Minicursos do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais

Raul Ceretta Nunes; Edna Dias Canedo; Rafael Timóteo de Sousa Júnior; Leonardo B. Oliveira; Fernando Magno Quintão Pereira; Rafael Misoczki; Diego F. Aranha; Fábio Borges; Michele Nogueira; Michelle Wangham; Newton C. Will; Rafael C. R. Condé; Carlos A. Maziero; Alexandre Melo Braga; Fernando C. Herédia Marino; Robson Romano dos Santos; Vanessa R. L. Chicarino; Emanuel Ferreira Jesus; Célio V. N. de Albuquerque; Antônio A. de A. Rocha

doi:10.5753/sbc.8410.6

Autores

Raul Ceretta Nunes (ed)

UFSM

Edna Dias Canedo (ed)

UnB

Rafael Timóteo de Sousa Júnior (ed)

UnB

DOI: https://doi.org/10.5753/sbc.8410.6

Palavras-chave:

SBSeg 2017, Segurança da Informação

Sinopse

O Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg) é um evento científico promovido anualmente pela Sociedade Brasileira de Computação (SBC) e representa o principal fórum no país para a apresentação de pesquisas e atividades relevantes ligadas à segurança da informação e de sistemas computacionais.

Nesta edição do SBSeg (2017), 20 propostas de minicursos foram submetidas, um número expressivo que demonstra a importância deste evento no panorama nacional de pesquisa. Destas, 4 foram selecionadas para publicação e apresentação, representando assim uma taxa de aceitação de 20%.

Este livro reúne 4 capítulos produzidos pelos autores das propostas de minicursos aceitas. O Capítulo 1, alinhado à tendência crescente e inevitável de uso de pequenos dispositivos computacionais, discute questões contemporâneas na área de segurança e privacidade no contexto da computação ubíqua, bem como aponta para problemas de pesquisa ainda não solucionados. O Capítulo 2, de maneira similar, apresenta as principais tecnologias de segurança baseada em hardware, abordando funcionalidades e usos da arquitetura Intel Software Guard Extensions (SGX). Os Capítulos 3 e 4 discutem a tecnologia blockchain, uma tecnologia baseada em difusão e que tem impulsionado novas pesquisas, desenvolvimentos e inovações na área de segurança computacional. O Capítulo 3, apresenta os fundamentos da tecnologia e os aspectos de programação que envolvem o desenvolvimento de aplicações e segurança de sistemas. O Capítulo 4, apresenta como a tecnologia blockchain pode ser usada para prover segurança e privacidade no contexto da Internet das Coisas (IoT).

Capítulos

1. O Computador para o Século 21: Desafios de Segurança e Privacidade após 25 Anos

Leonardo B. Oliveira, Fernando Magno Quintão Pereira, Rafael Misoczki, Diego F. Aranha, Fábio Borges, Michele Nogueira, Michelle Wangham

DOI: https://doi.org/10.5753/sbc.8410.6.1

Capítulo 1
2. Mecanismos de segurança baseados em hardware: uma introdução à arquitetura Intel SGX

Newton C. Will, Rafael C. R. Condé, Carlos A. Maziero

DOI: https://doi.org/10.5753/sbc.8410.6.2

Capítulo 2
3. Segurança de Aplicações Blockchain Além das Criptomoedas

Alexandre Melo Braga, Fernando C. Herédia Marino, Robson Romano dos Santos

DOI: https://doi.org/10.5753/sbc.8410.6.3

Capítulo 3
4. Uso de Blockchain para Privacidade e Segurança em Internet das Coisas

Vanessa R. L. Chicarino, Emanuel Ferreira Jesus, Célio V. N. de Albuquerque, Antônio A. de A. Rocha

DOI: https://doi.org/10.5753/sbc.8410.6.4

Capítulo 4

Downloads

Não há dados estatísticos.

Referências

“Bitcoin Project.” [Online]. Available: https://bitcoin.org.

“Ethereum Blockchain App Platform.” [Online]. Available: https://www.ethereum.org.

“Hyperledger - Blockchain Technologies for Business.” [Online]. Available: https://www.hyperledger.org.

“Ripple and RippleNet - The world"s only enterprise blockchain solution for global payments.” [Online]. Available: https://ripple.com.

A. Braga and R. Dahab, “Introdução à Criptografia para Programadores,” in Caderno de minicursos do XV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais — SBSeg, 2015, pp. 1–50.

A. Braga and R. Dahab, “Mining Cryptography Misuse in Online Forums,” in 2nd Int. Workshop on Human and Social Aspect of Software Quality, 2016.

Abowd, G. D. and Mynatt, E. D. (2000). Charting past, present, and future research in ubiquitous computing. ACM Transactions on Computer-Human Interaction (TOCHI), 7(1):29–58.

Akram, H. and Hoffmann, M. (2008). Supports for identity management in ambient environments-the hydra approach. In Proceedings..., pages 371–377. 3rd International Conference on Systems and Networks Communications, 2008. ICSNC’08.

Al-Riyami, S. S. and Paterson, K. G. (2003). Certificateless public key cryptography. In ASIACRYPT, volume 2894 of LNCS, pages 452–473. Springer.

Alam, S., Chowdhury, M. M., and Noll, J. (2011). Interoperability of security-enabled internet of things. Wireless Personal Communications, 61(3):567–586.

Albrecht, M. R., Driessen, B., Kavun, E. B., Leander, G., Paar, C., and Yalçin, T. (2014). Block ciphers - focus on the linear layer (feat. PRIDE). In CRYPTO (1), volume 8616 of LNCS, pages 57–76. Springer.

Ali, M., Nelson, J. C., Shea, R., and Freedman, M. J. (2016). Blockstack: A global naming and storage system secured by blockchains. In USENIX Annual Technical Conference, pages 181–194.

Almeida, J. B., Barbosa, M., Barthe, G., Dupressoir, F., and Emmi, M. (2016). Verifying constant-time implementations. In USENIX Security Symposium, pages 53–70. USENIX Association.

Amin, M., Khan, S., Ali, T., and Gul, S. (2008). Trends and directions in trusted computing: Models, architectures and technologies. In International Multiconference Of Engineers and Computer Scientist, volume 1, pages 19–21.

Anati, I., Gueron, S., Johnson, S. P., and Scarlata, V. R. (2013). Innovative technology for CPU based attestation and sealing. In 2nd Intl Workshop on Hardware and Architectural Support for Security and Privacy, New York, NY. ACM.

Anderson, R., Bond, M., Clulow, J., and Skorobogatov, S. (2006). Cryptographic processors: A survey. Proceedings of the IEEE, 94(2):357–369.

Andrea, A. (2014). Mastering BitCoin, volume 50.

Aranha, D. F., Karam, M. M., Miranda, A., and Scarel, F. (2014). Software vulnerabilities in the Brazilian voting machine, pages 149–175. IGI Global.

Arias-Cabarcos, P., Almenárez, F., Trapero, R., Díaz-Sánchez, D., and Marín, A. (2015). Blended identity: Pervasive idm for continuous authentication. IEEE Security Privacy, 13(3):32–39.

ARM, A. (2009). Security technology building a secure system using TrustZone technology (white paper). ARM Limited.

Arthur, W. and Challener, D. (2015). A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security. Apress Eds.

Ashton, K. (2009). That ’Internet of Things’ Thing. RFiD Journal, 22:97–114.

Ashton, K. (2011). That ‘internet of things’ thing. RFiD Journal, 22(7).

Atzori, L., Iera, A., and Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54.

Atzori, L., Iera, A., and Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15):2787–2805.

Aumasson, J. and Bernstein, D. J. (2012). Siphash: A fast shortinput PRF. In INDOCRYPT, volume 7668 of LNCS, pages 489–508. Springer.

