Capítulos de Livro
2024
WebAssembly: Uma Introdução Book Section
Tiago Heinrich; Beatriz Michelson Reichert; Newton Carlos Will; Carlos Alberto Maziero; Rafael Rodrigues Obelheiro
Em: de Aragão Rocha, Antonio A.; Campos, Carlos Alberto Vieira; Passos, Diego; Menasché, Daniel S.; Abelém, Antônio Jorge Gomes; da Silva, Ana Paula Couto (Ed.): pp. 228–276, SBC, Niterói, RJ, Brazil, 2024, ISBN: 978-85-7669-608-7.
@incollection{heinrich2024webassembly,
title = {WebAssembly: Uma Introdução},
author = {Tiago Heinrich and Beatriz Michelson Reichert and Newton Carlos Will and Carlos Alberto Maziero and Rafael Rodrigues Obelheiro},
editor = {Antonio A. de Aragão Rocha and Carlos Alberto Vieira Campos and Diego Passos and Daniel S. Menasché and Antônio Jorge Gomes Abelém and Ana Paula Couto da Silva},
doi = {10.5753/sbc.15408.7.6},
isbn = {978-85-7669-608-7},
year = {2024},
date = {2024-05-24},
urldate = {2024-05-24},
pages = {228--276},
publisher = {SBC},
address = {Niterói, RJ, Brazil},
chapter = {6},
abstract = {Na última década os navegadores Web se tornaram um recurso indispensável para usuários acessarem a Internet e realizarem atividades cotidianas. Ao decorrer deste período diferentes recursos foram propostos para ganho de desempenho, segurança e praticidade no desenvolvimento de aplicações Web. Um destes recursos é o WebAssembly, que é um formato binário e portátil. Neste capítulo, será introduzido toda uma contextualização da história da Web até o estado atual, com o foco em introduzir o formato WebAssembly e impacto que este novo recurso traz para a Web. Discutindo sobre fatores de performance, segurança, tendências recentes e problemas abertos.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Na última década os navegadores Web se tornaram um recurso indispensável para usuários acessarem a Internet e realizarem atividades cotidianas. Ao decorrer deste período diferentes recursos foram propostos para ganho de desempenho, segurança e praticidade no desenvolvimento de aplicações Web. Um destes recursos é o WebAssembly, que é um formato binário e portátil. Neste capítulo, será introduzido toda uma contextualização da história da Web até o estado atual, com o foco em introduzir o formato WebAssembly e impacto que este novo recurso traz para a Web. Discutindo sobre fatores de performance, segurança, tendências recentes e problemas abertos.
2021
Trusted Client-Side Encryption for Cloud Storage Book Section
Marciano da Rocha; Dalton Cézane Gomes Valadares; Angelo Perkusich; Kyller Costa Gorgonio; Rodrigo Tomaz Pagno; Newton Carlos Will
Em: Ferguson, Donald; Pahl, Claus; Helfert, Markus (Ed.): Cloud Computing and Services Science, vol. 1399, pp. 1–24, Springer, Cham, Switzerland, 2021, ISBN: 978-3-030-72369-9.
@incollection{rocha2021trusted,
title = {Trusted Client-Side Encryption for Cloud Storage},
author = {Marciano da Rocha and Dalton Cézane Gomes Valadares and Angelo Perkusich and Kyller Costa Gorgonio and Rodrigo Tomaz Pagno and Newton Carlos Will},
editor = {Donald Ferguson and Claus Pahl and Markus Helfert},
doi = {10.1007/978-3-030-72369-9_1},
isbn = {978-3-030-72369-9},
year = {2021},
date = {2021-03-01},
urldate = {2021-03-01},
booktitle = {Cloud Computing and Services Science},
volume = {1399},
pages = {1--24},
publisher = {Springer},
address = {Cham, Switzerland},
chapter = {1},
series = {Communications in Computer and Information Science book series},
abstract = {Nowadays, users are delegating the data storage to cloud services, due to the virtually unlimited storage, change history, broadband connection, and high availability. Despite the benefits and facilities, it is necessary to pay extra attention to data confidentiality and users’ privacy, as numerous threats aim to collect such information in an unauthorized manner. An approach to ensure data confidentiality is the use of client-side encryption, with the user taking control of the encryption keys and defining which files or data will be encrypted. This scheme is already explored by many applications on personal computers and also as a native feature in some smartphone operating systems, but are still susceptible to certain types of attacks. Aiming to improve the security of the client-side encryption approach, we propose to apply the Intel Software Guard Extensions (SGX) to perform data sealing, creating a secure vault that can be synchronized with any cloud storage service, while relying on the SGX to protect the key handling. To validate our proposal, we build a proof of concept based on the Cryptomator application, an open-source client-side encryption tool specially designed for cloud storage services. Our results show an overall performance better than the original Cryptomator application, with stronger security premises. Thus, our solution proved to be feasible and can be expanded and refined for practical use and integration with cloud synchronization services.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Nowadays, users are delegating the data storage to cloud services, due to the virtually unlimited storage, change history, broadband connection, and high availability. Despite the benefits and facilities, it is necessary to pay extra attention to data confidentiality and users’ privacy, as numerous threats aim to collect such information in an unauthorized manner. An approach to ensure data confidentiality is the use of client-side encryption, with the user taking control of the encryption keys and defining which files or data will be encrypted. This scheme is already explored by many applications on personal computers and also as a native feature in some smartphone operating systems, but are still susceptible to certain types of attacks. Aiming to improve the security of the client-side encryption approach, we propose to apply the Intel Software Guard Extensions (SGX) to perform data sealing, creating a secure vault that can be synchronized with any cloud storage service, while relying on the SGX to protect the key handling. To validate our proposal, we build a proof of concept based on the Cryptomator application, an open-source client-side encryption tool specially designed for cloud storage services. Our results show an overall performance better than the original Cryptomator application, with stronger security premises. Thus, our solution proved to be feasible and can be expanded and refined for practical use and integration with cloud synchronization services.
2017
Mecanismos de Segurança Baseados em Hardware: Uma Introdução à Arquitetura Intel SGX Book Section
Newton Carlos Will; Rafael Campra Reis Condé; Carlos Alberto Maziero
Em: Nunes, Raul Ceretta; Canedo, Edna Dias; de Sousa Júnior, Rafael Timóteo (Ed.): Minicursos do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pp. 49–98, SBC, Brasilia, DF, Brazil, 2017, ISBN: 978-85-7669-410-6.
@incollection{will2017mecanismos,
title = {Mecanismos de Segurança Baseados em Hardware: Uma Introdução à Arquitetura Intel SGX},
author = {Newton Carlos Will and Rafael Campra Reis Condé and Carlos Alberto Maziero},
editor = {Raul Ceretta Nunes and Edna Dias Canedo and Rafael Timóteo de Sousa Júnior},
doi = {10.5753/sbc.8410.6.2},
isbn = {978-85-7669-410-6},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {Minicursos do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais},
pages = {49--98},
publisher = {SBC},
address = {Brasilia, DF, Brazil},
chapter = {2},
abstract = {Data confidentiality is becoming more and more important to corporate and domestic computer users. In addition, it is extremely important to ensure security in the execution of applications that manipulate such data, which must have their confidentiality and integrity guaranteed. In this way, there are several solutions that aim to maintain the data confidentiality and integrity, as well as security in the execution of applications. This chapter presents a review of the most relevant hardware-based security mechanisms and their evolution, culminating with the presentation of the Intel SGX architecture.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Data confidentiality is becoming more and more important to corporate and domestic computer users. In addition, it is extremely important to ensure security in the execution of applications that manipulate such data, which must have their confidentiality and integrity guaranteed. In this way, there are several solutions that aim to maintain the data confidentiality and integrity, as well as security in the execution of applications. This chapter presents a review of the most relevant hardware-based security mechanisms and their evolution, culminating with the presentation of the Intel SGX architecture.
Artigos em Periódicos
2023
Intel Software Guard Extensions Applications: A Survey Journal Article
Newton Carlos Will; Carlos Alberto Maziero
Em: ACM Computing Surveys, vol. 55, iss. 14s, pp. 1–38, 2023, ISSN: 0360-0300.
@article{will2023csur,
title = {Intel Software Guard Extensions Applications: A Survey},
author = {Newton Carlos Will and Carlos Alberto Maziero},
doi = {10.1145/3593021},
issn = {0360-0300},
year = {2023},
date = {2023-04-14},
urldate = {2023-04-14},
journal = {ACM Computing Surveys},
volume = {55},
issue = {14s},
pages = {1--38},
abstract = {Data confidentiality is a central concern in modern computer systems and services, as sensitive data from users and companies are being increasingly delegated to such systems. Several hardware-based mechanisms have been recently proposed to enforce security guarantees of sensitive information. Hardware-based isolated execution environments are a class of such mechanisms, in which the operating system and other low-level components are removed from the trusted computing base. One of such mechanisms is the Intel Software Guard Extensions (Intel SGX), which creates the concept of enclave to encapsulate sensitive components of applications and their data. Despite being largely applied in several computing areas, SGX has limitations and performance issues that must be addressed for the development of secure solutions. This text brings a categorized literature review of the ongoing research on the Intel SGX architecture, discussing its applications and providing a classification of the solutions that take advantage of SGX mechanisms. We analyze and categorize 293 papers that rely to SGX to provide integrity, confidentiality, and privacy to users and data, regarding different contexts and goals. We also discuss research challenges and provide future directions in the field of enclaved execution, particularly when using SGX.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Data confidentiality is a central concern in modern computer systems and services, as sensitive data from users and companies are being increasingly delegated to such systems. Several hardware-based mechanisms have been recently proposed to enforce security guarantees of sensitive information. Hardware-based isolated execution environments are a class of such mechanisms, in which the operating system and other low-level components are removed from the trusted computing base. One of such mechanisms is the Intel Software Guard Extensions (Intel SGX), which creates the concept of enclave to encapsulate sensitive components of applications and their data. Despite being largely applied in several computing areas, SGX has limitations and performance issues that must be addressed for the development of secure solutions. This text brings a categorized literature review of the ongoing research on the Intel SGX architecture, discussing its applications and providing a classification of the solutions that take advantage of SGX mechanisms. We analyze and categorize 293 papers that rely to SGX to provide integrity, confidentiality, and privacy to users and data, regarding different contexts and goals. We also discuss research challenges and provide future directions in the field of enclaved execution, particularly when using SGX.
2022
Confidential Computing in Cloud/Fog-based Internet of Things Scenarios Journal Article
Dalton Cézane Gomes Valadares; Newton Carlos Will; Marco Aurelio Spohn; Danilo Freire de Souza Santos; Angelo Perkusich; Kyller Costa Gorgonio
Em: Internet of Things, vol. 19, pp. 100543, 2022, ISSN: 2542-6605.
@article{valadares2022confidential,
title = {Confidential Computing in Cloud/Fog-based Internet of Things Scenarios},
author = {Dalton Cézane Gomes Valadares and Newton Carlos Will and Marco Aurelio Spohn and Danilo Freire de Souza Santos and Angelo Perkusich and Kyller Costa Gorgonio},
doi = {10.1016/j.iot.2022.100543},
issn = {2542-6605},
year = {2022},
date = {2022-05-13},
urldate = {2022-05-13},
journal = {Internet of Things},
volume = {19},
pages = {100543},
abstract = {Internet of Things (IoT) devices are increasingly present in people's daily lives, collecting different types of data about the environment, user behavior, medical data, and others. Due to limited processing power, such devices share the collected data with cloud/fog environments, which raises concerns about users' privacy. To ensure privacy and confidentiality guarantees, many cloud/fog-enhanced IoT applications use Trusted Execution Environments, such as ARM TrustZone and Intel SGX, which are the basis for Confidential Computing. Confidential Computing aims at protecting data during processing, besides transit and rest. This paper presents a review regarding TEEs’ adoption to protect data in cloud/fog-based IoT applications, focusing on the two aforementioned technologies. We highlight the challenges in adopting these technologies and discuss the vulnerabilities present in both Intel SGX and ARM TrustZone.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Internet of Things (IoT) devices are increasingly present in people's daily lives, collecting different types of data about the environment, user behavior, medical data, and others. Due to limited processing power, such devices share the collected data with cloud/fog environments, which raises concerns about users' privacy. To ensure privacy and confidentiality guarantees, many cloud/fog-enhanced IoT applications use Trusted Execution Environments, such as ARM TrustZone and Intel SGX, which are the basis for Confidential Computing. Confidential Computing aims at protecting data during processing, besides transit and rest. This paper presents a review regarding TEEs’ adoption to protect data in cloud/fog-based IoT applications, focusing on the two aforementioned technologies. We highlight the challenges in adopting these technologies and discuss the vulnerabilities present in both Intel SGX and ARM TrustZone.
