Call for Papers

Full Papers

Paper#	Title	Authors	Emails	Authors(Affiliation)
130473	Attacks on single-pass confidentiality modes of operation	Jorge Nakahara Junior Olivier Markowitch	jorge_nakahara@yahoo.com.br olivier.markowitch@ulb.ac.be	Jorge Nakahara Junior (--- - Brazil) Olivier Markowitch (Universite' Libre de Bruxelles - Belgium)
130543	Detecção de Dados Suspeitos de Fraude em Organismos de Inspeção Acreditados	Rosembergue Souza Luiz Fernando Rust da Costa Carmo Luci Pirmez	rosembergue.souza@ppgi.ufrj.br rust@nce.ufrj.br uci@nce.ufrj.br	Rosembergue Souza (Universidade Federal do Rio de Janeiro - Brazil) Luiz Fernando Rust da Costa Carmo (UFRJ - Brazil) Luci Pirmez (UFRJ - Brazil)
130612	Análise de cerimônias no sistema de votação Helios	Taciane Martimiano Jean Martina	tacianeemartimiano@gmail.com jean.martina@cl.cam.ac.uk	Taciane Martimiano (Universidade Federal de Santa Catarina - Brazil) Jean Martina (University of Cambridge - Great Britain)
130621	Protocolo para transferência parcial de conhecimento e sua aplicação à verificação segura de marcas d'água	Raphael Machado Davidson Boccardo Vinícius Pereira de Sá Jayme Szwarcfiter	rcmachado@inmetro.gov.br drboccardo@inmetro.gov.br vigusmao@dcc.ufrj.br jayme@cos.ufrj.br	Raphael Machado (INMETRO Instituto Nacional de Metrologia, Qualidade e Tecnologia - Brazil) Davidson Boccardo (INMETRO - Brazil) Vinícius Pereira de Sá (Universidade Federal do Rio de Janeiro - Brazil) Jayme Szwarcfiter (Universidade Federal do Rio de Janiero (UFRJ) - Brazil)
130658	A randomized graph-based scheme for software watermarking	Lucila Bento Davidson Boccardo Raphael Machado Vinícius Pereira de Sá Jayme Szwarcfiter	lucilabento@ppgi.ufrj.br drboccardo@inmetro.gov.br rcmachado@inmetro.gov.br vigusmao@dcc.ufrj.br jayme@cos.ufrj.br	Lucila Bento (Universidade Federal do Rio de Janeiro - Brazil) Davidson Boccardo (INMETRO - Brazil) Raphael Machado (INMETRO Instituto Nacional de Metrologia, Qualidade e Tecnologia - Brazil) Vinícius Pereira de Sá (Universidade Federal do Rio de Janeiro - Brazil) Jayme Szwarcfiter (Universidade Federal do Rio de Janiero (UFRJ) - Brazil)
131002	CloudSec - Um Middleware para Compartilhamento de Informações Sigilosas em Nuvens Computacionais	Rick Lopes de Souza Hylson Netto Lau Cheuk Lung Ricardo Custódio	rick.lopes@inf.ufsc.br hylson.vescovi@blumenau.ifc.edu.br lau.lung@inf.ufsc.br custodio@inf.ufsc.br	Rick Lopes de Souza (Universidade Federal de Santa Catarina - Brazil) Hylson Netto (Universidade Federal de Santa Catarina - Brazil) Lau Cheuk Lung (UFSC - Brazil) Ricardo Custódio (UFSC - Brazil)
131031	Prevenção de Ataques em Sistemas Distribuídos via Análise de Intervalos	Vitor Paisante Luiz Saggioro Raphael Rodrigues Leonardo Oliveira Fernando Quintao Pereira	paisante@dcc.ufmg.br luizfzsaggioro@dcc.ufmg.br raphael@dcc.ufmg.br leob@dcc.ufmg.br fpereira@dcc.ufmg.br	Vitor Paisante (UFMG - Brazil) Luiz Saggioro (UFMG - Brazil) Raphael Rodrigues (Universidade Federal de Minas Gerais - Brazil) Leonardo Oliveira (UFMG - Brazil) Fernando Quintao Pereira (Universidade Federal de Minas Gerais - Brazil)
131048	Efficient variants of the GGH-YK-M cryptosystem	Joao Barguil Paulo Barreto	jbarguil@larc.usp.br pbarreto@larc.usp.br	Joao Barguil (USP - Brazil) Paulo Barreto (USP - Brazil)
131084	Estruturas Virtuais e Diferenciação de Vértices em Grafos de Dependência para Detecção de Malware Metamórfico	Gilbert Martins Eduardo Souto Rosiane de Freitas Eduardo Feitosa	gilbert.martins@icomp.ufam.edu.br esouto@icomp.ufam.edu.br rosiane@icomp.ufam.edu.br efeitosa@icomp.ufam.edu.br	Gilbert Martins (Universidade Federal do Amazonas - Brazil) Eduardo Souto (Universidade Federal de Amazonas - UFAM - Brazil) Rosiane de Freitas (IComp/UFAM - Brazil) Eduardo Feitosa (Universidade Federal do Amazonas - Brazil)
131100	Controle de acesso baseado em reencriptação por proxy em Redes Centradas em Informação	Elisa Mannes Carlos Maziero Luiz Carlos Lassance Fábio Borges	elisam@inf.ufpr.br maziero@utfpr.edu.br lclassance@gmail.com borges@lncc.br	Elisa Mannes (Universidade Federal do Paraná - Brazil) Carlos Maziero (UTFPR - Brazil) Luiz Carlos Lassance (CONFESOL - Brazil) Fábio Borges (National Laboratory for Scientific Computing - LNCC - Brazil)
131102	Segurança no Sensoriamento e Aquisição de Dados de Testes de Impacto Veiculares	Wilson Melo Jr Luiz Fernando Rust da Costa Carmo Charles Prado Paulo Roberto Nascimento Luci Pirmez	wsjunior@inmetro.gov.br rust@nce.ufrj.br cbprado@inmetro.gov.br prnascimento@inmetro.gov.br luci@nce.ufrj.br	Wilson Melo Jr (National Institute of Metrology, Quality and Technology - Brazil) Luiz Fernando Rust da Costa Carmo (UFRJ - Brazil) Charles Prado (Inmetro - Brazil) Paulo Roberto Nascimento (Inmetro - Brazil) Luci Pirmez (UFRJ - Brazil)
131110	Um Mecanismo Agregador de Atributos Mediado pelo Cliente Alinhado ao Programa de EGOV.BR	Marcondes Maçaneiro Michelle Wangham	marcondes@unidavi.edu.br wangham@univali.br	Marcondes Maçaneiro (UNIDAVI - Brazil) Michelle Wangham (Universidade do Vale do Itajaí - Brazil)
131116	Monitoração de comportamento de malware em sistemas operacionais Windows NT 6.x de 64 bits	Marcus Botacin Vitor Afonso Paulo de Geus André Ricardo Abed Grégio	marcus@lasca.ic.unicamp.br vitor@las.ic.unicamp.br paulo@lasca.ic.unicamp.br andre.gregio@cti.gov.br	Marcus Botacin (Universidade Estadual de Campinas - Brazil) Vitor Afonso (Universidade Estadual de Campinas - Brazil) Paulo de Geus (University of Campinas - Brazil) André Ricardo Abed Grégio (CTI Renato Archer - Brazil)
131120	Sistema Indicador de Resiliência na Conectividade de Redes Heterogêneas sem fio	Robson Gomes de Melo Michele Nogueira Aldri dos Santos	rgmelo@inf.ufpr.br michele@inf.ufpr.br aldri@inf.ufpr.br	Robson Gomes de Melo (Universidade Federal do Paraná-UFPR - Brazil) Michele Nogueira (Universidade Federal do Paraná - Brazil) Aldri dos Santos (Universidade Federal do Paraná - Brazil)
131121	SpamBands: uma metodologia para identificação de fontes de spam agindo de forma orquestrada	Elverton Fazzion Pedro Henrique Bragioni Las Casas Osvaldo Luis Fonseca Dorgival Guedes Wagner Meira Jr. Cristine Hoepers Klaus Steding-Jessen Marcelo Chaves	elverton@dcc.ufmg.br pedro.lascasas@dcc.ufmg.br osvaldo.morais@dcc.ufmg.br dorgival@dcc.ufmg.br meira@dcc.ufmg.br cristine@cert.br jessen@cert.br mhp@cert.br	Elverton Fazzion (Universidade Federal de Minas Gerais - Brazil) Pedro Henrique Bragioni Las Casas (Universidade Federal de Minas Gerais - Brazil) Osvaldo Luis Fonseca (Universidade Federal de Minas Gerais - Brazil) Dorgival Guedes (UFMG - Brazil) Wagner Meira Jr. (UFMG - Brazil) Cristine Hoepers (Núcleo de Informação e Coordenação do Ponto br - NIC.br - Brazil) Klaus Steding-Jessen (Núcleo de Informação e Coordenação do Ponto br - NIC.br - Brazil) Marcelo Chaves (Núcleo de Informação e Coordenação do Ponto br - NIC.br - Brazil)
131122	Um Sistema de Detecção de Ataques Sinkhole sobre 6LoWPAN para Internet das Coisas	Christian Alonso Diego Poplade Michele Nogueira Aldri dos Santos	cavcervantes@inf.ufpr.br dap10@inf.ufpr.br michele@inf.ufpr.br aldri@inf.ufpr.br	Christian Alonso (Universidade Federal do Parana -UFPR - Brazil) Diego Poplade (UFPR - Brazil) Michele Nogueira (Universidade Federal do Paraná - Brazil) Aldri dos Santos (Universidade Federal do Paraná - Brazil)
131123	An Ontological Approach to Mitigate Risk in Web Applications	Marcius Marques Celia Ralha	marcius@marciusmarques.com ghedini@cic.unb.br	Marcius Marques (University of Brasilia - Brazil) Celia Ralha (University of Brasilia - Brazil)
131127	Identificação e Caracterização de Comportamentos Suspeitos Através da Análise do Tráfego DNS	Eduardo Souto Kaio Barbosa Eduardo Feitosa Gilbert Martins	esouto@icomp.ufam.edu.br kaiorafael@gmail.com efeitosa@icomp.ufam.edu.br gilbert.martins@icomp.ufam.edu.br	Eduardo Souto (Universidade Federal de Amazonas - UFAM - Brazil) Kaio Barbosa (Universidade Federal do Amazonas - Brazil) Eduardo Feitosa (Universidade Federal do Amazonas - Brazil) Gilbert Martins (Universidade Federal do Amazonas - Brazil)
131129	Controlando a Frequência de Desvios Indiretos para Bloquear Ataques ROP	Mateus Ferreira Eduardo Feitosa Ailton Santos	mateus@icomp.ufam.edu.br efeitosa@icomp.ufam.edu.br ailton.santos07@gmail.com	Mateus Ferreira (Universidade Federal do Amazonas - Brazil) Eduardo Feitosa (Universidade Federal do Amazonas - Brazil) Ailton Santos (Universidade Federal do Amazonas - Brazil)
131131	Expanding a Lattice-based HVE Scheme	Karina Mochetti Ricardo Dahab	mochetti@ic.unicamp.br rdahab@ic.unicamp.br	Karina Mochetti (UNICAMP - Brazil) Ricardo Dahab (University of Campinas - Brazil)
131136	Esquema de Estruturação SbC-EC para Log Seguro	Sérgio de Medeiros Câmara Luiz Fernando Rust da Costa Carmo Luci Pirmez	smcamara@gmail.com rust@nce.ufrj.br luci@nce.ufrj.br	Sérgio de Medeiros Câmara (Universidade Federal do Rio de Janeiro - Brazil) Luiz Fernando Rust da Costa Carmo (UFRJ - Brazil) Luci Pirmez (UFRJ - Brazil)
131138	A comparison of simple side-channel analysis countermeasures for variable-base elliptic curve scalar multiplication	Erick Nascimento Rodrigo Abarzúa Julio Hernandez Ricardo Dahab	erick.nogueira.nascimento@gmail.com rodrigo.abarzua@usach.cl jlopez@ic.unicamp.br rdahab@ic.unicamp.br	Erick Nascimento (Universidade Estadual de Campinas - Brazil) Rodrigo Abarzúa (Universidad de Santiago de Chile - Chile) Julio Hernandez (UNICAMP - Brazil) Ricardo Dahab (University of Campinas - Brazil)

