local and metropolitan area networks - Part 21: Media Independent Handover Services”.

IEEE Standard 802.11 (2007). “Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications”.

Internet2 (2008). eduPerson & eduOrg Object Classes. http://middleware.internet2.edu/eduperson/.

ISO (2005). ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements. International Organization for Standartization.

IT Governance Institute (2008). Aligning CobiT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit. Disponível em [link]. Acessado em 20/08/2010.

IT Governance Institute (2008). IT Governance Institute (2007). COBIT - Control Objectives for Information and related Technology. Disponível em http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx. Acessado em 20/06/2010.

Itani, W., Kayssi, A., e Chehab, A. (2009). Privacy as a service: Privacyaware data storage and processing in cloud computing architectures. Em IEEE International Conference on Dependable, Autonomic and Secure Computing, páginas 711 –716.

ITIL (2010). IT Infrastructure Library. Office of Governance Commerce, UK.

ITU-T (2000). Information technology – Open systems interconnection – The Directory: Public-key and attribute certificate frameworks. Recommendation X.509. International Telecommunication Union.

ITU-T (2001). Information technology - Open Systems Interconnection - The Directory: Overview of concepts, models and services. ITU-T Recommendation X.500. [link].

Jacob, M.; Jakubowski,M. H.; Venkatesan, R.. “Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings”. In: Proc. of the 9th Workshop on Multimedia and Security, pp. 129–140, New York, 2007. ACM.

Jensen, M., Schwenk, J., Gruschka, N., e Iacono, L. (2009). On technical security issues in cloud computing. Em IEEE International Conference on Cloud Computing, páginas 109–116. IEEE Computer Society.

Johnson, D., Perkins, C., Arkko, J.(2004). “Mobility Support in IPv6”. RFC 3775, June 2004.

Josang, A., Ismail, R., Boyd, C.(2007). “A survey of trust and reputation systems for online service provision”. In: Decision Support Systems, vol. 43, nr. 2. Elsevier Science Publishers B. V., March 2007.

Jøsang, A. e Pope, S. (2005). User centric identity management. In AusCERT Asia Pacific Information Technology Security Conference 2005.

Jøsang, A., Fabre, J., Hay, B., Dalziel, J., e Pope, S. (2005). Trust requirements in identity management. In CRPIT ’44: Proceedings of the 2005 Australasian workshop on Grid computing and e-research, pages 99–108, Darlinghurst, Australia. Australian Computer Society, Inc.

Kaliski Jr, B. e Pauley, W. (2010). Toward risk assessment as a service in cloud environments. Em USENIX Workshop on Hot Topics in Cloud Computing.

Kallela, J. (2008). Federated identity management solutions. Technical report, Helsinki University of Technology. http://www.cse.tkk.fi/en/publications/B/1/papers/Kallela_final.pdf.

Kandukuri, B., Paturi, V., e Rakshit, A. (2009). Cloud security issues. Em International Conference on Services Computing.

Kanzaki, Y.; Monden, A.; Nakamura, M; Matsumoto K.. “Exploiting selfmodificationmechanism for program protection”. In: Proc. of the 27th Annual International Conference on Computer Software and Applications, pp 170, Washington, USA, 2003.

Kaufman, C.(2005). “Internet Key Exchange (IKEv2) Protocol”. RFC 4306, December 2005.

Kocher, P., Lee, R., McGraw, G., and Raghunathan, A. 2004. Security as a new dimension in embedded system design. In Proceedings of the 41st Annual Design Automation Conference (San Diego, CA, USA, June 07 - 11, 2004). DAC '04. ACM, New York, NY, 753-760.

Kohl, J. e Neuman, C. (1993). The kerberos network authentication requestor (v5). rfc1510. Technical report, IETF.

Koien, G. M., Haslestad, T.(2003). “Security Aspects of 3G-WLAN Interworking”. In: IEEE Communications Magazine, vol. 41, nr. 11, November de 2003.

