Minicursos do VII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
Palavras-chave:
Segurança da Informação, Sistemas Computacionais, Minicursos do SBSeg 2007, SBSeg 2007Sinopse
O Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg) é um evento científico promovido anualmente pela Sociedade Brasileira de Computação (SBC) e representa o principal fórum no país para a apresentação de pesquisas e atividades relevantes ligadas à segurança da informação e de sistemas. Este livro reúne os quatro capítulos produzidos pelos autores das propostas de minicursos aceitas para apresentação no SBSeg 2007.
O Capítulo 1, "Forense Computacional: fundamentos, tecnologias e desafios atuais", apresenta noções de forense computacional e ferramentas que podem ser utilizadas para auxiliar na coleta, manutenção e análise de evidências. A anatomia de alguns códigos maliciosos e estudos de caso complementam o tema e auxiliam no entendimento do assunto.
O Capítulo 2, "Esteganografia e suas Aplicações", explora as técnicas de esteganografia de maneira que possam ser usadas na proteção das comunicações. Além disso, mostra as aplicações e a aplicabilidade da esteganografia como uma opção aos métodos de criptografia mais conhecidos.
O Capítulo 3, "Introdução à Segurança Demonstrável", é uma referência introdutória para os interessados em compreender as técnicas de segurança demonstrável, uma área de criptografia teórica que estuda a definição formal de requisitos de segurança forte e provê métodos para analisar esquemas criptográficos em relação a esses requisitos.
O Capítulo 4, "Soluções para o desenvolvimento de sistemas seguros", apresenta novas formas de desenvolver software seguro, baseadas não somente na aplicação das teorias existentes como na adoção de um processo de desenvolvimento que considere os requisitos de segurança como parte integral do projeto de construção de software.
Capítulos
-
1. Forense Computacional: fundamentos, tecnologias e desafios atuais
-
2. Esteganografia e suas Aplicações
-
3. Introdução à Segurança Demonstrável
-
4. Soluções para o desenvolvimento de sistemas seguros
Downloads
Referências
Adelstein, F. (2006). Live forensics: diagnosing your system without killing it first. Commun. ACM, 49(2):63–66.
Adleman, L. M. (1990). An abstract theory of computer viruses. pages 1–354.
AHN, G.-J.; SANDHU, R. (1999) “The RSL99 Language for Role-Based Separation of Duty Constraints”, In Proceedings of 4th ACM Workshop on Role-Based Access Control, Fairfax, VA, Oct, p. 43-54.
Aleph-Null (1971). Software - practice and experience. volume 1, pages 201–204.
ALEXANDER, C. (1978) “A Pattern Language”, Oxford Press, Oxford, R. Unido.
ALEXANDER, C. (1979) “A Timeless Way of Building”, Oxford Press, Oxford, R. Unido.
AMOROSO, E. G. (1994) “Fundamentals of Computer Security Technology”. Prentice Hall PTR, Upper Saddle River, NJ, USA, 1994, ISBN: 0-13-108929-3.
AVCIBAS, I.; MEMON, N.; SANKUR, B. Steganalysis based on image quality metrics. In: Proceedings of the Fourth Workshop on Multimedia Signal Processing. USA: IEEE, 2001. p. 517–522.
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., e Whelan, C. (2006). The sorcerer’s apprentice guide to fault attacks. Proceedings of the IEEE, 94(2).
BASIN, D. AND DOSER, J. (2002) “SecureUML: A UML-Based Modeling Language for Model-Driven Security”. 5th International Conference on the Unified Modeling Language, Lecture Notes in Computer Science 2460.
BASIN, D.; DOSER, J. (2005) “Model Driven Security: from UML Models to Access Control Infrastructures. In 5th International School on Foundations of Security Analysis and Design”, FOSAD.
BASSIA, P.; PITAS, I. Robust audio watermarking in the time domain. In: 9th European Signal Processing Conference (EUSIPCO’98). Island of Rhodes, Greece: [s.n.], 1998. p. 25–28. ISBN 960-7620-05-4. Disponível em: <http://citeseer.ist.psu.edu/bassia99robust.html>.
BELL, D. E.; LA PADULA, L. J. (1973) “Secure Computer Systems : Mathematical Foundations”, MTR-2547 Vol. I, The MITRE Corporation, Bedford, Massachusetts, Mar.
Bellare, M. e Rogaway, P. (1993). Random oracles are practical: a paradigm for designing efficient protocols. Em CCS ’93: Proceedings of the 1st ACM conference on Computer and communications security, p. 62–73, New York, NY, USA. ACM Press.
Bellare, M. e Rogaway, P. (1994). Optimal asymmetric encryption. Em EUROCRYPT, p. 92–111.
Bellare, M. e Rogaway, P. (1996). The exact security of digital signatures - how to sign with rsa and rabin. Em EUROCRYPT, p. 399–416.
Bellare, M., Boldyreva, A., e Palacio, A. (2004). An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. Em [Cachin e Camenisch, 2004], p. 171–188.
