Seguran\c ca em Computa\c c\~ao

Raul H.C. Lopes

Our goal is not to provide a "how to" guide for potential penetrators of operating systems. Rather we study these flaws to understand the careful analysis necessary in designing and testing operating systems (Pfleeger and Pfleeger in "Security in Computing")

Outline

• O problema da seguran\c ca em computa\c c\~ao
• Seguran\c ca de Programas
• Seguran\c ca em Sistemas Operacionais
• Criptografia
• Redes e Protocolos
• Bancos de Dados

Refer\^encias b\'asicas

• Computer Security: Art and Science
  Matt Bishop
• Security Engineering
  Ross Anderson

Links de interesse

• CERT (Carnegie-Mellon)
• AusCERT (Austr\'alia)
• P\'agina de Bruce Schneier
• P\'agina de Leslie Lamport: interesse em especifica\c c\~ao formal de sistemas

Refer\^encias por T\'opico

• O problema de Seguran\c ca em Computa\c c\~ao
  • J.P.Anderson: Computer Security...
    Um dos primeiros artigos em seguran\c ca (considerado refer\^encia at\'e hoje
  • P.A.Karger and R. Schell: Multics Security Evaluation
    Artigo seminal sobre seguran\c ca no MULTICS (predecessor dos UNIX)
  • Guia do NIST sobre tratamento de incidentes
  • D.L.Brinkley and R.R. Schell: Concepts and Terminology for Computer Security
• Seguran\c ca no n\'ivel de programas
  • K.Thompson: Reflexions on Trusting
  • K.Ashcraft and D.Engler: Using Programmer-Written Compiler Extensions to Catch Security Holes
    Para se defender de Ken Thompson
  • D.Farmer and W.Venema: Imporving Security of your Site by Breaking Into It
    Seguran\c ca na linha "break-and-fix cycle"
  • Aleph One: Samashing the Stack
    buffer overflows
  • C.Cowan: Buffer Overflows: Attacks and Defenses
  • Virus e worms
    • C.Nachenberg: Computer Virus - Coevolution, Comm. of ACM, vol 40, n1 (1997)
      download via CAPES
    • P. Szor and P.Ferrie: Hunting for Metamorphic
    • F. Perriot, P. Szor and P.Ferrie: Striking Similarities
    • E.H. Spafford: The Internet Worm Program: An Analysis
    • T.M. Chen J.M. Roberts: Worm Epidemics in High-Speed Networks
    • S.H. Pfleeger and L. Hatton: Investigating the Influence of Formal Methods, IEEE Computer, vol 30 n2 (1997)
    • C.P.Pfleeger, S.H. Pfleeger and M.F.Theofanos: A methodology of Penetration Testing, Computers and Security, vol.8 n7,pp 613-620 (1989)
• Seguran\c ca no n\'ivel so Sistema Operacional
  • Interesse geral
    • P.A.Karger and R.R.Schell: Thirty Years Later: Lessons From the Multics Evaluation Security
    • Security-enhanced Linux da NSA
    • D.Wheeler: Secure Programming for Linux
    • Artigo comparativo Jail, LSM SE-Linux"
    • Monitor de M\'aquina Virtual
  • Controle de acesso
    • R.S.Fabry: Capability-based addressing
  • Seguran\c ca no Kernel
    • L.Lampson: Protection
    • J.H.Saltzer: The protection of information in MULTICS
  • M\'aquinas virtuais
    • N\'umero da ACM Queue sobre M\'aquinas Virtuais
    • Kamp and Watson: Jails: Confining the Omnipotent root
  • Casos reais
  • Crit\'erios de Avalia\c c\~ao
    • Trusted Computer System Evaluation Criteria
    • Common Criteria
  • Protocolos Criptogr\'aficos
    • B. Schneier: Applied Criptography
    • D. Stinson: Criptography: theory and Practice
    • R.Merkle: Secure Communications over Insecure Channels, Comm. of ACM, v 21, n4, 294--299
    • Diffie and Hellman: New Directions in Criptography, IEEE Trans. Information Theory, v-IT 22,6, 644-654
    • R.Milner, J. Parrow and D. Walker: A Calculus of Mobile Processes Pt.1
    • R.Milner, J. Parrow and D. Walker: A Calculus of Mobile Processes Pt.2
    • M.Abadi and A.D.Gordon : A Calculus for Criptographic Protocols

  Ferramentas

  • download de TLC

  Exemplos

  • Especifica\c c\~ao em TLA

  Trabalhos pr\'aticos