Kürümlüoglu, M., Nostdal, R., e Karvonen, I. (2005). Base concepts, chapter Virtual organisations: Systems and practices, pages 11–28. Springer.

Lakhotia, A.; Kumar, E. U.; Venable, M.. “A method for detecting obfuscated calls in malicious binaries”. In: IEEE Transactions on Software Engineering, Piscataway, v. 31, n. 11, pp. 955–968, 2005.

Lakhotia, A.; Singh, P. K.. “Challenges in getting ‘formal’ with viruses”. Virus Bulletin, pp. 15–19, September 2003.

Landwehr, C. (2001). Computer security. International Journal of Information Security, 1(1):3–13.

Laureano, M. e Maziero, C. (2008). Virtualização: Conceitos e aplicações em segurança. Em Maziero, C., editor, Livro-Texto de Minicursos SBSeg, páginas 1–50. Sociedade Brasileira de Computação.

Le, H.-B. e Bouzefrane, S. (2008). Identity management systems and interoperability in a heterogeneous environment. pages 239 –242.

Leach, P., Mealling, M., e Salz, R. (2005). A UUID URN Namespace. IETF RFC 4122. http://www.ietf.org/rfc/rfc4122.txt.

Lerusalimschy, R. (2003). Programming in Lua, 1st. Ed. 2003. ISBN 85-903798-1-7. Disponível on-line na URL http://www.lua.org/pil.

Lerusalimschy, R., Figueiredo L. H. e Celes, W. (2006). Lua 5.1 Reference Manual. 2006. ISBN 85-903798-3-3. Disponível on-line na URL http://www.lua.org/manual/5.1/pt.

Lewis, J. A. (2008). Authentication 2.0 - new opportunities for online identification. Technical report, Center for Strategic and International Studies.

Liberty (2003). Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance.

Lie, D.; Thekkath, C.; Mitchell, M.; Lincoln, P.; Boneh, D.; Mitchell, J.; Horowitz, M.. “Architectural support for copy and tamper resistant software”. In: Proc. 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pp. 168–177, November 2000.

Linn, C.; Debray, S.. “Obfuscation of executable code to improve resistance to static disassembly”. In: Proceedings of the 10th Computer and Communications Security (CCS), 2003, pp. 290–299.

Liu, J., Jiang, S., Lin, H.(2006). “Introduction to Diameter – Get the next generation AAA protocol”. Available in [link], April 2006, Access: July 2010.

Lopez, D., Solberg, A., e Stanica, M. (2006). eduGAIN Profiles and Implementation Guidelines.

Lua MD5. Cryptographic Library for Lua. MD5 and DES56 basic cryptographic facilities for Lua. http://www.keplerproject.org/md5

LuaCrypto. LuaCrypto - A Lua Frontend to OpenSSL. Disponível on-line na URL http://luacrypto.luaforge.net/index.html

LuaSec. LuaSec - TLS/SSL Support for Lua. Disponível on-line na URL http://www.inf.puc-rio.br/~brunoos/luasec/index.html.

Machan, P., Serwin, S., and Wozniak, J.(2008). “Performance of mobility support mechanisms in a heterogeneous UMTS and IEEE 802.11 network offered under the IEEE 802.21 standard”. In: 1st International Conference on Information Technology, pages 1–4. IEEE. 2008

Madou, M.; Anckaert, B.; Moseley, P.; Debray, S.; De Sutter, B.; De Bosschere, K.. “Software protection through dynamic code mutation”. In: 6th International Workshop in Information Security Applications, August 2005.

Majumdar, A., Thomborson, C. D., Drape, S.. “A Survey of Control-Flow Obfuscations”. In: Proceedings of the International Conference on Information Systems Security, 2006, pp. 353–356.

Maler, E. e Reed, D. (2008). The venn of identity: Options and issues in federated identity management. Security Privacy, IEEE, 6(2):16–23.