Topics of Interest

The symposium’s central theme is information and computational systems security, and within this framework completed scientific papers in one or more of the areas listed below are welcome for submission. The list is not exhaustive and papers in other related areas are also welcome for submission.

• Algorithms, protocols and cryptographic techniques
• System audit and analysis
• Access control, authentication and identity management
• Computational forensics and criminology
• Attack, vulnerability, and intrusion detection and prevention
• Digital l
• Constrained hardware security: RFID tags, smart cards, wireless sensors
• Confidence models
• Security policies, standards and norms
• Anonymity and privacy
• Intellectual property protection and DRM
• Security incident response
• Adaptive security, security policy
• Database privacy and security
• Security and privacy in social networks
• Security of applications (Digital TV, E-banking, etc)
• Security in ubiquitous and pervasive computing
• Security in mobile and embedded systems
• Middleware security (Java RMI, J2EE, CorbaSec, .Net, etc)
• Network security: P2P networks, virtual networks, wireless networks
• Security of web services, distributed systems and operating systems
• Security of smart grids, smart meters and smart houses
• Cloud computing security
• Software security: development, tests and certification
• Biometric systems and techniques
• Fault and intrusion tolerance
• Electronic voting
• Cryptographic Hardware
• Grid Computing Security
• Smart card security

Important Dates and Deadlines

• Registration and Paper Submission: June 24, 2014 - July 4, 2014
• Acceptance Notification: August 23, 2014
• Final Version Deadline: September 9, 2014

Instructions for Authors

Only full papers will be accepted. Papers must be the product of developed research that produced original and relevant results that were properly analyzed and validated. Furthermore, the paper presentation must contain grounded and detailed descriptions of the research as well as consistent conclusions based on the obtained results.

Submitted papers must include description of research activity and methodology, as well as reports on relevant experiences (observations/background information) and on related case studies. Papers will only be accepted electronically, through SBC’s JEMS portal (https://submissoes.sbc.org.br/). Papers must be submitted anonymously, i.e. avoid placing identifying information in the headers, in the paper’s text, or in any references which could link the paper to its authors and affiliated institutions.

Papers may be written in Portuguese or English. Only PDF copies of papers will be accepted. The paper’s text format and layout must follow SBC’s guidelines for formatting. For more information on SBC’s guidelines please visit www.sbc.org.br (select the English version of the website on the top banner, then on the left side menu select “Documents”, then select “Templates for Articles and Book Chapters”). Papers are limited to 14 pages including figures, tables, references and appendices.

All papers will be initially evaluated by a review committee followed by two anonymous peer reviews (no identifying information about the authors, reviewers, and affiliated institutions will be shared). Accepted papers must be presented at the symposium by one of the authors, as they will be included in XIV SBSeg’s official proceedings. At the symposium, an evaluation committee will then select the best paper presented.