Bessa, L. (2006). Websense revela suas previsões sobre a segurança da internet para 2007. IMS Marketing. Websense, Inc, [link].
BIBA, K. J. (1977) “Integrity Considerations for Secure Computer Systems”, Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Hanscom Air Force Base, Bedford, Massachusetts, Apr.
BISHOP, M. (2003) “Computer Security: Art and Science”, Addison Wesley.
BLAKLEY,B.;HEALTH,C. (2004) “Security Design Patterns”, Technical Guide, 2004, Doc. No. G031, ISBN: 1-931624-27-5.
BlazingTools (2007). Perfect keylogger - easy to use stealth solution for pc and internet surveillance. discover the truth now! http://www.blazingtools.com/bpk.html.
Blum, M. e Goldwasser, S. (1985). An efficient probabilistic public key encryption scheme which hides all partial information. Em Proceedings of CRYPTO 84 on Advances in cryptology, p. 289–302, New York, NY, USA. Springer-Verlag New York, Inc.
Boneh, D. e Franklin, M. (2003). Identity-based encryption from the weil pairing. SIAM J. Comput., 32(3):586–615.
BONEY, L.; TEWFIK, A. H.; HAMDY, K. N. Digital watermarks for audio signals. In: International Conference on Multimedia Computing and Systems. [s.n.], 1996. p. 473–480. Disponível em: [link].
Bonfante, G., Kaczmarek, M., and Marion, J. Y. (2007) Toward an abstract computer virology.
BUCCIGROSSI, R. W.; SIMONCELLI, E. P. Image compression via joint statistical characterization in the wavelet domain. IEEE Trans Image Proc, v. 8, n. 12, p. 1688–1701, December 1999.
Cachin, C. e Camenisch, J., editores (2004). Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, volume 3027 de Lecture Notes in Computer Science. Springer.
Cambridge, A. L. (2007). VNC - Virtual Network Computing from AT&T Laboratories Cambridge.
Canetti, R., Goldreich, O., e Halevi, S. (1998). The random oracle methodology, revisited (preliminary version). Em STOC ’98: Proceedings of the thirtieth annual ACM symposium on Theory of computing, p. 209–218, New York, NY, USA. ACM Press.
Carrier, B. (2007a). Autopsy forensic browser. SourceForge.net, http://www.sleuthkit.org/autopsy/desc.php.
Carrier, B. (2007b). mactime. SouceForge.net, http://www.sleuthkit.org/sleuthkit/man/mactime.html.
Carrier, B. (2007c). The sleuth kit. http://www.sleuthkit.org/sleuthkit/desc.php.
Carrier, B. D. (2006). Risks of live digital forensic analysis. Commun. ACM, 49(2):56–61.
Carrier, I. B. (2004). A hardware-based memory acquisition procedure for digital.
Case, J. and Moelius, S. E. (2007). Cautious virus detection in the extreme. In Proceedings of the 2007 workshop on Programming languages and analysis for security (PLAS 2007), pages 47–52, New York, NY, USA. ACM Press.
Casey, E. (2006). Investigating sophisticated security breaches. Commun. ACM, 49(2):48–55.
CERT (1999). CERT Advisory CA-1999-04 Melissa Macro Virus. CERT Coordination Center (CERT/CC), http://www.cert.org/advisories/CA-1999-04.html.
CERT (2002a). CERT Advisory CA-2001-13 Buffer Overflow In IIS Indexing Service DLL. CERT Coordination Center (CERT/CC), http://www.cert.org/advisories/CA-2001-13.html.
CERT (2002b). CERT advisory CA-2002-30 trojan horse tcpdump and libpcap distributions. CERT Coordination Center (CERT/CC), http://www.cert.org/advisories/CA-2002-30.html.
CERT.br (2007). Centro de estudos, resposta e tratamento de incidentes de segurança no brasil. Comitê Gestor da Internet no Brasil - CGI.br, http://www.cert.br/.
Chawki, M. (2005). A critical look at the regulation of cybercrime. http://www.crime-research.org/articles/Critical/.
Chor, B. e Goldreich, O. (1985). Rsa/rabin least significant bits are 1-2- + 1/poly(log n) secure. Em Proceedings of CRYPTO 84 on Advances in cryptology, p. 303–313, New York, NY, USA. Springer-Verlag New York, Inc.
CHRISTOPHER STEEL, RAMESH NAGAPPAN, RAY LAI. (2005) “Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management,” Prentice Hall.
CLARK, D.; WILSON, D. (1987) “A comparasion of commercial and military computer security policies”, Proceedings of the IEEE Computer Society Simposium of Research in Security and Privacy, Los Alamitos, Calif., p. 184-194.
Cohen, F. (1987). Computer viruses: theory and experiments. Comput. Secur., 6(1):22–35.
Collett, D. and Cohen, M. (2007). Forensic and log analysis gui. SourceForge.net, http://sourceforge.net/projects/pyflag/.
Coron, J.-S. (2002). Optimal security proofs for pss and other signature schemes. Em EUROCRYPT ’02: Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, p. 272–287, London, UK. Springer-Verlag.
