Short Courses of the 11th Brazilian Symposium on Information and Computational Systems Security

Authors

Antonio Candido Faleiros (ed)
UFABC
Célia Ghedini Ralha (ed)
UnB

Keywords:

Information Security, Computational Systems, SBSeg 2011 Short Courses, SBSeg 2011

Synopsis

The Brazilian Symposium on Information and Computational Systems Security (SBSeg) is a scientific event promoted annually by the Brazilian Computer Society (SBC). SBSeg represents the country’s main forum for disseminating research results and relevant activities related to information and computational systems security.

This book comprises the six chapters produced by the authors of the short courses selected for presentation at SBSeg 2011.

Chapter 1, "Análise de Malware: Investigação de Códigos Maliciosos Através de uma Abordagem Prática" has two basic steps: a theoretical one and a real analysis. The goal of the authors is to provide to readers interested in malware analysis the knowledge necessary to develop skills intrinsic to an incident response and computer forensics group. The chapter introduces key concepts and discussions about new trends in malicious code developers and countermeasures. Some models of incident handling and malware analysis have been discussed as tools used in the process have been introduced.

Chapter 2, "Aprendizagem de Máquina para Segurança de Computadores: Métodos e Aplicações" analyzes different systems for detecting fraudulent activities on web pages, proliferation of malicious codes, denial of service attacks, among others. Anomaly detection has advanced significantly with the use of machine learning and data mining techniques. With a theoretical focus, the chapter provides information on using machine learning techniques for data security, identifying techniques that are appropriate for the intrusion detection problem.

Chapter 3, "Técnicas para Análise Dinâmica de Código Malicioso" presents the main techniques used to perform dynamic malware analysis, which can operate at the operating system or web level, verifying which are present in the main publicly available analysis systems. This chapter also cites tools used to capture information about the execution of malicious programs. Readers will be able to build a simple dynamic malware analysis system and follow a complete case study from the analysis of malware coming from the web to the compromise of the operating system.

Chapter 4, "Introdução à Composibilidade Universal", presents a general, modular environment for representing cryptographic protocols and analyzing their security. The chapter allows the analysis of complex protocols from simpler blocks. This chapter also introduces the basics of Universal Composability security and its application in the design and analysis of a cryptographic protocol.

Chapter 5, "Gerência de Identidades Federadas em Nuvens: Enfoque na Utilização de Soluções Abertas" introduces the idea of ​​moving most of the processing and storage of user applications to a remote cloud of services. The security issue of this approach is still an open problem and difficult to solve. This chapter explores this federated service offering from an Identity Management perspective. Several open solutions used in federated cloud environments will be presented, ending with a case study in which a tool that performs network robotics experiments is used.

Chapter 6, "Live Forensics em Ambientes Windows" introduces live forensics procedures in Windows operating system environments. Live forensics is characterized by the examination of machines still in operation, allowing the collection of important traces, which can be lost when the machine is turned off. In this chapter, live forensics procedures will be discussed, such as recognition of running processes, ports and files in use, collection and preservation of volatile traces, using only freely available tools.

Chapters

Downloads

Download data is not yet available.

References

A. Moser, C. Kruegel, and E. Kirda. Limits of static analysis for malware detection. In Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pages 421–430, dec. 2007.

Abbas, A., Saddik, A., and Miri, A. (2006). A Comprehensive Approach to Designing Internet Security Taxonomy. 2006 Canadian Conference on Electrical and Computer Engineering, pages 1316–1319.

ABNT (2005). ISO IEC 27001 Tecnologia da informação Técnicas de segurança Sistemas de gestão de segurança da informação Requisitos.

Abu-Nimeh S., Nappa Dario, Wang X., Nair S., (2009) “Distributed Phishing Detection by Applying Variable Selection using Bayesian Additive Regression Trees”, Em IEEE International Conference on Communications (ICC 2009). pp. 1-5.

Abu-Nimeh, S., Nappa, D., Wang, X., Nair, S. (2007) “A Comparison of Machine Learning Techniques for Phishing detection”, Em Proceedings of the Anti-phishing Working Groups 2nd annual eCrime Researchers Summit (eCrime '07), pp. 60-69.

Adelstein, F. (2006). Diagnosing your system without killing it first. Communications of the ACM, 49:63–66.

Agostinho, L., Olivi, L., Feliciano, G., Paolieri, F., Rodrigues, D., Guimarães, E., and Cardozo, E. (2011). A Cloud Computing Environment for Supporting Networked Robotics Applications. The 3rd International Workshop on Workflow Management in Service and Cloud Computing.

Alpaydim, E. (2010) “Introduction to Machine Learning”, The MIT Press, Cambridge, Massachusetts, EUA, 537 páginas.

Amazon (2010). Amazon Elastic Compute Cloud (Amazon EC2). Disponível em: http://aws.amazon.com. Acessado em 10 de Setembro de 2011.

Anagnostakis, K. G., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., e Keromytis, A. D. (2005). “Detecting Targeted Attacks Using Shadow Honeypots”, Em Proceedins of 14thUSENIX Security Symposium, pp. 9-9.

Anderson, A. (2005). A Comparison of Two Privacy Policy Languages: EPAL and XACML. Technical report. Disponível em: [link].

Anderson, J. (1995). “An Introduction to Neural Networks”, Cambridge: MIT Press, 650 páginas.

André R. A. Grégio, Dario S. Fernandes Filho, Vitor M. Afonso, Rafael D. C. dos Santos, Mario Jino and Paulo L. de Geus. Behavioral analysis of malicious code through network traffic and system call monitoring. In Defense, Security and Sensing 2011, volume 8059. SPIE.

André R. A. Grégio, Isabela L. Oliveira, Rafael D. C. dos Santos, Adriano M. Cansian, Paulo L. de Geus. Malware distributed collection and pre-classification system using honeypot technology. In Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009, volume 7344. SPIE.

Anson, S. and Bunting, S. (2007). Mastering Windows Network Forensics and Investigation. Sybex.

Anti-Phishing Working Group. (2010) “Phishing Activity Trends ReportQ1 2010”, Disponível em: http://www.antiphishing.org/reports/apwg_report_Q1_2010.pdf.

Anubis - Analyzing Unknown Binaries, Março 2011. http://anubis.iseclab.org/.

Aquilina, J. M., Casey, E., and Malin, C. H. (2008). Malware Forensics - Investigating and Analyzing Malicious Code. Syngress.

Aquilina, J. M., Casey, E., and Malin, C. H. (2008). Malware Forensics: Investigating and Analyzing Malicious Code. Syngress Publishing, 1 edition.

Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. Ether: malware analysis via hardware virtualization extensions. In Proceedings of the 15th ACM conference on Computer and communications security, CCS ’08, pages 51–62, New York, NY, USA, 2008. ACM.

B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna. Analysis of a Botnet Takeover. IEEE Security and Privacy Magazine, 9(1):64–72, January 2011.

Barak, B., Goldreich, O., Goldwasser, S., and Lindell, Y. (2001). Resettably-sound zero-knowledge and its applications. In APPEARED IN 42ND FOCS, pages 116–125. IEEE Computer Society Press.

Barnett, V. e Lewis, T. (1978) “Outliers in Statistical Data”.Wiley Series in Probability & Statistics, John Wiley and Sons, 584 páginas.

Barreno, M., Nelson, B., Bartlett, P. L., Chi, F. J., Rubinstein, B. I. P., Saini, U., Joseph, A. D., Tygar, J.D. (2008). “Open Problems in the Security of Leaning”, Em Proceedings of the 1st ACM Workshop on AISec AISec '08

Barreno, M., Nelson, B., Sears, R., Joseph, A. D., Tygar, J . D. (2006). “Can machine learning be secure?” Em Proceedings of the ACM Symposium on InformAtion, Computer, and Communications Security (ASIACCS’06).