Coordination

• Diego F. Aranha (UNICAMP) - dfaranha@ic.unicamp.br
• Marinho P Barcellos (UFRGS) - marinho@inf.ufrgs.br

The symposium’s central theme is information and computational systems security, and within this framework completed scientific papers in one or more of the areas listed below are welcome for submission. The list is not exhaustive and papers in other related areas are also welcome for submission.

• Algorithms, protocols and cryptographic techniques
• System audit and analysis
• Access control, authentication and identity management
• Computational forensics and criminology
• Attack, vulnerability, and intrusion detection and prevention
• Digital l
• Constrained hardware security: RFID tags, smart cards, wireless sensors
• Confidence models
• Security policies, standards and norms
• Anonymity and privacy
• Intellectual property protection and DRM
• Security incident response
• Adaptive security, security policy
• Database privacy and security
• Security and privacy in social networks
• Security of applications (Digital TV, E-banking, etc)
• Security in ubiquitous and pervasive computing
• Security in mobile and embedded systems
• Middleware security (Java RMI, J2EE, CorbaSec, .Net, etc)
• Network security: P2P networks, virtual networks, wireless networks
• Security of web services, distributed systems and operating systems
• Security of smart grids, smart meters and smart houses
• Cloud computing security
• Software security: development, tests and certification
• Biometric systems and techniques
• Fault and intrusion tolerance
• Electronic voting
• Cryptographic Hardware
• Grid Computing Security
• Smart card security

Important Dates and Deadlines

• Registration and Paper Submission: Setember 08, 2014
• Acceptance Notification: September 19, 2014

Instructions For Authors

This call contemplates extended abstracts only, which must present research producing preliminary results and suggesting future work consistent with these results. The goal of this category is foster the discussion of ideas, even if not yet fully developed or validated.

Submitted extended abstracts must include description of research activity and methodology, as well as reports on relevant experiences (observations/background information) and on related case studies. Papers will only be accepted electronically, through SBC’s JEMS portal (https://submissoes.sbc.org.br/). Extended abstracts must be submitted anonymously, i.e. avoid placing identifying information in the headers, in the abstracts’s text, or in any references which could link the paper to its authors and affiliated institutions.

Extended abstracts may be written in Portuguese or English. Only PDF copies of papers will be accepted. The abstract’s text format and layout must follow SBC’s guidelines for formatting. For more information on SBC’s guidelines please visit www.sbc.org.br (select the English version of the website on the top banner, then on the left side menu select “Documents”, then select “Templates for Articles and Book Chapters”). Extended abstracts are limited to 4 pages including figures, tables, references and appendices.

All extended abstracts will be initially evaluated by a review committee followed by anonymous peer reviews (no identifying information about the authors, reviewers, and affiliated institutions will be shared). Accepted extended abstracts must be presented at the symposium by one of the authors, as they will be included in XIV SBSeg’s official proceedings. At the symposium, an evaluation committee will then select the best paper presented.

Coordination

• Diego F. Aranha (UNICAMP)
• Marinho P Barcellos (UFRGS)

Important Dates and Deadlines

• Paper Submission: July 14, 2014 - 23, 2014
• Acceptance Notification: August 27, 2014
• Final Version Deadline: to be determined
• Contest Date: November 3, 2014

Call for Submission

The Contest of Theses and Dissertations in Information and Computational Systems Security (CTDSeg), part of SBSeg, aims to acknowledge and reward the best doctoral theses and best post-graduate dissertations in the security field. Researchers are invited to submit a summary paper which describes and summarizes the results concluded in their thesis or dissertation. Theses and dissertations completed between August 2012 to June 2014 are eligible for submission. The contest will award the determined three best doctoral theses and the three best post-graduate dissertations.

Article Submission and Formatting

Submitted paper summaries must be written in either Portuguese or English with a maximum page limit of 8 pages. Paper summaries will only be accepted in PDF file form. Paper summaries should be formatted based on SBC’s formatting guidelines. For more information on SBC’s guidelines please visit http://www.sbc.org.br/template (select the English version of the website on the top banner, then on the left side menu select “Documents”, then select “Templates for Articles and Book Chapters”).

Paper summaries in PDF file form must be submitted through SBC’s JEMS portal at (submissoes.sbc.org.br). Please note, that there are actually two separate items that must be combined into one PDF file for submission (see paragraphs below for more details).

First Document for Submission:

In the paper summary (8 page maximum length), the author must discuss the thesis’s or dissertation’s contribution to its intended academic field as well as it’s thematic originally. The summary must also include the following items: the title of the thesis or dissertation, the author’s name, name of supervisor(s) and their affiliations, the original abstract, motivations, goals, achievements, associated scientific work, and the web address where an official copy of the thesis or dissertation is published and available for view

Second Document for Submission:

Along with the paper summary, each submission must also contain a scanned copy of the Declaration of Completion for the related thesis or dissertation. The statement must explicitly state that the candidate’s work was approved and successfully defended. The statement must also indicate the location and date of the defense, the supervisor’s name, and database location.

Topics of Interest

In order to be eligible for consideration, submitted theses and dissertations must be related to a topic in the field of Information and Computational Systems Security.

Evaluation

The paper summaries for an applicant’s thesis or dissertation will undergo an initial evaluation by three research experts on SBSeg’s Program Committee. The paper summaries accepted from the initial evaluation stage will be published in the SBSeg symposium proceedings. Furthermore, the principal author must present their thesis or dissertation at the CTDSeg on November 3, 2014. At CTDSeg, the contest’s Evaluation Committee will review the completed thesis or dissertation and evaluate the applicant’s oral presentation in order to determine the three best doctoral thesis and post-graduate dissertation contestants.

STDSeg 2014 Coordination

• Aldri Santos (UFPR) - aldri@inf.ufpr.br
• Anderson Nascimento (UnB) - andclay@ene.unb.br

Important Dates and Deadlines

• Proposal Submission: July 11, 2014 - 18, 2014
• Acceptance notification: August 10, 2014 - August 14, 2014
• Completed Lesson Plan and Presentation Deadline: September 15, 2014

Approved Tutorials

MC1: Tolerância a Faltas e Intrusões para Sistemas de Armazenamento de Dados em Nuvens Computacionais.

Authors:

Lau Cheuk Lung (UFSC) (presenter)

Hylson Vescovi Netto (UFSC)

Rick Lopes de Souza (UFSC)

Abstract: O objetivo deste minicurso é mostrar o estado da arte em sistemas de armazenamento nas nuvens que sejam tolerantes a faltas e intrusões. Para isto, serão apresentados conceitos, técnicas e mecanismos que dão suporte aos protocolos e arquiteturas existentes na literatura.

De início, serão abordadas características e benefícios das nuvens de armazenamento atualmente disponíveis, apresentando ao participante do minicurso as nuvens comerciais mais utilizadas. Entre as características, destacam-se os tipos de dados que são suportados pelas nuvens públicas, bem como a possibilidade de realizar processamento sobre os dados na própria nuvem que os armazena, o que resulta na criação de aplicações mais elaboradas; o participante então terá visão das potenciais utilizações da nuvem para o armazenamento. Concluída a visão geral, será feita uma problematização referente a ameaças e vulnerabilidades que podem comprometer o funcionamento dos sistemas de armazenamento nas nuvens, onde o participante compreenderá as lacunas de segurança atualmente existentes nas nuvens. Será também apresentado como os provedores de nuvens lidam com os problemas mais comuns, onde então o participante compreenderá como alguns problemas são resolvidos na prática. A questão de confidencialidade será abordada, mostrando aos participantes como os provedores de nuvens tratam a privacidade do dado armazenado, desde a simples utilização de criptografia até o gerenciamento das chaves criptográficas. Serão apresentadas também estratégias de fragmentação de dados, onde o participante conhecerá as técnicas mais utilizadas e quais suas implicações sobre o dado armazenado. Finalmente, serão apresentados os trabalhos mais relevantes e recentes que realizam armazenamento nas nuvens, onde o participante conhecerá novos protocolos e arquiteturas, bem como os problemas de armazenamento que continuam abertos para pesquisa.