Maliki, T. E. e Seigneur, J.-M. (2007). A survey of user-centric identity management technologies. In The International Conference on Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007, pages 12–17.

Mather, T., Kumaraswamy, S., e Latif, S. (2009). Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media.

Mell, P. e Grance, T. (2009). The NIST definition of cloud computing. National Institute of Standards and Technology.

Monden, A.; Iida, H.; Matsumoto, K.; Torii, K.; Ichisugi, Y.. “Watermarking method for computer programs”. In: Proc. of theSymposium on Cryptography and Information Security, 1998.

Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.(2008). “Host Identity Protocol”, RFC 5201, April 2008.

Moskowitz, S. A., Cooperman, Marc.. “Method for stega-cipher protection of computer code", US Patent 5,745,569, January 1996. Assignee: The Dice Company.

Munasinghe, K. and Jamalipour, A.(2007). “A 3GPP-IMS based approach for converging next generation mobile data networks”. In: International Conference on Communications, pages 5264–5269. IEEE. 2007.

Munasinghe, K. and Jamalipour, A.(2008). “Interworking of WLAN-UMTS networks: an IMS-based platform for session mobility”. In: IEEE Communications Magazine, Vol. 46, nr. 9, IEEE, 2008.

Myles, G.; Collberg, C.; Heidepriem, Z.; Navabi, A.. “The evaluation of two software watermarking algorithms”. Software: Practice and Experience, 35(10):923-938,2005.

Narayanan, V., Dondeti, L.(2008). "EAP Extensions for EAP Re-authentication Protocol (ERP)". RFC 5296, August 2008.

Neumann, J. von.. “First draft of a report on the EDVAC”,1945.

Nicholls, R. (2000) SMS – Today's Interactive Television. Australia, http://www.broadcastpapers.com.

Nurmi, D., Wolski, R., Grzegorczyk, C., Obertelli, G., Soman, S., Youseff, L., e Zagorodnov, D. (2009). The eucalyptus open-source cloud computing system. Em IEEE/ACM International Symposium on Cluster Computing and the Grid.

OASIS (2004). Web Services Security: SOAP Message Security 1.0. OASIS. [link].

OASIS (2005a). Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS.

OASIS (2005a). Assertions and Protocols for the SAML 2.0. OASIS.

OASIS (2005b). Bindings for the OASIS SAML V2.0. Organization for the Advancement of Structured Information Standards (OASIS).

OASIS (2005b). eXtensible Access Control Markup Language version 2.0.

OASIS (2005c). eXtensible Access Control Markup Language (XACML) version 2.0. Organization for the Advancement of Structured Information Standards (OASIS). http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.

OASIS (2005c). SAML 2.0 profile of XACML v2.0. OASIS.

OASIS (2005d). Extensible Resource Identifier (XRI) Syntax V2.0. OASIS. http://www.oasis-open.org/committees/download.php/15377/xri-syntax-V2.0-cs.pdf.

OASIS (2005e). Metadata for the OASIS SAML V2.0. Organization for the Advancement of Structured Information Standards (OASIS).

OASIS (2005f). Profiles for the OASIS SAML V2.0. Organization for the Advancement of Structured Information Standards (OASIS).

OASIS (2005g). Security Assertion Markup Language (SAML) 2.0 Technical Overview. OASIS.

OASIS (2006). Service Provisioning Markup Language (SPML) Version 2. OASIS.

OASIS (2009a). Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of Security Assertion Markup Language (SAML) for Healthcare Version 1.0. OASIS.

OASIS (2009a). WS-SecurityPolicy 1.3. OASIS. [link].

OASIS (2009b). Web Services Federation Language version 1.2. OASIS.

OASIS (2009b). WS-Trust 1.4.

Oberheide, J. and Jahanian, F. (2010) When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications (Annapolis, Maryland, February 22 – 23, 2010). HotMobile ‘10. ACM, New York, NY, 43-48. 2010.