Beaver, D. (1991). Secure multi-party protocols and zero-knowledge proof systems tolerating a faulty minority. Journal of Cryptology, 4:75–122.

Beaver, D. (1996). Adaptive zero knowledge and computational equivocation (extended abstract). In 28th Annual ACM Symposium on Theory of Computing, pages 629–638, Philadephia, Pennsylvania, USA. ACM Press.

Beaver, D. and Haber, S. (1992). Cryptographic protocols provably secure against dynamic adversaries. In Rueppel, R. A., editor, Advances in Cryptology – EUROCRYPT’92, volume 658 of Lecture Notes in Computer Science, pages 307–323, Balatonfüred, Hungary. Springer, Berlin, Germany.

Beebe, N. L. and Clark, J. G. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2):147–167.

Bellare, M. and Rogaway, P. (1994). Entity authentication and key distribution.

Bellare, M., Canetti, R., and Krawczyk, H. (1998a). A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In 30th Annual ACM Symposium on Theory of Computing, pages 419–428, Dallas, Texas, USA. ACM Press.

Bellare, M., Pointcheval, D., and Rogaway, P. (1998b). Relations among notions of security for public-key encryption schemes. In CRYPTO ´98, pages 26–45. Springer-Verlag.

Ben-Or, M., Canetti, R., and Goldreich, O. (1993). Asynchronous secure computation. In 25th Annual ACM Symposium on Theory of Computing, pages 52–61, San Diego, California, USA. ACM Press.

Bennett, J., Lanning, S. e Netflix, N. (2007) “The Netflix Prize”. Em Proceeding of KDD Cup and Workshop.

Benzel, T., Braden, R., Kim, D., Neuman, C., Joseph, A. and Sklower, K. (2006) “Experience with DETER: a Testbed for Security Research”, Em Proceedings of the 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities (TRIDENTCOM’06), pp. 379-388.

Bertino, E. and Takahashi, K. (2011). Identity Management: Concepts, Technologies, and Systems. Artech House.

Bill Blunden. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones and Bartlett Publishers, Inc., USA, 2009.

Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., and A (2009). On the Analysis of the Zeus Botnet Crimeware Toolkit. In Proceedings of the Eighth Annual Conference on Privacy, Security and Trust (PST’2010), Ottawa, ON, Canada. IEEE Press.

Blanzieri, E., Bryl, A. (2007). “Evaluation of the Highest Probability SVM Nearest Neighbor Classifier with Variable Relative Error Cost”, Em Proceedings of Fourth Conference on email and AntiSpam (CEAS’2007).

Blum, M. (1982). Coin flipping by telephone. pages 133–137.

Blum, M. and Micali, S. (1984). How to generate cryptographically strong sequences of pseudorandom bits. SIAM Journal on Computing, 13(4):850–864.

Brandley P . A., (1997) “The Use of the Under the ROC Curve in the Evaluation of Machine Learning Algorithms”. Pattern Recognition, Vol. 30 (7), pp. 1145-1159

Brassard, G., Chaum, D., and Crépeau, C. (1988). Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci., pages 156–189.

Breiman, L., Friedman, J. H., Olshen, R. A., Stone, C. J. (1984). “Classification and Regression Trees”, Monterey, CA, Wadsworth & Brooks.

Breitman, K. and Viterbo, H. (2010). Computação na Nuvem - Uma Visão Geral. Congresso Internacional Software Livre e Governo Eletrônico - Consegi, pages 17–45.

Brezinski, D. and Killalea, T. (2002). Guidelines for Evidence Collection and Archiving. RFC 3227, Internet Engineering Task Force - IETF.

Brownlee, N. and Guttman, E. (1998). Expectations for Computer Security Incident Response. RFC 2350.

Buyya, R., Ranjan, R., and Calheiros, R. N. (2010). InterCloud: Utility-Oriented Federation of Cloud Computing Environments for Scaling of Application Services. In Proceedings of the 10th ICA3PP, pages 21–23. Springer.

C. Seifert and R. Steenson. Capture - honeypot client (capture-hpc), 2006.

C. Seifert, R. Steenson, I. Welch, P. Komisarczuk, and B. Endicott-Popovsky. Capture-a behavioral analysis tool for applications and documents. digital investigation, 4:23–30, 2007.

Canetti, R. (1998). Security and composition of multi-party cryptographic protocols. JOURNAL OF CRYPTOLOGY, 13:2000.

Canetti, R. (2000). Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067. revised Jan 2005 and Dec 2005.

Canetti, R. (2001). Universally composable security: A new paradigm for cryptographic protocols. In 42nd Annual Symposium on Foundations of Computer Science, pages 136–145, Las Vegas, Nevada, USA. IEEE Computer Society Press.

Canetti, R. (2003). Universally composable signatures, certification and authentication. Cryptology ePrint Archive, Report 2003/239. http://eprint.iacr.org/.

Canetti, R. and Gajek, S. (2010). Universally composable symbolic analysis of diffie-hellman based key exchange. Cryptology ePrint Archive, Report 2010/303. http://eprint.iacr.org/.

Canetti, R. and Herzog, J. (2004). Universally composable symbolic analysis of cryptographic protocols (the case of encryption-based mutual authentication and key exchange). Cryptology ePrint Archive, Report 2004/334. http://eprint.iacr.org/.

Canetti, R. and Krawczyk, H. (2001). Analysis of keyexchange protocols and their use for building secure channels. In Pfitzmann, B., editor, Advances in Cryptology – EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 453–474, Innsbruck, Austria. Springer, Berlin, Germany.

Canetti, R., Chari, S., Halevi, S., Pfitzmann, B., Roy, A., Steiner, M., and Venema, W. (2010). Composable security analysis of os services. Cryptology ePrint Archive, Report 2010/213. http://eprint.iacr.org/.

Canetti, R., Feige, U., Goldreich, O., and Naor, M. (1996). Adaptively secure multi-party computation. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, STOC ’96, pages 639–648, New York, NY, USA. ACM.

Canetti, R., Goldreich, O., Goldwasser, S., and Micali, S. (1999). Resettable zero-knowledge. In In 32nd STOC, pages 235–244.

Canetti, R., Halevi, S., Katz, J., Lindell, Y., and MacKenzie, P. (2005). Universally composable password-based key exchange. Cryptology ePrint Archive, Report 2005/196. http://eprint.iacr.org/.

Cao, Y. and Yang, L. (2010). A Survey of Identity Management Technology. IEEE International Conference on Information Theory and Information Security (ICITIS).

CaptureBat, Março 2011. http://www.honeynet.org/project/CaptureBAT.

Cardozo, E., Guimarães, E. G., Rocha, L. A., Souza, R. S., Paolieri, F., and Pinho, F. (2010). A platform for networked robotics. IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS 2010), Taipei, Taiwan.

Carissimi, A. (2008). Virtualização: da teoria a soluções. In Mini-curso - SBRC 2008 - Rio de Janeiro - RJ.

Carrier, B. (2006). Risks of live digital forensic analysis. Communications of the ACM, 49:56–61.

Carrier, B. D. and Spafford, E. H. (2005). Automated digital evidence target definition using outlier analysis and existing evidence. In Digital Forensic Research Workshop (DFRWS).

Carsten Willems, Thorsten Holz, and Felix Freiling. Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy, 5(2):32–39, March 2007.

Castillo, C., Donato, D., Gionis, A., Murdock, V., Silvestri, F. (2007), “Know Your Neighbors: Web Spam Detection Using the Web Topology”. Em Proceedings of the 30th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 423-430.

