Minicursos do VI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
Palavras-chave:
Segurança da Informação, Sistemas Computacionais, Minicursos do SBSeg 2006, SBSeg 2006Sinopse
O Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg) é um evento científico promovido anualmente pela Sociedade Brasileira de Computação (SBC) e representa o principal fórum no país para a apresentação de pesquisas e atividades relevantes ligadas à segurança da informação e de sistemas. Este livro reúne os cinco capítulos produzidos pelos autores das propostas de minicursos aceitas para apresentação no SBSeg 2006.
O Capítulo 1, "Segurança em Serviços Web", apresenta os conceitos da arquitetura orientada a serviços, e em particular, a sua mais atual caracterização, os Serviços Web. Mostra-se, através de um cenário de uso, os benefícios em utilizar tal tecnologia e também são apresentados os desafios de segurança associados a esta. Por fim, são apresentados alguns trabalhos de pesquisa e tecnologias voltadas para tratar tais desafios de segurança.
O Capítulo 2, "Ataques e Mecanismos de Segurança em Redes Ad Hoc", apresenta os principais ataques às redes ad hoc, classificando-os segundo os efeitos que causam e a camada de protocolos na qual eles atuam. São também apresentados e analisados os principais mecanismos de segurança utilizados para a proteção aos ataques, assim como os principais protocolos seguros específicos para redes ad hoc que foram propostos.
O Capítulo 3, "Introdução à Biometria", apresenta uma visão geral da autenticação biométrica, examinando as principais tecnologias utilizadas e discutindo seus benefícios e limitações. São considerados ainda aspectos arquiteturais de sistemas biométricos, bem como problemas em aberto que precisam ser melhor pesquisados.
O Capítulo 4, "A Nova Geração de Modelos de Controle de Acesso em Sistemas Computacionais", apresenta alguns modelos de controle de acesso, como DAC, MAC, DRM, RBAC e UCON, abordando as suas principais características e propriedades, como também um breve comparativo entre eles.
O Capítulo 5, "Técnicas de Defesa Contra Spam", apresenta a motivação e os mecanismos utilizados para enviar os spams e as técnicas usadas para classificá-los e filtrá-los. Além disso, diferentes sistemas anti-spam encontrados na literatura são caracterizados. Por fim, novas propostas para coibir o envio de spams são discutidas.
Capítulos
-
1. Segurança em Serviços Web
-
2. Ataques e Mecanismos de Segurança em Redes Ad Hoc
-
3. Introdução à Biometria
-
4. A Nova Geração de Modelos de Controle de Acesso em Sistemas Computacionais
-
5. Técnicas de Defesa Contra Spam
Downloads
Referências
Agência Globo (2005). Brasil é 5º maior receptor de spam; spywares representam 22% das infecções. [link].
Amoroso, E. G. (1994). Fundamentals of Computer Security Technology. Prentice Hall.
Amoroso, Edward G. (1994) “Fundamentals of Computer Security Technology”, Prentice Hall PTR, Upper Saddle River, NJ.
Anderson, James P. (1972) ”Computer Security Technology Planning Study” Report ESD-TR-73-51.Electronic Systems Division.
Anderson, R. e Kuhn, M. (1996). Tamper resistance - a cautionary note. Em Second USENIX Workshop en Electronic Commerce.
Andreolini, M., Bulgarelli, A., Colajanni, M. e Mazzoni, F. (2005). Honeyspam: Honeypots fighting spam at the source. Em International Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’05), páginas 77–83.
ANSI (2003). Biometric information management and security for the financial services industry. ANSI X9.84-2003, American National Standards Institute.
ANSI (2005). ANSI INCITS 409 - Information Technology - Biometric Performance Testing and Reporting - Part 1: Principles and Framework - Part 2: Technology Testing and Reporting - Part 3: Scenario Testing and Reporting. American National Standards Institute.
Apache (2006). Spamassassin. http://spamassassin.apache.org/.
Asokan, N., Schunter, M., e Waidner, M. (1997). Optimistic protocols for fair exchange. In CCS ’97: 4th ACM conference on Computer and communications security, pages 7–17, New York, NY, USA. ACM Press.
Atkinson, R. (1995). Security architecture for the internet protocol. RFC 1825.
Bailly-Bailliére, E., Bengio, S., Bimbot, F., Hamouz, M., Kittler, J., Mariéthoz, J., Matas, J., Messer, K., Popovici, V., Porée, F., Ruiz, B., and Thiran, J.-P. (2003). The BANCA database and evaluation protocol. In 4th International Conference on Audio and Video-Based Biometric Person Authentication (AVBPA), volume 2688 of Lecture Notes in Computer Science, pages 625–638, Guildford, UK. Springer-Verlag.
Bartel, M., Boyer, J., e Fox, B. (2002). XML-Signature Syntax and Processing. W3C. http://www.w3.org/TR/xmldsig-core.
Baruch Awerbuch, David Holmer, C. N.-R. e Rubens, H. (2002). An on-demand secure routing protocol resilient to byzantine failures. Em ACM Workshop on Wireless Security (WiSe), Atlanta, Georgia.
BBC (2005). Malaysia car thieves steal finger. http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm. Acessado em julho/2006.
Bechtold S. (2001) “Implications of Digital rights management, security and privacy in Digital rights management”, Proceedings of ACM - Workshop DRM p. 213 – 232.
Bell, D. E, e LaPadula, Leonard J. (1976) “Secure Computer Systems: Unified Exposition and Multics Interpretation”, MITRE Technical Report MTR-2997 Rev. 1, MITRE Corporation.
Bellare, M., Canetti, R. e Krawczyk, H. (1996). Keying hash functions for message authentication. Lecture Notes in Computer Science, 1109.
Bellare, M., Kilian, J. e Rogaway, P. (1994). The security of cipher block chaining. Lecture Notes in Computer Science, 839:341–358.
Bergadano, F., Gunetti, D., and Picardi, C. (2002). User authentication through keystroke dynamics. ACM Transactions on Information and System Security, 5(4):367–397.
Biba, Kenneth J. (1977) “Integrity Considerations for Secure Computer Systems”, MITRE Technical Report MTR-3153, MITRE Corporation, Bedford, MA.
Bing, B. (2006). A fast and secure framework for over-the-air wireless software download using reconfigurable mobile devices. IEEE Communications Magazine, 44(6).
BioID (2005). Humanscan. http://www.bioid.com. Acessado em julho/2006.
BIOLAB (2005). Synthetic FINgerprint GEnerator. Biometric Systems Lab - http://bias.csr.unibo.it/research/biolab. Acessado em julho/2006.
Bishop, M. (2003) “Computer Security Art and Sciense”, ed. Addison Wesley Buenett, S. e Paine, S. (2002) “Criptografia e segurança”, Ed. Campus.
Bishop, M. e Bailey, D. (1996). A critical analysis of vulnerability taxonomies. Technical Report CSE-96-11, Department of Computer Science at University of California, Davis.
BITE (2005). Global biometric market and industry report. Technical report, Biometric Identification Technology Ethics. http://www.biteproject.org/.
Blakley, G. R. (1979). Safeguarding cryptographic keys. Em National Computer Conference (AFIPS), volume 48, páginas 313–317.