Ogiso, T.; Sakabe, Y.; Soshi, M.; Miyaji, A.. “Software obfuscation on a theoretical basis and its implementation”. In: IEEE Trans. Fundamentals, E86-A(1), January 2003.

Ogrizovic, D., Svilicic, B., e Tijan, E. (2010). Open source science clouds. Em International Convention (MIPRO 2010).

Ohba, Y., Wu, Q., Zorn, G.(2010). “Extensible Authentication Protocol (EAP) Early Authentication Problem Statement”. RFC 5836, April 2010.

Oliveira, L. P. M.. “Marca d’água Frágil e Semi-frágil para Autenticação de Vídeo no Padrão H.264”. Dissertação de mestrado, Universidade Federal do Rio de Janeiro, 2009.

OPENID (2007). Openid authentication 2.0. OPENID. http://openid.net/specs/openid-authentication-2_0.html.

OpenID (2010). OpenID Foundation - OIDF. OpenID Foundation.

OpenID (2010). Openid. http://openid.net.

OWASP Top 10 (2010). The Ten Most Critical Web Application Security Risks. 2010. Disponível on-line na URL [link]

Pearson, S., Shen, Y., e Mowbray, M. (2009). A privacy manager for cloud computing. Em Jaatun, M., Zhao, G., e Rong, C., editores, Cloud Computing, volume 5931 of LNCS, páginas 90–106. Springer. 10.1007/978-3-642-10665-1-9.

PECompact. “Windows executable compressor”. Bitsum Technologies. http://www.bitsum.com. Último acesso, Julho 2010.

Pedersen, T. (1992). Non-interactive and information-theoretic secure verifiable secret sharing. Em Feigenbaum, J., editor, Advances in Cryptology, volume 576 of Lecture Notes in Computer Science, páginas 129–140. Springer Berlin / Heidelberg.

Perkins, C.(2002). “IP Mobility Support for IPv4”. RFC 3344, August 2002.

Petitcolas, F. A. P.. “Stirmark Benchmark 4.0”. [link]. Último acesso, Julho 2010.

Pfleeger, C. P. e Pfleeger, S. L. (2006). Security in Computing. Prentice Hall, fourth edition.

Pinheiro Jr, J. e Kon, F. (2005). Segurança em grades computacionais. Em Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.

Postel, J.(1980). “User Datagram Protocol”. RFC 768, August 1980.

Postel, J.(1981). “Transmission Control Protocol”. RFC 793, September 1981.

Provos, N., Rajab, M., e Mavrommatis, P. (2009). Cybercrime 2.0: when the cloud turns dark. Communications of the ACM, 52(4):42–47.

Rabelo, R. J. (2008). Methods and Tools for Collaborative Networked Organizations, chapter Advanced Collaborative Business ICT Infrastructures, pages 337–365. Springer.

Ravi, S., Raghunathan, A., Kocher, P., and Hattangady, S. (2004). Security in embedded systems: Design challenges. ACM Trans. Embed. Comput. Syst. 3, 3 (Aug. 2004), 461-491.

Recordon, D. e Reed, D. (2006). Openid 2.0: a platform for user-centric identity management. In DIM ’06: Proceedings of the second ACM workshop on Digital identity management, pages 11–16, New York, NY, USA. ACM.

Rezgui, A., Bouguettaya, A., e Eltoweissy, M. Y. (2003). Privacy on the web: Facts, challenges, and solutions. IEEE Security and Privacy, 1(6):40–49.

Rigney, C., Willens, S., Rubens, A., Simpson, A.(2000). “Remote Authentication Dial In User Service (RADIUS)”. RFC 2865, June 2000.

Rimal, B., Choi, E., e Lumb, I. (2009). A taxonomy and survey of cloud computing systems. Em International Joint Conference on INC, IMS and IDC.