Ceron, J. M., Granville, L., Tarouco, L. “Taxonomia de Malwares: Uma Avaliação dos Malwares Automaticamente Propagados na Rede” Anais do IX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.

CERT.br – Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil. (2011) Estatísticas do CERT.br. http://www.cert.br/stats/incidentes/

Chandola, V., Banerjee, A., Kumar, V. (2009), “Anomaly Detection : A Survey”, ACM Computing Surveys, pp. 1-72.

Chandrasekaran, M., Narayanan, K., e Upadhyaya, S. (2006), “Phishing Email Detection Based on Structural Properties”, Em NYS Cyber Security Conference.

Chao Yang, Robert Harkreader, and Guofei Gu. Die free or live hard? empirical evaluation and new design for fighting evolving twitter spammers. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID’11)), September 2011.

Chari, S., Jutla, C., and Roy, A. (2011). Universally composable security analysis of oauth v2.0. Cryptology ePrint Archive, Report 2011/526. http://eprint.iacr.org/.

Chen, T. M. and Abu-Nimeh, S. (2011). Lessons from stuxnet. IEEE Computer Society, 44:91–93.

Chia Yuan Cho, Juan Caballero, Chris Grier, Vern Paxson, and Dawn Song. Insights from the inside: a view of botnet management from infiltration. In Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, LEET’10, pages 2–2, Berkeley, CA, USA, 2010. USENIX Association.

Chipman, H. A., George, E. I., McCulloch, R. E. (2006) “BART: Bayesian Additive Regression Trees”, Journal of the Royal Statistical Society, Vol. 4 (1), pp. 266-298.

Chung, S., Mok, A. K. (2006), “Allergy Attack Against Automatic Signature Generation”, Em Recent Advances in Intrusion Detection, pp. 61–80.

Chung, S., Mok, A. K. (2007). “Advanced Allergy Attacks: Does a Corpus Really Help?”, Em Recent Advances in Intrusion Detection, pp. 236–255.

Clam antivirus. http://www.clamav.net, 2011.

Cloud Security Alliance (2009). Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. Technical report.

Crupi, J. and Warner, C. (2008). Enterprise Mashups Part I: Bringing SOA to the People . SOA Magazine, (18).

Csurka, G., Dance, C., Fan, L., Williamowski, J., Bray, C. (2004) “Visual Categorization with Bags of Keypoints,” Em ECCV04 Workshop on Statistical Learning in Computer Vision, pp. 59–74

Cuckoo Sandbox - Automated Malware Analysis System, Março 2011. http://www.cuckoobox.org/.

CWSandbox :: Behavior-based Malware Analysis, Julho 2011. http://mwanalysis.org/.

Damgård, I. (1990). On the existence of bit commitment schemes and zero-knowledge proofs. In Brassard, G., editor, Advances in Cryptology – CRYPTO’89, volume 435 of Lecture Notes in Computer Science, pages 17–27, Santa Barbara, CA, USA. Springer, Berlin, Germany.

Danny Quist and Val Smith. Detecting the Presence of Virtual Machines Using the Local Data Table, 2006. http://www.offensivecomputing.net/files/active/0/vm.pdf.

David Dagon, Guofei Gu, Cliff Zou, Julian Grizzard, Sanjeev Dwivedi, Wenke Lee, and Richard Lipton. R.: A taxonomy of botnets. In In: Proceedings of CAIDA DNS-OARC Workshop, 2005.

Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, Newso James, Pongsin Poosankam, and Prateek Saxena. Bitblaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security, ICISS ’08, pages 1–25, Berlin, Heidelberg, 2008. Springer-Verlag.

Debarr, D., Wechsler, H. (2009) “Spam Detection Using Clustering, Random Forests, and Active Learning”, Em Sixth Conference on Email and Anti- Spam (CEAS 2009).

Denning, D. E. (1987) “An Intrusion-Detection Model”.IEEE Transactions on Software Engineering, Vol. 13 (2), pp. 222–232.

Di Crescenzo, G., Ishai, Y., and Ostrovsky, R. (1998). Noninteractive and non-malleable commitment. In 30th Annual ACM Symposium on Theory of Computing, pages 141–150, Dallas, Texas, USA. ACM Press.

Dike, J. (2006). User-Mode Linux. Prentice Hall.

Dodis, Y. and Micali, S. (2000). Parallel reducibility for information-theoretically secure computation. In Bellare, M., editor, Advances in Cryptology – CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 74–92, Santa Barbara, CA, USA. Springer, Berlin, Germany.

Dolev, D., Dwork, C., and Naor, M. (2000). Nonmalleable cryptography. SIAM J. Comput., 30:391–437.

Dowsley, R., Müller-Quade, J., Otsuka, A., Hanaoka, G., Imai, H., and Nascimento, A. C. A. (2009). Universally composable and statistically secure verifiable secret sharing scheme based on pre-distributed data. Cryptology ePrint Archive, Report 2009/273. http://eprint.iacr.org/.

Dowsley, R., van de Graaf, J., Marques, D., and Nascimento, A. C. A. (2010). A two-party protocol with trusted initializer for computing the inner product. Cryptology ePrint Archive, Report 2010/289. http://eprint.iacr.org/.

Dube, T., Raines, R., Peterson, G., Bauer, K., Grimaila, M., and Rogers, S. (2010). Malware Type Recognition and Cyber Situational Awareness. 2010 IEEE Second International Conference on Social Computing, pages 938–943.

Duda, R . O ., H art, P . E. e S tork, D . G. (2001) Pattern Classification.2ª. Edição. Wiley Interscience, 680 páginas.

Dwork, C., Naor, M., and Sahai, A. (1998). Concurrent zeroknowledge. In 30th Annual ACM Symposium on Theory of Computing, pages 409–418, Dallas, Texas, USA. ACM Press.

Eclipse Foundation (2011). Higgins - Open Source Identity Framework. Disponível em: http://www.eclipse.org/higgins. Acessado em 20 de Agosto de 2011.

El Maliki, T. and Seigneur, J.-M. (2007). A Survey of User-centric Identity Management Technologies. In Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies, Washington, DC, USA.

Endo, P. T., Gonçalves, G. E., Kelner, J., and Sadok, D. (2010). A survey on open-source cloud computing solutions. XXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos - VIII Workshop em Clouds, Grids e Aplicações - Gramado - RS.

Even, S., Goldreich, O., and Lempel, A. (1985). A randomized protocol for signing contracts. Commun. ACM, 28:637–647.

Fabrice Bellard. Qemu, a fast and portable dynamic translator. In Proceedings of the annual conference on USENIX Annual Technical Conference, ATEC ’05, pages 41–41, Berkeley, CA, USA, 2005. USENIX Association.

Feitosa, E. L., Souto, E. J. P., Sadok, D. (2008) “Tráfego Internet não Desejado: Conceitos, Caracterização e Soluções”,Livro-Texto dos Minicursos do VIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, páginas 91-137.

Feliciano, G., Agostinho, L., Guimarães, E., and Cardozo, E. (2011). Uma Arquitetura para Gerência de Identidades em Nuvens Híbridas. IX Workshop em Clouds, Grids e Aplicações (WCGA 2011) - XXIX Simpósio Brasileiro de Redes de Computadores (SBRC - 2011) - Campo Grande - MS.

Fette, N., Sadeh, Tomasic, A. (2007) “Learning to Detect Phishing Emails”, Em Proceedings of the 16th International Conference on World Wide Web (WWW 07), páginas 649–656.

Finjan Research Center (2009). Cybercrime Intelligence: Cybercriminals use Trojans & Money Nules to Rob Online Banking Accounts. Number 3 in 1, pages 1–9. Finjan Malicious Code Research Center, Finjan Malicious Code Research Center.