2021
Systematic Literature Review on the Use of Trusted Execution Environments to Protect Cloud/Fog-based Internet of Things Applications Journal Article
Dalton Cézane Gomes Valadares; Newton Carlos Will; Jean Caminha; Mirko Barbosa Perkusich; Angelo Perkusich; Kyller Costa Gorgonio
Em: IEEE Access, vol. 9, pp. 80953–80969, 2021, ISSN: 2169-3536.
@article{valadares2021systematicb,
title = {Systematic Literature Review on the Use of Trusted Execution Environments to Protect Cloud/Fog-based Internet of Things Applications},
author = {Dalton Cézane Gomes Valadares and Newton Carlos Will and Jean Caminha and Mirko Barbosa Perkusich and Angelo Perkusich and Kyller Costa Gorgonio},
doi = {10.1109/ACCESS.2021.3085524},
issn = {2169-3536},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
journal = {IEEE Access},
volume = {9},
pages = {80953--80969},
publisher = {IEEE},
abstract = {Trusted Execution Environments have been applied to improve data security in many distinct application scenarios since they enable data processing in a separate and protected region of memory. To investigate how this technology has been applied to the different IoT scenarios, which commonly deal with specific characteristics such as device resource constraints, we carried out a systematic literature review. For this, we selected and analyzed 58 papers from different conferences and journals, identifying the main IoT solutions and scenarios in which TEE has been employed. We also gathered the mentioned TEE advantages and disadvantages as well as the suggestions for future works. This study gives a general overview of the use of TEEs for cloud/fog-based IoT applications, bringing some challenges and directions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trusted Execution Environments have been applied to improve data security in many distinct application scenarios since they enable data processing in a separate and protected region of memory. To investigate how this technology has been applied to the different IoT scenarios, which commonly deal with specific characteristics such as device resource constraints, we carried out a systematic literature review. For this, we selected and analyzed 58 papers from different conferences and journals, identifying the main IoT solutions and scenarios in which TEE has been employed. We also gathered the mentioned TEE advantages and disadvantages as well as the suggestions for future works. This study gives a general overview of the use of TEEs for cloud/fog-based IoT applications, bringing some challenges and directions.
Artigos em Conferências
2024
Resiliência em Segurança Cibernética: A Importância do Treinamento na Prevenção de Phishing Proceedings Article
Leandro Girotto Cabrini Junior; Braulino Silverio dos Santos Neto; Newton Carlos Will
Em: Proceedings of the 8º Workshop Regional de Segurança da Informação e de Sistemas Computacionais, SBC, Rio Grande, RS, Brazil, 2024.
@inproceedings{nokey,
title = {Resiliência em Segurança Cibernética: A Importância do Treinamento na Prevenção de Phishing},
author = {Leandro Girotto Cabrini Junior and Braulino Silverio dos Santos Neto and Newton Carlos Will},
year = {2024},
date = {2024-11-27},
urldate = {2024-11-27},
booktitle = {Proceedings of the 8º Workshop Regional de Segurança da Informação e de Sistemas Computacionais},
publisher = {SBC},
address = {Rio Grande, RS, Brazil},
abstract = {Com a expansão das redes digitais, as empresas enfrentam sérios desafios em segurança da informação, demandando constantes investimentos na área. Em 2022, o Brasil foi alvo de 31,5 bilhões de tentativas de ataques cibernéticos, destacando-se na América Latina. O phishing é uma das ameaças mais prevalentes, utilizando técnicas de manipulação para obter dados confidenciais. Este artigo analisa os resultados de campanhas de phishing realizadas antes e depois do treinamento dos colaboradores, demonstrando a importância do treinamento na prevenção desses ataques. Para isso, foram coletados e analisados dados de três campanhas conduzidas antes e depois do treinamento dos colaboradores. A análise busca evidenciar como o treinamento pode reduzir a suscetibilidade dos colaboradores a esses ataques.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Com a expansão das redes digitais, as empresas enfrentam sérios desafios em segurança da informação, demandando constantes investimentos na área. Em 2022, o Brasil foi alvo de 31,5 bilhões de tentativas de ataques cibernéticos, destacando-se na América Latina. O phishing é uma das ameaças mais prevalentes, utilizando técnicas de manipulação para obter dados confidenciais. Este artigo analisa os resultados de campanhas de phishing realizadas antes e depois do treinamento dos colaboradores, demonstrando a importância do treinamento na prevenção desses ataques. Para isso, foram coletados e analisados dados de três campanhas conduzidas antes e depois do treinamento dos colaboradores. A análise busca evidenciar como o treinamento pode reduzir a suscetibilidade dos colaboradores a esses ataques.
Utilizando Estratégias de Monitoramento Leve em Ambientes Conteinerizados para Detecção de Anomalias via HIDS Proceedings Article
Anderson A Frasão; Tiago Heinrich; Vinicius Fulber-Garcia; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the 24º Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pp. 694–708, SBC, São José dos Campos, SP, Brazil, 2024.
@inproceedings{Frasao2024Estrategias,
title = {Utilizando Estratégias de Monitoramento Leve em Ambientes Conteinerizados para Detecção de Anomalias via HIDS},
author = {Anderson A Frasão and Tiago Heinrich and Vinicius Fulber-Garcia and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5753/sbseg.2024.241469},
year = {2024},
date = {2024-09-16},
urldate = {2024-09-16},
booktitle = {Proceedings of the 24º Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais},
pages = {694--708},
publisher = {SBC},
address = {São José dos Campos, SP, Brazil},
abstract = {O aumento da implementação de ambientes virtualizados baseados em contêineres tem gerado preocupações de segurança devido à sua proximidade com os sistemas hospedeiros. Nesse cenário, emergiram estratégias que utilizam a detecção de intrusões por meio de anomalias como uma opção para identificar e alertar sobre comportamentos inesperados. Este trabalho propõe o uso de interações entre contêiner e sistema operacional na detecção de anomalias, executando processos de monitoramento leve e interno ao ambiente conteinerizado, gerando dados e traços para o treinamento e emprego de modelos de aprendizado de máquina que visam distinguir comportamentos normais de comportamentos anômalos. Assim, a discussão central deste trabalho versa sobre a adequabilidade dos dados gerados pelas ferramentas de monitoramento leve, representadas pelo sysdig, no treinamento de modelos e subsequente uso dos mesmos em soluções de HIDS. Esse potencial foi avaliado por meio de uma série de testes, nos quais os modelos treinados com dados fornecidos pelo sysdig alcançaram resultados significativos, com altas taxas de acurácia, precisão, recall, F1-Score, além de outros indicadores, nos cenários considerados.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
O aumento da implementação de ambientes virtualizados baseados em contêineres tem gerado preocupações de segurança devido à sua proximidade com os sistemas hospedeiros. Nesse cenário, emergiram estratégias que utilizam a detecção de intrusões por meio de anomalias como uma opção para identificar e alertar sobre comportamentos inesperados. Este trabalho propõe o uso de interações entre contêiner e sistema operacional na detecção de anomalias, executando processos de monitoramento leve e interno ao ambiente conteinerizado, gerando dados e traços para o treinamento e emprego de modelos de aprendizado de máquina que visam distinguir comportamentos normais de comportamentos anômalos. Assim, a discussão central deste trabalho versa sobre a adequabilidade dos dados gerados pelas ferramentas de monitoramento leve, representadas pelo sysdig, no treinamento de modelos e subsequente uso dos mesmos em soluções de HIDS. Esse potencial foi avaliado por meio de uma série de testes, nos quais os modelos treinados com dados fornecidos pelo sysdig alcançaram resultados significativos, com altas taxas de acurácia, precisão, recall, F1-Score, além de outros indicadores, nos cenários considerados.
O Impacto de Software Anti-cheat na Privacidade do Usuário Proceedings Article
Vinicius Mateus; Tiago Heinrich; Vinicius Fulber-Garcia; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the 24º Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pp. 477–491, SBC, São José dos Campos, SP, Brazil, 2024.
@inproceedings{Mateus2024Impacto,
title = {O Impacto de Software Anti-cheat na Privacidade do Usuário},
author = {Vinicius Mateus and Tiago Heinrich and Vinicius Fulber-Garcia and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5753/sbseg.2024.241475},
year = {2024},
date = {2024-09-16},
urldate = {2024-09-16},
booktitle = {Proceedings of the 24º Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais},
pages = {477--491},
publisher = {SBC},
address = {São José dos Campos, SP, Brazil},
abstract = {O mercado de jogos eletrônicos está em constante crescimento e, com ele, o uso de softwares de cheat, onde os usuários trapaceiam para obter benefícios irregulares. Como consequência, desenvolvedores de jogos dedicam esforços ao desenvolvimento de técnicas para detectar e impedir que usuários mal-intencionados usem tais softwares. Uma das estratégias utilizadas consiste na adoção de software anti-cheat. No entanto, os anti-cheats tipicamente operam de maneira intrusiva nos sistemas de seus usuários, podendo requerer permissões de execução até em kernel-level, gerando preocupação quanto à privacidade e segurança dos dados pessoais coletados. Este trabalho apresenta uma análise técnica de anti-cheats do mercado, capturando e investigando as operações executadas pelos mesmos em busca de potenciais brechas de privacidade para os usuários.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
O mercado de jogos eletrônicos está em constante crescimento e, com ele, o uso de softwares de cheat, onde os usuários trapaceiam para obter benefícios irregulares. Como consequência, desenvolvedores de jogos dedicam esforços ao desenvolvimento de técnicas para detectar e impedir que usuários mal-intencionados usem tais softwares. Uma das estratégias utilizadas consiste na adoção de software anti-cheat. No entanto, os anti-cheats tipicamente operam de maneira intrusiva nos sistemas de seus usuários, podendo requerer permissões de execução até em kernel-level, gerando preocupação quanto à privacidade e segurança dos dados pessoais coletados. Este trabalho apresenta uma análise técnica de anti-cheats do mercado, capturando e investigando as operações executadas pelos mesmos em busca de potenciais brechas de privacidade para os usuários.
The use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries Proceedings Article
Calebe Helpa; Tiago Heinrich; Marcus Felipe Botacin; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the 21st International Conference on Security and Cryptography, pp. 442–449, SciTePress, Dijon, France, 2024.
@inproceedings{Helpa2024dwarf,
title = {The use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries},
author = {Calebe Helpa and Tiago Heinrich and Marcus Felipe Botacin and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5220/0012754500003767},
year = {2024},
date = {2024-07-08},
urldate = {2024-07-08},
booktitle = {Proceedings of the 21st International Conference on Security and Cryptography},
pages = {442--449},
publisher = {SciTePress},
address = {Dijon, France},
abstract = {Debugging formats are well-known means to store information from an application, that help developers to find errors, bugs, or unexpected behavior during the development period. The DWARF is an example of a generic format that can be used for a range of programming languages and formats, such as WebAssembly, a low-level binary format that provides a compilation target for high-level languages. Given the use of debugging formats, their potential for intrusion detection is still unknown. Our study consists of evaluating the use of data extracted with the DWARF format, and their respective potential for an intrusion detection solution. In this context, we present a strategy for identifying PUA in WebAssembly binaries, through feature extraction and static analysis using the DWARF format as a data source from WebAssembly binary. Our results are promising, with an overall f1score performance above 96% for the algorithms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Debugging formats are well-known means to store information from an application, that help developers to find errors, bugs, or unexpected behavior during the development period. The DWARF is an example of a generic format that can be used for a range of programming languages and formats, such as WebAssembly, a low-level binary format that provides a compilation target for high-level languages. Given the use of debugging formats, their potential for intrusion detection is still unknown. Our study consists of evaluating the use of data extracted with the DWARF format, and their respective potential for an intrusion detection solution. In this context, we present a strategy for identifying PUA in WebAssembly binaries, through feature extraction and static analysis using the DWARF format as a data source from WebAssembly binary. Our results are promising, with an overall f1score performance above 96% for the algorithms.
I See Syscalls by the Seashore: An Anomaly-Based IDS for Containers Leveraging Sysdig Data Proceedings Article
Anderson A Frasão; Tiago Heinrich; Vinicius Fulber-Garcia; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the 29th Symposium on Computers and Communications, IEEE, Paris, France, 2024.
