Timetable

11/11/13

12/11/13

13/11/13

14/11/13

08:00-08:30

Registration

Registration

Registration

Registration

08:30-10:00

WTICG

WGID

MC1

ST1

ST2

ST5

ST6

FSC

WFC

MC3

10:00-10:30

coffee break

coffee break

coffee break

coffee break

10:30-11:30

WTICG

WGID

MC1

PI 1

PN 1

FSC

WFC

MC3

11:30-12:30

PI 2

 PN 2

12:30-14:30

Lunch

Lunch

Lunch

Lunch

14:30-16:00

WTICG

WGID

MC2

ST3

ST7

ST8

FSC

WFC

MC4

ST4

16:00-16:30

coffee break

coffee break

coffee break

coffee break

16:30-18:30

CESeg

WGID

MC2

PI 3

PI 4

FSC

WFC

MC4

18:30-19:00

19:00-19:30

Opening

plenary

CESeg/SBC

19:30-21:00

Coquetel

Dinner

21:00-23:00

WTICG - Workshop de Trabalhos de Iniciação Científica e de Graduação

Monday, November 11, 2013

WTICG Session 1 - Security in Networks and Computer Systems

09:00-10:00

Energy Assessment Tools Software Security in Embedded Systems 
Willer F. Santos, UFMG, Brasil
Jean H. F. Freire, UFMG, Brasil
Fernando M. Q. Pereira, UFMG, Brasil
Diógenes C. da Silva Jr., UFMG, Brasil
Leonardo B. Oliveira, UFMG, Brasil

Alexandre Sombra, UFC, Brasil
Wellington Albano, UFC, Brasil
Michele Nogueira, UFPR, Brasil
José Neuman de Souza, UFC, Brasil

WTICG Session 2 - Web Security

10:30-12:30

ABSecurity: A tool for access control based on roles through Web Services 
Adriano Reiné Bueno, UFJF, Brasil
Evaldo de Oliveira da Silva, UNIVERSO, Brasil
Tadeu de Classe, UFJF, Brasil

Identifying spam on Twitter through the empirical analysis of the Trending Topics Brazil 
Adeilson Souza, UFAM, Brasil
Kaio R. S. Barbosa, UFAM, Brasil
Eduardo Feitosa, UFAM, Brasil

Web Application for Creating Electronic Notary Acts for Notaries Digital 
Eduardo Jorge dos Santos Cordeiro, UNIVALI, Brasil
Michelle S. Wangham, UNIVALI, Brasil

Using OpenID and OAuth to provide Identity Management in a Participatory Electronic Government Portal 
Daniel Leite de Oliveira, UNIVALI, Brasil
Michelle S. Wangham, UNIVALI, Brasil

WTICG Session 3 - Information Security

14:30-16:00

Analysis of Application of Steganography Combined with AES Cryptographic Method 
Suelen Graff, UNOESC, Brasil
Andrey Kuehlkamp, UNOESC, Brasil
Marlon Cordeiro Domenech, UNIVALI, Brasil

Efficient implementation of bilinear pairings on elliptic curves on ARM platform 
Victor Henrique Hisao Taira, UnB, Brasil
Diego F. Aranha, UnB, Brasil

Efficient Arithmetic on  Huff's curves
Edson Floriano S. Junior, UnB, Brasil
Diego F. Aranha, UnB, Brasil

WGID - Workshop de Gestão de Identidades

Monday, November 11, 2013

WGID Technical Session of Full papers and Short

08:30-10:00

Case Study: Integrating Customer OpenStack Swift Cloud With An Identity Federation 
Lucas Silva , UFPA, Brasil
Felipe da Silva, UFPA, Brasil
Roberto Araujo, UFPA, Brasil
Daniel Carvalho, UFRN, Brasil
Thomás Filipe Diniz, UFRN, Brasil
Carlos Eduardo da Silva, UFRN, Brasil

Integrating  OpenStack Keystone with an Identity Federation 
Thomás Filipe Diniz, UFRN, Brasil
Carlos Eduardo da Silva, UFRN, Brasil
Roberto Araujo, UFPA, Brasil

Programming and configuration of Java Card by means of   free software
Mauro Tardivo Filho, UNICAMP, Brasil
Marco Aurelio Amaral Henriques, UNICAMP, Brasil