MC2: Device Fingerprint: Conceitos e Técnicas, Exemplos e Contramedidas

Authors:

Adriana Rodrigues Saraiva (UFAM) (presenter)

Pablo Augusto da Paz Elleres (UFAM)

Guilherme de Brito Carneiro (UFAM)

Eduardo Luzeiro Feitosa (UFAM) (presenter)

Abstract: De acordo com a RFC 6973 fingerprint é o processo pelo qual um observador ou atacante identifica, de maneira única e com alta probabilidade, um dispositivo ou uma instância de um aplicativo com base em um conjunto de informações. No contexto da Internet, técnicas de fingerprint são aquelas empregadas para identificar (ou re-identificar) um usuário ou um dispositivo através de um conjunto de atributos (tamanho da tela do dispositivo, versões de softwares instalados, entre muitos outros) e outras características observáveis durante processo de comunicação. Tais técnicas, também conhecidas como machine fingerprint, browser fingerprint e web-based device fingerprint, podem ser usadas como medida de segurança (por exemplo, na autenticação de usuários e no monitoramento das atividades de navegação de um usuário dentro e através de sessões) e como mecanismo para vendas, já que a coleta de informações permite inferir preferências e hábitos de usuários na Web e ser empregada na recomendação de serviços e produtos. Infelizmente, também podem ser consideradas uma ameaça potencial a privacidade Web dos usuários, uma vez que dados pessoais e sigilosos podem ser capturados e em empregados para fins maliciosos no mais variados tipos de ataque e fraudes. Este minicurso apresenta os conceitos e as técnicas de device fingerprint que permitem obter dados relativos aos usuários e seus dispositivos.

MC3: Botnets: Características e Métodos de Detecção Através do Tráfego de Rede

Authors:

Kaio R. S. Barbosa (UFAM) (presenter)

Eduardo Souto (UFAM)

Eduardo Feitosa (UFAM)

Gilbert Martins (UFAM)

Abstract: O monitoramento e análise passiva permitem identificar padrões de comunicação suspeitos de máquinas infectadas (bots) no tráfego de rede. Tais hosts frequentemente estão associados a redes de computadores maliciosas (botnets) utilizadas para proliferação de códigos maliciosos (vírus e worms) e ataques de negação de serviço (DDoS, do inglês Distributed Denial of Service). Pesquisadores têm utilizado técnicas de engenharia reversa do binário malicioso para mitigar esse tipo de aplicação, no entanto, à medida que soluções são criadas para facilitar a engenharia reversa, atacantes desenvolvem novos mecanismos para dificultar tal análise. Portanto, análise passiva é uma alternativa viável para encontrar comportamentos suspeitos no tráfego de rede desconhecidos (zero-day), ou quando um worm ainda não foi totalmente explorado pelas técnicas de engenharia reversa. Este minicurso apresenta as estratégias utilizadas para detecção de botnets através da análise passiva do tráfego de rede.

MC4: Segurança em Redes Veiculares: Inovações e Direções Futuras

Authors:

Michelle S. Wangham (UNIVALI) (presenter)

Michele Nogueira (UFPR) (presenter)

Cláudio Fernandes (UNIVALI)

Osmarildo Paviani (UNIVALI)

Metuzalen Silva (UFPR)

Abstract: O objetivo deste minicurso é, diante das recentes pesquisas a cerca das inovações das redes veiculares, analisar os desafios de segurança e as principais contramedidas descritas em trabalhos acadêmicos. Pretende-se com este minicurso, contribuir para um melhor entendimento das ameaças e ataques em ambientes veiculares e das possíveis contramedidas, analisando as questões chaves de autenticação de usuários e veículos versus privacidade, ataques de nós maliciosos e novos ataques decorrentes do uso da computação em nuvem e dos modelos da Internet do Futuro. Neste curso, será dado um enfoque nos conceitos, problemas e soluções tecnológicas encontrados na literatura nos últimos cinco anos. Complementando esta abordagem conceitual, dois estudos de casos (aplicações inovadoras de redes veiculares) serão analisados para demonstrar os possíveis ataques e contramedidas que podem ser empregadas para minimizá-los.

About the Tutorials

OSBSeg’s tutorials aim to cover relevant topics not generally covered at the undergraduate level, as well as to spark interest in and develop connections between academics and professionals in the security field. Tutorials will be considered based on thematic relevancy and attractiveness to students and professionals in relation to current academic research areas and labor market needs. Each tutorials should be planned for a three and a half hour time block, which may also include laboratory exercises.

Topics of Interest

The symposium’s central theme and thus of the tutorials is information and computational systems security, and within this framework tutorials may cover one or more of the following topics:

• Algorithms, protocols and cryptographic techniques
• System audit and analysis
• Access control, authentication and identity management
• Computational forensics and criminology
• Attack, vulnerability, and intrusion detection and prevention
• Digital law
• Constrained hardware security: RFID tags, smart cards, wireless sensors
• Confidence models
• Security policies, standards and norms
• Anonymity and privacy
• Intellectual property protection and DRM
• Security incident response
• Adaptive security, security policy
• Database privacy and security
• Security and privacy in social networks
• Security of applications (Digital TV, E-banking, etc)
• Security in ubiquitous and pervasive computing
• Security in mobile and embedded systems
• Middleware security (Java RMI, J2EE, CorbaSec, .Net, etc)
• Network security: P2P networks, virtual networks, wireless networks
• Security of web services, distributed systems and operating systems
• Security of smart grids, smart meters and smart houses
• Cloud computing security
• Software security: development, tests and certification
• Biometric systems and techniques
• Fault and intrusion tolerance
• Electronic voting
• Cryptographic Hardware
• Grid Computing Security
• Smart card security

The list is not exhaustive and tutorials may cover other topics related to Information and Computational Systems Security.

Tutorials Proposal Submission

Professors or researchers interested in teaching a tutorials must submit a proposal, written in Portuguese, between 3 to 5 pages (excluding CVs, item 6 below), with the following information:

• Identification Information: tutorials title, author(s) and affiliated institution(s), and indicate which author(s) will present the tutorials at the symposium;
• General Information: tutorials objectives, desired audience profile, and thematic approach (i.e. theoretical or practical course; discussing general summary of findings or conducting an in-depth investigation on specific aspects; giving a presentation on or holding a comparative discussion on technology; providing a training session for new skills or information, etc.);
• Anticipated structure of supporting text (topic areas and/or chapters to be developed);
• For each anticipated topic area / chapter (from item 3), write a summary of its content and provided an estimation of the number of pages for each topic area / chapter;
• Bibliography for principal sources used in tutorials preparation;
• CV for each of the tutorials authors (maximum one page per author) (CVs do not count towards the 3 to 5 page written proposal limit).

Please note that all the information listed above must be submitted as one document (in PDF format only).

Proposals can only be submitted in electronic form (as one PDF file) via SBC’s JEMS portal (https://submissoes.sbc.org.br).