Cramer, R. e Shoup, V. (1998). A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Em CRYPTO ’98: Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p. 13–25, London, UK. Springer-Verlag.
Crapanzano, J. (2003). Deconstructing subseven, the trojan horse of choice. Technical report, SANS Institute.
DCFL (2007). dcfldd. Department of Defense Computer Forensics Lab, http://dcfldd.sourceforge.net/.
DENNING, D. (1976) “A Lattice Model of Secure Information Flow”, Communication of ACM, Vol. 19, Nº. 5, May.
DENNING, D. (1982) “Criptography and data security”, Addison-Wesley.
Diffie, W. e Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654.
Dildog (2007). BO2K - Opensource Remote Administration Tool. Cult of the Dead Cow, http://www.bo2k.com/.
DUDA, R. O.; HART, P. E.; STORK, D. G. Pattern Classification (2nd Edition). [S.l.]: Wiley-Interscience, 2000. ISBN 0471056693.
DUMITRESCU, S.; WU, X. Steganalysis of lsb embedding in multimedia signals. In: Proceedings of the Intl. Conference on Multimedia and Exp. USA: IEEE, 2002. v. 3, p. 581–584.
ECLIPSE (2007) “Eclipse”, disponível em http://www.eclipse.org/, acesso em julho de 2007.
eEye (2007). eEye Digital Security website. http://www.eeye.com/html/index.html.
EMF (2007) “Eclipse Modeling Framework”, disponível em http://www.eclipse.org/emf/, acesso em julho de 2007.
Etrust (2007). Pestpatrol anti-spyware. http://www.pestpatrol.com/.
EZSTEGO, S. e. Stego e Ezstego. 2007. Disponível em: <http://www.stego.com>.
Farmer, D. and Venema, W. (2006). Perícia Forense Computacional - Teoria e Prática Aplicada. 1 edition.
FERNANDEZ, E. (2000) "Metadata and authorization Patterns", Report TR-CSE-00-16, Dept. of Computer Science and Eng., Florida Atlantic University, May.
FERNANDEZ, E.;PAM,R. (2001) “A Pattern Language for Security Models”, Dept. of Computer Science & Engineering, Florida Atlantic University, 2001.
FERRAIOLO, D.F.; BARKLEY, J.F.; KUHN R. (1999) “A Role Based Access Control Model and Reference Implementation within a Corporate Intranet”, Proc.of. National Institute of Standars and Technology, Vol. 2, nº. 1, February, p. 34-64.
FILHO de L. et al. Electrocardiographic signal compression using multiscale recurrent patterns. IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications, v. 52, n. 12, p. 2739–2753, 2005.
FINK, T., KOCH, M., PAULS, K. (2004) “An MDA approach to Access Control Specifications Using MOF and UML Profiles”, In Proceedings 1st International Workshop on Views On Designing Complex Architectures.
FIORIO, M.; EMMANOEL, C. O; PIRES, P. F. (2007) “Um arcabouço de segurança baseado em transformações de modelos em MDA”, Relatório técnico, Núcleo de Computação Eletrônica, UFRJ.
Forte, D. (2004). The art of log correlation. HTCIA Worldwide Conference, http://www.dflabs.com/images/Art_of_correlation_Dario_Forte.pdf.
Foundstone (2007). Foundstone network security: Risk management. FoundStone. McAfee, Inc, http://www.foundstone.com/us/resources-free-tools.asp.
FRIDRICH, J.; GOLJAN, M. Practical Steganalysis of Digital Images — State of the Art. 2002. 1-13 p.
FRIEDMANN, G. L. The trustworthy digital camera: Restoring credibility to the photographic image. v. 39, n. 4, p. 905–910, nov. 1993. ISSN 0098-3063. Disponível em: [link].
FTC (2005). The US SAFE WEB Act: Protecting Consumers from Spam, Spyware, and Fraud. A Legislative Recommendation to Congress. Federal Trade Commission, http://ftc.gov/reports/ussafeweb/USSAFEWEB.pdf.
GAMMA, E.; HELM, R.; JOHNSON, H.; VLISSIDES, J.; WESLEY, A. (1995) “Design Patterns: Elements of Reusable Object-Oriented Software”, ISBN: 0-201-63361-2.
Garfinkel, S. L. (2007). Advanced forensic format (aff). Simson L. Garfinkel and Basis Technology Corp, http://www.afflib.org/.
GEF (2007) “Graphical Editing Framework”, disponível em http://www.eclipse.org/gef/, acesso em julho de 2007.
Giacobbi, G. (2007). The gnu netcat - official homepage. http://netcat.sourceforge.net/.
Gibson, S. (2007). Automated image and restore (air). SourceForge.net, https://sourceforge.net/projects/air-imager/.
GLENN, F. (1999) “RBAC in UNIX Administration”, Proceedings of 4th ACM Workshop on Role-Based Access Control, Fairfax, VA, Oct., p. 95-101.
GODIK, S.;MOSES T. (2003) “eXtensible Access Control Markup Language (XACML) Version 1.0”, OASIS Standard.