@inproceedings{frasao2024isee,
title = {I See Syscalls by the Seashore: An Anomaly-Based IDS for Containers Leveraging Sysdig Data},
author = {Anderson A Frasão and Tiago Heinrich and Vinicius Fulber-Garcia and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.1109/ISCC61673.2024.10733595},
year = {2024},
date = {2024-06-26},
urldate = {2024-06-26},
booktitle = {Proceedings of the 29th Symposium on Computers and Communications},
publisher = {IEEE},
address = {Paris, France},
abstract = {Intrusion detection in virtualized environments is vital due to the widespread adoption of virtualization technology. A common strategy for achieving this task involves collecting data from the virtual environment and providing it to intrusion detection solutions. However, these solutions can be affected by other elements present in the virtual environment. An approach that has gained prominence is applying machine learning (ML) models to perform anomaly-based intrusion detection based on system call traces. In Linux-based environments, many tools can be used for collecting the system calls issued by processes and containers; two of the most popular are strace and sysdig. This paper introduces a dataset of system call traces collected with sysdig with a focus on anomaly-based intrusion detection for containerized applications and uses this dataset to compare the effectiveness of strace and sysdig data and evaluate the performance of five different ML models for anomaly detection. The results reveal that sysdig is an attractive option, enabling the collection of system call traces with lower overhead than strace while achieving good detection performance with several ML models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Intrusion detection in virtualized environments is vital due to the widespread adoption of virtualization technology. A common strategy for achieving this task involves collecting data from the virtual environment and providing it to intrusion detection solutions. However, these solutions can be affected by other elements present in the virtual environment. An approach that has gained prominence is applying machine learning (ML) models to perform anomaly-based intrusion detection based on system call traces. In Linux-based environments, many tools can be used for collecting the system calls issued by processes and containers; two of the most popular are strace and sysdig. This paper introduces a dataset of system call traces collected with sysdig with a focus on anomaly-based intrusion detection for containerized applications and uses this dataset to compare the effectiveness of strace and sysdig data and evaluate the performance of five different ML models for anomaly detection. The results reveal that sysdig is an attractive option, enabling the collection of system call traces with lower overhead than strace while achieving good detection performance with several ML models.
Anywhere on Earth: A Look at Regional Characteristics of DRDoS Attacks Proceedings Article
Tiago Heinrich; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the 10th International Conference on Information Systems Security and Privacy, pp. 21–29, SciTePress, Rome, Italy, 2024, ISBN: 978-989-758-683-5.
@inproceedings{heinrich2024anywhere,
title = {Anywhere on Earth: A Look at Regional Characteristics of DRDoS Attacks},
author = {Tiago Heinrich and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5220/0012252700003648},
isbn = {978-989-758-683-5},
year = {2024},
date = {2024-02-26},
urldate = {2024-02-26},
booktitle = {Proceedings of the 10th International Conference on Information Systems Security and Privacy},
pages = {21--29},
publisher = {SciTePress},
address = {Rome, Italy},
abstract = {By observing new trends in distributed reflection denial of service ( DRDoS) attacks, it is possible to highlight how they have adapted over the years to better match the attackers’ goals. However, the geolocation characteristics of this type of attack have not been widely explored in the literature and could show new information about these attacks. Considering this gap, we use data collected by honeypots over the last four years to better understand what can be gleaned from attacks targeted at different continents and countries. This dataset also enables us to investigate how attackers interact with reflectors, and how such interactions vary according to the location of victims.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
By observing new trends in distributed reflection denial of service ( DRDoS) attacks, it is possible to highlight how they have adapted over the years to better match the attackers’ goals. However, the geolocation characteristics of this type of attack have not been widely explored in the literature and could show new information about these attacks. Considering this gap, we use data collected by honeypots over the last four years to better understand what can be gleaned from attacks targeted at different continents and countries. This dataset also enables us to investigate how attackers interact with reflectors, and how such interactions vary according to the location of victims.
A Categorical Data Approach for Anomaly Detection in WebAssembly Applications Proceedings Article
Tiago Heinrich; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the 10th International Conference on Information Systems Security and Privacy, pp. 275–284, SciTePress, Rome, Italy, 2024, ISBN: 978-989-758-683-5.
@inproceedings{heinrich2024categorical,
title = {A Categorical Data Approach for Anomaly Detection in WebAssembly Applications},
author = {Tiago Heinrich and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5220/0012252800003648},
isbn = {978-989-758-683-5},
year = {2024},
date = {2024-02-26},
urldate = {2024-02-26},
booktitle = {Proceedings of the 10th International Conference on Information Systems Security and Privacy},
pages = {275--284},
publisher = {SciTePress},
address = {Rome, Italy},
abstract = {The security of Web Services for users and developers is essential; since WebAssembly is a new format that has gained attention in this type of environment over the years, new measures for security are important. However, intrusion detection solutions for WebAssembly applications are generally limited to static binary analysis. We present a novel approach for dynamic WebAssembly intrusion detection, using data categorization and machine learning. Our proposal analyses communication data extracted from the WebAssembly sandbox, with the goal of better capturing the applications’ behavior. Our approach was validated using two strategies, online and offline, to assess the effectiveness of categorical data for intrusion detection. The obtained results show that both strategies are feasible for WebAssembly intrusion detection, with a high detection rate and low false negative and false positive rates.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The security of Web Services for users and developers is essential; since WebAssembly is a new format that has gained attention in this type of environment over the years, new measures for security are important. However, intrusion detection solutions for WebAssembly applications are generally limited to static binary analysis. We present a novel approach for dynamic WebAssembly intrusion detection, using data categorization and machine learning. Our proposal analyses communication data extracted from the WebAssembly sandbox, with the goal of better capturing the applications’ behavior. Our approach was validated using two strategies, online and offline, to assess the effectiveness of categorical data for intrusion detection. The obtained results show that both strategies are feasible for WebAssembly intrusion detection, with a high detection rate and low false negative and false positive rates.
Enclave Management Models for Safe Execution of Software Components Proceedings Article
Newton Carlos Will; Carlos Alberto Maziero
Em: Proceedings of the 10th International Conference on Information Systems Security and Privacy, pp. 474–485, SciTePress, Rome, Italy, 2024, ISBN: 978-989-758-683-5.
@inproceedings{will2024enclave,
title = {Enclave Management Models for Safe Execution of Software Components},
author = {Newton Carlos Will and Carlos Alberto Maziero},
doi = {10.5220/0012322600003648},
isbn = {978-989-758-683-5},
year = {2024},
date = {2024-02-26},
urldate = {2024-02-26},
booktitle = {Proceedings of the 10th International Conference on Information Systems Security and Privacy},
pages = {474--485},
publisher = {SciTePress},
address = {Rome, Italy},
abstract = {Data confidentiality is becoming increasingly important to computer users, both in corporate and personal environments. In this sense, there are several solutions proposed to maintain the confidentiality and integrity of such data, among them the Intel Software Guard Extensions (SGX) architecture. The use of such mechanisms to provide confidentiality and integrity for sensitive data imposes a performance cost on the application execution, due to the restrictions and checks imposed by the Intel SGX architecture. Thus, the efficient use of SGX enclaves requires some management. The present work presents two management models for using SGX enclaves: (i) enclave sharing; and (ii) enclave pool. In order to apply such models, an enclave provider architecture is proposed, offering a decoupling between the enclave and the application, allowing to apply the proposed management models and offering the resources provided by the enclaves to the applications through an “as a service” approach. A prototype was built to evaluate the proposed architecture and management models; the experiments demonstrated a considerable reduction in the performance impact for enclave allocation, while guaranteeing good response times to satisfy simultaneous requests.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Data confidentiality is becoming increasingly important to computer users, both in corporate and personal environments. In this sense, there are several solutions proposed to maintain the confidentiality and integrity of such data, among them the Intel Software Guard Extensions (SGX) architecture. The use of such mechanisms to provide confidentiality and integrity for sensitive data imposes a performance cost on the application execution, due to the restrictions and checks imposed by the Intel SGX architecture. Thus, the efficient use of SGX enclaves requires some management. The present work presents two management models for using SGX enclaves: (i) enclave sharing; and (ii) enclave pool. In order to apply such models, an enclave provider architecture is proposed, offering a decoupling between the enclave and the application, allowing to apply the proposed management models and offering the resources provided by the enclaves to the applications through an “as a service” approach. A prototype was built to evaluate the proposed architecture and management models; the experiments demonstrated a considerable reduction in the performance impact for enclave allocation, while guaranteeing good response times to satisfy simultaneous requests.
2023
Uso de Chamadas WASI para a Identificação de Ameaças em Aplicações WebAssembly Proceedings Article
Tiago Heinrich; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pp. 237–250, SBC, Juiz de Fora, MG, Brazil, 2023.
@inproceedings{heinrich2023chamadas,
title = {Uso de Chamadas WASI para a Identificação de Ameaças em Aplicações WebAssembly},
author = {Tiago Heinrich and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5753/sbseg.2023.233111},
year = {2023},
date = {2023-09-18},
urldate = {2023-09-18},
booktitle = {Proceedings of the XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais},
pages = {237--250},
publisher = {SBC},
address = {Juiz de Fora, MG, Brazil},
abstract = {WebAssembly (ou Wasm) é um formato de bytecode que vem ganhando rápida adoção devido a seu bom desempenho, representação compacta, e portabilidade. Ele é mais usado como alvo de compilação para linguagens de programação de alto nível, como C, C++, Go e Rust, podendo ser executado dentro de navegadores Web ou em runtimes nativos. Embora a segurança seja uma metas de projeto do WebAssembly, ainda existem problemas com código malicioso, especialmente para aplicações Web. Este artigo introduz um método para realizar detecção baseada em anomalias de binários Wasm maliciosos, por meio de análise dinâmica. É proposta uma classificação de chamadas WASI -- equivalentes no Wasm a chamadas de sistema -- de acordo com seu risco e funcionalidade, a qual é usada para categorizar as chamadas realizadas por binários Wasm, o que permite detectar binários maliciosos usando modelos de aprendizagem de máquina. Os resultados obtidos mostram que esta é uma abordagem promissora para a identificação de código WebAssembly malicioso.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
WebAssembly (ou Wasm) é um formato de bytecode que vem ganhando rápida adoção devido a seu bom desempenho, representação compacta, e portabilidade. Ele é mais usado como alvo de compilação para linguagens de programação de alto nível, como C, C++, Go e Rust, podendo ser executado dentro de navegadores Web ou em runtimes nativos. Embora a segurança seja uma metas de projeto do WebAssembly, ainda existem problemas com código malicioso, especialmente para aplicações Web. Este artigo introduz um método para realizar detecção baseada em anomalias de binários Wasm maliciosos, por meio de análise dinâmica. É proposta uma classificação de chamadas WASI -- equivalentes no Wasm a chamadas de sistema -- de acordo com seu risco e funcionalidade, a qual é usada para categorizar as chamadas realizadas por binários Wasm, o que permite detectar binários maliciosos usando modelos de aprendizagem de máquina. Os resultados obtidos mostram que esta é uma abordagem promissora para a identificação de código WebAssembly malicioso.
Uma Estratégia Dinâmica para a Detecção de Anomalias em Binários WebAssembly Proceedings Article
Calebe Helpa; Tiago Heinrich; Newton Carlos Will; Marcus Felipe Botacin; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pp. 390–402, SBC, Juiz de Fora, MG, Brazil, 2023.
@inproceedings{heinrich2023estrategia,
title = {Uma Estratégia Dinâmica para a Detecção de Anomalias em Binários WebAssembly},
author = {Calebe Helpa and Tiago Heinrich and Newton Carlos Will and Marcus Felipe Botacin and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5753/sbseg.2023.233112},
year = {2023},
date = {2023-09-18},
urldate = {2023-09-18},
booktitle = {Proceedings of the XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais},
pages = {390--402},
publisher = {SBC},
address = {Juiz de Fora, MG, Brazil},
abstract = {WebAssembly é um formato binário de baixo nível, que oferece um alvo de compilação para linguagens de alto nível. Oferecendo mais segurança para os usuários na Web, com um formato de instruções binárias o WebAssembly é suportado por mais de 95% dos navegadores Web. No entanto, o crescimento no uso do WebAssembly trouxe preocupações em relação à sua segurança e seu possível uso de forma maliciosa. Dado que o WebAssemby é um formato de instruções de baixo nível, torna-se essencial a identificação do propósito dos códigos desenvolvidos, por meio da extração de suas características. O uso de WebAssembly para ataques de cryptojacking e ofuscação de códigos malicioso é frequentemente observado. Nesse contexto, esse trabalho apresenta uma estratégia para a identificação de anomalias em binários WebAssembly, através de extração de características e análise estática. A estratégia proposta neste artigo alcançou um f1score de 99.3%, evidenciando seu potencial.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
WebAssembly é um formato binário de baixo nível, que oferece um alvo de compilação para linguagens de alto nível. Oferecendo mais segurança para os usuários na Web, com um formato de instruções binárias o WebAssembly é suportado por mais de 95% dos navegadores Web. No entanto, o crescimento no uso do WebAssembly trouxe preocupações em relação à sua segurança e seu possível uso de forma maliciosa. Dado que o WebAssemby é um formato de instruções de baixo nível, torna-se essencial a identificação do propósito dos códigos desenvolvidos, por meio da extração de suas características. O uso de WebAssembly para ataques de cryptojacking e ofuscação de códigos malicioso é frequentemente observado. Nesse contexto, esse trabalho apresenta uma estratégia para a identificação de anomalias em binários WebAssembly, através de extração de características e análise estática. A estratégia proposta neste artigo alcançou um f1score de 99.3%, evidenciando seu potencial.