Ristenpart, T., Tromer, E., Shacham, H., e Savage, S. (2009). Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. Em ACM conference on Computer and communications security, páginas 199–212. ACM.

RNP (2010). Federação cafe. http://www.cafe.rnp.br.

Romkey, J.(1988). “A Nonstandard for Transmission of IP Datagrams Over Serial Lines: SLIP”. RFC 1055, June 1988

Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.(2002). “SIP: Session Initiation Protocol”. RFC 3261, June 2002.

Salowey, J., Dondeti, L., Narayanan, V., Nakhjiri, M.(2008). “Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)”. RFC 5295, August 2008.

Scavo, T. e Cantor, S. (2005). Shibboleth Architecture. [link].

Schneier, B. (1996). "Applied Cryptography: Protocols, Algorithms, and Source Code in C". Second Edition. John Wiley & Sons.

Seshadri, A.; Luk, M.; Perrig, A.; van Doorn, L.; Khosla, P.. “Enternally verifiable code execution”. Commun. ACM, 49(9):45–49, 2006.

Sharir, M.; Pnueli, A.. “Two approaches to interprocedural data flow analysis”. Program Flow Analysis: theory and applications. Englewood Cliffs: Prentice-Hall, 1981.

Shen, E., Shi, E., e Waters, B. (2009). Predicate privacy in encryption systems. Em Reingold, O., editor, Theory of Cryptography, volume 5444 of Lecture Notes in Computer Science, páginas 457–473. Springer Berlin / Heidelberg.

Shirey, R. (2000). RFC 2828 - Internet Security Glossary. The Internet Society.

Silva, A., Endler, M. Colcher, S.(2008). “Otimização do Handover na Camada de Rede (L3) utilizando o Media Independent Handover (MIH)”. Tese não publicada. Pontifícia Universidade Católica do Rio de Janeiro, Departamento de Informática, Rio de Janeiro. 2008.

Simon, D., Aboba, B., Hurst, R.(2008). “The EAP-TLS Authentication Protocol”. RFC 5216, March 2008.

Simpson, W.(1994). “The Point-to-Point Protocol (PPP)”. RFC 1661, July 1994

Singh, M. D., Krishna, P. R., e Saxena, A. (2010). A cryptography based privacy preserving solution to mine cloud data. Em Annual ACM Bangalore Conference, páginas 1–4, New York, NY, USA. ACM.

Skorobogatov, S. P.. “Semi-invasive attacks – A new approach to hardware security analysis”. Technical Report 630 - University of Cambridge, 2005.

Smith, M. (2000). Definition of the inetOrgPerson LDAP Object Class. IETF RFC 2798.

Somani, G. e Chaudhary, S. (2009). Application performance isolation in virtualization. Em IEEE International Conference on Cloud Computing, páginas 41–48. IEEE Computer Society.

Song, W., Jiang, H., and Zhuang, W.(2007). “Performance analysis of the wlan-first scheme in cellular/wlan interworking”. In: IEEE Transactions on Wireless Communications, Vol. 6, nr. 5, IEEE, 2007.

Song, D. X., Wagner, D., e Perrig, A. (2000). Practical techniques for searches on encrypted data. Em IEEE Symposium on Security and Privacy, páginas 44 –55.

Srinivasan, R.. “Protecting anti-virus software under viral attacks”. M.Sc. Thesis, Arizona State University.

Stahl, B. C. (2008). The impact of the UK Human Rights Act 1998 on privacy protection in the workplace. Em Subramanian, R., editor, Computer Security, Privacy, and Politics - Current Issues, Challenges, and Solutions, chapter IV, páginas 55–69. IRM Press.

Stanley, D., Walker, J., Aboba, B.(2005). “Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs”. RFC 4017, March 2005.

Staples, W. G. (2007). Encyclopedia of Privacy. Greenwood Press.

Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5):557–570.

Ször, P.; Ferrie, P. “Hunting for metamorphic”. In: Proc. of the 11th Virus Bulletin Conference, Prague, Czech Republic, pp. 123–144, 2001.