Aumasson, J., Neves, S., WilcoxO’Hearn, Z., and Winnerlein, C. (2013). BLAKE2: simpler, smaller, fast as MD5. In ACNS, volume 7954 of LNCS, pages 119–135. Springer.

Back, A. et al. (2002). Hashcash-a denial of service counter-measure.

Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., and Standaert, F. (2014). On the cost of lazy engineering for masked software implementations. In CARDIS, volume 8968 of LNCS, pages 64–81. Springer.

Banik, S., Bogdanov, A., and Regazzoni, F. (2015). Exploring energy efficiency of lightweight block ciphers. In SAC, volume 9566 of LNCS, pages 178–194. Springer.

Barbulescu, R., Gaudry, P., Joux, A., and Thomé, E. (2014). A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In EUROCRYPT 2014, pages 1–16. Springer.

Barker, E., Barker, W., Burr, W., Polk, W., and Smid, M. (2012). Recommendation for key management part 1: General (revision 3). NIST special publication, 800(57):1–147.

Baumann, A., Peinado, M., and Hunt, G. (2015). Shielding applications from an untrusted cloud with Haven. ACM Trans. Comput. Syst., 33(3):8:1–8:26.

Beierle, C., Jean, J., Kölbl, S., Leander, G., Moradi, A., Peyrin, T., Sasaki, Y., Sasdrich, P., and Sim, S. M. (2016). The SKINNY family of block ciphers and its low-latency variant MANTIS. In CRYPTO (2), volume 9815 of LNCS, pages 123–153. Springer.

Bennett, C. H. and Brassard, G. (1984). Quantum Cryptography: Public Key Distribution and Coin Tossing. In Proceedings of IEEE ICCSSP’ 84, pages 175–179, New York. IEEE Press.

Bernstein, D. J. (2006). Curve25519: New diffiehellman speed records. In Public Key Cryptography, volume 3958 of LNCS, pages 207–228. Springer.

Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., and Yang, B. (2012a). High-speed high-security signatures. J. Cryptographic Engineering, 2(2):77–89.

Bernstein, D. J., Hopwood, D., Hülsing, A., Lange, T., Niederhagen, R., Papachristodoulou, L., Schneider, M., Schwabe, P., and Wilcox-O’Hearn, Z. (2015). SPHINCS: Practical Stateless Hash-Based Signatures, pages 368–397. Springer Berlin Heidelberg, Berlin, Heidelberg.

Bernstein, D. J., Lange, T., and Schwabe, P. (2012b). The security impact of a new cryptographic library. In LATINCRYPT, volume 7533 of Lecture Notes in Computer Science, pages 159–176. Springer.

Bhargav-Spantzel, A., Camenisch, J., Gross, T., and Sommer, D. (2007). User centricity: a taxonomy and open issues. Journal of Computer Security, 15(5):493–527.

Biham, E. and Shamir, A. (1997). Differential fault analysis of secret key cryptosystems. In CRYPTO, volume 1294 of LNCS, pages 513–525. Springer.

Biryukov, A., Dinu, D., and Khovratovich, D. (2016). Argon2: New generation of memory-hard functions for password hashing and other applications. In EuroS&P, pages 292–302. IEEE.

Bitcoin (2009). Bitcoin developer reference. https://bitcoin.org/en/developer-reference. Accessed: 2017-07-30.

Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., and Vikkelsoe, C. (2007). PRESENT: an ultra-lightweight block cipher. In CHES, volume 4727 of LNCS, pages 450–466. Springer.

Boldyreva, A., Goyal, V., and Kumar, V. (2012). Identity-based encryption with efficient revocation. IACR Cryptology ePrint Archive, 2012:52.

Boneh, D. and Franklin, M. K. (2003). Identity-based encryption from the weil pairing. SIAM J. Comput., 32(3):586–615.

Borges de Oliveira, F. (2017a). Background and Models, pages 13–23. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017b). Introduction, pages 3–12. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017c). Quantifying the Aggregation Size, pages 49–60. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017d). Reasons to Measure Frequently and Their Requirements, pages 39–47. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017e). Selected Privacy-Preserving Protocols, pages 61–100. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017f). A Selective Review, pages 25–36. Springer International Publishing, Cham.

Borges, F. (2016a). Introdução à Privacidade: Uma Abordagem Computacional, pages 1–43. SBC.

Borges, F. (2016b). Privacy-Preserving Data Aggregation in Smart Metering Systems. Energy Engineering Series. Institution of Engineering & Technology.

Borges, F., Demirel, D., Bock, L., Buchmann, J. A., and Mühlhäuser, M. (2014). A privacy-enhancing protocol that provides in-network data aggregation and verifiable smart meter billing. In ISCC, pages 1–6. IEEE.

Bossuet, L., Grand, M., Gaspar, L., Fischer, V., and Gogniat, G. (2013). Architectures of flexible symmetric key crypto engines: A survey: From hardware coprocessor to multi-crypto-processor system on chip. ACM Compututer Survey, 45(4):41:1–41:32.

Brainard, J., Juels, A., Rivest, R. L., Szydlo, M., and Yung, M. (2006). Fourth-factor authentication: somebody you know. In Proceedings of the 13th ACM conference on Computer and communications security, pages 168–178. ACM.

Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., and Sadeghi, A.-R. (2017). Software grand exposure: SGX cache attacks are practical. arXiv preprint arXiv:1702.07521.

Brekalo, H., Strackx, R., and Piessens, F. (2016). Mitigating password database breaches with Intel SGX. In 1st Workshop on System Software for Trusted Execution, SysTEX ’16, pages 1:1–1:6, New York, NY, USA. ACM.

Brenner, S., Hundt, T., Mazzeo, G., and Kapitza, R. (2017). Secure Cloud Micro Services Using Intel SGX, pages 177–191. Springer International Publishing, Neuchâtel, Switzerland.

Bronevetsky, G. (2009). Communication-sensitive static dataflow for parallel message passing applications. In CGO, pages 1–12, Washington, DC, USA. IEEE.

BTS, U. B. o. T. S. (2017). Average age of automobiles and trucks in operation in the united states. Accessed: 2017-09-14.

Buchmann, J., Dahmen, E., and Hülsing, A. (2011). Xmss - a practical forward secure signature scheme based on minimal security assumptions. In Yang, B.-Y., editor, PQCrypto, pages 117–129. Springer.

Buterin, V. (2014). Daos, dacs, das and more: An incomplete terminology guide. Ethereum (accessed 12 July 2016) https://blog.ethereum.org/2014/05/06/daos-dacs-das-and-more-an-incomplete-terminology-guide.

C. Barski and C. Wilmer, Bitcoin for the Befuddled. No Starch Press, 2014.

C. Dannen, Introducing Ethereum and Solidity: Foundations of Cryptocurrency and Blockchain Programming for Beginners. Apress, 2017.

Cachin, C. (2016). Architecture of the hyperledger blockchain fabric. In Workshop on Distributed Cryptocurrencies and Consensus Ledgers.

Cadar, C., Dunbar, D., and Engler, D. (2008). KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, pages 209–224. USENIX.

Carlini, N., Barresi, A., Payer, M., Wagner, D., and Gross, T. R. (2015). Control-flow bending: On the effectiveness of control-flow integrity. In SEC, pages 161–176, Berkeley, CA, USA. USENIX.

Castro, M. and Liskov, B. (2002). Practical byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), 20(4):398–461.

Christidis, K. and Devetsikiotis, M. (2016). Blockchains and smart contracts for the internet of things. IEEE Access, 4:2292–2303.

Committee, O. S. S. T. et al. (2012). Security assertion markup language (saml) 2.0.