WGID Lecture  and Tools Hall

10:30-12:00

Lecture: ICP-BRAZIL: A Secure Platform for Digital Identities

Mauricio Coelho, ITI, Brasil
Diretor do Instituto Nacional de Tecnologia da Informação

12:00-12:30

Tools Hall: GIdLab: Experimentation Laboratory in Identity Management 

Michelle Wangham, UNIVALI, Brasil

Emerson Ribeiro de Mello, IFSC,Brasil

Maykon Chagas, IFSC, Brasil

Herivelton Coelho, UFSC, Brasil

WGID  Identity Management Program (PGID)  I 

14:30-16:00

Authentication and Authorization for access to applications on a Service Bus for Web of Things

Tito Gardel, UFBA, Brasil
Nailton Andrade, UFBA, Brasil
Cássion Prazeres, UFBA, Brasil

Integrating  OpenStack with Identity Providers Connect OpenId and SAML: a comparative analysis 
Ioram S. Sette, UFPE, Brasil
Carlos Ferraz, UFPE, Brasil

Transposition of Credentials for usage of Testbeds for Future Internet 

Edelberto F. Silva, UFF, Brasil
Débora Muchaluat-Saade, UFF, Brasil

Natalia C. Fernandes, UFF, Brasil

WGID Identity Management Program (PGID)  II e Painel

16:30-17:00

An Evaluation of the Usage of Documents Adherents ICAO 9303 Standard on Academic Scope

Jean Everson Martina, UFSC, Brasil
Thaís Bardino Idalino, UFSC, Brasil

17:00-19:00

Panel about Privacy in using Identities

Panelists:

Marco Aurelio Amaral Henriques, UNICAMP, Brasil

Thiago Digo, UFF, Brasil
Emerson Ribeiro de Mello, IFSC,Brasil

Moderator:

Carlos Eduardo da Silva, UFRN, Brasil

Short Courses

Monday, November 11, 2013

Short Courses  1 (MC1) - Anti-Digital Forensics: Concepts, Techniques, Tools and Case Studies

08:30-12:00

Autors: 
Evandro Della Vecchia, PUCRS/IGP, Brasil
Daniel Weber, UFRGS, Brasil
Avelino Zorzo, PUCRS, Brasil

Overview: 

A very current theme and received significant attention from both the scientific community and industry is the digital forensics (also known as forensics , computer forensics and other names ) , which deals with the research and possible reconstruction scenarios of past events in the digital field . Given this fact, many people who want to hide or destroy data seeking techniques and tools for the application of anti - digital forensics , which aims to hinder or even impossible forensic analysis . The short course in question deals with the concepts , techniques , tools and means of identification of the application of anti - forensic digital ( known as anti - anti - forensic digital) . When we speak of anti - digital forensics , many think of criminals who use techniques to hinder the investigation of their actions . In fact , many of the techniques to be addressed should be applied by companies to ensure confidentiality of your information and even its destruction when media are discarded ( donation of media , for example) . At the end of the short course , the reader will have minimal knowledge and able to apply the techniques covered for protection and how to identify the use of the same in the case of forensic analysis

Short course  2 (MC2) - Post-Quantum Cryptography

14:30-18:30

Autors:  
Paulo S. L. Barreto, USP, Brasil
Felipe P. Biasi, USP, Brasil
Ricardo Dahab, UNICAMP, Brasil
Julio César López-Hernández, UNICAMP, Brasil
Eduardo Morais, UNICAMP, Brasil
Ana Karina D. S. Oliveira, UFMS, Brasil
Thomaz Oliveira, CINVESTAV-IPN, Brasil
Geovandro C. C. F. Pereira, USP, Brasil
Jefferson E. Ricardini, USP, Brasil