Bolle, R. M., Connell, J. H., and Ratha, N. K. (2002). Biometric perils and patches. In Pattern Recognition, volume 35, pages 2727–2738. Elsevier Science.
Bolle, R. M., Connell, J. H., Pankanti, S., Ratha, N. K., and Senior, A. W. (2004). Guide to Biometrics. Springer Professional Computing, 1st edition.
Boneh, D. e Franklin, M. (2001). Identity-based encryption from the weil pairing. Em 21st Annual International Cryptology Conference on Advances in Cryptology - CRYPTO ’01, páginas 213–229.
Boyer, J. (2001). Canonical XML. W3C. http://www.w3.org/TR/xml-c14n.
Boykin, P. O. e Roychowdhury, V. P. (2005). Leveraging social networks to fight spam. IEEE Computer Magazine, 38(4):61–68.
Brin, S. e Page, L. (1998). The anatomy of a large-scale hypertextual web search engine. Seventh International World-Wide Web Conference.
Brown, N. e Kindel, C. (1996). Distributed Component Object Model Protocol – DCOM/1.0. Microsoft.
Buchegger, S. e Boudec, J. L. (2002). Performance analysis of the confidant protocol (cooperation of nodes: Fairness in dynamic ad-hoc networks). Em The Third ACM International Symposium on Mobile Ad Hoc Networking and Computing, páginas 226–236.
Buhan, I., Bazen, A., Hartel, P., and Veldhuis, R. (2006). A false rejection oriented threat model for the design of biometric authentication systems. Proceedings of the International Conference on Biometrics 2006 (Hong Kong, China), 3832:728–736.
Burge, M. and Burger, W. (2000). Ear biometrics in computer vision. In International Conference on Pattern Recognition, volume 2, pages 2822– 2826, Los Alamitos, CA, USA. IEEE Computer Society.
Buttyan, L. e Hubaux, J. P. (2000). Enforcing service availability in mobile ad-hoc wans. Em IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC), Boston, USA.
Buttyan, L. e Hubaux, J. P. (2003). Stimulating cooperation in self-organizing mobile ad hoc networks. ACM/Kluwer Mobile Networks and Applications (MONET), 8(5):579–592.
Cabrera, F., Copeland, G., Freund, T., Klein, J., Langworthy, D., Orchard, D., Shewchuk, J., e Storey, T. (2004). Web Services Coordination. Web Services Interoperability Organization. http://msdn.microsoft.com/library/en-us/dnglobspec/html/WS-Coordination.pdf.
Camelot (2001) “Differentiating Between Access Control Terms” Network Security Library :: Auth. & Access Control.
Campbell, J. P. (1997). Speaker recognition: A tutorial. Proceedings of the IEEE, 85(9):1437–1462.
Campbell, J. P. and Reynolds, D. A. (1999). Corpora for the evaluation of speaker recognition systems. ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing, 2:829–832.
Canter, L. A. e Siegel, M. S. (1994). Green card lottery-final one? http://www.bio.net/bionet/mm/dros/1994-April/000326.html.
Capkun, S. e Hubaux, J. (2003). BISS: building secure routing out of an incomplete set of secure associations. Em 2nd ACM Wireless Security (WiSe’03), páginas 21–29.
Cappelli, R., Maio, D., Maltoni, D.,Wayman, J. L., and Jain, A. K. (2006). Performance evaluation of fingerprint verification systems. IEEE Transactions on Pattern Analysis and Machine Intelligence, 28(1):3–18.
Carlson, L. (2003). Match on card system for IT security. In Biometric Technology Today, volume 11, pages 3–4. Elsevier Science.
Carmody, S. (2001). Shibboleth Overview and Requirements. Shibboleth Working Group.
Cattaneo, G., Faruolo, P., e Petrillo, U. F. (2004). Providing privacy for web services by anonymous group identification. In International Conference on Web Services (ICWS’04). IEEE. 22
CGI.BR (2006). Comitê gestor da Internet no Brasil - Antispam.br. http://www.antispam.br/.
Cha, J. C. e Cheon, J. H. (2003). An identity-based signature from gap diffie-hellman groups. Em Practice and Theory in Public Key Cryptography (PKC 2003), volume 2567, páginas 18–30.
Chan, H., Perrig, A. e Song, D. (2003). Random key predistribution schemes for sensor networks. Em IEEE Symposium on Security and Privacy, páginas 197–213.
Chandra, A. and Calderon, T. (2005). Challenges and constraints to the diffusion of biometrics in information systems. Communications of the ACM, 48(12):101–106.
Chang, K., Bowyer, K., and Flynn, P. (2003). Multimodal 2D and 3D biometrics for face recognition. IEEE International Workshop on Analysis and Modeling of Faces and Gestures, pages 187–194.
Chang, S., Chen, W., e Hsu, M. (2003). Managing security policy in a large distributed web services environment. In 27th International Computer Software and Applications Conference (COMPSAC’03). IEEE.
Charfi, A. e Mezini, M. (2005). Using aspects for security engineering of web service compositions. In Proceedings of the 2005 IEEE International Conference on Web Services, Volume I, pages 59–66.
Chen, H. and Jain, A. K. (2005). Dental biometrics: Alignment and matching of dental radiographs. IEEE Tansactions on Pattern Analysis and Machine Intelligence, 27(8):1319–1326.
Clark, David D. e Wilson, David R. (1987) “A Comparison of Commercial and Military Computer Security Policies”, In Proceedings of the IEEE Symposium on Security and Privacy, p. 184–194, Oakland, CA.
Clarke, R. (1994). Human identification in information systems: management challenges and public policy issues. Information Technology & People, 7(4):6– 37.
Commtouch (2006). Spam lab online statistics. http://www.commtouch.com/Site/ResearchLab/statistics.asp.
Connie, T., Teoh, A., Goh, M., and Ngo, D. (2005). Palmhashing: a novel approach for cancelable biometrics. Information Processing Letters, 93(1):1–5.
Costales, B. e Flynt, M. (2005). sendmail Milters A Guide for Fighting Spam. Addison Wesley Professional, 1a edição.
Cukier, W. L., Cody, S. e Nesselroth, E. J. (2006). Genres of spam: Expectations and deceptions. Em Hawaii International Conference on System Sciences (HICSS), páginas 1–10.
Cullen, L. T. (2002). Some more spam, please. Time, 160(20):58–59.
Cuppens, F. e Miège, A. (2003) “Administration Model for Or-BAC”, Workshop on Metadata for Security (WMS).
Cuppens, F. e Miège, A. (2003) “Modelling Contexts in the Or-BAC Model”, Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), IEEE Press.
Curphey, M., Endler, D., Hau, W. e Taylor S. (2002) “A Guide to Building Secure Web Applications - Mandatory Access Control – Chapter 8”. Access Control and Authorization, The Open Web Application Security Project (OWASP).
Daemen, J. e Rijmen, V. (2002). The Design of Rijndael: AES - The Advanced Encryption Standard. Springer-Verlag.
Daemen, J. e Rijmen, V. (2002). The Design of Rijndael: AES - The Advanced Encryption Standard. Springer-Verlag.