Evaluation Process

Each tutorials proposal submitted to SBSeg 2014 will be evaluated by three or more members of the Evaluation Committee. Tutorials proposals will be reviewed on the following criteria: thematic relevancy, technical quality, and experience of the tutorials author(s) in the topic area. The best proposals in different topic areas will be accepted for presentation and publication.

In an effort to provide a diverse selection of tutorials, only one proposal per topic area will be accepted. Therefore, if two or more submitted proposals cover the same topic or significantly overlap, only the best proposal will be selected at the discretion of the evaluation committee.

Tutorials Supporting Text

The author(s) of accepted tutorials proposals must produce a supporting text for the course between 40 to 50 pages in length. The supporting text must be written in Portuguese; other languages will not be accepted. The supporting text for each selected tutorials will be published as a chapter in the symposium’s catalog “Tutorials of SBSeg 2014”. Tutorials authors are expected to format the supporting text based on SBC’s formatting guidelines. For more information on SBC’s guidelines please visit (www.sbc.org.br) (select the English version of the website on the top banner, then on the left side menu select “Documents”, then select “Templates for Articles and Book Chapters”).

Coordination

• André dos Santos (UECE) - andre@dossantos.org

Important Dates and Deadlines

• Paper Submission: September 4, 2014 - September 11, 2014
• Acceptance Notification: October 1, 2014
• Final Version Deadline: to be determined
• Workshop Date: November 6, 2014

Call for Submission

The Brazilian Symposium in Information and Computational Security Systems (SBSeg) opened its doors to the interdisciplinary field of Computational Forensics in 2012 and the annual Workshop on Computational Forensics is convening for the third time! The past workshops in 2012 (Curitiba, PR) and in 2013 (Manaus, AM) were a success thanks to the speakers, technical sessions, and submitted articles.

The upcoming WFC III in Belo Horizonte will focus on improving the training and motivation within the computational forensics community. This theme is a result of a last year’s workshop report which highlighted the lack of computational forensics experts and its effect in the legal arena, especially as the “TJMG admits that there are large number of stalled legal processes” in part to the lack of experts.

The WFC III will not resolve all of the issues, but will encourage discussion on the problems and possible technical and scientific solutions that can assist experts in their everyday activities. It is important to note, that the Public Ministry of Minas Gerais created the State Coordinator for Combating Cyber Crime (Coeciber). This office is part of the Center for Operational Support for Criminal Prosecutors, for prosecutors working in Criminal Enforcement, Juried Trial, and under Military Authority (Caocrim). The State Coordinator for Combating Cyber Crime (Coeciber) works, in conjunction with public prosecutors, to expand and reform judicial and extrajudicial measures necessary to effectively combat cyber crime under state jurisdiction.

Moreover, another important issue to review is the current labor demand for specialized experts, as the Institute for General Skills (IGP) reported that “investigation for both common and technologically sophisticated crimes require specialized expertise.”

The WFC III facilitates knowledge transfer and best practice exchange between experts in the Computer Science and Law fields. By bringing together technical experts working in the computer forensics realm with those in relevant legal fields, important legal aspects affecting legislation arising from unlawful acts can be appropriately dealt with while minimizing implications on Brazilian society.

The computational forensics field is continuously growing more important and necessary as the virtual online environment continuously becomes part of everyday society and societal interactions. This transformation in societal interaction is facilitating the movement of traditional societal problems, once common in the real world, into the virtual world. With this movement, new technical and legal problems are emerging, including issues related to: invasion of privacy; breaches of contracts made over the internet; dissemination of slanderous or defamatory e-mails; child pornography; cyber bullying; illegal copy right infringement of software, music, and movies; and many more issues becoming an everyday reality in Brazilian and worldwide society.

 

Given the context and state of affairs, the SBSeg organizing committee invites potential workshop participants to submit papers related to the topics listed below. The workshop organizing committee recognizes that the items below are not a complete list and encourages individuals interested in submitting papers in relevant fields not list below to contact the workshop coordinators for consultation.

Formatting and Submission of Papers

Those interested in submitting papers for the workshop must submit the initial drafts in PDF file form. The papers should be formatted based on SBC’s formatting guidelines. For more information on SBC’s guidelines please visit www.sbc.org.br/en/index.php?option=com_jdownloads&task=view.download&catid=32&cid=38&Itemid=195.

Papers must be submitted through SBC’s JEMS portal at (submissoes.sbc.org.br).

Topics of Interest

• Forensic Analysis of Digital Documents
• Forensic Aspects of Computer Networks and Security
• Legal Aspects of Computational Forensics
• Biometrics and Attacks on Biometric Systems (Spoofing)
• Electronic Crimes
• Detection of Pornography and Child Pornography
• Detection of Violence
• Theoretical Foundations for Computational Forensics
• Management of Information Security
• Collection of Digital Evidence
• Masking Information (Steganography and Steganalysis)
• Security and Investigative Procedures in Cloud Computing
• Surveillance (Pedestrian detection, object tracking, re-identification of people, facial recognition, recognition of actions and activities).

Program Committee

To be determined.

Coordination of WFC 2014

• Cinthia O. de A. Freitas (PUCPR) - cinthia@ppgia.pucpr.br
• William Schwartz (DCC/UFMG) - william@dcc.ufmg.br

Important Dates and Deadlines

• Submission (registration and paper upload): August 1 to 11, 2014 - August 1 to 19, 2014
• Acceptance Notification: September 1, 2014 - September 5, 2014
• Final Version Deadline: September 8, 2014 - September 12, 2014

Presentation

Management of digital identities (IdM-Identity Management) consists of an integrated system of policies, processes, and technologies that enable organizations to treat and manipulate the identities of its users and objects (devices) in authentication, authorization, accounting, and auditing.

This is an active research topic and due to its complexity and relevance it is expected to remain important for some time. This outlook stems from the numerous technical issues that identity management systems must consider, such as: ease of use, user privacy and anonymity, security, single authentication, scalability, fine granularity access control (based on attributes), interoperability, and systems costs (total cost of ownership).

The 4th Workshop on Digital Identity Management (WGID) will provide a forum for technical paper discussions and presentations on the state of the art technologies related to identity management. Furthermore, a workshop goal is to identify research challenges as well as empower workshop participants.

Topics of Interest

Authors are invited to submit original papers on identity management. Topics of interests for the workshop include (but are not limited to):

• Federated mobile access and mobile certification
• Attribute aggregation
• Integrated environments for attribute aggregation management
• Anonymity in IdM systems
• Reference architectures and frameworks for IdM
• Auditing IdM systems
• Single sign on authentication
• Object authentication (devices or things)
• Attribute based authentication and access control
• Authentication and access control federated in non-web applications and mobile computing
• Digital certification
• Atribute certificates
• Lifecycle of digital identities (provision and administration)
• Attribute based access control (ABAC)
• Developing application using A&A infrastructure provided by federations
• Scalability in identity management technologies
• Academic network federations
• Tools for managing and monitoring federations
• Trust management in IdM system
• Attribute Management
• A&A management in interinstitutional projects
• User centered identity management
• Identity and cloud computing management
• Identity and access management
• Identity and Egovernment management
• Identity and grid computing management
• Identity and IoT (Internet of Things) management
• Federated identity management
• Interoperability between IdM systems
• Levels of Assurance in IdM
• New approaches to authentication and access control (e.g., based on context, reputation etc.)
• Standards for digital identity in the academic community
• Privacy and Anonymity in IdM systems
• Authentication and authorization protocols
• Social networks and digital identities
• Civil Identity Registry (RIC) of Brazil
• Prevention techniques for fraud and identity theft
• Technologies to strengthen privacy
• Technology usability in Identity Management

Workshop Format

The WGID will be held on November 6, 2014 and will include the presentation of papers accepted for publication, a guest lecturer and a panel discussion.