Overview: 
Cryptosystems denominated as post-quantum were initially proposed to withstand the technological possibility of building attacks supported by quantic computer against conventional cryptosystems (such as RSA & ECC). An additional, and in a certain way more decisive benefit, to the post-quantum schemes is its efficiency potentially superior than the most common alternatives, especially in scenarios involving platforms with very limited resources (typical of embedded systems, wireless sensor networks and so-called Web of Things) and/or highly embedded (Cloud computing), where the conventional schemes (and susceptible to quantic attacks) can't even be viable because of mere lack of enough computing power to apply them. Justifying, in that way, even in a purely classic context (where attacks previously focused only towards traditional PCs could be launched towards vehicles, mobile phones, e-tickets, RFIDs or even against pacemakers, and being able to achieve an unprecedented scale due to the highly distributed nature of the cloud), the evaluation of post-quantum cryptosystems, and therefore the study and research about the subject. The goal of the short-course is to introduce basic notions of the main lines of post-quantum research (error correcting codes, MQ systems, lattices and signatures based in hash), likewise to show the most recent studies aiming the improvements of schemes related to the size of keys, signature overheads and cryptograms.

Short Courses

Thursday, November 14, 2013

Short course  3 (MC3) - Software Security in Embedded Systems: Attacks & Defenses

08:30-12:30

Autors: 
Bruno Silva, UFMG, Brasil
Diógenes Cecilio da Silva Jr., UFMG, Brasil
Evaldo M. Souza, UFMG, Brasil
Fernando Pereira, UFMG, Brasil
Fernando Teixeira, UFMG, Brasil
Hao Chi Wong, INTEL, Brasil
Henrique Nazaré, UFMG, Brasil
Izabela Maffra, UFMG, Brasil
Jean Freire, UFMG, Brasil
Leonardo B. Oliveira, UFMG, Brasil
Willer F. Santos, UFMG, Brasil

Overview: 
The security of computer systems and applications, is causing concern of who administers. Applications faulty become targets of malicious software that can, among other practices, gain control of the system. Failure makes the system vulnerable and therefore a potential target for malicious programmers. Attackers exploit these flaws and thus gains control of the system for various purposes. Among the flaws exploited by attackers, is the memory overflow (buffer overflow) that, once exploited, allows the opponent to alter the flow of the current program to execute code snippets with various purposes. This short course deals with overflow attacks arrays of memory and information leakage, as well as some defenses used to try to avoid these problems.

Short course 4 (MC4) - Infrastructure Authentication and Authorization for Internet of Things

14:30-16:30

Autors: 
Michelle S. Wangham, UNIVALI, Brasil
Marlon Cordeiro Domenech, UNIVALI, Brasil
Emerson Ribeiro de Mello, IFSC, Brasil

Overview: 
The next leap in the growth of the Internet is the extensive integration of physical objects of everyday (things), connected in networks. The basic idea of IoT is the presence of a variety of things (objects) that interact and cooperate in order to achieve a common goal, eg, information sharing using  single addressing methods and standardized communication protocols. With the growth of IoT applications, the concern about information security will increase. The aim of this short course is to analyze the challenges of security and infrastructure authentication and authorization that provide identity management for Internet of Things.

Technical Sessions - Full papers and Extended Abstracts

Tuesday, November 12, 2013

Technical Session 1 (ST1) - Authentication Methods, Identification and Authorization

08:30-10:00

Authentication and Authorization Infrastructure Based on SmartCards with  Attributes Control in User Centered

Davi da Silva Böger, UFSC, Brasil
Luciano Barreto, UFSC, Brasil
Joni da Silva Fraga, UFSC, Brasil
André Santos, UECE, Brasil
David Teles França, UECE, Brasil

Resilient Evaluation Authorization UNONABC for Cloud Computing

Arlindo L. Marcon Jr., PUCPR, Brasil
Altair Santin, PUCPR, Brasil
Maicon Stihler, PUCPR, Brasil

Diego Kreutz, University of Lisbon, Portugal
Eduardo Feitosa, UFAM, Brasil
Oleksandr Malichevskyy, University of Lisbon, Portugal

Kaio R. S. Barbosa, UFAM, Brasil
Hugo Cunha, UFAM, Brasil

Anatomy of Attacks on SIP Servers 
João M. Ceron, NIC.br, Brasil
Klauss Steding-Jessen, NIC.br, Brasil
Cristine Hoepers, NIC.br, Brasil

Technical Session 2 (ST2) - Attack Detection and Prevention

08:30-10:00

ETSSDetector: A Tool for Automatic Vulnerability Detection of Cross-Site Scripting in Web Applications 

Thiago de Souza Rocha, UFAM, Brasil
Eduardo Souto, UFAM, Brasil
Gilbert Breves Martins, UFAM, Brasil