Damiani, E., di Vimercati, S. D. C., e Samarati, P. (2003). Managing multiple and dependable identities. In IEEE Internet Computing, pages 29–37. IEEE.
Daugman, J. (1999). Recognizing persons by their iris patterns. In Jain, A. K., Bolle, R. M., and Pankanti, S., editors, Biometrics: Personal Identification in Networked Society, chapter 5. Kluwer Academic Publishers, Boston, MA, USA.
Daugman, J. G. (1993). High confidence visual recognition of persons by a test of statistical independence. IEEE Transactions on Pattern Analysis and Machine Intelligence, 15(11):1148–1161.
Daugman, J. G. and Williams, G. O. (1996). A proposed standard for biometric decidability. In Proceedings of CardTech/SecureTech, pages 223–234, Atlanta, GA, USA.
de Mello, E. R. e da Silva Fraga, J. (2005). Mediation of trust across web services. In 3rd IEEE International Conference on Web Services (ICWS’05), pages 515–522, Orlando, Flórida - EUA.
de Mello, E. R., Wangham, M., da Silva Fraga, J., e Rabelo, R. (2005). A secure model to establish trust relationships in web services for virtual organizations. In Camarinha-Matos, L. M., Afsarmanesh, H., e Ortiz, A., editors, 6th IFIP Working Conference on Virtual Enterprises (PRO-VE’05), pages 183–190, Valência, Espanha. Springer.
Decreto-lei no 2.848 (1940). Código penal. http://www.planalto.gov.br/ccivil_03/Decreto-Lei/Del2848compilado.htm.
Demchenko, Y., Gommans, L., de Laat, C., e Oudenaarde, B. (2005). Web services and grid security vulnerabilities and threats analysis and model. http://www.uazone.org/demch/analytic/draft-grid-security-incident-04.pdf.
Denning, D. E. R. (1982) “Cryptography and data security”, Addison-Wesley.
Departament of Defense (1985). “Trusted Computer System Evaluation Criteria”, DOD 5200.28-STD.
Detroit Free Press (2002). Spam king lives large off others’ e-mail troubles. http://www.freep.com.
Dierks, T. e Allen, C. (1999). The TLS Protocol – Version 1.0. IETF RFC 2246.
Diffie, W. e Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654.
DIN (2003). Information Technology - security techniques - a framework for security evaluation and testing of biometric technology. ISO/IEC JTC 1/SC 27 N 3806, Deutsches Institut fur Normung, Berlin, Germany.
Douceur, J. R. (2002). The sybil attack. Em First International Workshop on Peer-to-Peer Systems (IPTPS ’02), páginas 251–260.
Duncan C., Barker E., Peter D., Morrey M. e Waelde C. (2004) “Digital Rights Management”, JISC DRM Study – Final Report.
Eastlake, D. e Jones, P. (2001). US Secure Hash Algorithm 1 (SHA1). Internet Engineering Task Force RFC 3174.
El Kalam, A. A., El Baida, R., Balbiani P., Benferhat S., Cuppens F., Deswarte Y., Miège A., Saurel C. e Trouessin, G. (2003) “Organization based access control”, Proceedings oh the 4th International on Policies for Distributed Systems and Networks, IEEE Press.
Ellison, C. M., Frantz, B., Lampson, B., Rivest, R., Thomas, B. M., e Ylonen, T. (1999). SPKI Certificate Theory. Internet Engineering Task Force RFC 2693.
Emery, T. (2003). MIT conference takes aim at spam emails. Associated Press.
Ernst, J. (2002). Iris recognition: Counterfeit and countermeasures. http://www.iris-recognition.org/counterfeit.htm. Acessado em julho/2006.
Eschenauer, L. e Gligor, V. D. (2002). A keymanagement scheme for distributed sensor networks. Em 9th ACM Conference on Computer and Communication Security, páginas 41–47.
Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., e Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3):224–274.
Ferraiolo, David F., Sandhu, Ravi S., Gavrila, S., Kuhn, D. R. e Chandramouli, R. (2001) “Proposed NIST Standard for Role-Based Access Control”, ACM Transactions on Information and System Security, Vol. 4, No. 3, p. 224–274.
Fink, G. A., Wienecke, M., and Sagerer, G. (2001). Video-based online handwriting recognition. In International Conference on Document Analysis and Recognition, pages 226–230, Los Alamitos, CA, USA. IEEE Computer Society.
Frankel, Y. e Desmedt, Y. (1992). Parallel reliable threshold multisignature. TR 92-04-02, University of Wisconsin.
Freier, A. O., Karlton, P., e Kocher, P. C. (1996). The SSL protocol - v.3. Internet Draft.
FTC (2005). FTC - spam - home page. http://www.ftc.gov/spam/.
Gahlin, C. (2004). Secure ad hoc networking. Master’s thesis, University of Umeå. Work in progress.
Ganesan, D., Govindan, R., Shenker, S. e Estrin, D. (2001). Highly resilient, energy-efficient multipath routing in wireless sensor networks. ACM Mobile Computing and Communications Review, 5.
Gennaro, R., Jarecki, S., Krawczyk, H. e Rabin, T. (1996). Robust threshold DSS signatures. Em Advances in Cryptology - Eurocrypt ’96, páginas 354–371.
Goguen J. A. e Mesajuer J. (1982) “Security Policies And Security Models”, Proceedings of IEEE symposium on Reseach in Security and Privacy.
Goldwasser, S., Micali, S., e Rackoff, C. (1989). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186–208.
Gomes, L. H., Bettencourt, L. M. A., Almeida, V. A. F., Almeida, J. M. e Castro, F. D. O. (2006). Quantifying social vs. antisocial behavior in email networks. ArXiv Physics e-prints.
Gomes, L. H., Cazita, C., Almeida, J. M., Almeida, V. e Wagner Meira, J. (2004). Characterizing a spam traffic. Em ACM SIGCOMM conference on Internet measurement (IMC’04), páginas 356–369. ACM Press.
Goodman, J. T. e Rounthwaite, R. (2004). Stopping outgoing spam. Em ACM conference on Electronic commerce (EC’04), páginas 30– 39. ACM Press.
Gregory, P. e Simon, M. A. (2005). Blocking Spam & Spyware for Dummies. Wiley Publishing, Inc.
Grupo Brasil AntiSPAM (2006b). Página Brasil AntiSPAM. org. http://brasilantispam.locaweb.com.br.
Grupo Brasil AntiSPAM(2006a). Código de Ética AntiSPAM e melhores práticas de uso de mensagens eletrônicas. http://brasilantispam.locaweb.com.br/main/codigoopt.htm.
Gyongyi, Z. e Garcia-Molina, H. (2005). Web spam taxonomy. Em First International Workshop on Adversarial Information Retrieval on the Web (AIRWeb).
Haas, Z., Pearlman, M. e Samar, P. (2001). The Interzone Routing Protocol (IERP) for Ad Hoc Networks. IETF MANET working group.
Hafslund, A., Tønnesen, A., Rotvik, R. B., Andersson, J. e Øivind Kure (2004). Secure extension to the olsr protocol. Em OLSR Interop and Workshop, páginas 1–4, San Diego, California.
Hallam-Baker, P. e Mysore, S. H. (2005). XML Key Management Specification (XKMS 2.0). W3C – Proposed Recommendation.