Fischlin, M. and Fischlin, R. (2000). Efficient nonmalleable commitment schemes. In Bellare, M., editor, Advances in Cryptology – CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 413–431, Santa Barbara, CA, USA. Springer, Berlin, Germany.

FlexiScale (2010). FlexiScale Public Cloud. Disponível em: http://www.flexiant.com/products/flexiscale. Acessado em 2 de Agosto de 2011.

Fogla, P. e Lee, W. (2006) “Evading Network Anomaly Detection Systems: Formal Reasoning and Practical Techniques”, Em Proceeding of ACM Conference on Computer and Communications Security.

ForgeRock (2010). OpenAM. Disponível em: http://www.forgerock.com/openam.html. Acessado em 9 de Agosto de 2011.

Fraser, N. (1998) “Neural Network Follies”. Disponível em: http://neil.fraser.name/writing/tank.

FTK Imager (2011). <http://accessdata.com/support/adownloads>. Último acesso em 22/09/2011.

G. Stringhini, C. Kruegel, and G. Vigna. Detecting spammers on social networks. In Annual Computer Security Applications Conference, 2010.

Gábor Pék, Boldizsár Bencsáth, and Levente Buttyán. nEther: in-guest detection of out-of-the-guest malware analyzers. In Proceedings of the Fourth European Workshop on System Security, EUROSEC ’11, pages 3:1–3:6, New York, NY, USA, 2011. ACM.

Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., and Schwenk, J. (2008). Universally composable security analysis of tls—secure sessions with handshake and record layer protocols. Cryptology ePrint Archive, Report 2008/251. http://eprint.iacr.org/.

Galen Hunt and Doug Brubacher. Detours: binary interception of Win32 functions. In Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3, pages 14–14, Berkeley, CA, USA, 1999. USENIX Association.

Galil, Z., Haber, S., and Yung, M. (1988). Cryptographic computation: Secure faut-tolerant protocols and the public-key model. In Pomerance, C., editor, Advances in Cryptology – CRYPTO’87, volume 293 of Lecture Notes in Computer Science, pages 135–155, Santa Barbara, CA, USA. Springer, Berlin, Germany.

Garay, J. A. and MacKenzie, P. D. (2000). Concurrent oblivious transfer. In 41st Annual Symposium on Foundations of Computer Science, pages 314–324, Redondo Beach, California, USA. IEEE Computer Society Press.

Gates, C ., Taylor, C . ( 2007) “ Challenging the Anomaly Detection Paradigm: A Provocative Discussion,” Em Proc. Workshop on New Security Paradigms.

Gavrilis, D., Dermatas, E. (2004) “Real-time Detection of Distributed Denial-of-Service Attacks Using RBF Networks and Statistical Features”, Computer Networks. Vol. 48, (2), páginas 235-245

Gnu diff. http://en.wikipedia.org/wiki/Diff, 2011.

Goldreich, O. (2000). Foundations of Cryptography: Basic Tools. Cambridge University Press, New York, NY, USA.

Goldreich, O. and Krawczyk, H. (1990). On the composition of zero-knowledge proof systems. SIAM Journal on Computing, 25:169–192.

Goldreich, O. and Oren, Y. (1994). Definitions and properties of zero-knowledge proof systems. Journal of Cryptology, 7(1):1–32.

Goldreich, O., Micali, S., and Wigderson, A. (1987). How to play any mental game, or a completeness theorem for protocols with honest majority. In Aho, A., editor, 19th Annual ACM Symposium on Theory of Computing, pages 218– 229, New York City„ New York, USA. ACM Press.

Goldwasser, S. and Levin, L. A. (1991). Fair computation of general functions in presence of immoral majority. In Menezes, A. J. and Vanstone, S. A., editors, Advances in Cryptology – CRYPTO’90, volume 537 of Lecture Notes in Computer Science, pages 77–93, Santa Barbara, CA, USA. Springer, Berlin, Germany.

Goldwasser, S. and Micali, S. (1984). Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299.

Goldwasser, S., Micali, S., and Rackoff, C. (1989). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186–208.

Gomes, E. R.and Vo, Q. B. and Kowalczyk, R. (2011). Pure exchange markets for resource sharing in federated clouds. In Proceedings of Concurrency and Computation: Practice and Experience.

Gonçalves, G. E., Endo, P. T., Cordeiro, T. D., and et al. (2011). Resource Allocation in Clouds: Concepts, Tools and Research Challenges. XXIX SBRC - Gramado - RS.

Google (2010). Google Apps. Disponível em: http://www.google.com/apps. Acessado em 2 de Setembro de 2011.

Gopalakrishnan, A. (2009). Cloud Computing Identity Management. SETLabs Briefings, 7(7).

Gorantla, M. C., Boyd, C., and Nieto, J. M. G. (2009). Universally composable contributory group key exchange. Cryptology ePrint Archive, Report 2009/300. http://eprint.iacr.org/.

Green, M. and Hohenberger, S. (2008). Universally composable adaptive oblivious transfer. Cryptology ePrint Archive, Report 2008/163. http://eprint.iacr.org/.

Greg Hoglund and Jamie Butler. Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, 2005.

Gregoire Jacob, Eric Filiol, and Herve Debar. Functional polymorphic engines: formalisation, Implementation and use cases. Journal in Computer Virology, 5(3), 2008.

Gregoire Jacob, Matthias Neugschwandtner, Paolo Milani Comparetti, Christopher Kruegel, and Giovanni Vigna. A static, packer-agnostic filter to detect similar malware samples. Technical Report 2010-26, UCSB, November 2010.

Grossman, J., Hansen, R., Petkov, D.P., Rager, A., Fogie, S. (2007) “Cross Site Scripting Attacks: XSS Exploits and Defense”. Burlington, MA, EUA, Syngress Publishing Inc, 482 páginas.

Gu, G., Porras, P., Yegneswaran, V., Fong, M. e Lee, W. (2007) “Bot Hunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation”, Em Proceedings of 16thUSENIX Security Symposium, 12 páginas.

Guimarães, E. G., Cardozo, E., Moraes, D. H., and Coelho, P. R. (2011). Design and Implementation Issues for Modern Remote Laboratories. IEEE Transactions on Learning Technologies, 4(1).

Hamad Binsalleeh, Thomas Ormerod, Amine Boukhtouta, Prosenjit Sinha, Amr Youssef, Mourad Debbabi, Lingyu Wang. On the Analysis of the Zeus Botnet Crimeware Toolkit. In Proceedings of the Eighth Annual Conference on Privacy, Security and Trust, PST ’2010. IEEE Press, August 2010.

Hämmerle, L. (2011). Enabling Interfederation Support for a Shibboleth Service Provider (SP) in SWITCHaai. Disponível em: [link]. Acessado em 15 de Setembro de 2011.

Hay, B., Nance, K., and Bishop, M. (2009). Live analysis: Progress and challenges. digital forensics. IEEE Security and Privacy, 7:30–7.

Haykin, S. (2008) “Neural Networks and Learning Machines” 3rd Edition. Prentice Hall.

Hirt, M. and Maurer, U. M. (2000). Player simulation and general adversary structures in perfect multiparty computation. Journal of Cryptology, 13(1):31–60.

Hispasec Sistemas. Virustotal. http://www.virustotal.com/, 2011.

Hodges, J. (2009). Technical Comparison: OpenID and SAML - Draft 07a. Technical report. Disponível em: http://identitymeme.org/doc/draft-hodges-saml-openid-compare.html. Acessado em 2 de Agosto de 2011.