A Semi Automated Approach to Assess Web Vulnerability Scanner Tools Effectivenss 

Tania Basso, UNICAMP, Brasil
Regina L. O. Moraes, UNICAMP, Brasil
Mario Jino, UNICAMP, Brasil

The use of the Haar transform on Anomaly Detection in Web Traffic

Cristian Cappo, UNA, Paraguai
Raul Ceretta Nunes, UFSM, Brasil

Bruno Augusti Mozzaquatro, UFSM, Paraguai
Alice de Jesus Kozakevicius, UFSM, Brasil

Christian Schaerer, UNA, Paraguai

Intrusion Detection using Time Series Analysis with Models ARMAX / GARCH

Igor Forain, IPT-SP, Brasil
Adilson E. Guelfi, USP, Brasil

Elvis Pontes, IPT-SP, Brasil

Anderson Silva, IPT-SP, Brasil

Technical Session 3 (ST3) Extended Abstracts - Mechanisms for Authentication and Identity Management

14:30-15:15

An aggregator Mechanism Mediated by the Client Attributes for a System of Federated Identity Management Aligned Program Gov.br

Marcondes Maçaneiro, UNIDAVI, Brasil
Michelle Wangham, UNIVALI, Brasil

An Infrastructure Authentication and Authorization for web of Things based on SAML and XACML

Marlon C. Domenech, UNIVALI, Brasil
Michelle Wangham, UNIVALI, Brasil

Identity Management in the Web of Things: A Case Study in Electronic Health

Marciel de Liz Santos, UNIDAVI, Brasil

Marlon C. Domenech, UNIVALI, Brasil
Michelle Wangham, UNIVALI, Brasil

Technical Session 4 (ST4) Extended Abstracts - Key Distribution and Anomaly Detection and Malware

15:15-16:00

A New Approach about Distribution of Cryptographic Keys to Framewoek Security TinySec 

Mario T. Lemes, UFG, Brasil 

Renato de Freitas Bulcão Neto, UFG, Brasil

Leandro Liis Galdino Oliveira, UFG, Brasil

Roberto Vito Rodrigues Filho, UFG, Brasil

Iwens G. Sene Jr., UFG, Brasil

An Architecture for Monitoring and Anomaly Security Detection  for Cloud Computing

Anderson Soares Ferreira, UNICAMP, Brasil
Paulo Lício de Gesu, UNICAMP, Brasil

National market trends: looking for malware in Android applications

Vitor M. Afonso, UNICAMP, Brasil
André R. A. Grégio, UNICAMP, Brasil
Eduardo Ellery, UNICAMP, Brasil

Glauco B. Junqueira, SAMSUNG, Brasil
Guilherme A. K. Schick, SAMSUNG, Brasil
Ricardo Dahab, UNICAMP, Brasil
Paulo Lício de Geus, UNICAMP, Brasil

Technical Sessions - Full papers and Extended Abstracts

Wednesday, November 13, 2013

Technical Session 5 (ST5) - Network Security

08:30-10:00

CCNcheck: a mechanism of mitigating for pollution content in Content-Centric Networking

Igor C. G. Ribeiro, UFF, Brasil
Flávio de Q. Guimarães, UFF, Brasil
Célio Vinicius Neves de Albuquerque, UFF, Brasil
Antônio A. de A. Rocha, UFF, Brasil

A Mechanism for Secure Isolation of Virtual Network  Using a Hybrid Approach Xen and OpenFlow 

Diogo Menezes Ferrazani Mattos, UFRJ, Brasil
Lyno Henrique Gonçalves Ferraz, UFRJ, Brasil
Otto Carlos Muniz Bandeira Duarte, UFRJ, Brasil

Mitigation of Flood Attacks for Wireless Mesh Networks on using and Reputation Filtering 

Flavio Arieta, UFPR, Brasil
Larissa Barabasz, UFPR, Brasil
Michele Nogueira, UFPR, Brasil

A Decentralized Reputation System to Evaluate the Trust Nodes in Vehicular Networks 
Claudio P. Fernandes, UNIVALI, Brasil
Israel de Simas, UNIVALI, Brasil
Michelle Wangham, UNIVALI, Brasil