Hambridge, S. e Lunde, A. (1999). DON’T SPEW: A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam*). RFC 2635.
Harrison, Michael A. e Ruzzo, Walter L. (1976) “Protection in Operating Systems”, Communications of the ACM, Vol. 19, No 8.
Harrison, Michael A. Harrison, Ruzzo, Walter L. e Ullman, Jeffrey D. (1976) “Protection in Operating Systems”, Communications of the ACM.
He, Q., Wu, D. e Khosla, P. (2004). SORI: A secure and objective reputation-based incentive scheme for ad-hoc networks. Em Proc. IEEE Wireless Communications and Networking Conference (WCNC 2004), Atlanta, E.U.A.
Heinen, M. R. and Osório, F. S. (2004). Biometria comportamental: Pesquisa e desenvolvimento de um sistema de autenticação de usuários utilizando assinaturas manuscritas. Infocomp Revista de Ciência da Computação. ISSN 1807-4545 volume 3 fasciculo 2 pgs 31 a 37 Lavras MG Brasil.
Hill, R. B. (1999). Retina identification. In Jain, A. K., Bolle, R. M., and Pankanti, S., editors, Biometrics: Personal Identification in Networked Society, chapter 6. Kluwer Academic Publishers, Boston, MA, USA.
Hoanca, B. (2006). How good are our weapons in the spam wars? IEEE Technology and Society Magazine, 25(1):22–30.
Holmes, N. (2005). In defense of spam. IEEE Computer Magazine, 38(4):86–88.
Hook, C., Kempf, J., and Scharfenberg, G. (2003). New pen device for biometrical 3d pressure analysis of handwritten characters, words and signatures. In WBMA ’03: Proceedings of the 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, pages 38–44, New York, NY, USA. ACM Press.
Hopcroft, J. e Ullman, J. (1979). Introduction to Automata Theory, Languages and Computation. Addison-Wesley.
Hormel Foods (2000). Your use of our trademark SPAM on your “Page-O-SPAM” website. http://www.rsi.com/spam/.
Housley, R., Polk, W., Ford, W., e Solo, D. (2002). Internet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC 3280.
Hu, Y.-C., Johnson, D. B. e Perrig, A. (2002). SEAD: Secure efficient distance vector routing in mobile wireless ad hoc networks. Em Fourth IEEEWorkshop on Mobile Computing Systems and Applications (WMCSA ’02), páginas 3–13.
Hu, Y.-C., Perrig, A. e Johnson, D. B. (2003a). Packet leashes: A defense against wormhole attacks in wireless ad hoc networks. Em Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), volume 3, páginas 1976–1986.
Hu, Y.-C., Perrig, A. e Johnson, D. B. (2003b). Rushing attacks and defense in wireless ad hoc network routing protocols. Em Second ACM Workshop on Wireless Security (WiSe 03), páginas 30–40.
Hu, Y.-C., Perrig, A. e Johnson, D. B. (2005). Ariadne: A secure ondemand routing protocol for ad hoc networks. Wireless Networks, 11(1–2):21–38.
Hung, P. C. K., Ferrari, E., e Carminati, B. (2004). Towards standardized web services privacy technologies. In International Conference on Web Services (ICWS’04). IEEE.
IBG (2005). Independent testing of iris recognition technology. Technical Report NBCHC030114/0002, International Biometric Group.
IBM e Microsoft (2002). Security in a Web Services World: A Proposed Architecture and Roadmap. IBM Corporation and Microsoft Corporation. http://msdn.microsoft.com/ws-security/.
IEEE (2000). IEEE Standard Specifications for Public-Key Cryptography. IEEE Std 1363-2000.
Imamura, T., Dillaway, B., e Simon, E. (2002). XML Encryption Syntax and Processing. W3C. http://www.w3.org/TR/xmlenc-core.
ISO/IEC 27001 (2005)“Tecnologia da Informação – Técnicas de Segurança – Sistemas de Gerenciamento de Segurança da Informação – Necessidades”, ISO/IEC.
Jacquet, P., Muhlethaler, P., Clausen, T., Laouiti, A., Qayyum, A. e Viennot, L. (2001). Optimized link state routing protocol for ad hoc networks. Em 5th IEEE Multi Topic Conference (INMIC 2001), páginas 62–68.
Jagadeesan, R. e Saraswat, V. (2005) “Timed Constraint Programing: A decarative Approach to Usage Control”, Principles and Practice of Declarative Programming (PPDP’05).
Jain, A. K., Ross, A., and Prabhakar, S. (2004). An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Tecnhology, 14(1):4–20.
Johnson, D. B. e Maltz, D. A. (1996). Dynamic source routing in ad hoc wireless networks, mobile computing. Em Kluwer Academic Publishers, volume 353, páginas 153–181. Mobile Computing (ed. T. Imielinski and H. Korth).
Jordan, Carole S., Downs D., Wagner G., LaFountain, S. e Baker, Dixie B. (1987) “A Guide to Understanding Discrentionary Access Control in Trusted Systems”, National Computer Security Center.
Jøsang, A. e Pope, S. (2005). User centric identity management. In AusCERT Asia Pacific Information Technology Security Conference 2005.
Jøsang, A., Fabre, J., Hay, B., Dalziel, J., e Pope, S. (2005). Trust requirements in identity management. In CRPIT ’44: Proceedings of the 2005 Australasian workshop on Grid computing and e-research, pages 99–108, Darlinghurst, Australia. Australian Computer Society, Inc.
Jung, J. e Sit, E. (2004). An empirical study of spam traffic and the use of DNS black lists. Em ACM SIGCOMM conference on Internet measurement (IMC’ 04), páginas 370–375. ACM Press.
Kaliski, B. e Staddon, J. (1998). PKCS #1: RSA Cryptography Specifications Version 2.0. RFC 2437.
Kaminsky, Omar (2004) “Introdução à Gestão de Direitos Digitais”, http://www.cem.itesm.mx/verba-iuris/articulos/080203.htm.
Karlof, C. e Wagner, D. (2003). Secure routing in wireless sensor networks: attacks and countermeasures. IEEE International Workshop on Sensor Network Protocols and Applications 2003, páginas 113–127.
Karp, A. H. (2006) “Authorization-Based Access Control for the Services Oriented Architecture”, 4th ICCC, IEEE Press
Katzenbeisser, Adelsbach, S. e Veith, H. (2003) “Watermarking schemes provably secure against copy and ambiguity attacks”, Proceedings of the 2003 ACM workshop on Digital rights management, p. 111-119.
Kazienko, J. F. (2003). Assinatura digital de documentos eletrônicos através da impressão digital. Dissertação de mestrado, Programa de Pós-Graduação em Ciência da Computação, Universidade Federal de Santa Catarina.
Kephart, J. O. e Chess, D. M. (2003). The vision of autonomic computing. IEEE Computer, 36(1):41–52.
Khalili, A., Katz, J. e Arbaugh, W. A. (2003). Toward secure key distribution in truly ad-hoc networks. Em Applications and the Internet Workshops (SAINT’03 Workshops), páginas 342–346.
Klensin, J. (2001). Simple Mail Transfer Protocol. RFC 2821.