Hoelz, B. W. P. (2009). Madik: Uma abordagem multiagente para o exame pericial de sistemas computacionais. Master’s thesis, Universidade de Brasília, Brasília.

Holy Father. Hooking Windows API-Technics of Hooking API Functions on Windows, 2004.

Horng, S., Su, M., Chen, Y., Kao, T, Chen, R., Lai, J., Perkasa, C. (2011) “A Novel Intrusion Detection System Based on Hierarchical Clustering and Support Vector Machines”, International Journal on Expert System with Applications, Vol. 38 (1), pp. 306-313.

Huebner, E., Bem, D., and Bem, O. (2003). Computer Forensics: Past, Present And Future. Information Security Technical Report, 8(2):32–36.

IBM (2011). New to SOA and Web Services. Disponível em: http://www-128.ibm.com/developerworks/webservices/newto/websvc.html. Acessado em 4 de Agosto de 2011.

IETF (2000). Framework for Policy-based Admission Control IETF RFC 2753. Technical report. Disponível em: http://www.ietf.org/rfc/rfc2753.txt. Acessado em 25 de Agosto de 2011.

Internet2 (2011). Shibboleth - A Project of the Internet2 Middleware Initiative. Disponível em: http://shibboleth.internet2.edu. Acessado em 15 de Setembro de 2011.

ISO/IEC (1996). Information technology – Open Systems Interconnection – Security frameworks for open systems: Access control framework ISO/IEC 10181-3:1966. Technical report.

ITU-T (2009). NGN Identity Management Framework. Recommendation Y.2720. Technical report. Disponível em: [link]. Acessado em 20 de Agosto de 2011.

J. Nazario. Phoneyc: A virtual client honeypot. In Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, pages 6–6. USENIX Association, 2009.

Jain, A. K., Duin, R. P. W., Jianchang, M. (2000), “Statistical Pattern Recognition: A Review”, IEEE Transactions on Pattern Analysis and Machine Intelligence. Vol. 22 (1), pp. 4-37.

Jason Franklin, Vern Paxson, Adrian Perrig, Stefan Savage. An inquiry into the nature and causes of the wealth of internet miscreants. In Proceedings of the 14th ACM conference on Computer and communications security, CCS ’07, pages 375– 388. ACM, 2007.

Joanna Rutkowska. Introducing Stealth Malware Taxonomy. White paper, 2006. http://invisiblethings.org/papers/malware-taxonomy.pdf.

JoeBox, Julho 2011. http://www.joesecurity.org/.

Johansson, L. (2009). It’s the F-Word. IETF Journal, 6(1).

Jonathon Giffin, Somesh Jha, and Barton Miller. Automated discovery of mimicry attacks. In Symposium on Recent Advances in Intrusion Detection (RAID), 2006.

Jones, P. (2001). US secure hash algorithm 1 (SHA1) RFC 3174.

Joris Kinable and Orestis Kostakis. Malware classification based on call graph clustering. CoRR, abs/1008.4365, 2010.

Julio Canto, Marc Dacier, Engin Kirda, Corrado Leita. Large scale malware collection: lessons learned. In 27th International Symposium on Reliable Distributed Systems, SRDS 2008. IEEE, October 2008.

Júnior, A. M., Laureano, M., Santin, A., and Maziero, C. (2010). Aspectos de segurança e privacidade em ambientes de Computação em Nuvem. In Mini-curso - SBSeg 2010 - Fortaleza - CE.

Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee, and Nick Feamster. Boosting the scalability of botnet detection using adaptive traffic sampling. In Proceedings of the 2011 ACM Symposium on Information, Computer, and Communication Security (ASIACCS’11), March 2011.

Justin Seitz. Gray Hat Python: Python Programming for Hackers and Reverse Engineers. No Starch Press, San Francisco, CA, USA, 2009.

Katz, J., Maurer, U., Tackmann, B., and Zikas, V. (2011). Universally composable synchronous computation. Cryptology ePrint Archive, Report 2011/310. http://eprint.iacr.org/.

Kent, K., Chevalier, S., Grance, T., and Dang, H. (2006). Guide to integrating forensic techniques into incident response. National Institute of Standards and Technology, 800-86 edition.

Kevin Zhijie Chen, Guofei Gu, Jose Nazario, Xinhui Han, and Jianwei Zhuge. Web-Patrol: Automated collection and replay of web-based malware scenarios. In Proceedings of the 2011 ACM Symposium on Information, Computer, and Communication Security (ASIACCS’11), March 2011.

Khan, L., Awad, M., Thuraisingham, B. (2007), “A New Intrusion Detection System Using Support Vector Machines and Hierarchical Clustering”, Em International Journal on Very Large Data Bases. Vol. 16(4), pp. 507-521.

Kolter, J. Z., Maloof, M. (2006), “Learning to Detect and Classify Malicious Executables in the Wild” Em Journal of the Machine Learning. Vol. 7, pp. 2721-2744.

Kolter, J., Maloof, M. (2004).“Learning to Detect Malicious Executables in the Wild”. Em Proceedings of the 10th International Conference on Knowledge Discovery and Data Mining (ACM SIGKDD), pp. 470–478.

Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, and Pavel Laskov. Learning and classification of malware behavior. In Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA ’08, pages 108–125, Berlin, Heidelberg, 2008. Springer-Verlag.

Kornblum, J. D. (2006). Identifying almost identical files using context triggered piecewise hashing. In Proceedings of the Digital Forensic Workshop, pages 91–97.

Kuesters, R. and Tuengerthal, M. (2009). Universally composable symmetric encryption. Cryptology ePrint Archive, Report 2009/055. http://eprint.iacr.org/.

Kumar, P. A. R., Selvakumar, S. (2011). “Distributed Denial of Service Attack Detection Using an Ensemble of Neural Classifier”, Computer Communication, Vol. 34, pp. 1328-1341.

Kuncheva, L.I., Hoare, Z.S.J (2008), “Error-Dependency Relationships for the Naive Bayes Classifier with Binary Features”, IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 30(4), pp. 735-740.

Kuncheva, L.K. (2004), “Combining Pattern Classifiers – Methods and Algorithms”.Wiley-Interscience.

Kurosawa, K. and Furukawa, J. (2008). Universally composable undeniable signature. Cryptology ePrint Archive, Report 2008/094. http://eprint.iacr.org/.

Lam, H., Yeung, D. (2007). “A Learning Approach to Spam Detection based on Social Networks”. Em 4th Conference on Email and AntiSpam.

Likarish, P., Jung, E., Jo, I. (2009), “Obfuscated Malicious Javascript Detection using Classification Techniques”, Em 4 th IEEE International Conference on Malicious and Unwanted Software (MALWARE).

Linden, G., S mith, B. e Y ork, J . ( 2003) “ Amazon.com Recommendations: Item-to-Item Collaborative Filtering”. IEEE Internet Computing, Vol. 7 (1), pp 76–80.

Lorenzo Martignoni, Roberto Paleari, Giampaolo Fresi Roglia, and Danilo Bruschi. Testing CPU emulators. In Proceedings of the eighteenth international symposium on Software testing and analysis, ISSTA ’09, pages 261–272, New York, NY, USA, 2009. ACM.

M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious javascript code. In Proceedings of the 19th international conference on World wide web,WWW’10, pages 281–290, New York, NY, USA, 2010. ACM.

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2011.

Ma, K. J. (2005). Web Services: What’s Real and What’s Not? IT Professional, 7(2):14–21.

MacQueen, J. B. (1967). “Some Methods for Classification and Analysis of Multivariate Observations”, Em Proceedings of the Fifth Symposium on Math, Statistics, and Probability, pp. 281–297.