Tan, G.; Chen, Y.; Jakubowski, M. H.. “Delayed and controlled failures in tamperresistant systems”. In: Information Hiding, 2006. Springer-Verlag.

Tauil, M., Dutta, A., Cheng, Y., Das, S., Baker, D., Yajnik, M., Famolari, D., Ohba, Y., Taniuchi, K., Fajardo, V., Schulzrinne, H.(2010). “Integration of IEEE 802.21 services and pre-authentication framework”. In: International Journal of Communication Networks and Distributed Systems, vol. 5, nr.1/2, February 2010.

TERENA (2008). TERENA Compendium of National Research and Education Networks In Europe. TERENA.

Thibeau, D. e Reed, D. (2009). Open trust frameworks for open government: Enabling citizen involvement through open identity technologies. White paper, OpenID Foudation and Information Card Foudation.

Tjoa, S., Jakoubi, S. (2008). Enhancing Business Impact Analysis and Risk Assessment applying a Risk-Aware Business Process Modeling and Simulation Methodology. The Third International Conference on Availability, Reliability and Security, EUA.

Trusted Computing Group (2010). Trusted Platform Module – Specifications. Trusted Computing Group.

Turn, R. e Ware, W. H. (1975). Privacy and security in computer systems. Technical Report P5361, Rand Corporation.

Udupa, S. K; Debray, S. K.; Madou, M.. “Deobfuscation: Reverse engineering obfuscated code”. In: WCRE ’05: Proceedings ofthe 12th Working Conference on Reverse Engineering, pages 45–54, Washington, DC, 2005. IEEE. 146 Minicursos

Venkatesan, R. , Vazirani, V., Sinha S.. “A graph theoretic approach to software watermarking". In: 4th International Information HidingWorkshop, Pittsburgh, PA, April 2001. 144 Minicursos

Viega, J. and McGraw, G. (2001). Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley Professional. October 4, 2001. ISBN 978-0201721522.

Vliet, H. P. V.. “Crema — The Java obfuscator”. http://web.inter.nl.net/users/H.P.van.Vliet/mocha.html, January 1996.

VMWare Inc (2010). VMware vSphere. http://www.VMware.com/vSphere.

W3C (2001). XML Key Management Specification (XKMS). W3 Consortium.

W3C (2007). Web Services Policy 1.5 - Framework. http://www.w3.org/TR/2007/REC-ws-policy-20070904.

W3C (2009a). Web Services Federation Language – WS-Federation.

W3C (2009b). Web Services Metadata Exchange (WS-MetadataExchange). W3C. http://www.w3.org/TR/2009/WD-ws-metadata-exchange-20090317.

W3C (2010). Web Services Policy 1.5 – Framework. W3 Consortium.

W3C (2010). Web Services Transfer (WS-Transfer). http://www.w3.org/TR/2010/WD-ws-transfer-20100805.

Wahl, M. (1997). A Summary of the X.500(96) User Schema for use with LDAPv3. IETF RFC 2256.

Wang, C., Wang, Q., Ren, K., e Lou, W. (2010a). Privacy-preserving public auditing for data storage security in cloud computing. Em IEEE International Conference on Computer Communications.

Wang, C.; Hill, J.; Knight, J.; Davidson, J.. “Protection of software-based survivability mechanisms”. In: Proc. International Conference of Dependable Systems and Networks, July 2001.

Wang, C.; Hill, J.; Knight, J.; Davidson, J..“Software tamper resistance: Obstructing static analysis of programs.” Technical Report CS-2000-12, 2000.

Wang, H., Jing, Q., Chen, R., He, B., Qian, Z., e Zhou, L. (2010b). Distributed systems meet economics: Pricing in the cloud. Em USENIX Workshop on Hot Topics in Cloud Computing.

