Português English
 
 
   

   

PROGRAMAÇÃO
2ª-feira
27/08
3ª-feira
28/08
4ª-feira
29/08
5ª-feira
30/08
6ª-feira
31/08
08:00 Inscrição/Recepção MC1
MC2
08:30 SI1 SI5 ST1 ST4 MC1
WCAP WTICG
WCAP ST5 MC2
WCAP
10:00 Coffee-Break
10:20 SI2 SI6 ST2 ST6 MC1
WCAP WTICG
WCAP MC2
WCAP
12:20 Almoço Reunião
CE SEG 1
 
13:40 SI3 SI7 ST3 T1 MC3
WCAP WTICG
WCAP
WCAP MC4
15:40 Coffee-Break
16:00 SI4 Premiação
WTICG
KN1
T1
KN3
MC3
WCAP
SI8
17:00 SI4 ABERTURA OFICIAL   MC4
WCAP
18:00   Coquetel   Premiação ST  
19:00  

 

  Reunião
CE SEG 2
 
20:30     Jantar de Confraternização    

SI: Workshop em Segurança da Informação - SegInfo (Auditório do Roxinho)
ST1: Sessão técnica (Auditório do Roxinho)
ST2: Sessão técnica (Auditório do Roxinho)
ST3: Sessão técnica (Auditório do Roxinho)
ST4: Sessão técnica (Auditório do Roxinho)
ST5: Sessão técnica (Salão Nobre do CCMN)
ST6: Sessão técnica (Auditório do Roxinho)  
WCAP: Workshop on Cryptographic Algorithms and Protocols (Salão Nobre do CCMN)            
WTICG:  Workshop de Trabalhos de Iniciação Científica e de Graduação (Auditório Maria Irene Mello/NCE)
KN: Key Notes Speakers (Auditório do Roxinho)
T1:
Tutorial do SBSEG (Auditório do Roxinho)              
MC1: Minicursos (Auditório do Roxinho)
MC2: Minicursos (Salão Nobre do CCMN)
MC3: Minicursos (Salão Nobre do CCMN)
MC4: Minicursos (Auditório do Roxinho)
Reunião CE SEG 1 (NCE/MBI)
Reunião CE SEG 2 (Hotel Luxor)
Abertura Oficial (Auditório do Roxinho)
Coquetel (Salão Nobre do CCMN)
Jantar de Confraternização (Forte de Copacabana)
         

SEGINFO
Horário Segunda - 27/08
09:00 – 10:00 Palestra Policial sobre aspectos da Segurança da Informação
(aguardando confirmação)
Demétrius Gonzaga de Oliveira
10:00 – 10:20 Coffee Break
10:20 – 11:20 “Estudo de caso sobre os problemas ocorridas
nas eleições de Alagoas em 2006.”
Clovis Torres Fernandes (ITA)
11:20 - 12:20 “O Brasil contra o Cibercrime.”
Jose Henrique Santos Portugal
12:20 – 13:40 Almoço
13:40 – 14:40 “Propagação de Malware através de Software Pirata.”
Jacomo Dimmit Boca Piccolini (CAIS/RNP)
14:40 - 15:40 “Propagação de Malware através de Software Pirata.”
Jacomo Dimmit Boca Piccolini (CAIS/RNP)
15:40 – 16:00 Coffee Break
16:00 – 18:00 “Aspectos jurídicos relacionados à Segurança da Informação.”
Omar Kaminski (CAIS/RNP)
 
Horário Terça - 28/08
08:40 – 10:00 “Aplicabilidades de criptografia baseada na identidade.”
Mehran Misaghi
10:00 – 10:20 Coffee Break
10:20 – 11:20 “Caixa de Ferramentas do Auditor de Redes Wi-Fi.”
Ronaldo Castro de Vasconcellos (CAIS/RNP)
11:20 - 12:20 “Covert channels: o que são, o que fazem e como se prevenir contra eles.”
Ivo de Carvalho Peixinho (Polícia Federal)
12:20 – 13:40 Almoço
13:40 – 15:40 “Blackberry e a Segurança Nacional”
Nelson Murilo de O. Rufino (Pangeia)