Inspecting Binder Transactions to Detect Anomalies in Android Proceedings Article
Rodrigo Lemos; Tiago Heinrich; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the 17th Annual IEEE International Systems Conference, IEEE, Vancouver, BC, Canada, 2023, ISBN: 978-1-6654-3994-7.
@inproceedings{lemos2023inspecting,
title = {Inspecting Binder Transactions to Detect Anomalies in Android},
author = {Rodrigo Lemos and Tiago Heinrich and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.1109/SysCon53073.2023.10131073},
isbn = {978-1-6654-3994-7},
year = {2023},
date = {2023-04-17},
urldate = {2023-04-17},
booktitle = {Proceedings of the 17th Annual IEEE International Systems Conference},
publisher = {IEEE},
address = {Vancouver, BC, Canada},
abstract = {With the growing number and complexity of threats to mobile devices in the latest years, new security strategies are constantly developed to protect the users. The wide variety of Android malware families makes it challenging to keep up with malware evolution and build detection systems that are generic enough to deal with them. This work explores inter-process communication (IPC) between Android processes for anomaly detection. All IPC messages in Android go through the Binder driver, making it a good vantage point to observe all kinds of malicious actions. We observed how malicious and benign applications interact with Binder and built a dataset representing their behavior. We enriched the raw dataset by classifying Binder calls into five groups according to their functionality and by identifying high- and low-risk groups. These new features were used in a machine learning-based method to detect malware on Android and validate it using these datasets, achieving accuracy and F1Score close to 0.90.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
With the growing number and complexity of threats to mobile devices in the latest years, new security strategies are constantly developed to protect the users. The wide variety of Android malware families makes it challenging to keep up with malware evolution and build detection systems that are generic enough to deal with them. This work explores inter-process communication (IPC) between Android processes for anomaly detection. All IPC messages in Android go through the Binder driver, making it a good vantage point to observe all kinds of malicious actions. We observed how malicious and benign applications interact with Binder and built a dataset representing their behavior. We enriched the raw dataset by classifying Binder calls into five groups according to their functionality and by identifying high- and low-risk groups. These new features were used in a machine learning-based method to detect malware on Android and validate it using these datasets, achieving accuracy and F1Score close to 0.90.
Gestão Eletrônica de Processos de Estágios Curriculares, Orientações Acadêmicas e Atividades Complementares em Cursos de Graduação Proceedings Article
Newton Carlos Will; André Roberto Ortoncelli; Franciele Beal
Em: Proceedings of the XIV do Computer on the Beach, pp. 209–216, UNIVALI, Florianópolis, SC, Brazil, 2023, ISSN: 2358-0852.
@inproceedings{will2023gestao,
title = {Gestão Eletrônica de Processos de Estágios Curriculares, Orientações Acadêmicas e Atividades Complementares em Cursos de Graduação},
author = {Newton Carlos Will and André Roberto Ortoncelli and Franciele Beal},
doi = {10.14210/cotb.v14.p209-216},
issn = {2358-0852},
year = {2023},
date = {2023-03-30},
urldate = {2023-03-30},
booktitle = {Proceedings of the XIV do Computer on the Beach},
pages = {209--216},
publisher = {UNIVALI},
address = {Florianópolis, SC, Brazil},
abstract = {A informação tem se tornado um bem cada vez mais valioso nos dias atuais, sendo extremamente importante para a tomada de decisões. Dessa maneira, sistemas gerenciais estão ganhando grande atenção em diversas instituições, públicas e privadas, garantindo a centralização dos dados e a transformação desses em informações que auxiliam os gestores, como relatórios e gráficos gerenciais. Além disso, tais sistemas auxiliam na condução dos mais diversos processos de maneira mais efetiva e reduzem a incidência de erros por parte dos usuários. Cursos de graduação em instituições públicas de ensino abrangem variadas atividades didático-pedagógicas além daquelas trabalhadas dentro da sala de aula, como atividades complementares à formação do estudante, estágios curriculares e trabalhos de conclusão de curso. A gestão de tais atividades é extremamente importante para os professores envolvidos, para a coordenação do curso e também para os estudantes, sendo necessário o uso de ferramentas para a condução de tais processos. O presente trabalho apresenta um sistema de gestão integrado, que permite o acompanhamento dessas atividades de maneira facilitada, através da implementação e validação de regras de negócio, além de permitir a consolidação das informações na forma de diferentes relatórios gerenciais e reduzir custos com a emissão de documentos. O sistema proposto foi implantado em um curso de graduação, sendo avaliado pelos estudantes e obtendo resultados satisfatórios quanto à sua utilização.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
A informação tem se tornado um bem cada vez mais valioso nos dias atuais, sendo extremamente importante para a tomada de decisões. Dessa maneira, sistemas gerenciais estão ganhando grande atenção em diversas instituições, públicas e privadas, garantindo a centralização dos dados e a transformação desses em informações que auxiliam os gestores, como relatórios e gráficos gerenciais. Além disso, tais sistemas auxiliam na condução dos mais diversos processos de maneira mais efetiva e reduzem a incidência de erros por parte dos usuários. Cursos de graduação em instituições públicas de ensino abrangem variadas atividades didático-pedagógicas além daquelas trabalhadas dentro da sala de aula, como atividades complementares à formação do estudante, estágios curriculares e trabalhos de conclusão de curso. A gestão de tais atividades é extremamente importante para os professores envolvidos, para a coordenação do curso e também para os estudantes, sendo necessário o uso de ferramentas para a condução de tais processos. O presente trabalho apresenta um sistema de gestão integrado, que permite o acompanhamento dessas atividades de maneira facilitada, através da implementação e validação de regras de negócio, além de permitir a consolidação das informações na forma de diferentes relatórios gerenciais e reduzir custos com a emissão de documentos. O sistema proposto foi implantado em um curso de graduação, sendo avaliado pelos estudantes e obtendo resultados satisfatórios quanto à sua utilização.
Security Challenges and Recommendations in 5G-IoT Scenarios Proceedings Article
Dalton Cézane Gomes Valadares; Newton Carlos Will; Álvaro Alvares de Carvalho César Sobrinho; Anna Carollyne Dantas de Lima; Igor Silva de Morais; Danilo Freire de Souza Santos
Em: Proceedings of the 37th International Conference on Advanced Information Networking and Applications, pp. 558–573, Springer, Juiz de Fora, MG, Brazil, 2023, ISBN: 978-3-031-29056-5.
@inproceedings{Valadares2023Security,
title = {Security Challenges and Recommendations in 5G-IoT Scenarios},
author = {Dalton Cézane Gomes Valadares and Newton Carlos Will and Álvaro Alvares de Carvalho César Sobrinho and Anna Carollyne Dantas de Lima and Igor Silva de Morais and Danilo Freire de Souza Santos},
doi = {10.1007/978-3-031-29056-5_48},
isbn = {978-3-031-29056-5},
year = {2023},
date = {2023-03-29},
urldate = {2023-03-29},
booktitle = {Proceedings of the 37th International Conference on Advanced Information Networking and Applications},
volume = {1},
pages = {558--573},
publisher = {Springer},
address = {Juiz de Fora, MG, Brazil},
abstract = {The fifth-generation (5G) mobile communication systems are already a reality. This communication technology can increase and simplify the adoption of the Internet of Things (IoT) applications (e.g., industrial IoT), given that it will provide the means to connect up to one million devices in a squared kilometer. Many of these applications can generate sensitive data, which requires the adoption of security mechanisms, and these mechanisms must consider the computational limitations of the devices. Considering that IoT devices under security attacks can access the 5G infrastructure, this paper presents recommendations and challenges regarding security in IoT devices. It also presents a threat model and a few common attacks, classifying them with the STRIDE model and CVSS and discussing how they can impact the 5G infrastructure.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The fifth-generation (5G) mobile communication systems are already a reality. This communication technology can increase and simplify the adoption of the Internet of Things (IoT) applications (e.g., industrial IoT), given that it will provide the means to connect up to one million devices in a squared kilometer. Many of these applications can generate sensitive data, which requires the adoption of security mechanisms, and these mechanisms must consider the computational limitations of the devices. Considering that IoT devices under security attacks can access the 5G infrastructure, this paper presents recommendations and challenges regarding security in IoT devices. It also presents a threat model and a few common attacks, classifying them with the STRIDE model and CVSS and discussing how they can impact the 5G infrastructure.
Trusted and only Trusted. That is the Access! Improving Access Control allowing only Trusted Execution Environment Applications Proceedings Article
Dalton Cézane Gomes Valadares; Álvaro Alvares de Carvalho César Sobrinho; Newton Carlos Will; Kyller Costa Gorgonio; Angelo Perkusich
Em: Proceedings of the 37th International Conference on Advanced Information Networking and Applications, pp. 490–503, Springer, Juiz de Fora, MG, Brazil, 2023, ISBN: 978-3-031-28694-0.
@inproceedings{Valadares2023Trusted,
title = {Trusted and only Trusted. That is the Access! Improving Access Control allowing only Trusted Execution Environment Applications},
author = {Dalton Cézane Gomes Valadares and Álvaro Alvares de Carvalho César Sobrinho and Newton Carlos Will and Kyller Costa Gorgonio and Angelo Perkusich},
doi = {10.1007/978-3-031-28694-0_47},
isbn = {978-3-031-28694-0},
year = {2023},
date = {2023-03-29},
urldate = {2023-03-29},
booktitle = {Proceedings of the 37th International Conference on Advanced Information Networking and Applications},
pages = {490--503},
publisher = {Springer},
address = {Juiz de Fora, MG, Brazil},
abstract = {Security concerns should always be considered when deploying distributed systems that deal with sensitive data. Generally, the software components responsible for storing these sensitive data are protected, having access control systems to allow or deny external requests. A Policy Enforcement Point (PEP) Proxy is one of these systems which allows or denies access to protected data by checking if the requester is authorized and has permission to access. Despite these two validations about the requester (authorization and data access permission), the traditional PEP Proxy does not guarantee anything more about the requester which will process the data. This work proposes an improvement to the PEP Proxy protection in a way that it can also verify if the requester runs on a Trusted Execution Environment (TEE) application. A TEE is responsible for trusted computing, processing data in a protected region of memory, which is tamper-resistant and isolated from external resources, and keeping code and data protected even if the operating system is hacked. The Trusted PEP Proxy (TruPP) performs the remote attestation (RA) process to guarantee that the requester runs on a TEE. We created a Coloured Petri Net (CPN) model to help validate our proposal by checking some security properties.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Security concerns should always be considered when deploying distributed systems that deal with sensitive data. Generally, the software components responsible for storing these sensitive data are protected, having access control systems to allow or deny external requests. A Policy Enforcement Point (PEP) Proxy is one of these systems which allows or denies access to protected data by checking if the requester is authorized and has permission to access. Despite these two validations about the requester (authorization and data access permission), the traditional PEP Proxy does not guarantee anything more about the requester which will process the data. This work proposes an improvement to the PEP Proxy protection in a way that it can also verify if the requester runs on a Trusted Execution Environment (TEE) application. A TEE is responsible for trusted computing, processing data in a protected region of memory, which is tamper-resistant and isolated from external resources, and keeping code and data protected even if the operating system is hacked. The Trusted PEP Proxy (TruPP) performs the remote attestation (RA) process to guarantee that the requester runs on a TEE. We created a Coloured Petri Net (CPN) model to help validate our proposal by checking some security properties.
2022
How DRDoS Attacks Vary Across the Globe? Proceedings Article
Tiago Heinrich; Carlos Alberto Maziero; Newton Carlos Will; Rafael Rodrigues Obelheiro
Em: Proceedings of the 22nd Internet Measurement Conference, pp. 760–761, ACM, Nice, France, 2022, ISBN: 978-1-4503-9259-4.
@inproceedings{heinrich2022how,
title = {How DRDoS Attacks Vary Across the Globe?},
author = {Tiago Heinrich and Carlos Alberto Maziero and Newton Carlos Will and Rafael Rodrigues Obelheiro},
doi = {10.1145/3517745.3563026},
isbn = {978-1-4503-9259-4},
year = {2022},
date = {2022-10-25},
urldate = {2022-10-25},
booktitle = {Proceedings of the 22nd Internet Measurement Conference},
pages = {760--761},
publisher = {ACM},
address = {Nice, France},
abstract = {In this study we characterize DRDoS attack traffic taking into consideration the geographical distribution of victims. This type of characterization is not widely explored in the literature and could help to better understand this type of attack. We aim to explore this gap in the literature using data collected by four honeypots over three and a half years. Our findings highlight attack similarities and differences across continents.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this study we characterize DRDoS attack traffic taking into consideration the geographical distribution of victims. This type of characterization is not widely explored in the literature and could help to better understand this type of attack. We aim to explore this gap in the literature using data collected by four honeypots over three and a half years. Our findings highlight attack similarities and differences across continents.