Kohl, J. e Neuman, C. (1993). The Kerberos Network Authentication Service (v5). Internet Engineering Task Force RFC 1510.
Kong, A., Griffith, A., Rhude, D., Bacon, G., and Shahs, G. (2002). Department of Defense federal biometric system protection profile for medium robustness environments. Technical report, U.S. Department of Defense.
Kong, A., Griffith, A., Rhude, D., Bacon, G., and Shahs, G. (2003). US Government biometric verification mode protection profile for medium robustness environments. Technical report, The Biometrics Management Office and National Security Agency.
Kong, J., Zerfos, P., Luo, H., Lu, S. e Zhang, L. (2001). Providing robust and ubiquitous security support for mobile ad-hoc networks. Em Ninth International Conference on Network Protocols (ICNP’01), páginas 251–260.
Korotkaya, Z. (2003). Biometric person authentication: Odor. Inner report in Department of Information Technology, Laboratory of Applied Mathematics, Lappeenranta University of Technology. in “Advanced Topics in Information Processing: Biometric Person Authentication”.
Krim, J. (2003). Lawsuits by AOL escalates fight against junk e-mail. The Washington Post, 15:A1.
Ku, W. e Chi, Chi-Hung (2004) “Survey on the technological aspects of Digital Rights Management”, Proceeding of the 7th Information Security Conference.
Kulkarnia, S. S., Goudab, M. G. e Arora, A. (2006). Secret instantiation in ad hoc networks. Em Computer Communicatons 29, páginas 200–215, Oakland, California.
Kyong I. Chang, K. W. B. and Flynn, P. J. (2005). An evaluation of multimodal 2D+3D face biometrics. IEEE Transactions on Pattern Analysis and Machine Intelligence, 27(4).
Lamport, L. (1994) “Transactions on Programming Languages and Systems - The Temporal Logic of Actions”, ACM, Vol. 16 Issue 3.
Lamport, L., Shostak, R. e Pease, M. (1982). The byzantine generals problem. Em ACM Transactions on Programming Languages and Systems (TOPLAS), volume 4 of 3, páginas 382–401.
Lampson, Butler W. (1971) “Protection”; Proceedings of the 5th Princeton Conference on Information Sciences and Systems, Princeton, p.437.
Landwehr Carl E, (1983) “Best available technologies for computer security”, IEEE Comput, p.86-100
Landwehr, C. E. (2001). Computer Security. In International Journal of Information Security, volume 1, pages 3–13. Springer-Verlag Heidelberg.
Landwehr, C. E. (2001). Computer security. International Journal of Information Security, 1(1):3–13.
Landwehr, Carl E. (1981) “Formal Models for Computer Security”, ACM Computing Surveys, 13(3): p. 247–278.
Landwehr, Carl E. (2001) “Computer security” Publicado por Springer-Verlag.
Laufer, R. P., Moraes, I. M., Velloso, P. B., Bicudo, M. D. D., Campista, M. E. M., de O. Cunha, D., Costa, L. H. M. K. e Duarte, O. C. M. B. (2005). Livro Texto dos Mini-cursos do V Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, chapter Negação de Serviço: Ataques e Contramedidas, páginas 1–63. Sociedade Brasileira de Computação.
Lei no 8.078 (1990). Código de defesa do consumidor. http://www.planalto.gov.br/ccivil_03/LEIS/L8078compilado.htm.
Leniski, A. C., Skinner, R. C., McGann, S. F., and Elliott, S. J. (2003). Securing the biometric model. In IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, pages 444–449.
Levine, J. R., Young, M. L. e Everett-Church, R. (2004). Fighting Spam For Dummies. John Wiley & Sons, 1a edição.
Liberty (2003a). Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance.
Liberty (2003b). Privacy and Security Best Practices. Liberty Alliance.
Liu, Z., Joy, A. W. e Thompson, R. A. (2004). A dynamic trust model for mobile ad hoc networks. Em IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS’04), Suzhou, Chine.
Lorch, M., Proctor, S., Lepro, R., Kafura, D., e Shah, S. (2003). First experiences using xacml for access control in distributed systems. In ACM Workshop on XML Security.
Lu, G., Zhang, D., and Wang, K. (2003). Palmprint recognition using eigenpalms features. Pattern Recognition Letters, 24(9-10):1463–1467.
MacIntosh, R. e Vinokurov, D. (2005). Detection and mitigation of spam in ip telephony networks using signaling protocol analysis. IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication, páginas 49–52.
Mackenzie, D. e Pottinger, G. (1997) “Mathematics, Technology, and Trust: Formal Verification, Computer Security, and the U.S. Military”, IEEE Annals of the History of Computing, Vol. 19, nr 3.
Maltoni, D., Maio, D., Jain, A. K., and Prabhakar, S. (2003). Handbook of Fingerprint Recognition. Springer Verlag, New York, USA.
Mansfield, A. and Wayman, J. (2002). Best practices in testing and reporting performance of biometric devices, version 2.0.1. Technical report, BiometricsWorking Group, http://www.afb.org.uk/bwg/bestprac.html.
Mansfield, T., Kelly, G., Chandler, D., and Kane, J. (2001). Biometric product testing final report. Technical Report CESG contract X92A/4009309, UK Biometrics Working Group.
Mansfield, T., Kelly, G., Chandler, D., and Kane, J. (2002). Biometrics for identification and authentication - advice on product selection. Technical report, UK Biometrics Working Group.
Masek, L. and Kovesi, P. (2003). MATLAB source code for a biometric identification system based on iris patterns. Master’s thesis, The School of Computer Science and Software Engineering, The University of Western Australia. Código-fonte disponível em [link]. Acessado em julho/2006.
McKnight, D. H. e Chervany, N. L. (2000). What is trust? A conceptual analysis and an interdisciplinary model. Em Americas Conference on Information Systems (AMCIS 2000), Long Beach, USA.
McLean, John (1990). “The Specification and Modeling of Computer Security”. IEEE Computer, 23(1): p. 9–16.
Merkle, R. C. (1980). Protocols for public key cryptosystems. Em IEEE Symposium on Security ad Privacy, páginas 122–133.
Miller, B. (1994). Vital signs of identity. IEEE Spectrum, 31(2):22–30.
Mori, G. e Malik, J. (2003). Recognizing objects in adversarial clutter: breaking a visual CAPTCHA. Em IEEE Computer Society Conference on Computer Vision and Pattern Recognition, páginas 134–141.
Munich, M. E. and Perona, P. (1998). Camera-based ID verification by signatures tracking. Lecture Notes in Computer Science, 1406:782.
Murthy, C. e Mano, B. (2004). Ad Hoc wireless networks: architetures and protocols. Prentice Halll Professional Technical Reference.
Myers, C. S. and Rabiner, L. R. (1981). A comparative study of several dynamic time-warping algorithms for connected word recognition. The Bell System Technical Journal, 60(7):1389–1409.
Myers, J. (1999). SMTP Service Extention for Authentication. RFC 2554.
National Bureau of Standards (1977). Data Encryption Standard. FIPS-Pub.46.
National Institute of Standards (2000). Secure hash standard. FIPS 180-2.