 Programação do WTICG – 28 de agosto de 2007

8h30 - 10h - WTICG 1: Algoritmos e Técnicas Criptográficas
Chair: Jorge Nakahara

Implementação em Hardware do Algoritmo MD5 - Melhoria em Termos de Área, Freqüência do Relógio e Consumo de Potência
Joao Oliveira, UERGS
Fernanda Kastensmidt, UFRGS

Curvas Elípticas: Aplicação em Criptografia Assimétrica
Pedro Lara, Fábio Borges, LNCC

Uma implementação de Infra-estrutura em Chaves Públicas Temporal
Guilherme Steinmann, UFSC
Geovani Ferreira da Cruz, UFSC

10h30 - 11h30  - WTICG 2: Biometria e Sistemas Biométricos
Chair: Michelle Wangham

Sistema para Aquisição e Transferência Segura de Dados
Danilo Pinheiro da Silveira, UNIVEM
Marcio Delamaro, UNIVEM

Dinâmica da Digitação Aplicada a Ambientes Web
Rodrigo Pavezi, Rafael Andrade, Douglas Dyllon J. de Macedo, Aldo Wangenheim, UFSC

13:40 - 15:40  WTICG 3: Segurança de Sistemas
Chair: José Eduardo Brandão

Sistema de Monitoramento Remoto de Segurança (SMRS)
Tiago Barabasz, Vitor Afonso, Antonio Montes, CenPRA/MCT

Análise de Artefatos Maliciosos
Angelo Carvalho, UNICAMP; Luiz Otávio Duarte, CenPRA/MCT; Marcelo Carvalho Sacchetin, Antonio Montes, CenPRA/MCT

Aplicação web para cadastro e gerenciamento integrado de usuários com o protocolo LDAP
André Proto, Isabela de Oliveira,Allan Calderon, Eli de Melo, Adriano Cansian, UNESP

Implementação de um Modelo de Transposição de Autenticação para Serviços Web
Davi Böger, Joni da Silva Fraga, UFSC; Michelle Wangham, UNIVALI

 

SESSÕES TÉCNICAS - SBSeg 2007
Quarta-Feira, 29 de agosto, 2007  8:30
ST1: Segurança em Aplicações Chair: Paulo de Geus
SecBox: Uma abordagem para segurança de set-top boxes em TV Digital
Diego Carvalho, Mateus Milanez - USP, Brasil
; Mario Avelino - SCC-ICMC-USP, Brasil; Sarita Bruschi, Rudinei Goularte - ICMC - USP, Brasil.

Reconhecimento de padrões de comportamento individual baseado no histórico de navegação em um Web Site
Luiz Fernando Rust da Costa Carmo, Danielle Costa - NCE/UFRJ, Brasil.

RAWVec A Method for Watermarking Vector Maps
Douglas Marques, CGU – Controladoria Geral da União, Brasil
; Karina Magalhães, Ricardo Dahab - UNICAMP, Brasil.

Quarta-Feira, 29 de agosto, 2007  10:20
ST2: Algoritmos e Técnicas Criptográficas Chair: Jorge Nakahara Junior
Linear Analysis of reduced-round CAST-128 and CAST-256
Jorge Nakahara Junior - Unisantos, Brasil;
Mads Rasmussen - USP, Brasil.

Uma versão mais forte do algoritmo RC6 contra criptanálise qui-quadrado
Routo Terada,
Eduardo Takeo Ueda - USP, Brasil.

Anonymous one-time broadcast using non-interactive dining cryptographer nets with applications to voting
Jeroen van de Graaf - UFMG, Brasil.

Strand spaces and fair exchange: More on how to trace attacks and security problems
Fabio Piva,
José Roberto Monteiro, Ricardo Dahab - UNICAMP, Brasil.
Quarta-Feira, 29 de agosto, 2007  13:40
ST3: Detecção de Ataques e Análise de Risco Chair: Otto Carlos Muniz Bandeira Duarte
Avaliação de proteção contra ataques de negação de serviço distribuídos (DDoS) utilizando Lista de IPs Confiáveis
Luis Eduardo Oliveira, Rafael Aschoff, Bruno Lins,
Eduardo Feitosa, Djamel H. Sadok - UFPE, Brasil.

Uma Proposta de Marcação de Pacotes para Rastreamento Robusto a Ataques
Marcelo D. D. Moreira,
Otto Carlos Muniz Bandeira Duarte - UFRJ, Brasil; Rafael Laufer - UCLA, EUA; Pedro Velloso - UPMC, França.