Segurança em Cenários de Internet das Coisas em Redes 5G: Desafios e Recomendações Proceedings Article
Dalton Cézane Gomes Valadares; Newton Carlos Will; Álvaro Alvares de Carvalho César Sobrinho; Anna Carollyne Dantas de Lima; Igor Silva de Morais; Pedro Graciliano; Danilo Freire de Souza Santos
Em: Proceedings of the XL Simpósio Brasileiro de Telecomunicações e Processamento de Sinais, Inatel, Santa Rita do Sapucaí, MG, Brazil, 2022.
@inproceedings{valadares2022seguranca,
title = {Segurança em Cenários de Internet das Coisas em Redes 5G: Desafios e Recomendações},
author = {Dalton Cézane Gomes Valadares and Newton Carlos Will and Álvaro Alvares de Carvalho César Sobrinho and Anna Carollyne Dantas de Lima and Igor Silva de Morais and Pedro Graciliano and Danilo Freire de Souza Santos},
doi = {10.14209/sbrt.2022.1570824854},
year = {2022},
date = {2022-09-25},
urldate = {2022-09-25},
booktitle = {Proceedings of the XL Simpósio Brasileiro de Telecomunicações e Processamento de Sinais},
publisher = {Inatel},
address = {Santa Rita do Sapucaí, MG, Brazil},
abstract = {Enquanto os trabalhos de especificação, pesquisa e desenvolvimento para as redes 6G já se iniciam, a implantação das redes 5G já é realidade em alguns países. Uma das novidades do 5G é o MMTC (Massive Machine-Type Communication), que permitirá até 1 milhão de dispositivos conectados transmitindo pequenas quantidades de dados a baixas taxas de transmissão. A limitação de recursos dos dispositivos IoT torna-os vulneráveis, pois mecanismos robustos de segurança frequentemente não podem ser implementados. Como um dispositivo vulnerável pode ser elo de acesso à infraestrutura 5G, em caso de ataque, este trabalho aborda desafios e recomendações de segurança neste contexto.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Enquanto os trabalhos de especificação, pesquisa e desenvolvimento para as redes 6G já se iniciam, a implantação das redes 5G já é realidade em alguns países. Uma das novidades do 5G é o MMTC (Massive Machine-Type Communication), que permitirá até 1 milhão de dispositivos conectados transmitindo pequenas quantidades de dados a baixas taxas de transmissão. A limitação de recursos dos dispositivos IoT torna-os vulneráveis, pois mecanismos robustos de segurança frequentemente não podem ser implementados. Como um dispositivo vulnerável pode ser elo de acesso à infraestrutura 5G, em caso de ataque, este trabalho aborda desafios e recomendações de segurança neste contexto.
Um Estudo de Correlação de Ataques DRDoS com Fatores Externos Visando Dados de Honeypots Proceedings Article
Tiago Heinrich; Newton Carlos Will; Rafael Rodrigues Obelheiro; Carlos Alberto Maziero
Em: Proceedings of the XXII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pp. 358–371, SBC, Santa Maria, RS, Brazil, 2022.
@inproceedings{heinrich2022estudo,
title = {Um Estudo de Correlação de Ataques DRDoS com Fatores Externos Visando Dados de Honeypots},
author = {Tiago Heinrich and Newton Carlos Will and Rafael Rodrigues Obelheiro and Carlos Alberto Maziero},
doi = {10.5753/sbseg.2022.225328},
year = {2022},
date = {2022-09-12},
urldate = {2022-09-12},
booktitle = {Proceedings of the XXII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais},
pages = {358--371},
publisher = {SBC},
address = {Santa Maria, RS, Brazil},
abstract = {Nos últimos anos ataques DRDoS acabam sendo manchete ao considerar o volume de tráfego que atacantes conseguem gerar através de refletores. Os ataques exploram diferentes estratégias, com a possibilidade de utilizar inúmeros protocolos como meio intermediário para a amplificação do tráfego. Visando estudar a influência de fatores externos em ataques DRDoS, este trabalho utiliza dados coletados por honeypots com o intuito em investigar períodos que possam ter influenciado em ataques DRDoS. Ao todo foi investigado 13 países que foram selecionados devido a concentração no número de ataques por região. Neste conjunto de países foi encontrado influencia de fatores externos como períodos eleitorais, COVID-19, e entre outros.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nos últimos anos ataques DRDoS acabam sendo manchete ao considerar o volume de tráfego que atacantes conseguem gerar através de refletores. Os ataques exploram diferentes estratégias, com a possibilidade de utilizar inúmeros protocolos como meio intermediário para a amplificação do tráfego. Visando estudar a influência de fatores externos em ataques DRDoS, este trabalho utiliza dados coletados por honeypots com o intuito em investigar períodos que possam ter influenciado em ataques DRDoS. Ao todo foi investigado 13 países que foram selecionados devido a concentração no número de ataques por região. Neste conjunto de países foi encontrado influencia de fatores externos como períodos eleitorais, COVID-19, e entre outros.
Behavior Modeling of a Distributed Application for Anomaly Detection Proceedings Article
Amanda Benites Viescinski; Tiago Heinrich; Newton Carlos Will; Carlos Alberto Maziero
Em: Proceedings of the 19th International Conference on Security and Cryptography, pp. 333–340, SciTePress, Lisbon, Portugal, 2022, ISBN: 978-989-758-590-6.
@inproceedings{viescinski2022behavior,
title = {Behavior Modeling of a Distributed Application for Anomaly Detection},
author = {Amanda Benites Viescinski and Tiago Heinrich and Newton Carlos Will and Carlos Alberto Maziero},
doi = {10.5220/0011267200003283},
isbn = {978-989-758-590-6},
year = {2022},
date = {2022-07-11},
urldate = {2022-07-11},
booktitle = {Proceedings of the 19th International Conference on Security and Cryptography},
pages = {333--340},
publisher = {SciTePress},
address = {Lisbon, Portugal},
abstract = {Computational clouds offer services in different formats, aiming to adapt to the needs of each client. This scenario of distributed systems is responsible for the communication, management of services and tools through the exchange of messages. Thus, security in such environments is an important factor. However, the implementation of secure systems to protect information has been a difficult goal to achieve. In addition to the prevention mechanisms, a common approach to achieve security is intrusion detection, which can be carried out by anomaly detection. This technique does not require prior knowledge of attack patterns, since the normal behavior of the monitored environment is used as a basis for detection. This work proposes a behavioral modeling technique for distributed applications using the traces of operations of its nodes, allowing the development of a strategy to identify anomalies. The chosen strategy consists of modeling the normal behavior of the system, which is arranged in sets of n-grams of events. Our goal is to build functional and effective models, which make it possible to detect anomalies in the system, with reduced rates of false positives. The results obtained through the evaluation of the models highlight the feasibility of using n-grams to represent correct activities of a system, with favorable results in the false positive rate and also in terms of accuracy.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Computational clouds offer services in different formats, aiming to adapt to the needs of each client. This scenario of distributed systems is responsible for the communication, management of services and tools through the exchange of messages. Thus, security in such environments is an important factor. However, the implementation of secure systems to protect information has been a difficult goal to achieve. In addition to the prevention mechanisms, a common approach to achieve security is intrusion detection, which can be carried out by anomaly detection. This technique does not require prior knowledge of attack patterns, since the normal behavior of the monitored environment is used as a basis for detection. This work proposes a behavioral modeling technique for distributed applications using the traces of operations of its nodes, allowing the development of a strategy to identify anomalies. The chosen strategy consists of modeling the normal behavior of the system, which is arranged in sets of n-grams of events. Our goal is to build functional and effective models, which make it possible to detect anomalies in the system, with reduced rates of false positives. The results obtained through the evaluation of the models highlight the feasibility of using n-grams to represent correct activities of a system, with favorable results in the false positive rate and also in terms of accuracy.
Is It Safe? Identifying Malicious Apps Through the Use of Metadata and Inter-Process Communication Proceedings Article
Rodrigo Lemos; Tiago Heinrich; Carlos Alberto Maziero; Newton Carlos Will
Em: Proceedings of the 16th Annual IEEE International Systems Conference, pp. 1–8, IEEE, Montreal, QC, Canada, 2022, ISBN: 978-1-6654-3992-3.
@inproceedings{lemos2022is,
title = {Is It Safe? Identifying Malicious Apps Through the Use of Metadata and Inter-Process Communication},
author = {Rodrigo Lemos and Tiago Heinrich and Carlos Alberto Maziero and Newton Carlos Will},
doi = {10.1109/SysCon53536.2022.9773881},
isbn = {978-1-6654-3992-3},
year = {2022},
date = {2022-04-25},
urldate = {2022-04-25},
booktitle = {Proceedings of the 16th Annual IEEE International Systems Conference},
pages = {1--8},
publisher = {IEEE},
address = {Montreal, QC, Canada},
abstract = {In recent years, the growth in the number of threats on Android has contributed to increasing user awareness and concern about security-related concepts. Due to the predominance of Android, the attacks present on the platform have also evolved, and new strategies for identifying threats are needed. A popular way to identify threats is the use of intrusion detection systems, which can exploit different strategies to carry out threat identification. Static analysis strategy aims to identify malicious apps by scanning their source code, and dynamic analysis uses the behavior monitor approach to classify benign and malicious apps. These two strategies can also be combined in a hybrid approach. This paper focuses on a hybrid strategy to identify threats in Android systems through the use of static metadata extracted from applications and dynamic data from inter-process communication, in order to train machine learning models to perform threat identification. Three machine learning algorithms were used to verify the efficacy of our strategy. Our approach showed to be viable, with the results presenting an identification rate of around 87%, demonstrating that the proposed model has benefits in identifying threats in Android mobile devices. We also point out attributes that differ between malicious and benign apps and highlight the impact on the use of inter-process communication to identify threats.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years, the growth in the number of threats on Android has contributed to increasing user awareness and concern about security-related concepts. Due to the predominance of Android, the attacks present on the platform have also evolved, and new strategies for identifying threats are needed. A popular way to identify threats is the use of intrusion detection systems, which can exploit different strategies to carry out threat identification. Static analysis strategy aims to identify malicious apps by scanning their source code, and dynamic analysis uses the behavior monitor approach to classify benign and malicious apps. These two strategies can also be combined in a hybrid approach. This paper focuses on a hybrid strategy to identify threats in Android systems through the use of static metadata extracted from applications and dynamic data from inter-process communication, in order to train machine learning models to perform threat identification. Three machine learning algorithms were used to verify the efficacy of our strategy. Our approach showed to be viable, with the results presenting an identification rate of around 87%, demonstrating that the proposed model has benefits in identifying threats in Android mobile devices. We also point out attributes that differ between malicious and benign apps and highlight the impact on the use of inter-process communication to identify threats.
A Privacy-Preserving Data Aggregation Scheme for Fog/Cloud-Enhanced IoT Applications Using a Trusted Execution Environment Proceedings Article
Newton Carlos Will
Em: Proceedings of the 16th Annual IEEE International Systems Conference, pp. 1–5, IEEE, Montreal, QC, Canada, 2022, ISBN: 978-1-6654-3992-3.
@inproceedings{will2022privacy,
title = {A Privacy-Preserving Data Aggregation Scheme for Fog/Cloud-Enhanced IoT Applications Using a Trusted Execution Environment},
author = {Newton Carlos Will},
doi = {10.1109/SysCon53536.2022.9773838},
isbn = {978-1-6654-3992-3},
year = {2022},
date = {2022-04-25},
urldate = {2022-04-25},
booktitle = {Proceedings of the 16th Annual IEEE International Systems Conference},
pages = {1--5},
publisher = {IEEE},
address = {Montreal, QC, Canada},
abstract = {The use of IoT devices is increasingly present in our daily lives, as they offer many possibilities for developers and the industry to develop applications, taking advantage of their connectivity capabilities, low cost and, often, small size. As the use of these applications is continuously increasing, the concerns about the privacy and confidentiality of the data generated by these devices also increase, since many applications share the collected data with fog and cloud servers, due to the computational constraints of the edge devices. Fog and cloud environments are used to aggregate and analyze data collected by multiple devices, allowing to summarize them and offer personalized services to the users. As IoT devices can collect sensitive data from users, such as personal and behavioral information, it is crucial to handle such data ensuring the privacy of their owners. Privacy-preserving data aggregation schemes are proposed in the literature, but many of them are limited to specific functions and homogeneous data or to specific contexts, such as smart metering and e-health. This paper proposes a generic data aggregation scheme that takes advantage of Trusted Execution Environments (TEE) to ensure data and user privacy, allowing to process heterogeneous data and performing complex computations, including the use of machine learning algorithms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The use of IoT devices is increasingly present in our daily lives, as they offer many possibilities for developers and the industry to develop applications, taking advantage of their connectivity capabilities, low cost and, often, small size. As the use of these applications is continuously increasing, the concerns about the privacy and confidentiality of the data generated by these devices also increase, since many applications share the collected data with fog and cloud servers, due to the computational constraints of the edge devices. Fog and cloud environments are used to aggregate and analyze data collected by multiple devices, allowing to summarize them and offer personalized services to the users. As IoT devices can collect sensitive data from users, such as personal and behavioral information, it is crucial to handle such data ensuring the privacy of their owners. Privacy-preserving data aggregation schemes are proposed in the literature, but many of them are limited to specific functions and homogeneous data or to specific contexts, such as smart metering and e-health. This paper proposes a generic data aggregation scheme that takes advantage of Trusted Execution Environments (TEE) to ensure data and user privacy, allowing to process heterogeneous data and performing complex computations, including the use of machine learning algorithms.