Information for Authors

Articles can be submitted in two categories:

• Full papers should present research has been developed to the point of producing original and relevant results that have been appropriately validated and analyzed. Submitted completed articles are limited to 10 pages.
• Short papers should describe a research paper in progress, a computational tool and/or practical experiments. The short articles should be between 4 to 6 pages in length. In the case of tools and/or experiments, the article must contain the following information: description and motivation of the problem addressed by the tool; solution architecture and description of the main features; URL where the tool is available; URL tool documentation and description of the planned demonstration.

The summaries should be formatted based on SBC’s formatting guidelines. For more information on SBC’s guidelines please visit www.sbc.org.br (select the English version of the website on the top banner, then on the left side menu select “Documents”, then select “Templates for Articles and Book Chapters”). Paper summaries must be submitted through SBC’s JEMS portal at (submissoes.sbc.org.br). Paper summaries must be submitted in PDF format and may be written in Portuguese of English.

Papers submitted to WGID will be evaluated by a board of reviewers and selected papers will be invited for presentation and published in the Conference Proceedings. At least one author of each selected paper must register for and attend the Symposium on Information Security and Computer Systems (SBSeg) to present their work at the workshop.

All submitted manuscripts must be anonymized, that is, the authors must remove from the head, body and references in the paper any information that may be linked to the authors or their institutions.

Organizing Committee

Coordenadores Gerais do Sbseg

• Jeroen van de Graaf (UFMG)
• José Marcos Nogueira (UFMG)
• Leonardo B. Oliveira (UFMG)

WGID Coordinator

• Marco Aurélio Amaral Henriques (UNICAMP) - marco@dca.fee.unicamp.br

Program Committee

• Adilson Eduardo Guelfi (Unoeste)
• Aldri Santos (UFPR)
• Altair Olivo Santin (PUC-PR)
• Débora Christina Muchaluat Saade (UFF)
• Emerson Ribeiro de Mello (IFSC)
• Joni da Silva Fraga (UFSC)
• Marco Aurélio Amaral Henriques (Unicamp)
• Michelle Silva Wangham (Univali)
• Noemi Rodriguez (PUC-RJ)
• Ricardo Custódio (UFSC)
• Roberto Samarone (UFPA)
• Vinod Rebello (UFF)

The Workshop in Election Technology (WTE) will be held on November 3, 2014, in Belo Horizonte in conjunction with SESeg 2014.

Call for Papers

Brazil has been increasingly adopting automation of its elections since the deployment of voting machines in 1996, reaching the current scenario where integration with biometric identification is planned for all voting equipment. However, participation of academia in this initiative, in particular of the information security segment, has been not expressive.

The Workshop on Electoral Technology is a scientific venue organized as a satellite event of the XIV Brazilian Symposium on Security of Information and Computer Systems (SBSeg 2014). The main objective of the event is to promote research in electoral technology and to establish collaboration with the international research community, integrating experts in academia and industry with interest on the security of electronic voting. In this context, papers are solicited for submission in any work aligned with the main goal, with emphasis on the following items:

• Auditing of electronic voting systems
• Cryptographic protocols and primitives for electronic voting
• Design of new voting systems
• Experiences with systems in production or development
• Formal or informal security or requirements analysis
• Legal aspects and standardization in electronic voting
• Mechanisms for protecting ballot secrecy and integrity
• Mechanisms for verifying election results
• Security analysis and attacks on existing systems
• Security of paper and remote voting
• Usability and accessibility issues
• Voter registration and authentication

Important Dates

• Registration and Submission: September 8, 2014
• Notification of Decision: September 19, 2014
• Final Version: September 29, 2014

Instructions to the Authors

Submitted papers should present original research results, event if preliminary. Each submission should provide proper context in the introduction, rigorous treatment of the research subject or case study, and conclusions consistent with the results.

Submission will be exclusively electronic, through the JEMS system (submissoes.sbc.org.br). Submissions must be anonymous, with no author names, affiliations, acknowledgments, or obvious references.

Papers can be written in Portuguese or English and must submitted in PDF format. Formatting should follow the Brazilian Computer Society template and fit between 5 and 12 pages, including pictures, tables, references and appendices. Longer papers are expected to have more definite results. For more information on the formatting guidelines please visit www.sbc.org.br (select the English version of the website on the top banner, then on the left side menu select "Documents", then select "Templates for Articles and Book Chapters").

All submissions will be evaluated by a body of reviewers, following a standard double-blind process (no identification of authors, reviewers and their affiliations). Accepted papers must be presented by one of the authors, in order to be included in the final proceedings. The length assigned to each presentation will depend on the number of accepted papers and depth of each individual contribution.

Program Committee

• Diego de Freitas Aranha (UNICAMP)
• Jeroen van de Graaf (UFMG)
• Mario Gazziro (UFABC)
• Roberto Samarone Araújo (UFPA)
• Ruy J. Guerra B. de Queiroz (UFPE)

Important Dates and Deadlines

• Paper Submission (registration and uploading): July 7 to 18, 2014 - 7 to 25, 2014
• Acceptance Notification: August 23, 2014
• Final Version Deadline: September 9, 2014
• Workshop Date: November 3, 2014

Accepted papers:

ID	Title	Authors	Abstract
131246	Análise de Segurança de Conversores Serial-Ethernet e Microcontroladores Tibbo	Ildomar Gomes de Carvalho Junior (Universidade do Estado de Santa Catarina - Brazil), Rafael Obelheiro (UDESC - Brazil)	Microcontroladores e conversores serial-Ethernet são utilizados em sistemas de controle industrial para a comunicação e controle de diversos dispositivos. O funcionamento incorreto de microcontroladores e conversores pode acarretar danos em equipamentos e/ou no processo de manufatura de produtos, trazendo riscos até mesmo para a integridade física de pessoas que operam máquinas que dependem desses sistemas embarcados. A crescente integração de microcontroladores e conversores à Internet e o aumento de vulnerabilidades e incidentes envolvendo sistemas de controle industriais fazem com que a segurança desses dispositivos se torne um atributo cada vez mais importante. Este artigo apresenta o uso de técnicas de injeção de faltas através da rede para avaliar a segurança da pilha TCP/IP do microcontrolador e conversor serial-Ethernet Tibbo EM1206. O processo seguido nesta avaliação pode ser utilizado para a condução de avaliações similares.
131319	Esteno: Uma Abordagem para Detecção Visual de Bankers	Victor Furuse Martins (Universidade Estadual de Campinas - Brazil), André Abed Grégio (CenPRA/MCT - Brazil), Vitor Afonso (Universidade Estadual de Campinas - Brazil), Paulo de Geus (University of Campinas - Brazil)	Bankers-programas maliciosos para roubo de informações bancárias-geralmente usam janelas que imitam sites dos bancos reais para ludibriar os usuários. Isto e sua execução não intrusiva no sistema alvo dificultam a detecção e análise por sistemas automáticos não supervisionados. Neste artigo, apresenta-se uma proposta de solução para a identificação de bankers brasileiros. Para tanto, lança-se mão de três analisadores visuais (baseados em cores, na presença de logotipos conhecidos e no conteúdo dos textos) refinados por meio de aprendizado de máquina supervisionado (Random Forest). Testes com mais de 1.100 imagens extraídas de malware resultaram em 92,1% de exemplares corretamente classificados.
131342	Um Mecanismo de Segurança para o Protocolo HTR	Gregório Correia (Federal University of Pernnambuco - Brazil), Eduardo Feitosa (Universidade Federal do Amazonas - Brazil), Djamel Fawzi Hadj Sadok (Universidade Federal de Pernambuco (UFPE) - Brazil)	Segurança de dados tornou-se um requisito essencial para todo e qualquer sistema em rede, para as redes adhoc isso não seria diferente. Entre a gama de protocolos existentes não há foco na proteção dos dados que trafegam. O Heterogeneous Technologies Routing (HTR) foi um protocolo desenvolvido que provê um roteamento eficiente de dados com o menor consumo energético, porém seus dados trafegam em claro entre os elementos que compõem a rede. Este trabalho tem como foco avaliar o impacto causado por um sistema de segurança sobre a rede adhoc móvel HTR.
131472	CAFe Expresso: Comunidade Acadêmica Federada para Experimentação usando Framework Shibboleth	Maykon de Souza (IFSC - Brazil), Emerson Ribeiro de Mello (Instituto Federal de Santa Catarina - Brazil), Michelle Wangham (Universidade do Vale do Itajaí - Brazil)	To perform research in Identity Management, the researcher needs a complete infrastructure with Identity Providers (IdPs) and Service Providers (SPs) so that it can conduct your experiments. The process to provide this kind of infrastructure is time-consuming and requires a thorough knowledge on the tools, which are limiting factors for researchers who only want to conduct researches in the area. The aim of this article is to describe the CAFe Expresso wich was implemented with the purpose to facilitate the development of research on identity management and for this provides an environment for experimentation based on the Shibboleth framework, composed of IdPs, SPs, Discovery Services (DS) and the uApprove service.
131776	Estudo e Análise de Vulnerabilidades Web	Wagner Monteverde (Universidade Tecnológica Federal do Paraná - Brazil), Rodrigo Campiolo (Universidade Tecnológica Federal do Paraná - Brazil)	A segurança em aplicações Web é importante para prover a proteção aos clientes e serviços na Web. Inúmeras vulnerabilidades Web são exploradas a cada dia e os ataques tem se tornado mais frequentes devido a facilidade introduzida por ferramentas de exploração e pelo aumento de aplicações e o uso da Web. Neste trabalho é realizado o estudo e análise de vulnerabilidades em aplicações Web em diferentes tipos de aplicações. São usadas ferramentas para identificação de vulnerabilidades em uma amostra de sítios Web heterogêneos e brasileiros. Por consequência, foram investigadas as principais formas de ataques utilizadas em aplicações Web. Os resultados indicam a necessidade urgente de melhorias na segurança, principalmente em sítios Web menores e regionais.
131967	Implementação Eficiente de Algoritmos para Teste de Primalidade	Bruno Ribeiro (University of Brasília - Brazil), Diego Aranha (University of Campinas - Brazil)	O desenvolvimento da criptografia, em especial a criptografia de chave assimétrica, foi fator determinante para o crescimento e popularização das redes de computadores. Foi responsável pela viabilização de demandas como comércio e correio eletrônicos, assinaturas e certificações digitais. O uso adequado de técnicas criptográficas requer o desenvolvimento de implementações eficientes que sejam capazes de serem executadas em diversos tipos de dispositivos, que cada vez mais se incorporam à vida das pessoas. A geração de chaves criptográficas, por exemplo, é uma operação não só crítica quanto à segurança, mas também de alto custo computacional no algoritmo RSA. Este trabalho tem como objetivo estudar técnicas para teste de primalidade, elemento que compõe o núcleo do processo de geração de chaves nesse algoritmo. É dado enfoque na implementação, otimização e análise de desempenho do Teste de Frobenius Quadrático Simplificado, um teste de primalidade de 2005 e pouco explorado. As análises apontam uma eficiência 30% maior para inteiros de até 256 bits, resultados positivos quanto à viabilidade da redução do custo computacional da geração de números primos.
132012	Uma análise do Impacto do Intervalo de Tempo de Captura do Acelerômetro na Biometria baseada em gestos em dispositivos móveis usando Android	Paulo Dreher (Universidade do Vale do Rio do Sinos - Brazil), Luciano Ignaczak (UNISINOS - Brazil)	The application of behavioural biometrics for authentication in mobile devices has been demonstrated in several studies, which show the feasibility of using gestures for authenticating users in a system. However, no attention has been given to the way the movement is done and the period between capture points of a gesture. This paper aims to analyse the security of different intervals capture of an accelerometer coordinates applied to biometrics gestures on mobile devices. The analysis of the intervals was conducted through an experiment, based on an Android application, where two types of movements and three different capture intervals were executed. The findings demonstrate that reducing the capture interval accelerometer increases the safety of the use of biometrics by gestures. The results also highlight the importance of using complex movements to make the authentication process less susceptible to attacks.
132018	Análise dos Desafios para Estabelecer e Manter Sistema de Gestão de Segurança da Informação no Cenário Brasileiro	Rodrigo Fazenda (Universidade do Vale do Rio dos Sinos (Unisinos) - Brazil), Leonardo Fagundes (Universidade do Vale do Rio dos Sinos - Brazil)	O estabelecimento da norma ISO 27001 cresce entre as organizações em todo o mundo. Porém, diversos desafios são enfrentados pelas empresas para implementar esta norma. É escassa a quantidade de estudos sobre os desafios que empresas brasileiras enfrentam para estabelecer e manter o SGSI. Este artigo tem como objetivo identificar e analisar os desafios enfrentados para estabelecer e manter o SGSI no cenário nacional. Foi através do método de estudo de caso múltiplo que fatores como falta de apoio da direção, falta de capacitação da área de Segurança da Informação, influência da cultura local, falhas na análise de riscos e resistência á mudança foram identificados como obstáculos.
132046	Implementação do esquema totalmente homomórfico sobre inteiros de chave reduzida	Luan Santos (Centro Universitario Euripedes de Marilia - Brazil), Guilherme Rodrigues Bilar (Centro Universitario Euripedes de Marilia - Brazil), Fabio Pereira (UNIVEM - Brazil)	Resumo: Neste papel implementamos o esquema totalmente homomórfico de chave reduzida (DGVH sobre inteiros) proposto por Jean-Sébastian Coron, Avradip Mandal, David Naccache e Mehdi Tibouchi, que foi publicado na conferencia CRYPTO 2011, este mesmo esquema pode ser comparado com o esquema totalmente homomórfico de Gentry, que trata-se de um esquema totalmente homomórfico mais simples, contudo essa simplicidade vem ao custo de que sua chave pública possui um tamanho estimado de ̃ , o que de acordo com Coron et al, torna inviável a aplicação em sistemas práticos. O esquema totalmente homomórfico DGVH com chave pública reduzida diminui o tamanho da chave pública gerada para ̃ criptografando de maneira quadrática os elementos da chave pública, ao invés de criptografa-los de maneira linear. Para fazê-lo foram utilizadas linguagens de programação como C++ e Python, contando com a biblioteca de matemática e teoria numérica GMPY2. Abstract: In this paper we implemented the fully homomorphic scheme with shoter key (DGVH with shorter key) proposed by Jean-Sébastian Coron, Avradip Mandal , David Naccache and Mehdi Tibouchi , which was published in the conference CRYPTO 2011, this same scheme can be compared with the Gentry's fully homomorphic scheme, being it a simpler fully homomorphic scheme, however this simplicity comes at the cost of the public key having an estimated size of ̃ , which according to Coron et al, makes it impossible to use in practical systems. The DGVH scheme over intergers with shorter public key decreases the size of the generated public key to ̃ , encrypting the information of the public key in a quadratic manner, instead of encrypting them in a linear way. To do so, programming languages like C + + and Python were used, with the library of mathematics and number theory GMPY2.
132082	Sistema de Gerenciamento de Identidades para a Rede Catarinense de Informações Municipais baseado no SAML	Emerson Souto (Universidade do Vale do Itajaí - Brazil), Marlon Domenech (Univali - Brazil), Michelle Wangham (Universidade do Vale do Itajaí - Brazil)	A Rede Catarinense de Informações Municipais (RedeCIM) integra diversos sistemas de apoio à gestão pública municipal. Tais sistemas utilizam diferentes mecanismos de autenticação e de autorização, fazendo com que os usuários precisem lidar com diferentes credenciais para cada sistema. Este trabalho descreve um sistema de IdM centralizado baseado no padrão SAML 2.0, que provê autenticação única alinhada aos requisitos da RedeCIM. A pesquisa de satisfação realizada atestou a aprovação dos usuários e gestores da RedeCIM e os testes de software evidenciam a viabilidade da solução, garantindo a IdM na RedeCIM.
132136	Aplicações Seguras no uso de QR Code: Dois Estudos de Caso	Eduardo Costa (Instituto Federal do Espirito Santo - IFES - Brazil), Jefferson Andrade (Instituto Federal do EspÃ-rito Santo - Brazil), Karin Komati (Ifes Campus Serra - Brazil)	QR Codes facilitam a navegação de usuários em seus dispositivos móveis, entretanto, esta estratégia pode expor os usuários e o próprio sistema a diversos tipos de ataques, tais como: fraudes, sites clonados e injeção SQL. Portanto, estratégias de segurança devem ser adotadas para evitar prejuízos. Neste contexto, o objetivo deste trabalho é apresentar propostas de utilização segura do QR Code. Este trabalho apresenta duas aplicações, a primeira é um sistema de associação entre documentos digitais e impressos que utiliza a verificação do resumo hash dos documentos para manter a integridade da associação e, a segunda um sistema de m-commerce que utiliza criptografia para manter o sigilo da entrada do sistema. Através dos resultados dos experimentos verificou-se que as duas estratégias de segurança propostas são eficazes quando existe um QR Code malicioso, tornando a utilização deste código gráfico mais segura e confiável.
132742	Implementação em Hardware de Instrução Segura de Acesso à Memória - Caso MIPS 16 bit	Eric Torres (Universidade Federal de Minas Gerais - Brazil), Antonio Maia (Student UFMG - Brazil), Omar Vilela Neto (Universidade Federal de Minas Gerais - Brazil), Leonardo Barbosa (UFMG - Brazil)	Algumas linguagens não possuem mecanismos de segurança. Isso faz com que diversos programas estejam vulneráveis a ataques. Um ataque bastante comum é o Buffer Overflow. Existem diversas propostas de solução para esse problema. Mas, em sua grande maioria, essas soluções são implementadas em software, gerando uma grande sobrecarga. Por isto, este trabalho propõe uma alternativa em hardware, capaz de realizar o acesso seguro à memória. Foi criado então a SSW, uma instrução segura de escrita à memória desenvolvida para a arquitetura MIPS 16 bit.