Conoscenti, M., Vetrò, A., and De Martin, J. C. (2016). Blockchain for the internet of things: a systematic literature review. Porto.Polito.It.

Conti, J. P. (2006). The internet of things. Communications Engineer, 4(6):20–25.

Coppa, E., Demetrescu, C., and Finocchi, I. (2012). Input-sensitive profiling. In PLDI, pages 89–98, New York, NY, USA. ACM.

Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive, Report 2016/086.

Costello, C. and Longa, P. (2015). Four||: Four-dimensional decompositions on a ||-curve over the mersenne prime. In ASIACRYPT (1), volume 9452 of LNCS, pages 214–235. Springer.

Cousot, P. and Cousot, R. (1977). Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238–252, New York, NY, USA. ACM.

Cousot, P., Cousot, R., and Logozzo, F. (2011). A parametric segmentation functor for fully automatic and scalable array content analysis. In POPL, pages 105–118, New York, NY, USA. ACM.

Cox, J. (2017). Hackers: We will remotely wipe iPhones unless Apple pays ransom. https://motherboard.vice.com/en_us/article/hackerswe-will-remotely-wipe-iphones-unless-apple-pays-ransom. Acessado em 01/04/2017.

CPqD, “Webinars Blockchain.” [Online]. Available: https://www.cpqd.com.br/midia-eventos/webinars/webinars-blockchain/.

Cramer, R., Damgård, I., Dziembowski, S., Hirt, M., and Rabin, T. (1999). Efficient multiparty computations secure against an adaptive adversary. In Eurocrypt, volume 99, pages 311–326. Springer.

Cremonezi, B. M., Vieira, A. B., Nacif, J. A. M., and Nogueira, M. (2017). A dynamic channel allocation protocol for medical environment under multiple base stations. In IEEE Wireless Communications and Networking Conference, WCNC, pages 1–6.

Crosby, M., Pattanayak, P., Verma, S., and Kalyanaraman, V. (2016). Blockchain technology: Beyond bitcoin. Applied Innovation, 2:6–10.

Cui, X. (2016). The internet of things. In Ethical Ripples of Creativity and Innovation, pages 61–68. Springer.

D. Hankerson, S. Vanstone, and A. Menezes, Guide to elliptic curve cryptography. 2004.

D. Siegel, “Understanding the DAO attack.” [Online]. Available: https://www.coindesk.com/understanding-dao-hack-journalists/.

Daemen, J. and Rijmen, V. (2002). The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer.

Dagenais, B. and Hendren, L. (2008). Enabling static analysis for partial java programs. In OOPSLA, pages 313–328, New York, NY, USA. ACM.

Dai, C., Ghinita, G., Bertino, E., Byun, J.-W., and Li, N. (2009). Tiamat: A tool for interactive analysis of microdata anonymization techniques. Proc. VLDB Endow., 2(2):1618–1621.

Davenport, S. and Ford, R. (2014). SGX: the good, the bad and the downright ugly. Virus Bulletin.

DDoS attacks: For the hell of it or targeted – how do you see them off? http://www.theregister.co.uk/2016/09/22/ddos_attack_defence/. Accessed: 2017-02-14.

De Filippi, P. and Mauro, R. (2014). Ethereum: the decentralised platform that might displace today’s institutions. Internet Policy Review, 25.

De Souza, L. M. S., Spiess, P., Guinard, D., Köhler, M., Karnouskos, S., and Savio, D. (2008). Socrades: A web service based shop floor integration infrastructure. In The internet of things, pages 50–67. Springer.

Decker, C. and Wattenhofer, R. (2013). Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE.

Delic, K. A. (2016). On resilience of iot systems: The internet of things (ubiquity symposium). Ubiquity, 2016(February):1–7.

Diffie, W. and Hellman, M. (2006). New directions in cryptography. IEEE Trans. Inf. Theor., 22(6):644–654.

Dinu, D., Corre, Y. L., Khovratovich, D., Perrin, L., Großschädl, J., and Biryukov, A. (2015). Triathlon of Lightweight Block Ciphers for the Internet of Things. NIST Workshop on Lightweight Cryptography.

Dinu, D., Perrin, L., Udovenko, A., Velichkov, V., Großschädl, J., and Biryukov, A. (2016). Design strategies for ARX with provable bounds: Sparx and LAX. In ASIACRYPT (1), volume 10031 of LNCS, pages 484–513.

Domenech, M. C., Boukerche, A., and Wangham, M. S. (2016). An authentication and authorization infrastructure for the web of things. In Proceedings of the 12th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Q2SWinet ’16, pages 39–46, New York, NY, USA. ACM.

Dorri, A., Kanhere, S. S., and Jurdak, R. (2016). Blockchain in internet of things: Challenges and Solutions. arXiv:1608.05187 [cs].

Dorri, A., Kanhere, S. S., and Jurdak, R. (2017a). Towards an Optimized BlockChain for IoT. Proceedings of the Second International Conference on Internet-of-Things Design and Implementation - IoTDI ’17, 6.

Dorri, A., Kanhere, S. S., Jurdak, R., and Gauravaram, P. (2017b). Blockchain for iot security and privacy: The case study of a smart home.

DoT, U. D. T. (2013). IEEE 1609 - Family of Standards for Wireless Access in Vehicular Environments WAVE.

Douceur, J. R. (2002). The sybil attack. In International Workshop on Peer-to-Peer Systems, pages 251–260. Springer.

Ellison, R., Fisher, D., Linger, R., Lipson, H., Longstaff, T., and Mead, N. (1997). Survivable network systems: an emerging discipline – CMU/SEI-97-TR-013. Technical report, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.

Estrin, D., Govindan, R., Heidemann, J. S., and Kumar, S. (1999). Next century challenges: Scalable coordination in sensor networks. In MobiCom’99, pages 263–270.

Evans, D. (2011). A internet das coisas: como a próxima evolução da internet está mudando tudo. CISCO IBSG.

Eyal, I. (2015). The miner’s dilemma. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 89–103. IEEE.

Eyal, I. and Sirer, E. G. (2014). Majority is not enough: Bitcoin mining is vulnerable. In International Conference on Financial Cryptography and Data Security, pages 436–454. Springer.

F. Long, C.-M. U. C. C. Center, D. Mohindra, and R. C. Seacord, The CERT Oracle Secure Coding Standard for Java. Addison-Wesley, 2011.

F. Tschorsch and B. Scheuermann, “Bitcoin and beyond: A technical survey on decentralized digital currencies,” IEEE Comm. Surveys and Tutorials, vol. 18, no. 3, pp. 2084–2123, 2016.

Faz-Hernández, A., Cabral, R., Aranha, D. F., and López, J. (2015). Implementação Eficiente e Segura de Algoritmos Criptográficos. In Minicursos do XV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSEG), pages 93–140. Sociedade Brasileira de Computação.

FBI (2005). Computer crime survey. http://www.fbi.gov/publications/ccs2005.pdf. Acessado em 01/02/2017.

Fedrecheski, G., Costa, L. C. P., and Zuffo, M. K. (2016). Elixir programming language evaluation for iot. In ISCE, page Online, Washington, DC, USA. IEEE.

Fenn, J. and LeHong, H. (2011). Hype cycle for emerging technologies, 2011. Gartner, July.

Fischer, M. J., Lynch, N. A., and Paterson, M. S. (1985). Impossibility of distributed consensus with one faulty process. Journal of the ACM (JACM), 32(2):374–382.

Foundation, T. O. (2014). Openid connect core 1.0. http://openid.net/specs/openid-connect-core-1_0.html.

Fremantle, P., Aziz, B., Kopecký, J., and Scott, P. (2014). Federated identity and access management for the internet of things. In 2014 International Workshop on Secure Internet of Things, pages 10–17.