2021
Security and Threats in the Brazilian e-Voting System: A Documentary Case Study Based on Public Security Tests Proceedings Article
Jéssica Iara Pegorini; Alinne Cristinne Corrêa Souza; André Roberto Ortoncelli; Rodrigo Tomaz Pagno; Newton Carlos Will
Em: Proceedings of the 14th International Conference on Theory and Practice of Electronic Governance, pp. 157–164, ACM, Athens, Greece, 2021, ISBN: 978-1-4503-9011-8.
@inproceedings{pegorini2021security,
title = {Security and Threats in the Brazilian e-Voting System: A Documentary Case Study Based on Public Security Tests},
author = {Jéssica Iara Pegorini and Alinne Cristinne Corrêa Souza and André Roberto Ortoncelli and Rodrigo Tomaz Pagno and Newton Carlos Will},
doi = {10.1145/3494193.3494301},
isbn = {978-1-4503-9011-8},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {Proceedings of the 14th International Conference on Theory and Practice of Electronic Governance},
pages = {157--164},
publisher = {ACM},
address = {Athens, Greece},
abstract = {Democracy is one of the processes that has become electronic over the years, and Brazil, as one of the countries with the largest democracy in the world in terms of number of voters, has also started the informatization of the voting process. However, it is important to note that, in addition to advantages that an all-electronic voting process brings to an election, such as rapid vote tabulation and the availability of results, there are technical issues to be addressed to prevent fraud and system failures, ensuring a fair process. In this sense, this paper presents a case study that analyzes what are the problems faced in the Brazilian electronic process by studying public reports released by the authorities. Brazilian e-voting system has several security mechanisms, such as voter authentication by biometrics, and is capable of detecting unauthorized modifications. Our findings show that, despite the Brazilian e-voting technological evolution, the system still faces some problems that can compromise the outcome of an election, and also bring some doubts about the procedures defined for carrying out public security tests in the e-voting system.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Democracy is one of the processes that has become electronic over the years, and Brazil, as one of the countries with the largest democracy in the world in terms of number of voters, has also started the informatization of the voting process. However, it is important to note that, in addition to advantages that an all-electronic voting process brings to an election, such as rapid vote tabulation and the availability of results, there are technical issues to be addressed to prevent fraud and system failures, ensuring a fair process. In this sense, this paper presents a case study that analyzes what are the problems faced in the Brazilian electronic process by studying public reports released by the authorities. Brazilian e-voting system has several security mechanisms, such as voter authentication by biometrics, and is capable of detecting unauthorized modifications. Our findings show that, despite the Brazilian e-voting technological evolution, the system still faces some problems that can compromise the outcome of an election, and also bring some doubts about the procedures defined for carrying out public security tests in the e-voting system.
Intel Software Guard Extensions in Internet of Things Scenarios: A Systematic Mapping Study Proceedings Article
Newton Carlos Will; Dalton Cézane Gomes Valadares; Danilo Freire de Souza Santos; Angelo Perkusich
Em: Proceedings of the 8th International Conference on Future Internet of Things and Cloud, pp. 342–349, IEEE, Rome, Italy, 2021, ISBN: 978-1-6654-2575-9.
@inproceedings{will2021intel,
title = {Intel Software Guard Extensions in Internet of Things Scenarios: A Systematic Mapping Study},
author = {Newton Carlos Will and Dalton Cézane Gomes Valadares and Danilo Freire de Souza Santos and Angelo Perkusich},
doi = {10.1109/FiCloud49777.2021.00056},
isbn = {978-1-6654-2575-9},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {Proceedings of the 8th International Conference on Future Internet of Things and Cloud},
pages = {342--349},
publisher = {IEEE},
address = {Rome, Italy},
abstract = {Due to the Internet of Things (IoT) devices' processing and memory constraints, the processing and analysis of data acquired by such devices are generally performed in a fog or cloud environment, which offers more processing power. When delegating data processing to third parties, it is necessary to ensure their confidentiality and their owners' privacy, which can be achieved using a Trusted Execution Environment, such as Intel SGX. In this paper, we present a systematic mapping study to review recent works related to the use of Intel SGX architecture in IoT scenarios. We conduct the study by selecting 35 papers published between 2017 and 2020 and providing a comprehensive overview of the application scenarios and solutions when combining Intel SGX and the IoT paradigm.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Due to the Internet of Things (IoT) devices' processing and memory constraints, the processing and analysis of data acquired by such devices are generally performed in a fog or cloud environment, which offers more processing power. When delegating data processing to third parties, it is necessary to ensure their confidentiality and their owners' privacy, which can be achieved using a Trusted Execution Environment, such as Intel SGX. In this paper, we present a systematic mapping study to review recent works related to the use of Intel SGX architecture in IoT scenarios. We conduct the study by selecting 35 papers published between 2017 and 2020 and providing a comprehensive overview of the application scenarios and solutions when combining Intel SGX and the IoT paradigm.
Trusted Execution Environments for Cloud/Fog-based Internet of Things Applications Proceedings Article
Dalton Cézane Gomes Valadares; Newton Carlos Will; Marco Aurelio Spohn; Danilo Freire de Souza Santos; Angelo Perkusich; Kyller Costa Gorgonio
Em: Proceedings of the 11th International Conference on Cloud Computing and Services Science, pp. 111–121, SciTePress, Prague, Czech Republic, 2021, ISBN: 978-989-758-510-4.
@inproceedings{valadares2021trusted,
title = {Trusted Execution Environments for Cloud/Fog-based Internet of Things Applications},
author = {Dalton Cézane Gomes Valadares and Newton Carlos Will and Marco Aurelio Spohn and Danilo Freire de Souza Santos and Angelo Perkusich and Kyller Costa Gorgonio},
doi = {10.5220/0010480701110121},
isbn = {978-989-758-510-4},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {Proceedings of the 11th International Conference on Cloud Computing and Services Science},
pages = {111--121},
publisher = {SciTePress},
address = {Prague, Czech Republic},
abstract = {Cloud services and fog-based solutions can improve the communication and processing efficiency of the Internet of Things (IoT). Cloud and fog servers offer more processing power to IoT solutions, enabling more complex tasks within reduced time frames, which could not be possible when relying solely on IoT devices. Cloud and fog computing benefits are even better when considering sensitive data processing once IoT devices can hardly perform complex security tasks. To improve data security in cloud/fog-based IoT solutions, Trusted Execution Environments (TEEs) allow the processing of sensitive data and code inside protected and isolated regions of memory. This paper presents a brief survey regarding TEEs’ adoption to protect data in cloud/fog-based IoT applications. We focus on solutions based on the two leading TEE technologies currently available in the market (Intel SGX and ARM TrustZone), pointing out some research challenges and directions.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud services and fog-based solutions can improve the communication and processing efficiency of the Internet of Things (IoT). Cloud and fog servers offer more processing power to IoT solutions, enabling more complex tasks within reduced time frames, which could not be possible when relying solely on IoT devices. Cloud and fog computing benefits are even better when considering sensitive data processing once IoT devices can hardly perform complex security tasks. To improve data security in cloud/fog-based IoT solutions, Trusted Execution Environments (TEEs) allow the processing of sensitive data and code inside protected and isolated regions of memory. This paper presents a brief survey regarding TEEs’ adoption to protect data in cloud/fog-based IoT applications. We focus on solutions based on the two leading TEE technologies currently available in the market (Intel SGX and ARM TrustZone), pointing out some research challenges and directions.
Trusted Inter-Process Communication Using Hardware Enclaves Proceedings Article
Newton Carlos Will; Tiago Heinrich; Amanda Benites Viescinski; Carlos Alberto Maziero
Em: Proceedings of the 15th Annual IEEE International Systems Conference, pp. 1–7, IEEE, Vancouver, BC, Canada, 2021, ISBN: 978-1-6654-4440-8.
@inproceedings{will2021trusted,
title = {Trusted Inter-Process Communication Using Hardware Enclaves},
author = {Newton Carlos Will and Tiago Heinrich and Amanda Benites Viescinski and Carlos Alberto Maziero},
doi = {10.1109/SysCon48628.2021.9447066},
isbn = {978-1-6654-4440-8},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {Proceedings of the 15th Annual IEEE International Systems Conference},
pages = {1--7},
publisher = {IEEE},
address = {Vancouver, BC, Canada},
abstract = {Inter-Process Communication (IPC) enables applications to share information in a local or distributed environment, allowing them to communicate with each other in a coordinated manner. In modern systems this mechanism is extremely important, as even local applications can run parallel tasks in multiple processes in the machine, needing to exchange information to coordinate their execution, and optimizing the exchange of data in a more efficient way. The security in IPC relies on the integrity and confidentiality of the messages exchanged in such an environment, as messages exchanged between different processes can be targeted by attacks that seek to obtain sensitive data or to manipulate the application behavior. A Trusted Execution Environment (TEE) can be used to enable an isolated execution of the IPC mechanism to mitigate such attacks. In this paper we propose the adoption of the Intel Software Guard Extensions (SGX) architecture to provide data confidentiality and integrity in message exchange between processes, by using hardware instructions and primitives to encrypt and authenticate the messages. Our approach highlights a threat model and compares the solution proposed with two other scenarios, showing a feasible solution for security and an approach that can be applied to standard IPC mechanisms with small processing overhead.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Inter-Process Communication (IPC) enables applications to share information in a local or distributed environment, allowing them to communicate with each other in a coordinated manner. In modern systems this mechanism is extremely important, as even local applications can run parallel tasks in multiple processes in the machine, needing to exchange information to coordinate their execution, and optimizing the exchange of data in a more efficient way. The security in IPC relies on the integrity and confidentiality of the messages exchanged in such an environment, as messages exchanged between different processes can be targeted by attacks that seek to obtain sensitive data or to manipulate the application behavior. A Trusted Execution Environment (TEE) can be used to enable an isolated execution of the IPC mechanism to mitigate such attacks. In this paper we propose the adoption of the Intel Software Guard Extensions (SGX) architecture to provide data confidentiality and integrity in message exchange between processes, by using hardware instructions and primitives to encrypt and authenticate the messages. Our approach highlights a threat model and compares the solution proposed with two other scenarios, showing a feasible solution for security and an approach that can be applied to standard IPC mechanisms with small processing overhead.
2020
Construção de Modelos Baseados em n-gramas para Detecção de Anomalias em Aplicações Distribuídas Proceedings Article
Amanda Benites Viescinski; Tiago Heinrich; Newton Carlos Will; Carlos Alberto Maziero
Em: Proceedings of the XX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pp. 229–242, SBC, Petrópolis, RJ, Brazil, 2020.
@inproceedings{viescinski2020construcao,
title = {Construção de Modelos Baseados em n-gramas para Detecção de Anomalias em Aplicações Distribuídas},
author = {Amanda Benites Viescinski and Tiago Heinrich and Newton Carlos Will and Carlos Alberto Maziero},
doi = {10.5753/sbseg.2020.19240},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
booktitle = {Proceedings of the XX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais},
pages = {229--242},
publisher = {SBC},
address = {Petrópolis, RJ, Brazil},
abstract = {Security is critical in distributed systems and applications. A common approach for security is intrusion detection, which can be performed by attack signatures or by anomaly detection. In the anomaly detection approach, a model of the normal behavior of the system is built and then used to detect deviations in its behavior. This paper proposes a technique for building behavioral models of distributed applications using system logs from their nodes. Partial models are built based on sets of event n-grams, which are then combined to obtain more general models. The proposed technique was evaluated using logs obtained from a distributed file system, with promising results.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Security is critical in distributed systems and applications. A common approach for security is intrusion detection, which can be performed by attack signatures or by anomaly detection. In the anomaly detection approach, a model of the normal behavior of the system is built and then used to detect deviations in its behavior. This paper proposes a technique for building behavioral models of distributed applications using system logs from their nodes. Partial models are built based on sets of event n-grams, which are then combined to obtain more general models. The proposed technique was evaluated using logs obtained from a distributed file system, with promising results.
A Trusted Message Bus Built on Top of D-Bus Proceedings Article
Newton Carlos Will; Tiago Heinrich; Amanda Benites Viescinski; Carlos Alberto Maziero
Em: Proceedings of the XX Brazilian Symposium on Information and Computational Systems Security, pp. 175–187, SBC, Petrópolis, RJ, Brazil, 2020.