Madhu Shankarapani, Subbu Ramamoorthy, Ram Movva, and Srinivas Mukkamala. Malware detection using assembly and api call sequences. Journal in Computer Virology, 7:107–119, 2011. 10.1007/s11416-010-0141-5.

Mafra, M. P., Fraga, S. J., Moll, V., Santin, O. A. (2008), “POLVOIIDS: Um Sistema de Detecção de Intrusão Inteligente Baseado em Anomalias”. Em VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais.

Mandia, K., Prosise, C., and Pepe, M. (2003). Incident Response & Computer Forensics. McGraw-Hill, 2nd edition.

MANDIANT Memoryze (2011). [link]. Último acesso em 22/09/2011.

Mark E. Russinovich and David A. Solomon. Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer). Microsoft Press, Redmond, WA, USA, 2004.

Markines, B., Catutto, C., e Menczer, F., (2009), “Social Spam Detection”. Em Proceedings of the 5th International Workshop on Adversarial Information Retrieval on the Web, pp. 41-48.

Martins, V., Grégio, A., Afonso, V., and Fernandes, D. (2010). xFile: Uma Ferramenta Modular para Identificação de Packers em Executáveis do Microsoft Windows. In SBC, editor, SBSeg 2010, pages 31–40, Fortaleza - CE.

MDD (2011). <http://sourceforge.net/projects/mdd>. Último acesso em 22/09/2011.

Mell, P. and Grace, T. (2010). NIST Working Definition of Cloud Computing. Technical report. Disponível em: [link]. Acessado em 15 de Setembro de 2011.

Mell, P. and karen Kent, N. J. (2005). Guide to Malware Incident Prevention and Handling Recommendations of the National Institute of Standards and Technology, volume 800-83. Department of Homeland Security, Gaithersburg, 800-83 edition.

Mena, J. (2003) “Investigative Data Mining for Security and Criminal Detection”. Butterworth Heinemann, New York, NY.

Menascé, D. A. (2005). Virtualization: Concepts, applications, and performance modeling.

Mendel Rosenblum. The Reincarnation of Virtual Machines. Queue, 2:34–40, July 2004.

Micali, S. and Rogaway, P. (1992). Secure computation (abstract). In Feigenbaum, J., editor, Advances in Cryptology – CRYPTO’91, volume 576 of Lecture Notes in Computer Science, pages 392–404, Santa Barbara, CA, USA. Springer, Berlin, Germany.

Michael Bailey, Jon Oberheide, Jon Andersen, Zhuoqing Morley Mao, Farnam Jahanian, and Jose Nazario. Automated Classification and Analysis of Internet Malware. In Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID ’07), pages 178–197, Gold Coast, Australia, September 2007.

Michael Becher, Felix C. Freiling, Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, and Christopher Wolf. Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In Proceedings of the 2011 IEEE Security and Privacy Symposium, pages 96–111, May 2011.

Microsoft (2011). CardSpace. Disponível em: http://msdn.microsoft.com/en-us/library/aa480189.aspx. Acessado em 2 de Setembro de 2011.

Microsoft Portable Executable and Common Object File Format Specification. http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx.

Microsoft Sysinternals (2011). <http://technet.microsoft.com/sysinternals>. Último acesso em 22/09/2011.

Mieres, J. (2009). Analysis of an attack of malware web-based. Technical report, Malware Intelligence.

Min Gyung Kang, Heng Yin, Steve Hanna, Stephen McCamant, and Dawn Song. Emulating emulation-resistant malware. In Proceedings of the 1st ACM workshop on Virtual machine security, VMSec ’09, pages 11–22, New York, NY, USA, 2009. ACM.

Miyamoto, D., Hazeyama, H., Kadobayashi, Y. (2009), “An Evaluation of Machine Learning-Based Methods for Detection of Phishing Sites” Em Proceedings of the 15th International Conference on Advances in Neuro- Information Processing, pp. 539-546.

Mukkamala, S., Janowski, G., Sung, A. H., (2002) “Intrusion Detection Using Neural Networks and Support Vector Machines”, Proceedings of the International Joint Conference on Neural Networks. pp. 1702-1707.

Murari, K. e. a. (2010). Eucalyptus Beginner’s Guide - UEC Edition - Ubuntu 10.04 - Lucid. CSS Corp.

Naor, M. (1991). Bit commitment using pseudorandomness. Journal of Cryptology, 4(2):151–158.

Naor, M. and Yung, M. (1990). Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proceedings of the twenty-second annual ACM symposium on Theory of computing, STOC ’90, pages 427–437, New York, NY, USA. ACM.

Naor, M., Ostrovsky, R., Venkatesan, R., and Yung, M. (1998). Perfect zero-knowledge arguments for np can be based on general complexity assumptions (extended abstract). JOURNAL OF CRYPTOLOGY, 11:87–108.

Nelson, B. A. (2010) “Behavior of Machine Learning Algorithms in Adversarial Environments”. PhD. Thesis, University of California, Berkeley, 244 páginas.

NetMarketShare (2011). <http://www.netmarketshare.com/>. Último acesso em 23/09/2011.

Nguyen, H-V., Choi, Y. (2010), “Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDoS Framework”, International Journal of Electrical and Electronics Engineering, Vol. 4 (4), pp. 247-252.

Nguyen, T. T. T., Armitage, G. (2008). “A Survey of Techniques for Internet Traffic Classification using Machine Learning”. IEEE Communication Surveys and Tutorials.Vol. 10 (4), pp. 56-76.

Nicholas Falliere, Liam O. Murchu, Eric Chien. Symantec Stuxnet Report: W32.Stuxnet Dossier. Report, Symantec, October 2010.

Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham. A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode, WORM ’03, pages 11–18, New York, NY, USA, 2003. ACM.

Nicolas Fallieri, Liam O. Murchu, and Eric Chien. W32.stuxnet dossier. [link], 2011.

Nimbus (2011). Nimbus - University of Chicago. Disponível em: http://www.nimbusproject.org/. Acessado em 2 de Setembro de 2011.

Ning (2010). Ning Inc. Disponível em: www.ning.com. Acessado em 23 de Agosto de 2011.

Nirsoft (2011). <http://www.nirsoft.com/>. Último acesso em 22/09/2011.

Norman Sandbox. Norman sandbox whitepaper. http://download.norman.no/whitepapers/whitepaper_Norman_SandBox.pdf, 2003.

OASIS (2005). eXtensible Access Control Markup Language (XACML) Version 2.0. Technical report. Disponível em: http://docs.oasis-open.org/xacml/2.0. Acessado em 9 de Setembro de 2011.

OASIS (2006). UDDI 101. Disponível em: http://uddi.xml.org/uddi-101. Acessado em 5 de Setembro de 2011.

OASIS (2008). Security Assertion Markup Language (SAML) V2.0 Technical Overview. Technical report. Disponível em: http://docs.oasis-open. org/security/saml/v2.0. Acessado em 17 de Agosto de 2011.

OASIS (2011). SPML. Disponível em: [link]. Acessado em 9 de Setembro de 2011.

OAuth Community (2010). The OAuth 1.0 Protocol. Technical report. Disponível em: http://tools.ietf.org/html/rfc5849. Acessado em 18 de Agosto de 2011.

OAuth Community (2011). The OAuth 1.0 Guide. Disponível em: http://hueniverse.com/oauth/guide/intro/. Acessado em 2 de Agosto de 2011.

Olden, E. (2011). Architecting a Cloud-Scale Identity Fabric. volume 44, pages 52–59. Journal Computer - IEEE Computer Society.

Open Grid Forum (2009). Occi - open cloud computing interfaces. Disponível em: http://occi-wg.org/. Acessado em 10 de Agosto de 2011.