Furr, M. and Foster, J. S. (2008). Checking type safety of foreign function calls. ACM Trans. Program. Lang. Syst., 30(4):18:1–18:63.

Garcia-Morchon, O., Kumar, S., and Sethi, M. (2017). State-of-the-Art and Challenges for the Internet of Things Security. Internet-Draft draft-irtf-t2trg-iot-seccons-04, Internet Engineering Task Force. Work in Progress.

Gardel, T., Andrade, N., Farias, F., and Prazeres, C. (2013). Autenticação e autorização para acesso a aplicações em um barramento de serviços para a web das coisas. In Anais do. 13 Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), 2013, SBC.

Ge, Y., Deng, B., Sun, Y., Tang, L., Sheng, D., Zhao, Y., Xie, G., and Salamatian, K. (2016). A comprehensive investigation of user privacy leakage to android applications. In 2016 25th International Conference on Computer Communication and Networks (ICCCN), pages 1–6.

Gennaro, R., Rabin, M. O., and Rabin, T. (1998). Simplified vss and fast-track multiparty computations with applications to threshold cryptography. In Proceedings of the seventeenth annual ACM symposium on Principles of distributed computing, pages 101–111. ACM.

Gentry, C. (2009). A Fully Homomorphic Encryption Scheme. PhD thesis, Stanford University, Stanford, CA, USA.

Gervais, A., Karame, G. O., Wüst, K., Glykantzis, V., Ritzdorf, H., and Capkun, S. (2016). On the Security and Performance of Proof of Work Blockchains. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16.

Gilbert, H. and Handschuh, H. (2003). Security analysis of sha-256 and sisters. In International workshop on selected areas in cryptography, pages 175–193. Springer.

Godefroid, P. (2014). Micro execution. In ICSE, pages 539–549, New York, NY, USA. ACM.

Godefroid, P., Klarlund, N., and Sen, K. (2005). Dart: directed automated random testing. In PLDI, pages 213–223, New York, NY, USA. ACM.

Graham, S. L., Kessler, P. B., and McKusick, M. K. (1982). gprof: a call graph execution profiler (with retrospective). In Best of PLDI, pages 49–57, New York, NY, USA. ACM.

Greene, J. (2012). Intel trusted execution technology, white paper. Online: http://www.intel.com/txt.

Grosso, V., Leurent, G., Standaert, F., and Varici, K. (2014). Lsdesigns: Bitslice encryption for efficient masked software implementations. In FSE, volume 8540 of LNCS, pages 18–37. Springer.

Großschädl, J., Oswald, E., Page, D., and Tunstall, M. (2009). Side-channel analysis of cryptographic software via early-terminating multiplications. In ICISC, volume 5984 of Lecture Notes in Computer Science, pages 176–192. Springer.

Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. In Proceedings of ACM STOC 1996, pages 212–219, New York, NY, USA. ACM.

Gu, Y., Yao, Y., Liu, W., and Song, J. (2016). We know where you are: Home location identification in location-based social networks. In 2016 25th International Conference on Computer Communication and Networks (ICCCN), pages 1–9.

Gubbi, J., Buyya, R., Marusic, S., and Palaniswami, M. (2013). Internet of things (iot): A vision, architectural elements, and future directions. Future generation computer systems, 29(7):1645–1660.

Guillemin, P., Friess, P., et al. (2009). Internet of things strategic research roadmap. The Cluster of European Research Projects, Tech. Rep.

Guinard, D., Fischer, M., and Trifa, V. (2010). Sharing using social networks in a composable web of things. In Proceedings..., pages 702–707. 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), 2010.

Gusmeroli, S., Piccione, S., and Rotondi, D. (2013). A capability-based security approach to manage access control in the internet of things. Mathematical and Computer Modelling, 58(5–6):1189 – 1205.

Han, Q. and Li, J. (2012). An authorization management approach in the internet of things. Journal of Information & Computational Science, 9(6):1705–1713.

Hankerson, D., Menezes, A. J., and Vanstone, S. (2006). Guide to elliptic curve cryptography. Springer Science & Business Media.

Hanumanthappa, P. and Singh, S. (2012). Privacy preserving and ownership authentication in ubiquitous computing devices using secure three way authentication. In Proceedings, pages 107–112. International Conference on Innovations in Information Technology (IIT).

Hardt, D. (2012a). The oauth 2.0 authorization framework. RFC 6749, RFC Editor. http://www.rfc-editor.org/rfc/rfc6749.txt.

Hardt, E. D. (2012b). The oauth 2.0 authorization framework.

Heilman, E., Kendler, A., Zohar, A., and Goldberg, S. (2015). Eclipse attacks on bitcoin’s peer-to-peer network. In USENIX Security, pages 129–144.

Herrera-Joancomartí, J. (2015). Research and challenges on bitcoin anonymity. In Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance, pages 3–16. Springer.

Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., and Del Cuvillo, J. (2013). Using innovative instructions to create trustworthy software solutions. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013, pages 11:1–11:1, New York, NY, USA. ACM.

Holvast, J. (2009). History of privacy. In Matyáš, V., Fischer-Hübner, S., Cvr?cek, D., and Švenda, P., editors, The Future of Identity in the Information Society, volume 298 of IFIP Advances in Information and Communication Technology, pages 13–42. Springer Berlin Heidelberg.

Hu, J., Lin, C., and Li, X. (2016). Relationship privacy leakage in network traffics. In 2016 25th International Conference on Computer Communication and Networks (ICCCN), pages 1–9.

Hu, Y., Johnson, D., and Perrig, A. (2003). SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks. Journal Ad Hoc Networks, 01:175–192.

I. Bashir, Mastering Blockchain. Packt Publishing, 2017.

Intel (2014). Intel Software Guard Extensions Programming Reference.

Intel (2016a). Intel Software Guard Extensions Developer Guide. Intel Corporation.

Intel (2016b). Intel Software Guard Extensions SDK for Linux OS Developer Reference. Intel Corporation.

Intel. Proof of elapsed time (poet). available from: http://intelledger.github.io/.

Ishai, Y., Sahai, A., and Wagner, D. (2003). Private circuits: Securing hardware against probing attacks. In CRYPTO, volume 2729 of LNCS, pages 463–481. Springer.

ITU (2009). Ngn identity management framework. Recommendation Y.2720.

J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Research Perspectives and Challenges for Bitcoin and Cryptocurrencies,” IEEE Symposium on Security and Privacy, pp. 104–121, 2015.

J. Saltzer and M. Schroeder, “The protection of information in computer systems,” Proceedings of the IEEE, vol. 63, no. 9, pp. 1278–1308, 1975.

J. Viega and G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way. 2001.

J. W. Bos, J. A. Halderman, N. Heninger, J. Moore, M. Naehrig, and E. Wustrow, “Elliptic curve cryptography in practice,” in Financial Cryptography and Data Security, Springer, 2014, pp. 157–175.

J.Kurose and K.Ross, “Redes de Computadores e a Internet,” Person, p. 28, 2006.

Jacobsson, A., Boldt, M., and Carlsson, B. (2016). A risk analysis of a smart home automation system. Future Generation Computer Systems, 56(Supplement C):719 – 733.

Jain, P., Desai, S., Kim, S., Shih, M.-W., Lee, J., Choi, C., Shin, Y., Kim, T., Kang, B. B., and Han, D. (2016). OpenSGX: An open platform for SGX research. In Network and Distributed System Security Symposium, NDSS 2016, San Diego, CA.

Jansma, N. and Arrendondo, B. (2004). Performance comparison of elliptic curve and rsa digital signatures. nicj.net/files.

Jindou, J., Xiaofeng, Q., and Cheng, C. (2012). Access control method for web of things based on role and sns. In Proceedings..., pages 316–321. IEEE 12th International Conference on Computer and Information Technology (CIT), 2012.