Technical Session 6 (ST6) - Technical Development of Secure Software

08:30-10:00

Cheating detection in P2P online trading card games 

Rodrigo R. Leal, USP, Brasil
Marcos A. Simplicio Jr, USP, Brasil
Mateus A. S. Santos, USP, Brasil
Marco A. L. Gomes, USP, Brasil
Walter A. Goya, USP, Brasil

Automatic Detection of Vulnerabilities in Secure Code for Canaries

Izabela Karennina Travizano Maffra, UFMG, Brasil
Fernando Magno Quintão Pereira, UFMG, Brasil
Leonardo Barbosa Oliveira, UFMG, Brasil

Access Static Verification to Arrangements in the C 

Henrique Nazaré Santos, UFMG, Brasil
Fernando Magno Quintão Pereira, UFMG, Brasil
Leonardo Barbosa Oliveira, UFMG, Brasil

An Intermediate Representation for Detection of Implicit Information Leaks

Bruno Rodrigues Silva, UFMG, Brasil
Fernando Magno Quintão Pereira, UFMG, Brasil
Leonardo Barbosa Oliveira, UFMG, Brasil

Technical Session 7 (ST7) - Attack Detection and Prevention

14:30-16:00

Data Model of a Knowledge Base for Monitoring Attacks in Computer Networks

Giani Petri, ULBRA, Brasil
Raul Ceretta Nunes, UFSM, Brasil
Tarcisio Ceolin Junior, UFSM, Brasil
Osmar Marchi dos Santos, UFSM, Brasil

A system to analyzing and detecting malicious applications from Android

Vitor M. Afonso, UNICAMP, Brasil
André R. A. Grégio, UNICAMP, Brasil
Matheus F. de Amorim, UNICAMP, Brasil
Eduardo Ellery, UNICAMP, Brasil
Glauco B. Junqueira, SAMSUNG, Brasil
Guilherme A. K. Schick, SAMSUNG, Brasil
Ricardo Dahab, UNICAMP, Brasil
Paulo Lício de Geus, UNICAMP, Brasil

Not much, Not So Little: There is a Great Timeout  for CCN in PIT Mitigation of DoS Attacks 

Flávio de Q. Guimarães, UFF, Brasil
Igor C. G. Ribeiro, UFF, Brasil
Antônio A. de A. Rocha, UFF, Brasil
Célio Vinicius Neves de Albuquerque, UFF, Brasil

The state of the art of Brazilian legislation on cyber crime 
Danielle Novaes de Siqueira Valverde, UFPE, Brasil
José de Siqueira Silva, FOCCA, Brasil

Technical Session 8 (ST8) - Cryptographic Protocols

14:30-16:00

Authenticated encryption using PUFs 

Amanda Cristina Davi Resende, UnB, Brasil
Diego F. Aranha, UnB, Brasil

Software implementation of the Scheme of Digital Signature Merkle and its variants

Ana Karina D. Salina de Oliveira, UFSM, Brasil
Julio López, UNICAMP, Brasil

Modern fair exchange protocol design: Dealing with complex digital items 

Fabio Piva, UNICAMP, Brasil
Ricardo Dahab, UNICAMP, Brasil

Efficient Implementation of Key Agreement Protocols in Restricted Computational Power Devices

Rafael Will Macedo de Araujo, USP, Brasil
Routo Terada, USP, Brasil

National and International Lectures

Tuesday, 12 November 2013

George W. Cox - INTEL

Securing Security Hardware

10:30-11:30

Abstract:

• Potential for abuse of HW security elements (e.g., secrets, cryptographic functionality) in SoC/platform environments (e.g., misconfiguration, observation, and misuse) by other platform agents (e.g., HW, SW, and/or FW);
• Approaches to constrain the behavior (either intentional or errouneous) of those agents; and
• Intel's product response in current/future products.

Biography:

During his 38 year career at Intel, George has lead research and development teams delivering processors, I/O subsystems, supercomputers, interconnects, and security elements. His current Digital Random Number Generator (DRNG) work is the second Intel RNG that his teams have deployed in product. He looks forward to attacking other such low level, fundamental, long term, platform security problems.