Negin, M., Chmielewski(Jr.), T. A., Salganicoff, M., Camus, T. A., von Seelen, U. M. C., Venetianer, P. L., and Zhang, G. G. (2000). An iris biometric system for public and personal use. IEEE Computer Society, 33(2):70–75.
Newsome, J., Shi, E., Song, D. e Perrig, A. (2004). The sybil attack in sensor networks: Analysis & defenses. Em 3rd IEEE/ACM Information Processing in Sensor Networks 2004 - IPSN 04, páginas 259–268.
Nichols, R. K. e Lekkas, P. C. (2002). Wireless Security Models, Threats, and Solutions. McGraw-Hill.
Nicomette, Vincent (1996). “La Protection dans les Systèmes à Objets Répartis”. Thèse de doctorat, Institut National Polytechnique de Toulouse, France.
NIST (2001). CBEFF - Common Biometric Exchange File Format. Technical Report NISTIR 6529, National Institute of Standards and Technology, USA.
NIST (2003). NIST year 2003 speaker recognition evaluation plan. Technical report, NIST Speech Group. [link].
NIST (2005). NIST special database 4 - NIST 8-bit gray scale images of fingerprint image groups (FIGS). http://www.nist.gov/srd/nistsd4.htm. Acessado em julho/2006.
Nordin, B. (2004). Match-on-Card Technology. Precise Biometrics Inc., /urlhttp://www.precisebiometrics.com. Acessado em julho/2006.
OASIS (2002). Universal Description, Discovery and Integration v2 (UDDI). Organization for the Advancement of Structured Information Standards (OASIS).
OASIS (2003). XCBF - XML Common Biometric Format. Technical report, Organization for the Advancement of Structured Information Standards. http://www.oasis-open.org/committees/xcbf/.
OASIS (2004a). Introduction to UDDI: Important features and functional concepts. Organization for the Advancement of Structured Information Standards (OASIS). http://uddi.org/pubs/uddi-tech-wp.pdf.
OASIS (2004b). Universal Description, Discovery and Integration v3.0.2 (UDDI). Organization for the Advancement of Structured Information Standards (OASIS).
OASIS (2004c). Web Services Security: SOAP Message Security 1.0. OASIS. [link].
OASIS (2005a). eXtensible Access Control Markup Language (XACML) version 2.0. Organization for the Advancement of Structured Information Standards (OASIS). http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.
OASIS (2005b). SAML Executive Overview. Organization for the Advancement of Structured Information Standards (OASIS).
OASIS (2005c). Security Assertion Markup Language (SAML) 2.0 Technical Overview. Organization for the Advancement of Structured Information Standards (OASIS).
Oda, T. e White, T. (2003). Developing an immunity to spam.
OMG (2002). The Common Object Request Broker Architecture v3.0.2. Object Management Group (OMG).
OpenGroup (1997). DCE 1.1: Remote Procedure Call. Open Group Technical Standard, AE Specification C309.
Osborn, S. (1997) “Mandatory Access Control and Role-Based Access Control Revisited”, Proceedings RBAC97.
Osborne, M. and Ratha, N. K. (2003). A JC-BioAPI compliant smart card with biometrics for secure access control. Lecture Notes in Computer Science, 2688:903–910.
Papadimitratos, P. e Haas, Z. (2002). Secure routing for mobile ad hoc networks.
Papadimitratos, P. e Haas, Z. (2003). Secure link state routing for mobile ad hoc networks. Em IEEE CSWorkshop on Security and Assurance in Ad hoc Networks, páginas 379–38.
Papazoglou, M. P. (2003). Service-oriented computing: Concepts, characteristics and directions. In Fourth International Conference on Web Information systems Engineering (WISE’03).
Parr, B. e Villars, R. (2001). Digital identity: The coming struggle for the future of the net. Boletim 24929, IDC.
Patrick, E. A. (1972). Fundamentals of Pattern Recognition. Prentice-Hall Inc.
Pearl, J. (1988). Probabilistic reasoning in intelligent systems: networks of plausible inference. Morgan Kaufmann Publishers Inc.
Pease, M., Shostak, R. e Lamport, L. (1980). Reaching agreement in the presence of faults. Em Journal of ACM 27, volume 2, páginas 228–234.
Perkins, C. E. e Bhagwat, P. (1994). Highly dynamic destination-sequenced distance-vector routing (DSDV) for mobile computers. Sigcomm 94.
Perkins, C. E., M.Belding-Royer, E. e Das, R. S. (2003). Ad Hoc On-Demand Distance Vector Routing. Request for Comments: 3561.
Perrig, A., Canetti, R., Tygar, D. e Song, D. (2002). The TESLA broadcast authentication protocol. Cryptobytes, 5(2):2–13.
Pfleeger, S. L. e Bloom, G. (2005). Canning spam: Proposed solutions to unwanted email. IEEE Security & Privacy Magazine, 3(2):40–47.
Phillips, P. J., Sarkar, S., Robledo, I., Grother, P., and Bowyer, K. (2002). The gait identification challenge problem: Data sets and baseline algorithm. In International Conference on Pattern Recognition, volume 01, pages 385–388, Los Alamitos, CA, USA. IEEE Computer Society.
Phillips, P., Martin, A., Wilson, C., and Przybocki, M. (2000). An introduction to evaluating biometric systems. IEEE Computer, 33(2):56–63.
Pirzada, A. A. e McDonald, C. (2004). Establishing trust in pure ad-hoc networks. Em 27th Australasian Computer Science Conference (ACSC’04), Dunedin, New Zealand.
Postel, J. B. (1982). Simple Mail Transfer Protocol. RFC 821.
Project, A. S. (2006). Spamassassin tests performed: v3.1.x. http://spamassassin.apache.org/tests_3_1_x.html.
Prokoski, F. J. and Riedel, R. (1999). Infrared identification of faces and body parts. In Jain, A. K., Bolle, R. M., and Pankanti, S., editors, Biometrics: Personal Identification in Networked Society, chapter 9. Kluwer Academic Publishers, Boston, MA, USA.
Przybocki, M. and Martin, A. (2004). NIST speaker recognition evaluation chronicles. Technical report, Speech Group, Information Access Division, Information Technology Laboratory National Institute of Standards and Technology, USA. Published in the Odissey 2004 Conference.
Putte, T. and Keuning, J. (2000). Biometrical fingerprint recognition: don’t get your fingers burned. In Proceedings of IFIP TC8/WG8.8 Fourth Working Conference on Smart Card Research and Advanced Applications, pages 289–303.
Rabin, M. O. (1989). Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of ACM, 36(2).
Rabiner, L. R. and Juang, B. H. (1986). An introduction to Hidden Markov Models. IEEE Magazine on Accoustics, Speech and Signal Processing, 3(1):4–16.
Ramanujan, R. e Edin, R. (2000). TIARA: Techniques for intrusion-resistant ad hoc routing algorithms. 21st Century Military Communications Conference Proceedings(MILCOM 2000), 2:660–664.
Rannenberg, K. (2000). Multilateral security a concept and examples for balanced security. InWorkshop on New security paradigms (NSPW’00), pages 151– 162, New York, NY, USA. ACM Press.
Rescorla, E. (1999). Diffie-Hellman Key Agreement Method. RFC 2631.