GOGUEN, J.A;. MESAJUER, J. (1982) “Security Policies And Security Models”, Proceedings of IEEE symposium on Reseach in Security and Privacy.
Goldreich, O. (2003). Foundations of Cryptography: Volume I Basic Tools. Cambridge University Press, Cambridge.
Goldreich, O. (2004). Foundations of Cryptography: Volume II Basic Applications. Cambridge University Press, Cambridge.
Goldwasser, S. e Micali, S. (1982). Probabilistic encryption & how to play mental poker keeping secret all partial information. Em STOC ’82: Proceedings of the fourteenth annual ACM symposium on Theory of computing, p. 365–377, New York, NY, USA. ACM Press.
Goldwasser, S. e Micali, S. (1984). Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299.
GONZALEZ, R. C.; WOODS, R. E. Digital Image Processing. 2nd. ed. Boston, MA, USA: Prentice-Hall, 2002.
Guidance (2007). Encase forensic. Guidance Software, Inc, http://www.guidancesoftware.com/products/ef_index.asp.
GWATERMARKER. GWatermarker. 2007. Disponível em: <http://www.cse.unt.edu/smohanty/ISWARwatermarker/>.
Haagman, D. and Ghavalas, B. (2005). Trojan defence: A forensic view. Digital Investigation, 2(1):23–30.
Harris, R. (2006). Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. In The 6th Annual Digital Forensic Research Workshop (DFRWS 2006).
HART, S. V.; ASHCROFT, J.; DANIELS, D. J. Forensic examination of digital evidence: a guide for law enforcement. Department of Justice - Office of Justice Programs, USA, April 2004. Technical Report NCJ 199408.
HARTUNG, F.; GIROD, B. Digital watermarking of raw and compressed video. In: Proc. European EOS/SPIE Symposium on Advanced Imaging and Network Technologies. Berlin, Germany: [s.n.], 1996. Disponível em: <http://citeseer.ist.psu.edu/hartung96digital.html>.
HASELTON, B. A Protocol that uses steganography to circumvent network level censorship. 2000.
HIDE; SEEK. Hide and Seek. 2007. Disponível em: <ftp://csua.berkeley.edu/pub/cypherpunks/steganography/hdsk41b.zip>.
HIGH Technology Crime in California. 2007. Disponível em: <http://www.ocjp.ca.gov/publications/pubhtk1.pdf>.
HIROHISA, H. Crocus: a steganographic filesystem manager. In: ASIACCS ’07: Proceedings of the 2nd ACM symposium on Information, computer and communications security. New York, NY, USA: ACM Press, 2007. p. 344–346. ISBN 1-59593-574-6.
Hoglund, G. and Butler, J. (2005). Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional.
Holz, T. (2005). A Short Visit to the Bot Zoo [malicious bots software]. IEEE Security & Privacy Magazine, 3(3):76–79.
Hosmer, C. (2006). Digital Evidence Bag. Commun. ACM, 49(2):69–70.
IBM (2007). Michelangelo madness. IBM Research, [link].
Inman, K. and Rudin, N. (2000). Principles and Practice of Criminalistics: The Profession of Forensic Science (Protocols in Forensic Science). CRC.
ISO/IEC 9126-1. (2001) “Software Engineering — Product Quality — Part 1: Quality Model”, International Organization for Standardization, ISO, Geneva, Switzerland.
Jansen, W. and Ayers, R. (2004). Guidelines on PDA Forensics: recommendations of the national institute of standards of and technology. Department of Homeland Security. National Institute of Standards and Technology, http://csrc.nist.gov/publications/nistpubs/800-72/sp800-72.pdf.
JIN, X. 2006 “Applying Model Driven Architecture approach to Model Role Based Access Control System”, Master of Science in System Science, University of Ottawa, Ottawa, Ontario, Canada.
JOHNSON, N. F.; JAJODIA, S. Exploring steganography: Seeing the unseen. IEEE Computer, v. 31, n. 2, p. 26–34, 1998. Disponível em: <http://citeseer.ist.psu.edu/johnson98exploring.html>.
JOHNSON, N. Steganography. George Mason University, 1998.
Jones, K. J. (2007a). Galleta - an internet explorer cookie forensic analysis tool. Foundstone, Inc, http://www.foundstone.com/us/resources/proddesc/galleta.htm.
Jones, K. J. (2007b). Pasco - an internet explorer activity forensic analysis tool. Foundstone, Inc, [link].
JPHIDE; SEEK. Jphide and Seek. 2007. Disponível em: <http://linux01.gwdg.de/alatham/stego.html>.
KAHN, D. The history of steganography. In: Proceedings of the First International Workshop. Cambridge, UK: [s.n.], 1996.
KALKER, T. et al. Video watermarking system for broadcast monitoring. In: WONG, P. W.; III, E. J. D. (Ed.). SPIE, 1999. v. 3657, n. 1, p. 103–112. Disponível em: <http://link.aip.org/link/?PSI/3657/103/1>.