Wang, J., Shao, Y., Jiang, S., e Le, J. (2009). Providing privacy preserving in cloud computing. Em International Conference on Test and Measurement, páginas 213–216. IEEE Computer Society.

Ware, W. H. (1973). Records, computers and the rights of citizens. Technical Report P5077, Rand Corporation.

Wayner, P..“Disappearing Cryptography: Information Hiding: Steganography and Watermarking (2nd Edition)”. Morgan kaufmann Publishers Inc., San Francisco, CA, 2002.

Wei, N.Z.W. (2009). The strategic skills of business continuity managers: Putting business continuity management into corporate long-term planning. Journal of Business Continuity & Emergency Planning Vol. 4 No. 1, pp. 62–68. United Kingdom.

Wiboonrat, M. (2008). An Empirical IT Contingency Planning Model for Disaster Recovery Strategy Selection. Graduate School of Information Technology, Assumption University. Bangkok, Thailand.

Wilhelm, Thomas. (2010) Professional Pentration Testing, Creating and Operating a Format Hacking Lab – SYNGRESS 2010. ISBN: 978-1-59749-425-0.

Wong, W.; Stamp, M.. “Hunting for Metamorphic Engines”. Journal in Computer Virology (Department of Computer Science, San Jose State University).

Wood, T., Cecchet, E., Ramakrishnan, K., Shenoy, P., van der Merwe, J., e Venkataramani, A. (2010). Disaster recovery as a cloud service: Economic benefits & deployment challenges. Em USENIX Workshop on Hot Topics in Cloud Computing.

Wright, T. (2004). Security, Privacy, and Anonymity. ACM.

Wroblewski, G.. “General Method of Program Code Obfuscation”. PhD thesis, Wroclaw University of technology, Institute of Engineering Cybernetics, 2002.

Wurster, G.; van Oorschot, P. C.; Somayaji, A.. “A generic attack on checksumming-based software tamper resistance”. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 127–138, May 2005.

Yang, P., Deng, H.(2007). “Seamless integration of 3G and 802.11 wireless network”. In: 5th ACM international workshop on Mobility management and wireless access, pages 60–65. ACM. 2007.

Yee, G. e Korba, L. (2009). Personal privacy policies. Em Vacca, J., editor, Computer and Information Security Handbook, páginas 487–505. Morgan Kaufmann.

Yildiz, M., Abawajy, J., Ercan, T., e Bernoth, A. (2009). A layered security approach for cloud computing infrastructure. Em International Symposium on Pervasive Systems, Algorithms, and Networks, páginas 763–767. IEEE.

Yusof, A. L., Ismail, M., and Misran, N.(2007). “Architecture and mobility management protocols for next-generation wireless systems (NGWS)”. In: IEEE International Conference on Telecommunications and Malaysia International Conference on Communications, pages 747–752. IEEE, 2007

z0mbie. “Automated reverse engineering: Mistfall engine.” Publicado online em http://z0mbie.host.sk/autorev.txt. Último acesso, Julho 2010.

Zhang, L. e Zhou, Q. (2009). CCOA: Cloud computing open architecture. Em International Conference on Web Services.

Zhang, Q., Cheng, L., e Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Springer Journal of Internet Services and Applications, páginas 7–18.

Zhang, X.; Gupta, R.. “Hiding program slices for software security”. In: Proc. of the International Symposium on Code Generation and Optimization, 2003, pp. 325– 336, Washington, DC, 2003. IEEE.

Zhao, Y., Xie, Y., Yu, F., Ke, Q., Yu, Y., Chen, Y., e Gillum, E. (2009). Botgraph: Large scale spamming botnet detection. Em USENIX Symposium on Networked systems design and implementation, páginas 321–334. USENIX Association.

Zorn, G., Cobb, S.(1998). “Microsoft PPP CHAP Extensions”. RFC 2433, October 1998.

Zorn, G.(1999). “Microsoft Vendor-specific RADIUS Attributes”. RFC 2548, March 1999.