@inproceedings{will2020trusted,
title = {A Trusted Message Bus Built on Top of D-Bus},
author = {Newton Carlos Will and Tiago Heinrich and Amanda Benites Viescinski and Carlos Alberto Maziero},
doi = {10.5753/sbseg.2020.19236},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
booktitle = {Proceedings of the XX Brazilian Symposium on Information and Computational Systems Security},
pages = {175--187},
publisher = {SBC},
address = {Petrópolis, RJ, Brazil},
abstract = {A wide range of applications use Inter-Process Communication (IPC) mechanisms to communicate between each other or between their components running in different processes. A well-known IPC mechanism in UNIX-like systems is D-Bus, which allows processes to communicate by receiving and routing messages. Despite being widely used, such system lacks mechanisms to provide end-to-end data confidentiality. In this paper we propose the use of Intel Software Guard Extensions (SGX) to provide a trusted communication channel between local applications over the D-Bus message bus system. We obtained stronger security guarantees in message confidentiality and integrity while keeping a small Trusted Computing Base (TCB) and compatibility with the reference D-Bus system.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
A wide range of applications use Inter-Process Communication (IPC) mechanisms to communicate between each other or between their components running in different processes. A well-known IPC mechanism in UNIX-like systems is D-Bus, which allows processes to communicate by receiving and routing messages. Despite being widely used, such system lacks mechanisms to provide end-to-end data confidentiality. In this paper we propose the use of Intel Software Guard Extensions (SGX) to provide a trusted communication channel between local applications over the D-Bus message bus system. We obtained stronger security guarantees in message confidentiality and integrity while keeping a small Trusted Computing Base (TCB) and compatibility with the reference D-Bus system.
Residência de Software em Disciplina Integralizadora Proceedings Article
Jeferson Vagner Leonhardt Albino; Rafael Alves Paes de Oliveira; Newton Carlos Will; André Roberto Ortoncelli
Em: Proceedings of the 28th Workshop sobre Educação em Computação, pp. 1–5, SBC, Cuiabá, MT, Brazil, 2020, ISSN: 2595-6175.
@inproceedings{albino2020residencia,
title = {Residência de Software em Disciplina Integralizadora},
author = {Jeferson Vagner Leonhardt Albino and Rafael Alves Paes de Oliveira and Newton Carlos Will and André Roberto Ortoncelli},
doi = {10.5753/wei.2020.11118},
issn = {2595-6175},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
booktitle = {Proceedings of the 28th Workshop sobre Educação em Computação},
pages = {1--5},
publisher = {SBC},
address = {Cuiabá, MT, Brazil},
abstract = {This paper presents the methodological procedures used to execute a Software Residency project in an Integrating Discipline of a Software Engineering undergraduate course. The methodology was validated through a pilot case study. The academics’ performance and their enjoyment with the project were assessed by applying questionnaires. Good results regarding enjoyment and knowledge acquired by residents were obtained, demonstrating that the proposed approach is promising.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper presents the methodological procedures used to execute a Software Residency project in an Integrating Discipline of a Software Engineering undergraduate course. The methodology was validated through a pilot case study. The academics’ performance and their enjoyment with the project were assessed by applying questionnaires. Good results regarding enjoyment and knowledge acquired by residents were obtained, demonstrating that the proposed approach is promising.
Using a Shared SGX Enclave in the UNIX PAM Authentication Service Proceedings Article
Newton Carlos Will; Carlos Alberto Maziero
Em: Proceedings of the 14th Annual IEEE International Systems Conference, pp. 1–7, IEEE, Montreal, QC, Canada, 2020, ISBN: 978-1-7281-5366-7.
@inproceedings{will2020using,
title = {Using a Shared SGX Enclave in the UNIX PAM Authentication Service},
author = {Newton Carlos Will and Carlos Alberto Maziero},
doi = {10.1109/SysCon47679.2020.9275837},
isbn = {978-1-7281-5366-7},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
booktitle = {Proceedings of the 14th Annual IEEE International Systems Conference},
pages = {1--7},
publisher = {IEEE},
address = {Montreal, QC, Canada},
abstract = {Confidentiality in the storage and handling of sensitive data is a central concern in computing security; one of the most sensitive data in computer systems is users' credentials. To ensure the confidentiality and integrity of sensitive data, developers can use a Trusted Execution Environment (TEE). One of such TEE is Intel Software Guard Extensions (SGX), which reduces the trusted computing base to a hardware/software concept called enclave. However, using SGX enclaves usually incurs in a performance impact in the application execution. In this paper we propose an enclave sharing approach to reduce the performance overhead in scenarios where multiple enclaves handle the same data. To evaluate this approach, we implemented a SGX-secured OS authentication service. Three prototypes were built, considering distinct concerns about security and performance. Results show that this approach can be used in high demand environments, presenting a small overhead.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Confidentiality in the storage and handling of sensitive data is a central concern in computing security; one of the most sensitive data in computer systems is users' credentials. To ensure the confidentiality and integrity of sensitive data, developers can use a Trusted Execution Environment (TEE). One of such TEE is Intel Software Guard Extensions (SGX), which reduces the trusted computing base to a hardware/software concept called enclave. However, using SGX enclaves usually incurs in a performance impact in the application execution. In this paper we propose an enclave sharing approach to reduce the performance overhead in scenarios where multiple enclaves handle the same data. To evaluate this approach, we implemented a SGX-secured OS authentication service. Three prototypes were built, considering distinct concerns about security and performance. Results show that this approach can be used in high demand environments, presenting a small overhead.
Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment Proceedings Article
Marciano da Rocha; Dalton Cézane Gomes Valadares; Angelo Perkusich; Kyller Costa Gorgonio; Rodrigo Tomaz Pagno; Newton Carlos Will
Em: Proceedings of the 10th International Conference on Cloud Computing and Services Science, pp. 31–43, SciTePress, Prague, Czech Republic, 2020, ISBN: 978-989-758-424-4.
@inproceedings{rocha2020secure,
title = {Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment},
author = {Marciano da Rocha and Dalton Cézane Gomes Valadares and Angelo Perkusich and Kyller Costa Gorgonio and Rodrigo Tomaz Pagno and Newton Carlos Will},
doi = {10.5220/0009130600310043},
isbn = {978-989-758-424-4},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
booktitle = {Proceedings of the 10th International Conference on Cloud Computing and Services Science},
pages = {31--43},
publisher = {SciTePress},
address = {Prague, Czech Republic},
abstract = {With the evolution of computer systems, the amount of sensitive data to be stored as well as the number of threats on these data grow up, making the data confidentiality increasingly important to computer users. Currently, with devices always connected to the Internet, the use of cloud data storage services has become practical and common, allowing quick access to such data wherever the user is. Such practicality brings with it a concern, precisely the confidentiality of the data which is delivered to third parties for storage. In the home environment, disk encryption tools have gained special attention from users, being used on personal computers and also having native options in some smartphone operating systems. The present work uses the data sealing, feature provided by the Intel Software Guard Extensions (Intel SGX) technology, for file encryption. A virtual file system is created in which applications can store their data, keeping the security guarantees provided by the Intel S GX technology, before send the data to a storage provider. This way, even if the storage provider is compromised, the data are safe. To validate the proposal, the Cryptomator software, which is a free client-side encryption tool for cloud files, was integrated with an Intel SGX application (enclave) for data sealing. The results demonstrate that the solution is feasible, in terms of performance and security, and can be expanded and refined for practical use and integration with cloud synchronization services.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
With the evolution of computer systems, the amount of sensitive data to be stored as well as the number of threats on these data grow up, making the data confidentiality increasingly important to computer users. Currently, with devices always connected to the Internet, the use of cloud data storage services has become practical and common, allowing quick access to such data wherever the user is. Such practicality brings with it a concern, precisely the confidentiality of the data which is delivered to third parties for storage. In the home environment, disk encryption tools have gained special attention from users, being used on personal computers and also having native options in some smartphone operating systems. The present work uses the data sealing, feature provided by the Intel Software Guard Extensions (Intel SGX) technology, for file encryption. A virtual file system is created in which applications can store their data, keeping the security guarantees provided by the Intel S GX technology, before send the data to a storage provider. This way, even if the storage provider is compromised, the data are safe. To validate the proposal, the Cryptomator software, which is a free client-side encryption tool for cloud files, was integrated with an Intel SGX application (enclave) for data sealing. The results demonstrate that the solution is feasible, in terms of performance and security, and can be expanded and refined for practical use and integration with cloud synchronization services.
2019
Desafios e Soluções em Sistemas de Votação Eletrônica: Um Mapeamento Sistemático Proceedings Article
Jéssica Iara Pegorini; Natália Tiemi Yada; Alinne Cristinne Corrêa Souza; Rodrigo Tomaz Pagno; Newton Carlos Will
Em: Proceedings of the IV Workshop de Tecnologia Eleitoral, pp. 13–24, SBC, São Paulo, SP, Brazil, 2019.
@inproceedings{pegorini2019desafios,
title = {Desafios e Soluções em Sistemas de Votação Eletrônica: Um Mapeamento Sistemático},
author = {Jéssica Iara Pegorini and Natália Tiemi Yada and Alinne Cristinne Corrêa Souza and Rodrigo Tomaz Pagno and Newton Carlos Will},
doi = {10.5753/wte.2019.14040},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {Proceedings of the IV Workshop de Tecnologia Eleitoral},
pages = {13--24},
publisher = {SBC},
address = {São Paulo, SP, Brazil},
abstract = {It is obvious that a fully electronic voting process brings some advantages, such as the quick counting of votes and the availability of results, but there are also technical problems to be addressed in order to avoid fraud and failures in the system, ensuring a straightaway process. This paper presents a systematic mapping in the electoral security area, which searches for the main information about the protocols used in electronic voting systems, the security measures used, and also the vulnerabilities and failures detected in these systems. The results show a convergence of the studies to certain protocols and security measures, besides the main problems to be faced in this area.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
It is obvious that a fully electronic voting process brings some advantages, such as the quick counting of votes and the availability of results, but there are also technical problems to be addressed in order to avoid fraud and failures in the system, ensuring a straightaway process. This paper presents a systematic mapping in the electoral security area, which searches for the main information about the protocols used in electronic voting systems, the security measures used, and also the vulnerabilities and failures detected in these systems. The results show a convergence of the studies to certain protocols and security measures, besides the main problems to be faced in this area.
2018
Using Intel SGX to Protect Authentication Credentials in an Untrusted Operating System Proceedings Article
Rafael Campra Reis Condé; Carlos Alberto Maziero; Newton Carlos Will
Em: Proceedings of the XXIII IEEE Symposium on Computers and Communications, pp. 158–163, IEEE, Natal, RN, Brazil, 2018, ISBN: 978-1-5386-6949-5.
@inproceedings{condé2018using,
title = {Using Intel SGX to Protect Authentication Credentials in an Untrusted Operating System},
author = {Rafael Campra Reis Condé and Carlos Alberto Maziero and Newton Carlos Will},
doi = {10.1109/ISCC.2018.8538470},
isbn = {978-1-5386-6949-5},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {Proceedings of the XXIII IEEE Symposium on Computers and Communications},
pages = {158--163},
publisher = {IEEE},
address = {Natal, RN, Brazil},
abstract = {An important principle in computational security is to reduce the attack surface, by maintaining the Trusted Computing Base (TCB) small. Even so, no security technique ensures full protection against any adversary. Thus, sensitive applications should be designed with several layers of protection so that, even if a layer might be violated, sensitive content will not be compromised. In 2015, Intel released the Software Guard Extensions (SGX) technology in its processors. This mechanism allows applications to allocate enclaves, which are private memory regions that can hold code and data. Other applications and even privileged code, like the OS kernel and the BIOS, are not able to access enclaves' contents. This paper presents a novel password file protection scheme, which uses Intel SGX to protect authentication credentials in the PAM authentication framework, commonly used in UNIX systems. We defined and implemented an SGX-enabled version of the pam_unix.so authentication module, called UniSGX. This module uses an SGX enclave to handle the credentials informed by the user and to check them against the password file. To add an extra security layer, the password file is stored using SGX sealing. A threat model was proposed to assess the security of the proposed solution. The obtained results show that the proposed solution is secure against the threat model considered, and that its performance overhead is acceptable from the user point of view. The scheme presented here is also suitable to other authentication frameworks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
An important principle in computational security is to reduce the attack surface, by maintaining the Trusted Computing Base (TCB) small. Even so, no security technique ensures full protection against any adversary. Thus, sensitive applications should be designed with several layers of protection so that, even if a layer might be violated, sensitive content will not be compromised. In 2015, Intel released the Software Guard Extensions (SGX) technology in its processors. This mechanism allows applications to allocate enclaves, which are private memory regions that can hold code and data. Other applications and even privileged code, like the OS kernel and the BIOS, are not able to access enclaves' contents. This paper presents a novel password file protection scheme, which uses Intel SGX to protect authentication credentials in the PAM authentication framework, commonly used in UNIX systems. We defined and implemented an SGX-enabled version of the pam_unix.so authentication module, called UniSGX. This module uses an SGX enclave to handle the credentials informed by the user and to check them against the password file. To add an extra security layer, the password file is stored using SGX sealing. A threat model was proposed to assess the security of the proposed solution. The obtained results show that the proposed solution is secure against the threat model considered, and that its performance overhead is acceptable from the user point of view. The scheme presented here is also suitable to other authentication frameworks.