Kaspersky (2007). Malware descriptions: Classic viruses. Kaspersky Lab, http://www.viruslist.com/en/virusesdescribed?chapter=152540474.
Katz, J. (2004). Lecture notes — advanced topics in cryptography. http://www.cs.umd.edu/~jkatz/gradcrypto2/scribes.html.
Katz, J. e Wang, N. (2003). Efficiency improvements for signature schemes with tight security reductions. Em CCS ’03: Proceedings of the 10th ACM conference on Computer and communications security, p. 155–164, New York, NY, USA. ACM Press.
Kent, K., Chevalier, S., Grance, T., and Dang, H. (2006). Guide to integrating forensic techniques into incident response: Recommendations of the national institute of standards and technology. NIST Special Publication 800-86. National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf.
KIENZLE, D. M. ; ELDER, M. C. (2002) “Final Technical Report: Security Patterns for Web Application Development”, DARPA Contract F30602-01-C-0164, disponível em http://www.modsecurity.org/archive/securitypatterns/dmdj_final_report.pdf, acesso em junho de 2007.
KIENZLE, D. M.; ELDER, M. C.; TYREE, D. S.; EDWARDS-HEWITT, J. (2002) “Security Patterns Repository Version 1.0”, disponível em http://www.modsecurity.org/archive/securitypatterns/dmdj_repository.pdf, acesso em junho de 2007.
KIM, H. Stochastic model based audio watermark and whitening filter for improved detection. In: ICASSP ’00: Proceedings of the Acoustics, Speech, and Signal Processing, 2000. on IEEE International Conference. Washington, DC, USA: IEEE Computer Society, 2000. p. 1971–1974. ISBN 0-7803-6293-4.
Klaus, S. and Nelson, M. (2001). Métodos para detecção local de rootkits e módulos de kernel maliciosos em sistemas unix. In III Simpósio sobre Segurança em Informática (SSI), São José dos Campos, SP.
Koblitz, N. e Menezes, A. (2004). Another look at “provable security”. Cryptology ePrint Archive, Report 2004/152.
Koeune, F. e Standaert, F.-X. (2005). Foundations of Security Analysis and Design III: FOSAD 2004/2005 Tutorial Lectures, volume 3655 de Lecture Notes in Computer Science, capítulo A Tutorial on Physical Security and Side-Channel Attacks, p. 78–108. Springer, Berlin Heidelberg.
Kolla, P. M. (2007). Spybot search and destroy website. http://www.safer-networking.org/pt/index.html.
Kolter, Z. J. and Maloof, M. A. (2006). Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res., 7:2721–2744.
Kruse, W. G. and Heiser, J. G. (2001). Computer Forensics : Incident Response Essentials. Addison-Wesley Professional.
LAMPSON, B.W. (1971) “Protection”, Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, p. 437.
LANDWEHR, C. E. (1981) “Formal models for computer security”, Computing surveys.
LANDWEHR, C. E. (1983) “Best available technologies for computer security”, IEEE Computer Vol. 16, No. 7, Jul, p. 86-100.
LANDWEHR, C. E. (2001) “Computer security”, IJIS.
LANDWEHR, C.E.; HEITMEYER, C.L.; MCLEAN, J. (1984) “A security Model for Military Message Systems”, ACM Transactions on Computer Systems, Vol. 2, No 3, Aug, p. 198-222.
LANGELAAR, G. C.; LAGENDIJK, R. L.; BIEMOND, J. Real-time Labeling of MPEG-2 Compressed Video. 1997. Disponível em: <http://citeseer.ist.psu.edu/519721.html>.
LARMAN, C. (2004) “Applying UML and Patterns : An Introduction to Object-Oriented Analysis and Design and the Unified Process”, ISBN: 0131489062.
Lavasoft (2007). Ad-Aware website. Lavasoft AB, http://www.lavasoftusa.com/software/adaware.
LENA. Lena. 1972. Disponível em: <http://www.cs.cmu.edu/chuck/lennapg/lenna.shtml>.
LI, X.; YU, H. H. Transparent and robust audio data hiding in subband domain. In: ITCC ’00: Proceedings of the The International Conference on Information Technology: Coding and Computing (ITCC’00). Washington, DC, USA: IEEE Computer Society, 2000. p. 74. ISBN 0-7695-0540-6.
LINNARTZ, J.-P.; KALKER, T.; HAITSMA, J. Detecting electronic watermarks in digital video. In: ICASSP ’99: Proceedings of the Acoustics, Speech, and Signal Processing, 1999. on 1999 IEEE International Conference.Washington, DC, USA: IEEE Computer Society, 1999. p. 2071–2074. ISBN 0-7803-5041-3.
Lipton, R. J. (1981). How to cheat at mental poker. Proceedings of the AMS Short Course on Cryptology.
LU, C.; LIAO, H.; CHEN, L. Multipurpose Audio Watermarking. 2000. Disponível em: <http://citeseer.comp.nus.edu.sg/lu00multipurpose.html>.