David Ott - INTEL

Trust Evidence for Software Runtime Environments

11:30-12:30

Abstract:

Intel Labs collaborates with university researchers across the world to explore new computing paradigms that could become the future of technology. In this talk, we discuss the challenge of providing evidence that software execution can be trusted in the face of myriad attack types and vectors. One approach to the problem is that of software baselining in which expected paths of execution provide a basis for judging the trustworthiness of software runtime behavior and generating evidence that computation has not been subverted. After discussing the problem, we present several university approaches that explore the paradigm in different ways.  Each suggests a way to make future software runtime systems generate evidence of trustworthy operation, something that could be used by interacting systems or components to evaluate risk.

Biography:

David Ott is a Research Director for the University Research Office in Intel Labs.  His work involves identifying key research challenges and opportunities for innovative technology development in the areas of computer security and communications. David Ott joined Intel in 2005 as a senior software engineer and has worked in a variety of technical roles over the years focusing on enterprise computing, software aspects of future Intel platforms, performance analysis, and computer security.  David holds M.S. and Ph.D. degrees in Computer Science from the University of North Carolina at Chapel Hill.

Fabian Monrose - University of North Carolina

Hooked On Phonics: Learning to Read Encrypted VoIP Conversations

16:30-18:30

Abstract: 

Over the past decade, Voice-over-IP (VoIP) telephony has witnessed spectacular growth. Today, VoIP is being used everywhere, and is making steady headway as a replacement for traditional telephony in both the residential and commercial sectors. Yet, even with this widespread adoption, the security and privacy implications of VoIP are still not well understood. In this talk we will explore why current practices for encrypting VoIP packets are insufficient for ensuring privacy. In particular, we will examine how two common design decisions made in VoIP protocols---namely, the use of variable-bit-rate (VBR) codecs for speech encoding and length-preserving stream ciphers for encryption---interact to leak substantial information about a given conversation. More specifically, I will recap our recent attempts to reconstruct a hypothesized transcript of a conversation from a bottom up approach that has striking parallels to how infants find words in a speech stream. Time permitting, I'll share some interesting stories about the events that unfolded since publication of our work.

Biography:

Fabian Monrose is a Professor of Computer Science at University of North Carolina at Chapel Hill. Prior to joining UNC, he was an Associate Professor at Johns Hopkins University, and a founding member of the Johns Hopkins Information Security Institute. From 1999-2002, he served as a member of technical staff at Bell Labs, Lucent Technologies. He has received several awards including a National Science Foundation CAREER award in 2006, and best paper awards at flagship security conferences including the IEEE Security and Privacy and USENIX Security Symposiums. He has published over 75 papers in computer and communications security. He received his Ph.D. and M.Sc. from the Courant Institute of Mathematical Sciences at New York University.

National and International Lectures

Wednesday, November 13, 2013

Antônio M. Moreiras - CEPTRO/NIC.br

 IPv6 Challenges for IPv6 Security Professionals

10:30-11:30

Abstract:

The lecture will discuss about the challenges that security professionals and incident response groups might experience before the changes that occur with both the migration to IPv6, as well as during the phase in which transition techniques are used between protocols.

Biografia:

Antonio M. Moreiras is Project Manager of the CEPTRO ( Centro de Estudos e Projetos em Tecnologias de Redes e Operaçõess ) in NIC.br , where he coordinates the IPv6.br , an initiative for the dissemination of IPv6 in the country . It is also responsible for the free availability of the Brazilian Legal Time on the network , via NTP , the studies on the Web at Zappiens.br , a portal for the dissemination of quality video content in Portuguese, and targeted training to providers Internet. Moreiras is a founding member of ISOC Brazil advisor and member of committees on Science and Technology and High Tech Crime of the OAB / SP . Is an electrical engineer (1999 ) and Master of Engineering (2004 ) , by POLI / USP , MBA in UFRJ (2008 ) and specializations in Internet Governance at the Diplo Foundation (2009 ) and South School of Internet Governance (2010 ) . From 1999 to 2007 he worked at the State Agency , which , among other activities , coordinated the team of software quality . From 2002 to 2007 he was professor in Computing courses and Networks in Unicid , Tancredo Neves Colleges and Colleges Radial.