Reynolds, D. A., Doddington, G. R., Przybocki, M. A., and Martin, A. F. (2000). The NIST speaker recognition evaluation - overview methodology, systems, results, perspective. Speech Communications, 31(2-3):225–254.
Rivest, R. L. (1992). The MD5 Message-Digest Algorithm. RFC 1321.
Rivest, R. L. e Lampson, B. (1996). SDSI – A simple distributed security infrastructure. Presented at CRYPTO’96 Rumpsession.
Ross, A. A., Nandakumar, K., and Jain, A. K. (2006). Handbook of Multibiometrics. International Series on Biometrics. Springer.
RSA (2002). PCKS#1 v2.1: RSA Cryptography Standard. RSA Laboratories. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf.
RSS (2005). Really Simple Syndication. http://www.rssboard.org/rss-specification.
Russel, Deborah e Gangemi, G. T. (1991) “Computer Security Basics”, Ed. O’ Reilly.
Russell, D. e Gangeni, G. (1991). Computer Security Basics. O’Reilly Associates Inc.
Sabourin, R., Genest, G., and Preteux, F. J. (1997). Off-line signature verification by local granulometric size distributions. IEEE Transactions on Pattern Analysis and Machine Intelligence, 19(9):976–988.
Samarati, Pierangela e Capitani di Vimercati, S. (2001)”Access Control: Policies, Models, and Mechanisms”, Eds. R. Focardi and R. Gorrieri : FOSAD 2000, LNCS 2171, pp. 137–196.
Sancak, S., Cayirci, E., Coskun, V. e Levi, A. (2004). Sensor wars: Detecting and defending against spam attacks in wireless sensor networks. Em IEEE International Conference on Communications, páginas 20–24.
Sanchez-Reillo, R., Sanchez-Avila, C., and Gonzalez-Marcos, A. (2000). Biometric identification through hand geometry measurements. IEEE Transactions on Pattern Analysis and Machine Intelligence, 22(10):1168–1171.
Sandhu, Ravi S – Role (1997) “Based Access Control”, SBC97.
Sandhu, Ravi S. (1993) “Lattice-Based Access Control Models”, IEEE Computer, 26(11):p.9–19.
Sandhu, Ravi S. e Park, J. e Zhang X (2004) “Attribute Mutability in Usage Control”, http://www.list.gmu.edu/confrnc/ifip/IFIP04-mutability.pdf.
Sandhu, Ravi S. e Park, Jaehong (2004) “The UCONABC Usage Control Model”, ACM Transactions on Information and System Security, Vol. 0, No. 0.
Sandhu, Ravi S. e Samarati, P. (1994) “Access Control: Principles and Practice”, IEEE Communications Magazine.
Sandhu, Ravi S. e Samarati, P. (1996) “Authentication, Access Control, and Audit”, ACM Computing Surveys, Vol. 28, No. 1.
Sandstrom, M. (2004). Liveness detection in fingerprint recognition systems. Linkoping University, Department of Electrical Engineering, Eletronic Press, Student Thesis.
Santis, A. D., Crescenzo, G. D., e Persiono, G. (1998). Communication-efficient anonymous group identification. In 5th A.C.M. Conference on Computer and Communications Security (ACM CCS’98), pages 73–82, San Francisco, California, U.S.A.
Sanzgiri, K., Dahill, B., Levine, B. N. e Belding-Royer, E. M. (2002). A secure routing protocol for ad hoc networks. Em International Conference on Network Protocols.
Scheenstra, A., Ruifrok, A., and Veltkamp, R. C. (2005). A survey of 3D face recognition methods. In 5th International Conference on Audio- and Video-based Biometric Person Authentication (AVBPA), volume 3546 of Lecture Notes in Computer Science, pages 891–899, Rye Brook, NY, USA. Springer-Verlag.
Schneier, B. (1999). Inside risks: the uses and abuses of biometrics. Communications of the ACM, 42(8):136.
Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11):612–613.
Shamir, A. (1984). Identity-based cryptosystems and signature schemes. Em Advances in Cryptology (Crypto ’84) and Lecture Notes in Computer Science, volume 196, páginas 47–53.
Shamir, A., Rivest, R. e Adleman, L. (1978). Mental poker. TM- 125 178184, MIT Laboratory for Computer Science.
Shibboleth (2005). Shibboleth Architecture. [link].
Skogsrud, H., Benatallah, B., e Casati, F. (2003). Modelo-driven trust negotiation for web services. In IEEE Internet Computing, pages 45–52. IEEE Computer Society.
Skogsrud, H., Benatallah, B., e Casati, F. (2004). Trust-serv: model-driven lifecycle management of trust negotiation policies for web services. In WWW 2004, pages 53–62. ACM.
Snyder, L. (1981) “Theft and Conspiracy in the Take-Grant Protection Model”, Journal of Computerand System Sciences, p. 333–347.
Spammer-X, Posluns, J. e Sjouwerman, S. (2004). Inside the SPAM Cartel: Trade Secrets from the Dark Side. Syngress Publishing, 1a edição.
Stallings, W. (2004). Business Data Communications. Prentice-Hall, 5th edição.
Sun (2002). Java remote method invocation specification. Revision 1.8 Java 2 SDK.
Syverson, P. F., Goldschlag, D. M. e Reed, M. G. (1997). Anonymous connections and onion routing. Em IEEE Symposium on Security and Privacy, páginas 44–54, Oakland, California.
The International DOI Foundation (2004) “DOI. The Digital Object Identifier system”, http://www.doi.org/about_the_doi.html
The SCO Group (2004) “UnixWare 7 Documentation – Managing system security”, http://ou800doc.caldera.com/en/SEC_admin/_Access_Control.html.
Theodorakopoulos, G. e Baras, J. S. (2004). Trust evaluation in ad-hoc networks. Em ACM Workshop on Wireless Security (WiSE’04), Philadelphia, USA.
Thomas, R. K. e Sandhu, Ravi S (1993) “Towards a task-based paradigm for flexible and adaptable access control in distributed applications”, Proceedings of the Second New Security Paradigms Workshop, Little Compton, Rhode Island, IEEE Press.
Thomas, R. K. e Sandhu, Ravi S. (1997) “Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management”, Proceedings of the IFIP, Workshop on Database Security.
Thomas, R.K. and Sandhu, R.S. (1994) “Conceptual Foundations for A Model of Taskbased Authorizations”, Proceedings of the IEEE Computer Security Foundations Workshop, New Hampshire, IEEE Press.
Thomas, Roshan K. (1997) “Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments”, RBAC97
Thomas, T. (1988) “A Mandatory Access Control Mechanism for the Unix File System”, IEEE Press.
Thorpe, J., van Oorschot, P., and Somayaji, A. (2005). Passthoughts: Authenticating with our minds. Proceedings of the New Security Paradigms Workshop.
Turk, M. and Pentland, A. (1991). Face recognition using eigenfaces. In IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pages 586–591, Maui, HI, USA.
Uludag, U. and Jain, A. K. (2004). Attacks on biometric systems: A case study in fingerprints. Proc. SPIE-EI.
Valid (2005). Visual audio lip-motion identification. http://www.validbiometrics.com. Acessado em julho/2006.