2012
Comparative Analysis Between FFT and Kalman Filter Approaches for Harmonic Components Detection Proceedings Article
Newton Carlos Will; Rafael Cardoso
Em: Proceedings of the 10th IEEE/IAS International Conference on Industry Applications, pp. 1–7, IEEE, Fortaleza, CE, Brazil, 2012, ISBN: 978-1-4673-2412-0.
@inproceedings{will2012comparative,
title = {Comparative Analysis Between FFT and Kalman Filter Approaches for Harmonic Components Detection},
author = {Newton Carlos Will and Rafael Cardoso},
doi = {10.1109/INDUSCON.2012.6451420},
isbn = {978-1-4673-2412-0},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {Proceedings of the 10th IEEE/IAS International Conference on Industry Applications},
pages = {1--7},
publisher = {IEEE},
address = {Fortaleza, CE, Brazil},
abstract = {This paper presents a numerical comparison between the FFT and the Kalman filter applied for harmonic components detection in different situation of the grid operation. Some pitfalls of the FFT are showed and the results are compared with the Kalman filter approach. It is considered signals with step changes in amplitude, frequency and phase. An analysis of these results is made demonstrating the better behavior of the Kalman filter approach in comparison to the FFT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper presents a numerical comparison between the FFT and the Kalman filter applied for harmonic components detection in different situation of the grid operation. Some pitfalls of the FFT are showed and the results are compared with the Kalman filter approach. It is considered signals with step changes in amplitude, frequency and phase. An analysis of these results is made demonstrating the better behavior of the Kalman filter approach in comparison to the FFT.
Implementation of the IEEE Std 1459-2010 Using Kalman Filter for Fundamental and Harmonics Detection Proceedings Article
Newton Carlos Will; Rafael Cardoso
Em: Proceedings of the IEEE PES Innovative Smart Grid Technologies Conference Europe, pp. 1–7, IEEE, Berlin, Germany, 2012, ISBN: 978-1-4673-2595-0.
@inproceedings{will2012implementation,
title = {Implementation of the IEEE Std 1459-2010 Using Kalman Filter for Fundamental and Harmonics Detection},
author = {Newton Carlos Will and Rafael Cardoso},
doi = {10.1109/ISGTEurope.2012.6465729},
isbn = {978-1-4673-2595-0},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {Proceedings of the IEEE PES Innovative Smart Grid Technologies Conference Europe},
pages = {1--7},
publisher = {IEEE},
address = {Berlin, Germany},
abstract = {This paper presents an approach for the harmonic decomposition of voltage and current. This approach uses the Kalman filter combined with a frequency detection algorithm. It is applied to solving the power computations described in IEEE Std 1459-2010. The implementation of the filter is described and a comparison with the Fast Fourier Transform (FFT) is also provided. The paper also presents the results obtained using a free software developed using the QT framework which implements the power computations in accordance with IEEE Std 1459-2010.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper presents an approach for the harmonic decomposition of voltage and current. This approach uses the Kalman filter combined with a frequency detection algorithm. It is applied to solving the power computations described in IEEE Std 1459-2010. The implementation of the filter is described and a comparison with the Fast Fourier Transform (FFT) is also provided. The paper also presents the results obtained using a free software developed using the QT framework which implements the power computations in accordance with IEEE Std 1459-2010.
2011
Cross-Platform Virtual Power Analyzer Based on IEEE Standard 1459-2010 Proceedings Article
Newton Carlos Will; Lucas Santolin; Rafael Cardoso
Em: Proceedings of the 11th Brazilian Power Electronics Conference, pp. 312-319, IEEE, Natal, RN, Brazil, 2011, ISBN: 978-1-4577-1644-7.
@inproceedings{will2011cross,
title = {Cross-Platform Virtual Power Analyzer Based on IEEE Standard 1459-2010},
author = {Newton Carlos Will and Lucas Santolin and Rafael Cardoso},
doi = {10.1109/COBEP.2011.6085240},
isbn = {978-1-4577-1644-7},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
booktitle = {Proceedings of the 11th Brazilian Power Electronics Conference},
pages = {312-319},
publisher = {IEEE},
address = {Natal, RN, Brazil},
abstract = {This paper proposes an open source software implementation of an power analyzer, running in personal computers. The software uses the power definitions presented in the IEEE Standard 1459-2010. This standard defines the power measurement under sinusoidal, nonsinusoidal, balanced, and unbalanced conditions. The software uses the QT framework that provides easy cross platform compilation. Therefore, the software can be easily ported to different platforms such as Windows, Linux and Mac OS. Simulation and experimental results are presented to validate the proposal.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper proposes an open source software implementation of an power analyzer, running in personal computers. The software uses the power definitions presented in the IEEE Standard 1459-2010. This standard defines the power measurement under sinusoidal, nonsinusoidal, balanced, and unbalanced conditions. The software uses the QT framework that provides easy cross platform compilation. Therefore, the software can be easily ported to different platforms such as Windows, Linux and Mac OS. Simulation and experimental results are presented to validate the proposal.
Proposal of a Cross-Platform Virtual Power Analyzer Based on Standard 1459-2010 Proceedings Article
Newton Carlos Will; Lucas Santolin; Rafael Cardoso
Em: Proceedings of the IV Congresso Brasileiro de Eficiência Energética, pp. 1–7, Juiz de Fora, MG, Brazil, 2011.
@inproceedings{will2011proposal,
title = {Proposal of a Cross-Platform Virtual Power Analyzer Based on Standard 1459-2010},
author = {Newton Carlos Will and Lucas Santolin and Rafael Cardoso},
url = {https://coens.dv.utfpr.edu.br/will/wp-content/uploads/2018/09/cbee2011.pdf},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
booktitle = {Proceedings of the IV Congresso Brasileiro de Eficiência Energética},
pages = {1--7},
address = {Juiz de Fora, MG, Brazil},
abstract = {This paper proposes the implementation of a virtual energy analyzer using open source software. The analyzer uses the power definitions presented in the IEEE Standard 1459-2010. This standard defines the power measurement under sinusoidal, nonsinusoidal, balanced, and unbalanced conditions. The virtual analyzer uses the QT framework that provides easy cross-platform compilation. Therefore, the software can be easily ported to different platforms such as Windows, Linux and Mac OS.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper proposes the implementation of a virtual energy analyzer using open source software. The analyzer uses the power definitions presented in the IEEE Standard 1459-2010. This standard defines the power measurement under sinusoidal, nonsinusoidal, balanced, and unbalanced conditions. The virtual analyzer uses the QT framework that provides easy cross-platform compilation. Therefore, the software can be easily ported to different platforms such as Windows, Linux and Mac OS.
Tese de Doutorado
2020
Modelos de Gerenciamento de Enclaves para Execução Segura de Componentes de Software Tese PhD
Newton Carlos Will
Federal University of Paraná, 2020.
@phdthesis{will2020,
title = {Modelos de Gerenciamento de Enclaves para Execução Segura de Componentes de Software},
author = {Newton Carlos Will},
url = {https://coens.dv.utfpr.edu.br/will/wp-content/uploads/2021/04/Tese.pdf},
year = {2020},
date = {2020-12-05},
urldate = {2020-12-05},
address = {Curitiba, PR, Brazil},
school = {Federal University of Paraná},
abstract = {Data confidentiality is becoming increasingly important to computer users, whether in a corporate environment or even in a home environment. Not only are business-sensitive data currently being trafficked across the network or being handled by a variety of software, but there is also an intense use of applications for banking transactions and other commonly used applications that manipulate sensitive user data, which must have their confidentiality and integrity guaranteed. In this sense, there are several solutions being proposed to maintain the confidentiality and integrity of the data, among them the Intel SGX (Software Guard Extensions) architecture, which has mechanisms to encapsulate applications and data in a protected area of memory having restricted access, making it impossible to access this region of memory to other applications or to the operating system. The use of such mechanisms to provide the confidentiality and integrity of sensitive data results in a performance impact during the application execution, due to the restrictions and verifications imposed by the Intel SGX architecture. The present work aims to analyze the programming models that are applied in solutions that use the Intel SGX architecture and present alternatives that seek more efficient use of the resources provided by this architecture and also the reduction of the performance impact due to its use. Thus, two management models are presented: (i) enclave sharing; and (ii) enclave pool. In order to apply such models, an architecture of an enclave provider is proposed, which offers a decoupling between the enclave and the application that uses it, allowing to apply the proposed management models and offering the resources provided by the enclaves to the applications in “as a service” format. A prototype is built to evaluate the proposed architecture and models, with the performance tests demonstrating considerable reductions in the impact for enclave requests while guaranteeing a good response to attend simultaneous requests. Thus, it is concluded that the use of architectural software models can bring benefits in resource management and performance gains in the execution of secure applications.},
keywords = {},
pubstate = {published},
tppubtype = {phdthesis}
}
Data confidentiality is becoming increasingly important to computer users, whether in a corporate environment or even in a home environment. Not only are business-sensitive data currently being trafficked across the network or being handled by a variety of software, but there is also an intense use of applications for banking transactions and other commonly used applications that manipulate sensitive user data, which must have their confidentiality and integrity guaranteed. In this sense, there are several solutions being proposed to maintain the confidentiality and integrity of the data, among them the Intel SGX (Software Guard Extensions) architecture, which has mechanisms to encapsulate applications and data in a protected area of memory having restricted access, making it impossible to access this region of memory to other applications or to the operating system. The use of such mechanisms to provide the confidentiality and integrity of sensitive data results in a performance impact during the application execution, due to the restrictions and verifications imposed by the Intel SGX architecture. The present work aims to analyze the programming models that are applied in solutions that use the Intel SGX architecture and present alternatives that seek more efficient use of the resources provided by this architecture and also the reduction of the performance impact due to its use. Thus, two management models are presented: (i) enclave sharing; and (ii) enclave pool. In order to apply such models, an architecture of an enclave provider is proposed, which offers a decoupling between the enclave and the application that uses it, allowing to apply the proposed management models and offering the resources provided by the enclaves to the applications in “as a service” format. A prototype is built to evaluate the proposed architecture and models, with the performance tests demonstrating considerable reductions in the impact for enclave requests while guaranteeing a good response to attend simultaneous requests. Thus, it is concluded that the use of architectural software models can bring benefits in resource management and performance gains in the execution of secure applications.
Dissertação de Mestrado
2012
Sistema para Análise de Qualidade de Energia Baseado em Software Livre Masters Thesis
Newton Carlos Will
Federal University of Technology - Paraná, Pato Branco, PR, Brazil, 2012.
@mastersthesis{will2012,
title = {Sistema para Análise de Qualidade de Energia Baseado em Software Livre},
author = {Newton Carlos Will},
url = {https://coens.dv.utfpr.edu.br/will/wp-content/uploads/2020/12/Dissertacao.pdf},
year = {2012},
date = {2012-10-05},
urldate = {2012-10-05},
address = {Pato Branco, PR, Brazil},
school = {Federal University of Technology - Paraná},
abstract = {This document describes the development and implementation of a power analyzer system that is composed by a signal acquisition hardware and a power analyzer software. The acquisition system contains an interface to connect personal computers and transfer the acquired data to be analyzed by the software. The software was developed using free tools and frameworks, which reduces the development cost. Furthermore, the latest definitions for power computation are used, which are described by IEEE Std 1459-2010, for unbalanced and non-sinusoidal systems. To obtain results with better accuracy, it is used the Kalman filter to decompose the voltage and current signals into their fundamental and harmonic components. This document describes the development of hardware and software, including the internal software structure and implementation details of the power computations. Finally, simulation and experimental results are presented to validate the proposal. Then, these results are compared with theoretical results and the values obtained by the Fluke 434 Power Analyzer.},
keywords = {},
pubstate = {published},
tppubtype = {mastersthesis}
}
This document describes the development and implementation of a power analyzer system that is composed by a signal acquisition hardware and a power analyzer software. The acquisition system contains an interface to connect personal computers and transfer the acquired data to be analyzed by the software. The software was developed using free tools and frameworks, which reduces the development cost. Furthermore, the latest definitions for power computation are used, which are described by IEEE Std 1459-2010, for unbalanced and non-sinusoidal systems. To obtain results with better accuracy, it is used the Kalman filter to decompose the voltage and current signals into their fundamental and harmonic components. This document describes the development of hardware and software, including the internal software structure and implementation details of the power computations. Finally, simulation and experimental results are presented to validate the proposal. Then, these results are compared with theoretical results and the values obtained by the Fluke 434 Power Analyzer.