OpenID Foundation (2011). OpenID. Disponível em: http://openid.net/get-an-openid/what-is-openid/. Acessado em 2 de Setembro de 2011.

OpenNebula (2010). OpenNebula. Disponível em: http://opennebula.org. Acessado em 10 de Setembro de 2011.

OpenVZ (2010). OpenVZ Wiki. Disponível em: http://wiki.openvz.org. Acessado em 10 de Agosto de 2011.

Oracle (2010). Virtualbox. Disponível em: http://www.virtualbox.org. Acessado em 10 de Agosto de 2011.

OWASP, The Open Web Security Project (2010) “Cross-site Scripting (XSS)”, Disponível em [link].

Palmer, G. (2001). A Road Map for Digital Forensic Research. Technical Report DTR - T001-01 FINAL, DFRWS. Report from the First Digital Forensic Research Workshop (DFRWS).

Paul Baecher, Thorsten Holz, Markus Kötter, Georg Wicherski. The Malware Collection Tool (mwcollect). Página na internet, 2011. http://www.mwcollect.org/.

Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J. (2007), “Modeling Intrusion Detection System Using Hybrid Intelligent Systems”, Journal of Network and Computer Applications, vol. 30, pp. 114-132.

Peng Li, Limin Liu, Debin Gao, and Michael K. Reiter. On challenges in evaluating malware clustering. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection, RAID’10, pages 238–255, Berlin, Heidelberg, 2010. Springer-Verlag.

Pfitzmann, B. and Waidner, M. (1994). A general framework for formal notions of "secure"systems. In SYSTEM, HILDESHEIMER INFORMATIK-BERICHTE 11/94, UNIVERSITAT.

Pfitzmann, B. and Waidner, M. (2000). Composition and integrity preservation of secure reactive systems. In In Proc. 7th ACM Conference on Computer and Communications Security, pages 245–254. ACM Press.

Pfitzmann, B., Schunter, M., and Waidner, M. (2000). Secure reactive systems.

Phoha, V. V. (2002). “Springer Internet Security Dictionary”, Springer- Verlag, 320 páginas.

Ping Identity (2010a). About Identity Federation and SSO. Disponível em: http://pingidentity.com. Acessado em 20 de Setembro de 2011.

Ping Identity (2010b). OpenID Tutorial. Disponível em: https://www.pingidentity.com/resource-center/openid.cfm. Acessado em 20 de Setembro de 2011.

Prosise, C., Mandia, K., and Pepe, M. (2003). Incident Response & Computer Forensics, 2nd Ed. McGraw-Hill, Inc., New York, NY, USA, 2 edition.

Qinghua Zhang and D.S. Reeves. Metaaware: Identifying metamorphic malware. In Computer Security Applications Conference. ACSAC 2007., pages 411–420, dec. 2007.

Quinlan, J. R. (1993) “C4.5, Programs for machine learning”. Morgan Kaufmann, San Mateo, Ca.

R ieck, K., K rueger, T ., D ewald, A . ( 2010), “Cujo: Effcient Detection and Prevention of Drive-by-Download Attacks”, Em 26thAnnual Computer Security Applications Conference 2010 (ACSAC 2010), pp. 31-39.

Rabin, M. (1981). How to exchange secrets using oblivious transfer. Technical report, Tech. Memo TR-81, Aiken Computation Laboratory, Harvard University.

Rabiner, L.R. (1989) “A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition”, Proceedings of the IEEE , Vol. 77 (2), pp. 257-286.

Rackoff, C. and Simon, D. R. (1992). Non-interactive zeroknowledge proof of knowledge and chosen ciphertext attack. In Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’91, pages 433–444, London, UK. Springer-Verlag.

Rackspace (2010). Openstack cloud software. Disponível em: https://www.openstack.org. Acessado em 10 de Setembro de 2011.

Reith, M., Carr, C., and Gunsch, G. (2002). An Examination of Digital Forensic Models. International Journal of Digital Evidence, 1(3).

Rhodes, B., Mahaffey, J., Cannady, J. (2000). “Multiple Self- Organizing Maps for Intrusion Detection”, Em Proceedings of the 23rd National Information Systems Security Conference.

Rich, E. Knight, K. (1991). “Artificial Intelligence”, McGraw- Hill.

Richardson, R. (2010) CSI/FBI Computer Crime Survey. Em 15th Annual 2010/2011 Computer Crime and Security, 44 páginas.

Rieck, K., Holz, T., Willems, C., Dussel, P., Laskov, P. (2008) “Learning and Classification of Malware Behavior”, Em Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA '08), pp. 108-125.

Rivest, R. (1992). The MD5 message-digest algorithm (RFC1321).

RNP (2011). CAFe - Comunidade Acadêmica Federada. Disponível em: http://www.rnp.br/servicos/cafe.html. Acessado em 15 de Setembro de 2011.

Rogers, M. K., Mislan, R., Goldman, J., Wedge, T., and Debrota, S. (2006). Computer forensics field triage process model. In Conference on Digital Forensics, Security and Law, pages 27–40.

Ruibin, G. and Gaertner, M. (2005). Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework. International Journal of Digital Evidence, 4(1).

Saha, S. (2009). “Consideration Points: Detecting Cross-Site Scripting”, International Journal of Computer Science and Information Security (IJCSIS), Vol. 4, No. 1 & 2.

Salesforce (2010). Disponível em: http://salesforce.com. Acessado em 2 de Setembro de 2011.

Sanglerdsinlapachai, N., Rungsawang, A. (2010) “Web Phishing Detection Using Classifier Ensemble”, Em Proceedings of the 12th ACM International Conference on Information Integration and Web-based Applications & Services (iiWAS2010), pp. 210-215.

Scavo, T. and Cantor, S. (2005). Technical report. Disponível em: [link]. Acessado em 13 de Agosto de 2011.

Schultz, M., Eskin, E., Zadok, F., Stolfo, S. (2001).“Data Mining Methods for Detection of New Malicious Executables”, Em Proceedings of the 22nd IEEE Symposium on Security and Privacy, pp. 38–49.

Seungwon Shin, Guofei Gu. Conficker and beyond: a large-scale empirical study. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC ’10, pages 151–160. ACM, 2010.

Seungwon Shin, Raymond Lin, and Guofei Gu. Cross-analysis of botnet victims: New insights and implications. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID’11)), September 2011.

Shelly, G. B. and Frydenberg, M. (2010). Web 2.0: Concepts and Applications. Course Technology.

Sheng, S., Wardman, B., Warner, G., Cranor, L. F., Hong, J., Zhang, C. (2009) “An Empirical Analysis of Phishing Blacklists”, Em Proceedings on Conference on Email and Anti-Spam (CEAS 09).

Shoup, V. (1999). On formal models for secure key exchange. Technical report.

Smith, R. (2007) “An Overview of the Tesseract OCR Engine”.Em Proceedings of International Conference on Document Analysis and Recognition.

Sommer, R. e Paxson, V. (2010) “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection”. Em Proceedings of the IEEE Symposium on Security and Privacy 2010, pp. 305-316.

Souza, E. P., Monteiro, J. A. S (2009), “Estudo Sobre Sistema de Detecção de Intrusão por Anomalias, uma Abordagem Utilizando Redes Neurais”. Em XIV Workshop de Gerência e Operação de Redes e Serviços - WGRS. Sociedade Brasileira de Redes de Computadores – SBRC.

Stallings, W. (2011). Cryptography and Network Security: Principles and Practice. Pearson Education.

Steding-Jessen, K. (2008). Uso de Honeypots para o estudo de Spam e Phishing (Doutorado). Tese, INPE - Instituto Nacional de Pesquisas Espaciais.