Matt Bishop - University of California

An Analysis of the Buffer Overflow Problem

16:30-18:30

Abstract:

Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the size of a variable or an array is loaded into memory. This causes variables and state information located adjacent to the intended destination in memory to change. Unless the process checks for these additional changes, the process acts incorrectly, often placing the system in a non-secure state. We present a taxonomy based upon preconditions that must hold for an exploitable buffer overflow to exist. We validate the approach by examining several software and hardware countermeasures. We then discuss generalizing this approach to other vulnerability types such as input errors.

Biography:

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He is on the faculty at the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. This includes detecting and handling all types of malicious logic. Currently, he has research projects involving data sanitization, modeling election processes, and attribution in large-scale testbeds such as GENI; he is also looking at the "insider" problem. He was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California. He has been active in the area of UNIX security since 1979, and has presented tutorials at SANS, USENIX, and other conferences. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

FSC - Corporative Security Forum

Thursday, November 14, 2013

session 1

08:30-09:30

Lecture: Forensic Aspects of Electronic Surveillance and Access Control for Security of Large Events

Jorge de A. Lambert, DPF-DF, Brasil

Instituto Nacional de Criminalística

Departamento de Polícia Federal - DF - Brasília

09:30-10:00

Talk about the topic of the lecture

Session  2 

10:30-11:30

 Lecture: Cyber ​​security: challenges and opportunities

Otávio Carlos Cunha da Silva, ABIN, Brasil

Agência Brasileira de Inteligência - DF - Brasília

11:30-12:30

Talk about the topic of the lecture

Session  3

14:30-15:30

Palestra: Defesa Cibernética: Visão Prospectiva
Coronel Luiz Cláudio Gomes Gonçalves

Chefe do Núcleo do Centro de Defesa Cibernética do Exército Brasileiro – CDCiber

15:30-16:00

Session  4

16:30-18:30

Roundtable and Closing

Members:

Otávio Carlos Cunha da Silva, ABIN, Brasil

Coronel Luiz Cláudio Gomes Gonçalves, CDCiber, Brasil

Rafael Timóteo de Sousa Jr, UnB, Brasil

Anderson C. A. Nascimento, UnB, Brasil
Diego F. Aranha, UnB, Brasil

WFC - Workshop on Computational Forensics

Thursday, November 14, 2013

Session  1

08:30-09:00

Lecture: Detection of Pornography and Child Pornography

Wagner de Oliveira Lima, DPF-AM, Brasil

Perito Criminal Federal - Departamento de Polícia Federal

Superintendência Regional do Amazonas 

Chefe do Setor Técnico-Científico

09:00-09:30

Article: SiCReT - System of Phone Records Crossing

Luiz Rodrigo Grochocki, IC-PR, Brasil

Alexandre Vrube, IC-PR, Brasil

Raphael Laércio Zago, IC-PR, Brasil

Alonso Decarli, PUCPR, Brasil

Cinthia O. A. Freitas, PUCPR, Brasil

09:30-10:00

Paulo Henrique Batimarchi

IFIP – International Federation on Intellectual Property (Latin America)

Session  2 

10:30-11:00

Lecture: Challenges in Multimedia Forensics

Jorge de A. Lambert, DPF-DF, Brasil

Instituto Nacional de Criminalística

Departamento de Polícia Federal - DF - Brasília

11:00-11:30

Lecture: Challenges in Computer Forensics

Marcelo Caldeira Ruback, DPF-DF, Brasil

Instituto Nacional de Criminalística

Departamento de Polícia Federal - DF - Brasília

11:30-12:30

Magnus Anseklev

Micro Systemation

Session  3

14:30-15:00

Lecture: Demonstration of Equipment for Collecting Evidence on Mobile Devices
Magnus Anseklev

Micro Systemation

15:00-15:30

Article: Blind Detection of Malicious Traffic Through Temporal Variation of the Greatest Eigenvalue
Danilo Tenório, UnB, Brasil

João Paulo da Costa, UnB, Brasil

Edison de Freitas, UnB/UFSM, Brasil

Rafael de Sousa Jr, UnB, Brasil

15:30-16:00

Session  4

16:30-17:30

Lecture: Skills and Technical Reports
Luiz Rodrigo Grochocki, IC-PR, Brasil

Perito Oficial Criminal da Polícia Científica do Estado do Paraná

Setor de Computação Forense

17:30-18:30

Roundtable and Closing