MACKENZIE, D.E.; POTTINGER, G. (1997) “Mathematics, Technology, and Trust: Formal Verification”, Computer Security, and the U.S. Military, IEEE Annals of the History of Computing, Vol. 19, No 3.
MARVEL, L.; BONCELET, C.; RETTER, J. Spread spectrum image steganography. 1999. Disponível em: <http://citeseer.ist.psu.edu/article/marvel99spread.html>.
Mclaughlin, L. (2004). Bot software spreads, causes new worries. IEEE Distributed Systems Online, 5(6).
MCLEAN, J. (1990) “The Specification and Modeling of Computer Security”, IEEE Computer, Vol. 23, No 1.
MEERWALD, P. Digital Image Watermarking in the Wavelet Transform Domain. Dissertação (Mestrado) — Department of Scientific Computing, University of Salzburg, Austria, January 2001. Disponível em: <http://www.cosy.sbg.ac.at/pmeerw/Watermarking/MasterThesis>.
Micali, S., Rackoff, C., e Sloan, B. (1988). The notion of security for probabilistic cryptosystems. SIAM J. Comput., 17(2):412–426.
Microsoft (2007a). Windows defender home. http://www.microsoft.com/athome/security/spyware/software/default.mspx.
Microsoft (2007b). Windows sysinternals. Microsoft Technet. Microsoft Corporation, http://www.microsoft.com/technet/sysinternals/default.mspx.
MOF (2002) “Meta-Object Facility“, disponível em http://www.omg.org/cgi-bin/doc?formal/2002-04-03, acesso em julho de 2007.
MORRIS, S. The future of netcrime now (1) - threats and challenges. Home Office Crime and Policing Group, USA, 2004. Technical Report 62.
MOTTA G. H. M. B.; FURUIE S. S. (2002a) “Um Modelo de Autorização Contextual para Controle de Acesso Baseado em Papéis”, WSeg.
MOTTA G. H. M. B.; FURUIE S. S. (2002b) “MACA: Uma Ferramenta de Autorização e Controle de Acesso para o Prontuário Eletrônico de Pacientes”, VIII CBIS.
MPEG-2 Compressed Video. 1997. Disponível em: <http://citeseer.ist.psu.edu/519721.html>.
Neukamp, P. (2007). Fdtk-ubuntubr: Linux forense digital toolkit. http://www.fdtk-ubuntubr.1br.net/.
Newman, R. C. (2006). Cybercrime, identity theft, and fraud: practicing safe internet - network security threats and vulnerabilities. In InfoSecCD ’06: Proceedings of the 3rd annual conference on Information security curriculum development, pages 68–78, New York, NY, USA. ACM Press.
NIC.br (2007). Registro de domínios para a internet no brasil. Núcleo de Informação e Coordenação do Ponto br - NIC.br. Comitê Gestor da Internet no Brasil - CGI.br, http://registro.br/.
Nick (2004). Copilot – a coprocessor-based kernel runtime integrity monitor. pages 179–194.
NIST (2007). National Institute Of Standards And Technology (NIST). U.S. Commerce Department’s Technology Administration, http://www.nist.gov/.
NSRL (2007). National Software Reference Library (NSRL). National Institute of Standards and Technology (NIST). U.S. Department of Justice’s National Institute of Justice (NIJ), http://www.nsrl.nist.gov/.
NWCCC and FBI (2006). Internet crime report. Prepared by the National White Collar Crime Center and Federal Bureau of Investigation. The Internet Crime Complaint Center (IC3), [link].
OASIS (2007) “OASIS: Avancing E-Business Standards Since 1993”. Disponível em: http://www.oasis-open.org, acesso em junho de 2007.
OMG (2003) “MDA Guide V1.0.1”. Disponível em http://www.omg.org/cgi-bin/doc?omg/03-06-01, acesso em julho de 2007.
OPENGROUP (2007) http://www.opengroup.org/, acesso em junho de 2007.
OpenGroup (2007). dd - convert and copy a file. The Open Group, http://www.opengroup.org/onlinepubs/009695399/utilities/dd.html.
OSBORN, S.; SANDHU, R.; MUNAWER, Q. (2000) “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies”, ACM Transactions on Information and System Security, Vol. 3, no. 2.
OUTGESS. Outgess. 2007. Disponível em: <http://www.outgess.org>.
Palmer, G. and Corporation, M. (2001). A road map for digital forensic research. Technical report.
Pavlov, I. (2007). LZMA SDK (Software Development Kit). http://www.7-zip.org/sdk.html.
Payton, A. M. (2006). A review of spyware campaigns and strategies to combat them. In InfoSecCD ’06: Proceedings of the 3rd annual conference on Information security curriculum development, pages 136–141, New York, NY, USA. ACM Press.
PETITCOLAS, F. A. P.; ANDERSON, R. J.; KUHN, M. G. Information hiding — A survey. Proceedings of the IEEE, v. 87, n. 7, p. 1062–1078, 1999. Disponível em: <http://citeseer.ist.psu.edu/petitcolas99information.html>.