K. Krombholz, A. Judmayer, M. Gusenbauer, and E. Weippl, “The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy,” Financial Cryptography and Data Security 2016, 2016.

Karande, V., Bauman, E., Lin, Z., and Khan, L. (2017). SGX-Log: Securing system logs with SGX. In 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’17, pages 19–30, New York, NY, USA. ACM.

Kaufmann, T., Pelletier, H., Vaudenay, S., and Villegas, K. (2016). When constant-time source yields variable-time binary: Exploiting curve25519-donna built with MSVC 2015. In CANS, volume 10052 of Lecture Notes in Computer Science, pages 573–582.

Kennedy, S. and Duranleau, C. Tilepay. http://www.tilepay.org. Accessed: 2017-09-08.

Kim, J. (2014). Safety, liveness and fault tolerance—the consensus choices stellar.

Kim, T. and Barbulescu, R. (2016). Extended tower number field sieve: A new complexity for the medium prime case. In CRYPTO (1), volume 9814 of LNCS, pages 543–571. Springer.

Kim, T. H. (2016). A study of digital currency cryptography for business marketing and finance security. Asiapacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, 6(1):365–376.

Kim, Y.-P., Yoo, S., and Yoo, C. (2015). Daot: Dynamic and energyaware authentication for smart home appliances in internet of things. In Consumer Electronics (ICCE), 2015 IEEE International Conference on, pages 196–197.

Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J., Lee, D., Wilkerson, C., Lai, K., and Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In ISCA, pages 361–372. IEEE Computer Society.

King, S. and Nadal, S. (2012). Ppcoin: Peer-to-peer cryptocurrency with proof-of-stake. selfpublished paper, August, 19.

Knill, E. (2010). Physics: quantum computing. Nature, 463(7280):441–443.

Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48(177):203–209.

Koblitz, N. (1988). A family of jacobians suitable for discrete log cryptosystems. In CRYPTO, volume 403 of LNCS, pages 94–99. Springer.

Kocher, P. C. (1996). Timing attacks on implementations of diffiehellman, rsa, dss, and other systems. In CRYPTO, volume 1109 of LNCS, pages 104–113. Springer.

Kocher, P. C., Jaffe, J., and Jun, B. (1999). Differential power analysis. In CRYPTO, volume 1666 of LNCS, pages 388–397. Springer.

Kölbl, S., Lauridsen, M. M., Mendel, F., and Rechberger, C. (2016). Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symmetric Cryptol., 2016(2):1–29.

Koshy, P., Koshy, D., and McDaniel, P. (2014). An analysis of anonymity in bitcoin using p2p network traffic. In International Conference on Financial Cryptography and Data Security, pages 469–485. Springer.

Kroll, J. A., Davey, I. C., and Felten, E. W. (2013). The economics of bitcoin mining, or bitcoin in the presence of adversaries. In Proceedings of WEIS, volume 2013.

Kshetri, N. (2017). Can blockchain strengthen the internet of things? IT Professional, 19(4):68–72.

L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making Smart Contracts Smarter,” CCS, pp. 254–269, 2016.

L. Notice, “CERT C Programming Language Secure Coding Standard,” 2007.

Langley, A. (2010). ImperialViolet: Checking that functions are constant time with Valgrind. https://www.imperialviolet.org/2010/04/01/ctgrind.html.

Laprie, J.-C., Randell, B., Avizienis, A., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transaction Dependable Security Computer, 1(1):11–33.

Lee, E. A. (2006). Cyber-physical systems-are computing foundations adequate. In NSF Workshop On Cyber-Physical Systems: Research Motivation, Techniques and Roadmap, volume 2. Citeseer.

Leroy, X. (2009). Formal verification of a realistic compiler. Commun. ACM, 52(7):107–115.

Lesjak, C., Hein, D., andWinter, J. (2015). Hardware-security technologies for industrial IoT: TrustZone and security controller. In 41st Annual Conference of the IEEE Industrial Electronics Society, IECON 2015, pages 002589–002595.

Li, N., Li, T., and Venkatasubramanian, S. (2007). t-closeness: Privacy beyond k-anonymity and l-diversity. In 2007 IEEE 23rd International Conference on Data Engineering, pages 106–115.

Lima, M. N., dos Santos, A. L., and Pujolle, G. (2009). A survey of survivability in mobile ad hoc networks. IEEE Communications Surveys Tutorials, 11(1):66–77.

Lind, J., Priebe, C., Muthukumaran, D., O’Keeffe, D., Aublin, P.-L., Kelbert, F., Reiher, T., Goltzsche, D., Eyers, D., Kapitza, R., Fetzer, C., and Pietzuch, P. (2017). Glamdring: Automatic application partitioning for Intel SGX. In 2017 USENIX Annual Technical Conference, pages 285–298, Santa Clara, CA. USENIX Association.

Linger, R. C., Mead, N. R., and Lipson, H. F. (1998). Requirements definition for survivable network systems. In Proceedings of the 3rd International Conference on Requirements Engineering, page 0014, Washington, DC, USA. IEEE Computer Society.

Lipa, N., Mannes, E., Santos, A., and Nogueira, M. (2015). Fireflyinspired and robust time synchronization for cognitive radio ad hoc networks. Computer Communications, 66:36–44.

Liu, J., Xiao, Y., and Chen, C. P. (2012). Authentication and access control in the internet of things. In Proceedings..., pages 588–592. 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), 2012.

Liu, Z. and Wong, D. S. (2016). Practical attribute-based encryption: Traitor tracing, revocation and large universe. Comput. J., 59(7):983–1004.

Liu,W., Park, E. K., and Zhu, S. S. (2014). e-health pst (privacy, security and trust) mobile networking infrastructure. In 2014 23rd International Conference on Computer Communication and Networks (ICCCN), pages 1–6.

López, H. A., Marques, E. R. B., Martins, F., Ng, N., Santos, C., Vasconcelos, V. T., and Yoshida, N. (2015). Protocol-based verification of messagepassing parallel programs. In OOPSLA, pages 280–298, New York, NY, USA. ACM.

Lopez, J., Oppliger, R., and Pernul, G. (2004). Authentication and authorization infrastructures (aais): a comparative survey. Computers & Security, 23(7):578–590.

Lou, W., Liu, W., and Fang, Y. (2004). SPREAD: enhancing data confidentiality in mobile ad hoc networks. In Proceedings of IEEE INFOCOM, volume 4, pages 2404–2413, Washington, DC, USA. IEEE Computer Society.

Luk, C.-K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G.,Wallace, S., Reddi, V. J., and Hazelwood, K. (2005). Pin: Building customized program analysis tools with dynamic instrumentation. In PLDI, pages 190–200, New York, NY, USA. ACM.

Lyytinen, K. and Yoo, Y. (2002). Ubiquitous computing. Communications of the ACM, 45(12):63–96.

M. Georgiev, S. Iyengar, and S. Jana, “The most dangerous code in the world: validating SSL certificates in non-browser software,” in Proc. of the ACM conference on Computer and Comm. Security - CCS, 2012, pp. 38–49.

M. Giancaspro, “Is a „smart contract" really a smart idea? Insights from a legal perspective,” Computer Law and Security Review, vol. 1, pp. 1–11, 2017.

M. Swan, Blockchain - Blueprint for a New Economy. 2015.

Maas, A. J., Nazaré, H., and Liblit, B. (2016). Array length inference for c library bindings. In ASE, pages 461–471, New York, NY, USA. ACM.

Macedo, R., de Castro, R., Santos, A., Ghamri-Doudane, Y., and Nogueira, M. (2016). Self-organized SDN controller cluster conformations against DDoS attacks effects. In 2016 IEEE Global Communications Conference, GLOBECOM 2016, Washington, DC, USA, December 4-8, 2016, pages 1–6.