Stoller, S. D. (2011). XACML. Disponível em: http://www.cs.sunysb.edu/ stoller/cse608/6-XACML.pdf. Acessado em 14 de Agosto de 2011.

Suess, J. and Morooney, K. (2009). Identity Management and Trust Services: Foundations for Cloud Computing. Technical report. Disponível em: http://www.educause.edu/node/178404. Acessado em 10 de Setembro de 2011.

Switch (2011). SWITCH - Serving Swiss Universities. Disponível em: http://www.switch.ch. Acessado em 2 de Setembro de 2011.

Thangasamy, I. (2011). OpenAM. Packt Publishing.

The jaccard index. http://en.wikipedia.org/wiki/Jaccard_index, 2011.

Theodoridis, S., Koutroumbas, K. (2006). “Pattern Recognition”, 3rd Edition. Academic Press.837 páginas.

Thomas Raffetseder, Christopher Krugel, and Engin Kirda. Detecting System Emulators. In ISC, pages 1–18, 2007.

Thorsten Holz, Markus Engelberth, Felix Freiling. Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones. Reihe informatik tr-2008-006, University of Mannheim, 2008.

Tian, L., Jianwen, W. (2009), “Research on Network Intrusion Detection System Based on Improved K-means Clustering Algorithm”.Em Internacional Forum on Computer Science – Technology and Applications (IFCSTA 2009). IEEE Computer Science, Vol. 1, pp. 76-79.

Tom Liston and Ed Skoudis. On the Cutting Edge: Thwarting Virtual Machine Detection., 2006. [link].

Tsai, C., Hsu, Y., Lin, C., Lin, W. (2009), “Intrusion Detection b y Machine Learning” Expert Systems with Applications, vol. 36, pp. 11994-12000.

Tsai, C., Lin, C. (2010). “A Triangle Area Based Nearest Neighbors Approach to Intrusion Detection”.Pattern Recognition, Vol. 43, pp. 222-229.

Turner, P. (2005). Digital provenance - interpretation, verification and corroboration. Digital Investigation, 2:45–49.

Twitter (2011). Using OAuth 1.0a. Disponível em: https://dev.twitter.com/docs/auth/oauth. Acessado em 20 de Setembro de 2011.

Tygar, J.D. (2011) “Adversarial Machine Learning”. IEEE Internet Computing, Vol. 15 (5), pp. 4-6.

Ulrich Bayer, Christopher Kruegel, and Engin Kirda. TTanalyze: A Tool for Analyzing Malware, 2006.

Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauscheck, Christopher Kruegel, and Engin Kirda. Scalable, Behavior-Based Malware Clustering. In 16th Symposium on Network and Distributed System Security (NDSS), 2009.

Unruh, D. and Müller-Quade, J. (2009). Universally composable incoercibility. Cryptology ePrint Archive, Report 2009/520. http://eprint.iacr.org/.

Vapnik, V. N. (1995) The Nature of Statistical Learning Theory. Springer, Berlin Heidelberg New York.

Veras, M. (2009). Datacenter:Componente Central da Infraestrutura de TI.

Verdi, F., Rothenberg, C. E., Pasquini, R., and Magalhães, M. F. (2010). Novas Arquiteturas de Data Center para Cloud Computing. XXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos - Gramado - RS.

Vincent, L. (2007) “Google Book Search: Document Understandingon a Massive Scale”. Em International Conference on Document Analysis and Recognition (ICAR 2007), pp. 819-823

Virtualbox, Julho 2011. http://www.virtualbox.org/.

VMware Inc. (2011). VMware. Disponível em: http://www.vmware.com. Acessado em 22 de Agosto de 2011.

Vmware, Julho 2011. http://www.vmware.com/.

Volatility (2011). <https://www.volatilesystems.com/default/volatility. Último acesso em 22/09/2011.

Wang, J-H., Deng, P.S., Fan, Y-S., Jaw, L-J., Liu, Y-C. (2003), “Virus Detection Using Data Mining Techniques”, Em Proceedings of the 37th International Conference on Security Technology, pp. 71-76.

Wangham, M. S., de Mello, E. R., da Silva Böger, D., Gueiros, M., and da Silva Fraga, J. (2010). Gerenciamento de Identidades Federadas. In Minicurso - SBSeg 2010 - Fortaleza - CE.

Warnke, R. and Ritzau, T. (2010). qemu-kvm & libvirt. Books on Demand GmbH.

Windley, P. (2005). Digital Identity. O’Reilly.

Windows Azure (2010). Windows Azure Platform. Disponível em: http://www.microsoft.com/windowsazure. Acessado em 2 de Setembro de 2011.

Witten, I.H., Frank, E. (2000) “Data Mining: Practical Machine Learning tools and Techniques with Java Implementations”. Morgan Kaufmann.

Wu, S. (2009) “Behavior-based Spam Detection Using a Hybrid Method of Rule-based Techniques and Neural Networks”, Expert Systems with Applications, Vol. 36 (3), pp. 4321-4330.

Wu, Y-C., Tseng, H-R., Yang, W., Jan, R.H. (2011) “DDoS detection and traceback with decision tree and grey relational analysis”, International Journal Ad Hoc and Ubiquitous Computing, Vol. 7 (2), pp.121–136.

Xen (2010). Xenserver. Disponível em: http://www.citrix.com. Acessado em 10 de Setembro de 2011.

Xia, D. X., Yang, S. H. e Li, C. G., (2010). “Intrusion Detection System Based on Principal Component Analysis and Grey Neural Networks”. Em 2nd International Conference on Networks Security Wireless Communications and Trusted Computing, pp. 142-145.

Xiang, Y., Zhou, W. (2005), “A Defense System against DDoS Attacks by Large-Scale IP Traceback”, Third International Conference on Information Technology and Applications (ICITA'05), pp. 431-436.

Xiao, H., Hong, F., Zhang, Z., Liao, J. (2007). “Intrusion Detection Using Ensemble of SVM Classifier”. Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FKSD 2007), pp. 45-49.

Xu, X., Sun, Y., Huang, Z. (2007) “Defending DDoS Attacks Using Hidden Markov Models and Cooperative Reinforcement Learning”, Em (PAISI) Pacific Asia Workshop on Intelligence and Security Informatics, pp. 196–207.

Yao, A. C. (1982). Theory and applications of trapdoor functions. In 23rd Annual Symposium on Foundations of Computer Science, pages 80–91, Chicago, Illinois. IEEE Computer Society Press.

Ye, Y., Wang, D., Li, T., Ye, D. (2007), “IMDS: Intelligent Malware Detection System”. Em Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '07), pp. 1043-1047.

Younghee Park, Douglas Reeves, Vikram Mulukutla, and Balaji Sundaravel. Fast malware classification by automated behavioral graph matching. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW ’10, pages 45:1–45:4, New York, NY, USA, 2010. ACM.

Yue, C., Wang, H. (2009) “Charatering Insecure JavaScript Practice on the Web. Em 18th International Conference on the World Wide Web.

Zappert, F. e. a. (2010). Cloud Computing Use Cases White Paper - Version 4.0. Technical report.

Zhang, T., Ramakrishnan, R., & Livny, M., (1996) “BIRCH: An Efficient Data Clustering Method for Very Large Databases”, Em Proceedings of the ACM SIGMOD.

Zhong, R., Yue, G. (2010) “DDoS Detection S ystem Based on Data Mining”, Em Proceedings of the Second International Symposium on Networking and Network Security (ISNNS ’10), pp. 062-065.

Downloads

Publication date

November 6, 2011

Details about the available publication format: Full Volume

Full Volume

ISBN-13 (15)

978-85-7669-259-1