PETITCOLAS, F. A. P.; KATZENBEISSER, S. Information hiding techniques for steganography and digital watermarking. 1st. ed. [S.l.]: Artech House Books, 1999.
Phrack (2007). Project loki. http://www.phrack.org/issues.html?issue=49&id=6#article.
POPA, R. An analysis of steganography techniques. Dissertação (Mestrado) — The Polytechnic University of Timisoara, Timisoara, Romênia, 1998.
PRANDONI, P.; VETTERLI, M. Perceptually hidden data transmission over audio signals. 1998. Disponível em: <http://citeseer.ist.psu.edu/prandoni98perceptually.html>.
PROVOS, N. Defending against statistical steganalysis. In: 10th USENIX Security Symposium. [s.n.], 2001. Disponível em: <http://niels.xtdnet.nl/papers/defending.pdf>.
PROVOS, N.; HONEYMAN, P. Hide and seek: An introduction to steganography. IEEE Security and Privacy, IEEE Educational Activities Department, Piscataway, NJ, USA, v. 1, n. 3, p. 32–44, 2003. ISSN 1540-7993.
QIAO, L.; NAHRSTEDT, K. Watermarking methods for MPEG encoded video: Towards resolving rightful ownership. In: International Conference on Multimedia Computing and Systems. [s.n.], 1998. p. 276–285. Disponível em: <http://citeseer.ist.psu.edu/article/qiao98watermarking.html>.
RABAC XACML (2004). “XACML Profile for Role Based Access Control (RBAC)”, Organization for the Advancement of Structured Information Standards, disponível em http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf, acesso em junho de 2007.
Rabin, M. O. (1979). Digitalized signatures and public-key functions as intractable as factorization. Technical Report MIT-LCS-TM-212, Massachusetts Institute of Technology.
Ramachandran, A. and Feamster, N. (2006). Understanding the network-level behavior of spammers. In Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM 2006), pages 291–302, New York, NY, USA. ACM Press.
Richard, G. G. and Roussev, V. (2006). Next-generation digital forensics. Communications of the ACM, 49(2):76–80.
Rivest, R. L., Shamir, A., e Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120–126.
ROCHA, A. de R. Randomização Progressiva para Esteganálise. Dissertação (Mestrado) — Universidade Estadual de Campinas, Campinas, Brasil, 2006.
SALOMON, D. Data Compression: The Complete Reference. Segunda edição. Nova Iorque: Springer, 2000.
SANDHU, R. (1998) “Role-Based Access Control”, In Advances in Computers, Volume 46. Academic Press.
SANDHU, R.; COYNE, E.J.; FEINSTEIN, H.L.; YOUMAN, C.E. (1996) “Role-Based Access Control Models”, IEEE Computer, Vol. 29, Nº. 2, Feb, p. 38-47.
SANDHU, R.; FERRAIOLO, D.; KUHN, D.R. (2000) “The NIST Model for Role-Based Access Control: Towards A Unified Standard”, Proc. of 5th ACM Workshop on Role-Based Acess Control, Berlin, Germany.
SANDHU, R.; PARK, J. (2003) “Usage Control: A vision for Next Generation Access Control”, In The Second International Workshop Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS), St. Petersburg, Russia, Sep.
SCHUMACHER, M. (2003) “Security Engineering With Patterns: Origins, Theoretical Models, and New Applications”, Springer Berlin, Heidelber.
SCHUMACHER, M.; FERNANDEZ-BUGLIONI, E.; HYBERTSON, D.; BUSCHMANN, F.; SOMMERLAD, P. (2005) “Security patterns. Integrating security and systems engineering”, John Wiley & Sons.
SecurityFocus (2007). Securityfocus website. Symantec Corporation, http://www.securityfocus.com/.
Shamir, A., Rivest, R. L., e Adleman, L. M. (1979). Mental poker. Technical Report MIT-LCS-TM-125, Massachusetts Institute of Technology.
Shoup, V. (2001). Oaep reconsidered. Em CRYPTO ’01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p. 239–259, London, UK. Springer-Verlag.
Shukla, S. and Nah, F. F. (2005). Web browsing and spyware intrusion. Commun. ACM, 48(8):85–90.
SIEFFERT, M. et al. Stego intrusion detection system. AFRL/ASU Assured Information Security, Rome, NY, USA, 2004.
SIGNIT. SignIt. 2007. Disponível em: <http://www.alpvision.com>.
Sipior, J. C., Ward, B. T., and Roselli, G. R. (2005). A united states perspective on the ethical and legal issues of spyware. In ICEC ’05: Proceedings of the 7th international conference on Electronic commerce, pages 738–743, New York, NY, USA. ACM Press.
Skoudis, E. and Zeltser, L. (2003). Malware: Fighting Malicious Code. Prentice Hall PTR.
SOFTWARE, R. Revelation Software. 2007. Disponível em: <http://revelation.atspace.biz>.
Solove, D. J. and Rotenberg, M. (2003). Information Privacy Law (Aspen Elective Series). Aspen Publishers.