Mahalle, P. N., Anggorojati, B., Prasad, N. R., and Prasad, R. (2013). Identity authentication and capability based access control (iacac) for the internet of things. Journal of Cyber Security and Mobility, 1(4):309–348.

Maler, E. and Reed, D. (2008). The venn of identity: Options and issues in federated identity management. IEEE Security Privacy, 6(2):16–23.

Mann, S. (1997). Wearable computing: A first step toward personal imaging. Computer, 30(2):25–32.

Manna, Z. and Waldinger, R. J. (1971). Toward automatic program synthesis. Commun. ACM, 14(3):151–165.

Markmann, T., Schmidt, T. C., and Wählisch, M. (2015). Federated end-to-end authentication for the constrained internet of things using ibc and ecc. SIGCOMM Comput. Commun. Rev., 45(4):603–604.

Marti, S., Giuli, T. J., Lai, K., and Baker, M. (2000). Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the ACM Annual International Conference on Mobile Computing and Networking (MobiCom), pages 255–265, New York, NY, USA. ACM Press.

Martin, T. and Healey, J. (2007). 2006’s wearable computing advances and fashions. IEEE Pervasive Computing, 6(1).

Maurer, M., Gerdes, J. C., Lenz, B., and Winner, H. (2016). Autonomous driving: technical, legal and social aspects. Springer Publishing Company, Incorporated.

McEliece, R. J. (1978). A public-key cryptosystem based on algebraic coding theory. Deep Space Network, 44:114–116.

McGrew, D. A. and Viega, J. (2004). The security and performance of the galois/counter mode (GCM) of operation. In INDOCRYPT, volume 3348 of LNCS, pages 343–355. Springer.

McGrew, D. A., Curcio, M., and Fluhrer, S. (2017). Hash-Based Signatures. Internet-draft, IETF.

McGrew, D., Kampanakis, P., Fluhrer, S., Gazdag, S.-L., Butin, D., and Buchmann, J. (2016). State management for hash based signatures. IACR Cryptology ePrint Archive, 2016/357.

McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C. V., Shafi, H., Shanbhogue, V., and Savagaonkar, U. R. (2013). Innovative instructions and software model for isolated execution. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, New York, NY, USA. ACM.

McMillan, K. L. (1993). Symbolic Model Checking. Kluwer Academic Publishers, Norwell, MA, USA.

Merkle, R. C. (1979). Secrecy, authentication and public key systems / A certified digital signature. PhD thesis, Stanford.

Merkle, R. C. (1987). A digital signature based on a conventional encryption function. In Conference on the Theory and Application of Cryptographic Techniques.

Miller, V. S. (1985). Use of elliptic curves in cryptography. In CRYPTO, volume 218 of Lecture Notes in Computer Science, pages 417–426. Springer.

Mofrad, M. H., Lee, A., and Gray, S. L. (2017). Leveraging Intel SGX to create a nondisclosure cryptographic library. arXiv preprint arXiv:1705.04706.

Moghimi, A., Irazoqui, G., and Eisenbarth, T. (2017). Cachezoom: How SGX amplifies the power of cache attacks. arXiv preprint arXiv:1703.06986.

Moser, M., Bohme, R., and Breuker, D. (2013). An inquiry into money laundering tools in the bitcoin ecosystem. In eCrime Researchers Summit (eCRS), 2013, pages 1–14.

Mouha, N. (2015). The design space of lightweight cryptography. IACR Cryptology ePrint Archive, 2015:303.

N. A. Lynch, Distributed Algorithms. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 1996.

N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on Ethereum smart contracts (SoK),” LNCS (subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10204 LNCS, no. July, pp. 164–186, 2017.

Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf.

Natoli, C. and Gramoli, V. (2016). The blockchain anomaly. In Network Computing and Applications (NCA), 2016 IEEE 15th International Symposium on, pages 310–317. IEEE.

Nayak, K., Kumar, S., Miller, A., and Shi, E. (2016). Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pages 305–320. IEEE.

Nazaré, H., Maffra, I., Santos, W., Barbosa, L., Gonnord, L., and Quintão Pereira, F. M. (2014). Validation of memory accesses through symbolic analyses. In OOPSLA, New York, NY, USA. ACM.

Ndibanje, B., Lee, H.-J., and Lee, S.-G. (2014). Security analysis and improvements of authentication and access control in the internet of things. Sensors, 14(8):14786–14805.

Nethercote, N. and Seward, J. (2007). Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, pages 89–100, New York, NY, USA. ACM.

Neto, A. L. M., Souza, A. L. F., Cunha, Í. S., Nogueira, M., Nunes, I. O., Cotta, L., Gentille, N., Loureiro, A. A. F., Aranha, D. F., Patil, H. K., and Oliveira, L. B. (2016). Aot: Authentication and access control for the entire iot device life-cycle. In SenSys, pages 1–15. ACM.

Nguyen, K. T., Laurent, M., and Oualha, N. (2015). Survey on secure communication protocols for the Internet of Things. Ad Hoc Networks, 32.

Nguyen, T., Al-Saffar, A., and Huh, E. (2010). A dynamic id-based authentication scheme. In Proceedings..., pages 248–253. Sixth International Conference on Networked Computing and Advanced Information Management (NCM), 2010.

NIST (2006). Sp 800-56A recommendation for pair-wise key establishment schemes using discrete logarithm cryptography.

NIST (2013). FIPS PUB 186: Digital signature standard (DSS).

NIST (2016). Post-quantum crypto project.

NIST (2017). Digital Identity Guidelines. NIST Special Publication 800-63-3. https://doi.org/10.6028/NIST.SP.800-63-3.

Nogueira, M. (2009). SAMNAR: A survivable architecture for wireless self-organizing networks. PhD thesis, Université Pierre et Marie Curie - LIP6.

OASIS (2005). Authentication context for the oasis security assertion markup language (saml) v2.0.

OASIS (2013). extensible access control markup language (xacml) version 3.0.

Oliveira, L. B., ao Pereira, F. M. Q., Misoczki, R., Aranha, D. F., Borges, F., and Liu, J. (2017). The computer for the 21st century: Security & privacy challenges after 25 years. In 2017 26th International Conference on Computer Communication and Networks (ICCCN).

Oliveira, L. B., Aranha, D. F., Gouvêa, C. P. L., Scott, M., Câmara, D. F., López, J., and Dahab, R. (2011). Tinypbc: Pairings for authenticated identitybased non-interactive key distribution in sensor networks. Computer Communications, 34(3):485–493.

Ouaddah, A., Elkalam, A. A., and Ouahman, A. A. (2017). FairAccess : a new Blockchain-based access control framework for the Internet of Things. Security and Communication Networks, 9.

OWASP, “OWASP Top Ten Project,” OWASP, 2013. [Online]. Available: https://www.owasp.org/index.php/Top_10.

P. Franco, Understanding Bitcoin: Cryptography, engineering and economics. John Wiley & Sons, 2014.

Paci, F., Ferrini, R., Musci, A., Jr., K. S., and Bertino, E. (2009). An interoperable approach to multifactor identity verification. Computer, 42(5):50–57.

Paisante, V., Maalej, M., Barbosa, L., Gonnord, L., and Quintão Pereira, F. M. (2016). Symbolic range analysis of pointers. In CGO, pages 171–181, New York, NY, USA. ACM.

Panikkar, S., Nair, S., Brody, P., and Pureswaran, V. (2014). Adept: An iot practitioner perspective. IBM Institute for Business Value.

Papadimitratos, P. and Haas, Z. J. (2003). Secure data transmission in mobile ad hoc networks. In Proceedings of the ACM Workshop on Wireless Security (WiSe), pages 41–50, New York, NY, USA. ACM Press.