Velloso, P. B., Laufer, R. P., Duarte, O. C. M. B. e Pujolle, G. (2006). HIT: A human-inspired trust model. Em VIII IFIP/IEEE International Conference on Mobile and Wireless Communications Networks (MWCN 2006) - a ser publicado, Santiago, Chile.
Victor, B., Bowyer, K., and Sarkar, S. (2002). An evaluation of face and ear biometrics. In International Conference on Pattern Recognition, volume 1, pages 429–432, Quebec City, Canada. IEEE Computer Society.
Vogels, W. (2003). Web services are not distributed objects. Internet Computing, 7(6):59–66.
W3C (2001). Web Services Description Language 1.1. W3C Working Group.
W3C (2002). The Platform for Privacy Preferences 1.0 (P3P1) Specification. W3C Recommendation. http://www.w3c.org/TR/P3P.
W3C (2003). SOAP 1.2 – W3C Recommendation. W3C. http://www.w3.org/TR/soap12.
W3C (2004a). Web Services Architecture. W3C Working Group. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211.
W3C (2004b). Web Services Architecture Requirements. W3C Working Group. http://www.w3.org/TR/2004/NOTE-wsa-reqs-20040211.
Walker, A. (2005). Absolute Beginner’s Guide to: Security, Spam, Spyware & Viruses. Que Publishing.
Wangham, M. S., Mello, E., Rabelo, R., e da Silva Fraga, J. (2005). Provendo garantias de segurança para formação de organizações virtuais. In Gerrini, F. M., editor, Gestão Avançada de Manufatura, volume 2, pages 75–84. Editora Novos Talentos.
Wangham, M., da Silva Fraga, J., de Mello, E. R., e Milanez, J. (2006). Um modelo para o gerenciamento federado do spki/sdsi através do serviço xkms. In VI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSEG’06), Santos, SP - Brasil.
Wayman, J. L. (1997). A scientific approach to evaluation biometric systems using mathematical methodology. In Proceedings of CardTech/SecureTech, Orlando, FL, EUA.
Wayman, J. L. (1999a). Error rate equations for the general biometric system. IEEE Robotics & Automation Magazine, 6(1):35–48.
Wayman, J. L. (1999b). National biometric test center collected works. Technical report, National Biometric Test Center, San Jose, California, USA.
Weerawarana, S., Curbera, F., Leymann, F., Storey, T., e Ferguson, D. F. (2005). Web Services Plataform Architecture. Prentice Hall.
Wege, C. (2002). Portal server technology. IEEE Internet Computing, 6(3):73–77.
Westbridge (2003). Securing and Managing XML Web Services – Guide to XML Web Services Security. Westbridge Technology Inc.
Wiki-Spam (2006). http://en.wikipedia.org/wiki/E-mail_spam.
Wikipedia - The Free Encyclopedia (2006). Eaves. http://en.wikipedia.org/wiki/Eaves.
Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., e Yu, L. (2002). Negotiating trust on the web. In IEEE Internet Computing, number 6 in 6, pages 30–37. IEEE Computer Society.
Wong, M. e Schlitt, W. (2006). Sender Policy Framework (SPF) for Authorizing Use of Domains in E-MAIL, Version 1. RFC 4408.
Wood, A. e Stankovic, J. (2002). Denial of service in sensor networks. Computer, 35(10):54–62.
WS-Federation (2003a). Web Services Federation Language. http://msdn.microsoft.com/ws/2003/07/ws-federation.
WS-Federation (2003b). WS-Federation: Active Requestor Profile. ftp://www6.software.ibm.com/software/developer/library/ws-fedact.pdf.
WS-Federation (2003c). WS-Federation: Passive Requestor Profile. ftp://www6.software.ibm.com/software/developer/library/ws-fedpass.pdf.
WS-I (2005). Basic Security Profile Version 1.0. Web Services Interoperability Organization. http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2005-08-29.html.
WS-Policy (2004). Web Services Policy Framework. http://msdn.microsoft.com/ws/2004/09/policy/.
WS-PolicyAttachment (2004). Web Services Policy Attachment. http://msdn.microsoft.com/ws/2004/09/policyattachment.
WS-SecureConversation (2005). Web Services Secure Conversation Language.
WS-SecurityPolicy (2005). Web Services Security Policy Language.
WS-Trust (2005). Web Services Trust Language (WS-Trust). http://msdn.microsoft.com/library/en-us/dnglobspec/html/WS-Trust.asp.
Wu, T. (1998). The secure remote password protocol. In Internet Society Network and Distributed System Security Symposium, pages 97–111.
Yavatkar, R., Pendarakis, D., e Guerin, R. (2000). A Framework for Policy-based Admission Control. IETF RFC 2753.
Ye, Z., Krishnamurthy, S. V. e Tripathi, S. K. (2003). A framework for reliable routing in mobile ad hoc networks. Em INFOCOM 2003.
Yeung, D.-Y., Chang, H., Xiong, Y., George, S., Kashi, R., Matsumoto, T., and Rigoll, G. (2004). SVC2004: First international signature verification competition. In 1st International Conference on Biometric Authentication (ICBA), volume 3072 of Lecture Notes in Computer Science, pages 16–22, Hong Kong, China. Springer-Verlag.
Yi C., Zhi-rong, Z. e Chang-xiang, S.(2002) “Design and Implementation MAC in Security Operating System”, Proceedings of IEEE TECON 02.
Yi, S., Naldurg, P. e Kravets, R. (2001). Security-aware ad hoc routing for wireless networks. Em ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 2001), Long Beach, CA.
Yu, K., Mason, J., and Oglesby, J. (1995). Speaker recognition using Hidden Markov Models, Dynamic Time Warping and Vector Quantisation. IEE Proceedings – Vision, Image and Signal Processing, 142:313–318.
Zapata, M. G. (2002). Secure ad hoc on-demand distance vector (SAODV) routing. ACM Mobile Computing and Communications Review, 6(3):106–107.
Zdziarski, J. A. (2004). Bayesian noise reduction: Contextual symmetry logic utilizing pattern consistency analysis. http://bnr.nuclearelephant.com/BNR%20LNCS.pdf.
Zhang, D. and Shu, W. (1999). Two novel characteristic in palmprint verification: Datum point invariance and line feature matching. Pattern Recognition, 32(4):691–702.
Zhao,W., Chellappa, R., Phillips, P. J., and Rosenfeld, A. (2003). Face recognition: A literature survey. ACM Computing Surveys, 35(4):399–458.
Zhong, S., Chen, J. e Yang, Y. R. (2003). Sprite: A simple, cheatproof, credit-based system for mobile ad-hoc networks. Em IEEE INFOCOM, San Francisco, USA.
Zhou, L. e Haas, Z. J. (1999). Securing ad hoc networks. IEEE Network, 13(6):24–30.
Zimmerman, P. (1994). PGP User’s Guide. Massachusetts Institute of Technology.
Zunkel, R. L. (1999). Hand geometry based verification. In Jain, A. K., Bolle, R. M., and Pankanti, S., editors, Biometrics: Personal Identification in Networked Society, chapter 4, pages 87–101. Kluwer Academic Publishers, Boston, MA, USA.