Sophos (2001). Glossary of terms: Companion virus. Sophos Plc., http://www.sophos.com/pressoffice/news/articles/2001/11/va_glossary.html#comp.
Sophos (2007). Sophos - anti-virus and anti-spam software for businesses. http://www.sophos.com/.
STEGDETECT. Stegdetect. 2007. Disponível em: <http://www.outguess.org/detection.php>.
STEGSPY. StegSpy. 2007. Disponível em: <http://www.spyhunter.com/stegspydownload.htm>.
Stinson, D. R. (2006). Cryptography: Theory and Practice. Chapman & Hall/CRC, Boca Raton, London, New York, 3 edição.
STIRMARK. Stirmark. 2007. Disponível em: <http://www.petitcolas.net/fabien/watermarking/stirmark/index.html>.
SU, P.-C. et al. Digital image watermarking in regions of interest. In: PICS. [S.l.: s.n.], 1999. p. 295–300.
Subramanya, S. R. and Lakshminarasimhan, N. (2001). Computer viruses. IEEE Potentials Magazine, 20(4):16–19.
SULLIVAN, K. et al. Steganalysis of quantization index modulation data hiding. In: IEEE International Conference on Image Processing. [s.n.], 2004. p. 1165–1168. Disponível em: <http://vision.ece.ucsb.edu/publications/04ICIPKen.pdf>.
SUN (2007) “Sun Microsystems”, disponível em http://www.sun.com/, acesso em julho de 2007.
SUN XACML (2007) “Sun’s XACML Implementation Programmer’s Guide”, disponível em: http://sunxacml.sourceforge.net/guide.html, acesso em junho de 2007.
SWANSON, M. D. et al. Robust audio watermarking using perceptual masking. Signal Processing, v. 66, n. 3, p. 337–355, 1998. Disponível em: <http://citeseer.ist.psu.edu/swanson98robust.html>.
SWANSON, M. D.; ZHU, B.; TEWFIK, A. H. Current state of the art - challenges and future directions for audio watermarking. In: ICMCS, Vol. 1. [S.l.: s.n.], 1999. p. 19–24.
Symantec (2007a). Understanding Virus Behavior under Windows NT. Symantec AntiVirus Research Center, [link].
Symantec (2007b). Php.pirus. Symantec Corporation, http://www.symantec.com/security_response/writeup.jsp?docid=2000-122009-2642-99.
Teelink, S. and Erbacher, R. F. (2006). Improving the computer forensic analysis process through visualization. Commun. ACM, 49(2):71–75.
Tham, A. (2001). What is code red worm? As part of the Information Security Reading Room. SANS Institute, [link].
TST (2005). TST admite que empresa investigue e-mail de trabalho do empregado. Tribunal Superior do Trabalho, [link].
TST (2006). Processo E-ED-RR - 613/2000-013-10-00.7. Tribunal Superior do Trabalho, [link].
TSUKOMO, A et al. (1997) “Qualidade de Software: Visões de Produto e Processo de Software”, II ERI – SBC, Piracicaba, São Paulo, Brasil.
UML (2007) “Unified Modeling Language”, disponível em http://www.uml.org/, acesso em julho de 2007.
Viotto, J. (2007). CSI Digital.
WANG, H.; WANG, S. Cyber warfare: steganography vs. steganalysis. Commun. ACM, ACM Press, New York, NY, USA, v. 47, n. 10, p. 76–82, 2004. ISSN 0001-0782.
Wang, X. and Yu, H. (2005). How to break md5 and other hash functions. In Eurocrypt 2005, volume 3494, pages 19–35. Lecture Notes in Computer Science.
WAYNER, P. Disappearing Cryptography: Information Hiding: Steganography and Watermarking (2nd Edition). San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 2002. ISBN 1558607692.
Weiss, A. (2005). Spyware be gone! netWorker, 9(1):18–25.
WESTFELD, A.; PFITZMANN, A. Attacks on steganographic systems. In: IH ’99: Proceedings of the Third International Workshop on Information Hiding. London, UK: Springer-Verlag, 2000. p. 61–76. ISBN 3-540-67182-X.
WESTPHALL, C.M. (2000) “Um esquema de autorização para a segurança em sistemas distribuídos de larga escala”, Programa de Pós-Graduação em Engenharia Elétrica da Universidade Federal de Santa Catarina, Tese de doutorado, Florianópolis – Santa Catarina.
Yao, A. C. (1982). Theory and applications of trapdoor functions. Em Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), p. 80–91.
YODER, J.; BARCALOW, J. (1997) “Architectural Patterns for Enabling Application Security”, Pattern Languages of Programs, Monticello, IL.
Zadjmool, R. (2004). Hidden threat: Alternate data streams. Articles :: Windows OS Security. Security Focus, [link].
Zhang, Y. and Paxson, V. (2000). Detecting backdoors. In Proc. 9th USENIX Security Symposium, pages 157–170.
Zou, C. C., Gong, W., Towsley, D., and Gao, L. (2005). The monitoring and early detection of internet worms. IEEE/ACM Trans. Netw., 13(5):961–974.