Patel, N. (2015). 90% of startups fail: Here is what you need to know about the 10%.

Peña-López, I. et al. (2005). Itu internet report 2005: the internet of things.

Pierce, B. C. (2002). Types and Programming Languages. The MIT Press, 1st edition.

Pilkington, M. (2015). Blockchain technology: principles and applications. Browser Download This Paper.

Pilkington, M. (2016). Blockchain technology: principles and applications. research handbook on digital transformations, edited by f. xavier olleros and majlinda zhegu.

Poovendran, R. (2010). Cyber-physical systems: Close encounters between two parallel worlds [point of view]. Proceedings of the IEEE, 98(8):1363–1366.

Popov, S. (2016). The tangle. Available electronically at http://iotatoken.com/IOTAWhitepaper.pdf.

Pornin, T. (Accessed in July 2017). BearSSL - Constant-Time Mul. https://www.bearssl.org/ctmul.html.

Pottie, G. J. and Kaiser, W. J. (2000). Wireless Integrated Network Sensors. Communications ACM, 43(5):51–58.

Poulis, G., Gkoulalas-Divanis, A., Loukides, G., Skiadopoulos, S., and Tryfonopoulos, C. (2015). SECRETA: A Tool for Anonymizing Relational, Transaction and RT-Datasets, pages 83–109. Springer International Publishing, Cham.

Prasser, F. and Kohlmayer, F. (2015). Putting Statistical Disclosure Control into Practice: The ARX Data Anonymization Tool, pages 111–148. Springer International Publishing, Cham.

Rajkumar, R. R., Lee, I., Sha, L., and Stankovic, J. (2010). Cyberphysical systems: the next computing revolution. In 47th Design Automation Conference. ACM.

Recommendation, Y. (2012). 2060 «overview of internet of things». ITU-T, Geneva.

Refaei, M. T., Srivastava, V., DaSilva, L., and Eltoweissy, M. (2005). A reputation-based mechanism for isolating selfish nodes in ad hoc networks. In Proceedings of the Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MOBIQUITOUS), pages 3–11, Washington, DC, USA. IEEE Computer Society.

Regev, O. (2005). On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of ACM STOC ’05, STOC ’05, pages 84–93, New York, NY, USA. ACM.

Reis, T. B. S., Aranha, D. F., and López, J. (2017). Present runs fast: Efficient and secure implementation in software. In CHES. Springer. To appear.

Rellermeyer, J. S., Duller, M., Gilmer, K., Maragkos, D., Papageorgiou, D., and Alonso, G. (2008). The software fabric for the internet of things. In IOT, pages 87–104, Berlin, Heidelberg. Springer-Verlag.

Reparaz, O., Balasch, J., and Verbauwhede, I. (2017). Dude, is my code constant time? In DATE, pages 1697–1702. IEEE.

Rice, H. G. (1953). Classes of recursively enumerable sets and their decision problems. Trans. Amer. Math. Soc., 74(1):358–366.

Richter, L., Götzfried, J., and Müller, T. (2016). Isolating operating system components with Intel SGX. In 1st Workshop on System Software for Trusted Execution, SysTEX ’16, pages 8:1–8:6, New York, NY, USA. ACM.

Rimsa, A. A., D’Amorim, M., and Pereira, F. M. Q. (2011). Tainted flow analysis on e-SSA-form programs. In CC, pages 124–143. Springer.

Rinaldi, S. M., Peerenboom, J., and Kelly, T. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems, 21(6):11–25.

Rivest, R. L., Shamir, A., and Adleman, L. M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120–126.

Rodrigues, B., Pereira, F. M. Q., and Aranha, D. F. (2016). Sparse representation of implicit flows with applications to side-channel detection. In Zaks, A. and Hermenegildo, M. V., editors, Proceedings of the 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, March 12-18, 2016, pages 110–120. ACM.

Rotondi, D., Seccia, C., and Piccione, S. (2011). Access control & iot: Capability based authorization access control system. In Proceedings... 1st IoT International Forum.

Russo, A. and Sabelfeld, A. (2010). Dynamic vs. static flowsensitive security analysis. In CSF, pages 186–199, Washington, DC, USA. IEEE.

S. Eskandari, D. Barrera, E. Stobert, and J. Clark, “A First Look at the Usability of Bitcoin Key Management,” USEC, San Diego, CA, USA, no. February, 2015.

S. Fahl, M. Harbach, and T. Muders, “Why Eve and Mallory love Android: An analysis of Android SSL (in)security,” in ACM Conf. on Comp. and comm. security CCS, 2012, pp. 50–61.

S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage, “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names,” Commun. ACM, vol. 59, no. 4, pp. 86–93, 2016.

S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” https://www.bitcoin.org. p. 9, 2008.

S. Underwood, “Blockchain beyond bitcoin,” Communications of the ACM, vol. 59, no. 11, pp. 15–17, 2016.

Sadeghi, A. R., Wachsmann, C., and Waidner, M. (2015). Security and privacy challenges in industrial internet of things. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pages 1–6.

Salem, N. B. and Hubaux, J.-P. (2006). Securing wireless mesh networks. IEEE Wireless Communications, 13(2):50–55.

SANS/CWE, “TOP 25 Most Dangerous Software Errors,” SANS/CWE. [Online]. Available: https://www.sans.org/top25-software-errors.

Santos, A. A., Nogueira, M., and Moura, J. M. F. (2017). A stochastic adaptive model to explore mobile botnet dynamics. IEEE Communications Letters, 21(4):753–756.

Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., and Russinovich, M. (2015). VC3: Trustworthy data analytics in the cloud using SGX. In IEEE Symposium on Security and Privacy, pages 38–54.

Schwarz, M., Weiser, S., Gruss, D., Maurice, C., and Mangard, S. (2017). Malware guard extension: Using SGX to conceal cache attacks. arXiv preprint arXiv:1702.08719.

Seitz, L., Selander, G., and Gehrmann, C. (2013). Authorization framework for the internet-of-things. In Proceedings..., pages 1–6. IEEE 14th International Symposium and Workshops on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

Serebryany, K., Bruening, D., Potapenko, A., and Vyukov, D. (2012). Addresssanitizer: a fast address sanity checker. In ATC, pages 28–28. USENIX.

Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11):612–613.

Shih, M.-W., Kumar, M., Kim, T., and Gavrilovska, A. (2016). S-NFV: Securing NFV states by using SGX. In 1st ACM International Workshop on Security in SDN and NFV, New Orleans, LA.

Shor, P. W. (1997). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput., 26(5):1484–1509.

Silva, E. F., Fernandes, N. C., and Muchaluat-Saade, D. (2015). Modelagem do across: Um arcabouço de aa baseado em políticas e atributos para organizações virtuais. In Workshop de Gestão de Identidade (WGID), Anais do XV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg2015), pages 1–12. Sociedade Brasileira de Computação.

Simon, D. R. (1994). On the power of quantum computation. In Symposium on Foundations of Computer Science (SFCS 94), pages 116–123, Washington, DC, USA. IEEE Computer Society.

Soares, L. F. G., Rodrigues, R. F., and Moreno, M. F. (2007). Ginga-NCL: the declarative environment of the brazilian digital tv system. J. Braz. Comp. Soc, 12(4):1–10.

Soto, J. and Nogueira, M. (2015). A framework for resilient and secure spectrum sensing on cognitive radio networks. Computer Networks, 79:313–322.

Souza, A., Cunha, Í., and B Oliveira, L. (2017). NomadiKey: User Authentication for Smart Devices based on Nomadic Keys. International Journal of Network Management, pages e1998–n/a.