Detecção de ataques de negativa de serviço por meio de fluxos de dados e sistemas inteligentes
Adriano M. Cansian,
Jorge Corrêa - UNESP, Brasil.

Métricas e Artefatos para a Priorização de Investimentos no Ajuste de Conformidade à Norma ISO 17799
Reinaldo Correia, André H. I. Azevedo, Luiz Fernando Rust da Costa Carmo - NCE/UFRJ, Brasil.

 

Quinta-Feira, 30 de agosto, 2007  08:30
ST4: Segurança em Grades Computacionais e Redes P2P Chair: Carlos Maziero
Plataforma para efetivação de múltiplas políticas de controle de acesso em ambientes de grade computacional
Leonardo Mattes, Leonardo Militelli, João Antonio Zuffo - USP, Brasil.

Avaliação de Confiança Contextual em Grades Computacionais Multimodo usando Plataformas Seguras
Ricardo de Barros Costa, Luiz Fernando Rust da Costa Carmo - NCE/UFRJ, Brasil.


Corrupção, Mentiras e Isolamento: avaliação de impacto de ataques a BitTorrent
Rodrigo B. Mansilha, Marlom A. Konrath, Marinho P. Barcellos - UNISINOS, Brasil.

ST5: Artigos Curtos Chair: Luci Pirmez
Blindagem de uma Grade Computacional utilizando TPM e Sandbox
Roberto Nemirovsky, Luiz Fernando Rust da Costa Carmo - NCE/ UFRJ, Brasil.

Merging Pret-a-Voter and PunchScan
Jeroen van de Graaf - UFMG, Brasil.


Certificados Otimizados para a validação eficiente da Assinatura Digital
Adriana Elissa Notoya, Ricardo Felipe Custódio, Fernando Carlos Pereira, Joni da Silva Fraga - UFSC, Brasil.


Avaliando Protocolos de Criptografia baseada em Emparelhamentos em Redes de Sensores Sem Fio
Leonardo B. Oliveira,
Felipe Daguano, Ricardo Dahab - UNICAMP, Brasil.
Quinta-Feira, 30 de agosto, 2007  10:20
ST6: Modelos de Segurança Chair: Marinho Barcellos
Um Modelo Pragmático de Separação de Responsabilidades para o Controle de Acesso Baseado em Papéis
Bruno C. B. Figueiredo, Gustavo H. M. B. Motta - UFPB, Brasil.


Implementação de políticas UCON em um núcleo de sistema operacional
Rafael Coninck Teigao, Carlos A. Maziero, Altair Santin - PUC-PR, Brasil.

Extensões ao Modelo RBAC de Restrições para suporte a Obrigações do UCONabc
Edemilson Silva, Altair Santin,
Edgard Jamhour, Carlos A. Maziero - PUC-PR, Brasil; Emir Toktar - University of Paris VI, França.

Um Serviço de Autorização Java EE Baseado em Certificados de Atributos X.509
Stefan Guilhen,
Francisco Reverbel - USP, Brasil.

 

Key Notes
K1 - 29/8 (16h) - Prof. Claude Crépeau (MCGill University, Canadá)
Título da palestra: Cryptography of quantum information
CANCELADO!
K2 - 29/8 (17h) - Prof. Michel Abdalla (École Normale Supérieure, França)
Título da palestra: Password-based Authentication

Abstract:Password-based authenticated key exchange protocols are designed to be secure even when the secret key used for authentication is drawn from a small set of values (e.g., a 4-digit pin code). The main advantage of these protocols is that they do not require intricate authentication infrastructures since the secret key, which is called a password in this case, is easy to emember. Unfortunately, password-based protocols are always subject to attacks in which the adversary may succeed with non-negligible probability by simply guessing the password shared between users during its online attempt to impersonate one of these users. The main goal of password-based authenticated key exchange protocols is to restrict the adversary to this case only.

In this talk, I will consider some of the main difficulties in designing key exchange protocols based on passwords. I will start by reviewing some of the existing solutions in the 2-party case and then I will proceed to the case of authenticated group key exchange protocols based on passwords. When doing so, I will also show why some of these protocols are not secure. Finally, I will conclude my talk by presenting some interesting open problems related to password-based authentication.