Call for Submission

The Workshop on Scientific Initiation and Undergraduate Papers (WTICG), a joint event with SBSeg, aims to encourage new graduates and undergraduates to participate in the production and dissemination of scientific papers on topics related to information and computational systems security. WTICG 2014 will be held in conjunction with SBSed 2014 (www.sbseg2014.dcc.ufmg.br/) November 3 to 6, 2014 in Belo Horizonte, MG.

Undergraduate students currently enrolled in university and recent graduates who completed their undergraduate course work in 2013 are invited to participate in WTICG 2014. Participants are required to provide documentation to the event coordinator indicating their enrollment status at a university or indicating their recent and successful completion of studies.

Authors are invited to submit papers for Scientific Initiation (IC), completion of course work (TCC), software implementations , and independent projects completed in the years 2013 and 2014 or that are in the final stages of completion. The following criteria will be used in the evaluation of submitted work: originality, relevance, technical quality, and presentation. Submissions selected by the Program Committee will be published (in digital form), provided that at least one of the papers’ authors is registered for the workshop. All papers selected for publication must be presented during the workshop’s technical session by one of the authors.

Article Submission and Formatting

Submitted papers should be formatted based on SBC’s formatting guidelines. For more information on SBC’s guidelines please visit www.sbc.org.br (select the English version of the website on the top banner, then on the left side menu select “Documents”, then select “Templates for Articles and Book Chapters”).

Papers must be submitted through SBC’s JEMS portal at (submissoes.sbc.org.br). Papers must be submitted in PDF format and may be written in Portuguese or English with a maximum length of 10 pages.

Topics of Interest

The list of topics of interest includes (but is not excluded to):

• Algorithms, protocols and cryptographic techniques
• System anonymity, auditing and analysis
• Access control, authentication, identity management, biometrics
• Computational Forensics
• Detecting and preventing intrusions, attacks and vulnerabilities
• Digital Law
• Cryptographic hardware, RFID, smart cards and biometric systems
• Trust Models
• Security standardization and normalization
• Privacy
• Intellectual property protection and DRM
• Response to security incidents
• Adaptive security, security policies
• Security in applications (digital TV, e-banking, etc.)
• Security in ubiquitous / pervasive computing
• Security on mobile devices and embedded systems
• Security in grid and cloud computing
• Security middleware (Java RMI, J2EE, CORBASec,. Net, etc.)
• Security in networks, overlay networks, virtual networks and wireless networks
• Security in smart grids, smart meters and smart houses
• Security in web services, distributed systems and operating systems
• Database security and privacy
• Social network privacy and security
• Secure systems and software: developing, testing and certification
• Fault/intrusion tolerance
• Electronic Voting

Program Committee

• Aldri dos Santos (UFPR)
• Altair Santin (PUCPR)
• Anderson Nascimento (UnB)
• André Santos (UECE)
• Bruno Barros (LARC/USP)
• Bruno Rodrigues Silva (UFMG)
• Carla Merkle Westphall (UFSC)
• Carlos Maziero (UTFPR)
• Cristian Cleder Machado (URI)
• Edna Canedo (UnB)
• Eduardo Feitosa (UFAM)
• Eduardo Souto (UFAM)
• Eduardo Viegas (PUCPR)
• Ewerton Andrade (USP)
• Gilbert Martins (UFAM)
• Gustavo Vieira (UFMG)
• Jim Lau (UFSC)
• Joéo Eugenio Marynowski (UFPR)
• Jose Antonio Xexeo (IME)
• Lau Cheuk Lung (UFSC)
• Leandro Magnabosco (UFSC)
• Luis Knob (UFRGS)
• Marcos Silva (USP)
• Marinho Barcellos (UFRGS)
• Marlon Domenech (Univali)
• Mateus Rutzig (UFSM)
• Márcio Carvalho (UFRGS)
• Paulo Barreto (USP)
• Paulo de Geus (Unicamp)
• Paulo Mafra (UFSC)
• Paulo André da Silva Goncalves (UFPE)
• Pedro Heleno Isolani (UFRGS)
• Rafael Obelheiro (UDESC)
• Raul Ceretta Nunes (UFSM)
• Ricardo Custódio (UFSC)
• Ricardo Dahab (Unicamp)
• Rick Lopes de Souza (UFSC)
• Rossana Andrade (UFC)
• Routo Terada (USP)
• Vilmar Abreu (PUCPR)
• Vitor Paisante (UFMG)
• William de Souza (Royal Holloway)

Prizes

The top three entries will receive awards.

WTICG 2014 Coordination

• Eduardo Souto (UFAM) - esouto@icomp.ufam.edu.br