Souza, M. C. and Wangham, M. S. (2015). Estudo sobre interoperabilidade entre sistemas de gestao de identidades federadas em ambientes de pesquisas colaborativas. In Workshop de Gestão de Identidade (WGID), Anais do XV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg2015), pages 632–643. Sociedade Brasileira de Computação.

Spagnuolo, M., Maggi, F., and Zanero, S. (2014). Bitiodine: Extracting intelligence from the bitcoin network. In International Conference on Financial Cryptography and Data Security, pages 457–468. Springer.

Stajano, F. (2002). Security for Ubiquitous Computing. John Wiley and Sons.

Stallings, W. (1995). Network and internetwork security: principles and practice, volume 1. Prentice Hall Englewood Cliffs.

Stevens, M., Karpman, P., and Peyrin, T. (2016). Freestart collision for full SHA-1. In EUROCRYPT (1), volume 9665 of LNCS, pages 459–483. Springer.

Strategy, I. and Unit, P. (2005). Itu internet reports 2005: The internet of things. Geneva: International Telecommunication Union (ITU).

Swan, M. (2015a). Blockchain: Blueprint for a new economy. "O’Reilly Media, Inc.".

Swan, M. (2015b). Blockchain thinking: The brain as a dac (decentralized autonomous organization). In Texas Bitcoin Conference, pages 27–29.

Swanson, T. (2015). Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems. Report, available online, Apr.

Szabo, N. (1994). Smart contracts. Unpublished manuscript.

Szabo, N. (1997). The idea of smart contracts. Nick Szabo’s Papers and Concise Tutorials.

TCG (2008). Trusted Platform Module (TPM) summary. https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf. Acessado em 02/04/2017.

TCG (2016). Trusted Platform Module library - part 1: Architecture. https://trustedcomputinggroup.org/wp-content/uploads/TPMRev-2.0-Part-1-Architecture-01.38.pdf. Acessado em 02/04/2017.

Teixeira, F. A., Machado, G. V., Pereira, F. M. Q., Wong, H. C., Nogueira, J. M. S., and Oliveira, L. B. (2015). Siot: Securing the internet of things through distributed system analysis. In IPSN, pages 310–321, New York, NY, USA. ACM.

Tekeoglu, A. and Tosun, A. S. (2015). Investigating security and privacy of a cloud-based wireless ip camera: Netcam. In 2015 24th International Conference on Computer Communication and Networks (ICCCN), pages 1–6.

Tian, H., Zhang, Y., Xing, C., and Yan, S. (2017). SGXKernel: A library operating system optimized for Intel SGX. In Computing Frontiers Conference, CF’17, pages 35–44, New York, NY, USA. ACM.

Tsai, C.-C., Porter, D. E., and Vij, M. (2017). Graphene-SGX: A practical library OS for unmodified applications on SGX. In USENIX Annual Technical Conference, pages 645–658, Santa Clara, CA. USENIX Association.

Vacca, J. R. (2016). Cloud Computing Security: Foundations and Challenges. CRC Press.

Valenta, L. and Rowan, B. (2015). Blindcoin: Blinded, accountable mixes for bitcoin. In International Conference on Financial Cryptography and Data Security, pages 112–126. Springer.

Vasin, P. (2014). Blackcoin’s proof-of-stake protocol v2.

Wangham, M. S., de Mello, E. R., da Silva Böger, D., Gueiros, M., and da Silva Fraga, J. (2010). Minicursos do X Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais -SBSeg 2010, chapter Gerenciamento de Identidades Federadas, pages 1–52. Sociedade Brasileira de Computação.

Wangham, M. S., Domenech, M., and de Mello, E. R. (2013). Minicursos do XIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - SBSeg 2013, chapter Infraestruturas de Autenticação e de Autorização para Internet das Coisas. Sociedade Brasileira de Computação.

Waters, B. (2011). Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Public Key Cryptography, volume 6571 of LNCS, pages 53–70. Springer.

Weafer, V. (2016). Report: 2017 threats prediction. Technical report, McAfee Labs. Acessado em 29/03/2017.

Weiser, M. (1991). The computer for the 21st century. Scientific american, 265(3):94–104.

Weiser, M. (1993). Some computer science issues in ubiquitous computing. Communications of the ACM, 36(7):75–84.

Wilson, R. P. and Lam, M. S. (1995). Efficient context-sensitive pointer analysis for c programs. In PLDI, pages 1–12, New York, NY, USA. ACM.

Wood, G. (2014). Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 151.

Wörner, D. and von Bomhard, T. (2014). When your sensor earns money: exchanging data for cash with bitcoin. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication, pages 295–298. ACM.

Wörner, D. and von Bomhard, T. (2014). When your sensor earns money. Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing Adjunct Publication - UbiComp ’14 Adjunct.

Wu, M., Pereira, F. M. Q., Liu, J., Ramos, H. S., Alvim, M. S., and Oliveira, L. B. (2017). Proof-Carrying Sensing: Towards a Real-World Authentication Scheme to Cyber-Physical-Human Systems. In Conference on Embedded Networked Sensor Systems (SenSys).

X. Xu, C. Pautasso, L. Zhu, V. Gramoli, A. Ponomarev, A. B. Tran, and S. Chen, “The blockchain as a software connector,” Proc. of 13th Working IEEE/IFIP Conference on Software Architecture, WICSA, pp. 182–191, 2016.

Yang, H., Luo, H., Ye, F., Lu, S., and Zhang, L. (2004). Security in mobile ad hoc networks: challenges and solutions. IEEE Wireless Communications, pages 38–47.

Yao, A. C. (1982). Protocols for secure computations. In Foundations of Computer Science, 1982. SFCS’08. 23rd Annual Symposium on, pages 160–164. IEEE.

Yi, S., Naldurg, P., and Kravets, R. (2001). Security-aware ad hoc routing for wireless networks. In Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), pages 299–302, New York, NY, USA. ACM Press.

Yue, X., Wang, H., Jin, D., Li, M., and Jiang, W. (2016). Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk control. Journal of medical systems, 40(10):218.

Z. Wan, D. Lo, X. Xia, and L. Cai, “Bug characteristics in blockchain systems: a large-scale empirical study,” in Proceedings of the 14th International Conference on Mining Software Repositories, 2017, pp. 413–424.

Zapata, M. G. (2002). Secure ad hoc on-demand distance vector routing. ACM SIGMOBILE, 6(3):106–107.

Zeng, D., Guo, S., and Cheng, Z. (2011). The web of things: A survey. Journal of Communications, 6(6).

Zhang, C., Song, Y., and Fang, Y. (2008). Modeling secure connectivity of self-organized wireless ad hoc networks. In IEEE INFOCOM, pages 251–255.

Zhang, G. and Liu, J. (2011). A model of workflow-oriented attributed based access control. International Journal of Computer Network and Information Security (IJCNIS), 3(1):47–53.

Zhang, Y. and Wen, J. (2015). An iot electric business model based on the protocol of bitcoin. In Intelligence in Next Generation Networks (ICIN), 2015 18th International Conference on, pages 184–191. IEEE.

Zimmermann, P. R. (1995). The official PGP user’s guide. MIT press.

Zyskind, G., Nathan, O., and Pentland, A. (2015a). Enigma: Decentralized Computation Platform with Guaranteed Privacy. arXiv:1506.03471 [cs].

Zyskind, G., Nathan, O., and Pentland, A. S. (2015b). Decentralizing privacy: Using blockchain to protect personal data. Proceedings - 2015 IEEE Security and Privacy Workshops, SPW 2015.

Minicursos do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais

Autores

Palavras-chave:

Sinopse

Capítulos

Downloads

Referências

Downloads

Data de publicação

Categorias

Licença

Detalhes sobre o formato disponível para publicação: Volume Completo

ISBN-13 (15)

Idioma