 
K3 - 30/8 (17h) - Prof. Benoît Libert (Université Catholique de Louvain, Bélgica)
Título da palestra: Applications of Pairings in Cryptography
Abstract: Since their first uses for constructive purposes in 2000, pairings have given rise to a couple of new constructions and cryptographic protocols. The talk will illustrate this impact and give a survey of the nice applications permitted by pairings. We will also briefly discuss related underlying intractability assumptions.

 

TUTORIAIS

T1: Securing ad hoc networks and vehicular communications

Panagiotis Papadimitratos

 

Part I (2h)

Our network access habits have been changing significantly over the last few years: 20 million wireless-enabled computers and 150 thousand locations for wireless broadband Internet access were available worldwide in 2006. At the same time, an increasing number of wireless community networks are being deployed, portable digital assistants are equipped with radio and infrared transceivers, cellular telephones offer alternative ways of data communication, and wireless sensing and actuating devices are becoming commonplace at home and in factories and hospitals. Overall, the network itself undergoes a gradual transformation: devices collaborate to support basic networking operations, i.e., routing and data forwarding and dissemination, essentially becoming the network.

Mobile ad hoc networking will play a central role, enabling communication across multiple wireless links (hops) in a self-organized manner, without a fixed infrastructure. However, assuming that network entities participate voluntarily and assist the network operation is utopian, as experience from the (wire-line) Internet teaches. Compared to traditional networks, ad hoc networking infrastructures are less protected and hard to monitor and manage. The challenge lies exactly in securing the ad hoc network operation, because any malicious or selfish network entity can disrupt, degrade, or even deny communication of other entities. Security is paramount for both civilian and tactical applications. Users would have no incentive to embrace new products if, for example, they cannot access their services and get the quality they pay for or if their privacy is at stake. Similarly, a General or a Police Commissioner would not endorse networking technologies that do not guarantee secure and reliable communications in a battlefield or an emergency situation.

In the first part of the tutorial, we discuss why it is necessary to redesign security for ad hoc networks, and present basic concepts and protocols from the literature on how to thwart attacks. We focus on fundamental security issues, including: the establishment of secure associations among nodes, the secure discovery of communication paths in the network, that is, of neighbor and route discovery, and the security of data communications.

Part II (1h)

Vehicular communications (VCs) and vehicular ad hoc networks (VANETs) lie at the core of several on-going industry and academic research initiatives. Vehicles and roadside infrastructure units equipped with sensors, computers, and wireless transceivers enable a range of applications that enhance transportation safety and efficiency. VCs offer a rich set of tools but also make possible a formidable set of abuses. For example, an adversary could 'contaminate' large portions of the VANET with false information; or, intercept vehicle-originating messages, track the vehicle location and transactions, and infer sensitive information about their passengers. Without security mechanisms, VCs can make antisocial and criminal behavior easy, essentially jeopardizing the benefits of the VCs systems deployment.

In the second part of the tutorial, we discuss this new and uniquely constrained problem: how to secure vehicular communications. First, we discuss design principles and requirements as well as elements of a secure VCs architecture. Then, we present mechanisms that safeguard different aspects of the VCs system operation, including mechanisms to enhance privacy yet provide strong security, to secure communication, to evict misbehaving or faulty nodes, and to extend the traditional notion of trust to data-centric trust, that is, attribute trustworthiness to node-reported data per se. The presented results reflect recent work, jointly with researchers of the Univ. of Maryland and the Pol. of Torino, as well as the SeVeCom and Car-2-Car communication consortia.
 
Panagiotis Papadimitratos received his PhD degree in Electrical and Computer Engineering from Cornell University Ithaca, NY, in 2005. He joined then the Department of Electrical and Computer Engineering at Virginia Tech, Blacksburg, VA, as a research associate. Panos is currently a senior researcher with the School of Computer and Communication Sciences at EPFL. His research is concerned with networking protocols, network security, ad hoc and sensor networks, and wireless and mobile systems. He has authored more than 40 technical publications on these topics. He has served in the technical program committees of numerous conferences and workshops, among which are ACM ASIACCS, ACM WiSec, ACM VANET, and IEEE MASS. He has delivered several invited talks and lectures, including a tutorial on security and cooperation in wireless networks delivered at ACM MobiCom 2007. His personal website is http://people.epfl.ch/panos.papadimitratos.

 

 

Realização: Núcleo de Computação Eletrônica