Carla Merkle Westphall

Federal University of Santa Catarina | UFSC · Departamento de Informática e Estatística

Authentication of restricted memory devices presents significant problems since memory consumption is high in mutual authentication using cryptographic protocols in IoT environments. The development of a multi-factor mutual authentication method that can be used in fog and cloud computing remains a challenge, according to previous studies. The pres...

O número de ataques phishing atingiu em 2021 o maior número de todos os tempos até então, sendo o triplo desde 2020. Tal evento demonstra que, desde seu surgimento em 1995, como as técnicas de phishing são moldadas considerando o contexto de seu alvo, esses ataques acabam se adaptando com o tempo e, dessa forma, tal problema persiste na sociedade h...

a document portfolio for threat model and multi-factor authentication areas that represents the areas' state-of-art; • a list of the main characteristics of multi-factor authentication researches from the portfolio; • a list of the main threats to multi-factor authentication obtained from the state-of-art. A B S T R A C T This work reports that the...

obtaining a sufficiently representative dataset of the authentication and threat model area to support future research. • a set of statistical analyzes of publication data, such as sources, publication by time, and most cited publications. • analysis of the top ten articles with the highest number of citations of the entire period and classificatio...

Currently, the Internet of Things is spreading in all areas that apply computing resources. An important ally of the IoT is fog computing. It extends cloud computing and services to the edge of the network. Smart environments are becoming real and possible through IoT and fog computing. However, they are not free from security threats and vulnerabi...

The expansion of networks worldwide and its benefits allowed the emergence and application of several technologies aimed at exchanging information in a decentralized manner, such as Blockchain, where there is no need for a reliable agent or third party for management. In this context, the emergence of various distributed wireless networks was possi...

Given the use of web applications on dynamic environments of cloudcomputing integrated with IoT devices, SQL injection and XSS (Cross-Site Scrip-ting) attacks continue to cause security problems. The detection of maliciousrequests on the application level is a research challenge that’s evolving by theuse of Machine Learning and neural network. This...

Authentication of restricted memory devices presents significant problems since memory consumption is high in mutual authentication using cryptographic protocols in IoT environments. The development of a multi-factor mutual authentication method that can be used in fog and cloud computing remains a challenge, according to previous studies. The pres...

Community networks are prone to free-riders, i.e., participants who take advantage of cooperation from others' routers but do not contribute reciprocally. In this paper, we present HARPIA, a system for credit-based incentive mechanisms for data forwarding in community networks aimed to prevent selfish behavior. HARPIA does not require a trusted thi...

Recently, blockchain trustless properties started to be investigated to design cooperation enforcement mechanisms in many systems. This paper presents a comprehensive and detailed review of works on blockchain-enabled data forwarding incentives for multi-hop MANETs. We contextualize the problem of selfish misbehavior in networks composed of routers...

Authentication of restricted memory devices presents significant problems since memory consumption is high in mutual authentication using cryptographic protocols in IoT environments. According to previous studies, the development of a multi-factor mutual authentication method that can be used in fog and cloud computing remains a challenge. The pres...

Internet of things (IoT) and Fog computing applications deal with sensitive data and need security tools to be protected against attackers. CoAP (Constrained Application Protocol), combined with DTLS (Datagram Transport Layer Security), provides security to IoT/Fog applications. However, processing times need to be considered when using this combin...

With the increasing advancement of services on the Internet, due to the strengthening of cloud computing, the exchange of data between providers and users is intense. Management of access control and applications need data to identify users and/or perform services in an automated and more practical way. Applications have to protect access to data c...

Fog Computing is an area of Computer Science that is under constant construction and evolution, and in conjunction with information security, the paradigm becomes more reliable and secure for IoT’s edge platforms. The authentication of restricted memory devices has major problems because memory consumption is high when applied with other models tha...

The authentication of restricted memory devices has major problems because memory consumption is high when applied with other protocols that have the purpose of mutual authentication. This article proposes an authentication model that validates mutually the parties in an Internet of Things environment applied in the context of Fog Computing. Throug...

Várias evoluções de paradigmas foram propostas nos últimos anos. Fog Computing é uma área da Ciência da Computação que está em construção e constante evolução, e em conjunto com a segurança da informação, o paradigma se torna mais confiável e seguro para as plataformas da borda do IoT. Os quesitos de segurança são de difícil alcance em ambientes com...

Response to some questions: - What is IoT (Internet of Things) and Security for IoT? - Comment on the DDoS attack that the victim was the company Dyn, according to the ”the guardian” reported on 26 Oct. 2016. - What the really popular Internet of Things applications are right now? And in the future? - What is (will be) the interaction between IoT a...

With the increasing amount of personal data stored and processed in the cloud, economic and social incentives to collect and aggregate such data have emerged. Therefore, secondary use of data, including sharing with third parties, has become a common practice among service providers and may lead to privacy breaches and cause damage to users since i...

Serviços de cloud estão sempre “ligados,” e são acessíveis globalmente, assim as “coisas” podem ser localizadas em qualquer lugar, podem ser móveis, podem transmitir dados diferentes em momentos diferentes. Serviços de cloud tem escalabilidade, o que é bom em IoT já que muitas “coisas” podem se comunicar com velocidades diferentes em momentos difer...

Informações para responder as seguintes perguntas: - Conceitue IoT (Internet das Coisas) e Segurança para IoT. - Comente sobre o ataque DDoS cuja a vítima foi a empresa Dyn, segundo divulgado no “theguardian” em 26/10/2016. - Cite e comente sobre alguns exemplos de aplicações de IoT. - Explique a interação entre IoT e Cloud (Fog e Edge). - Descreva...

Composto de objetos físicos embutidos com eletrônica, software e sensores que permitem sensoriamento e controle remoto de objetos através de uma estrutura de rede. Facilita integração direta entre mundo físico e redes de comunicação. Comunicação: any TIME, any THING, any PLACE . Segurança de IoT não é apenas segurança de dispositivos! Todos os elem...

With the rise of cloud computing, thousands of users and multiple applications have sought to communicate with each other, exchanging sensitive data. Thus, for effectively managing applications and resources, the use of models and tools is essential for the secure management of identities and to avoid compromising data privacy. There are models and...

In policy-based management, service providers want to enforce fine-grained policies for their resources and services. Besides the assurance of digital identity, service providers usually need personal data for evaluation of access control policies. The disclosure of personal data, also known as Personally Identifiable Information (PII), could repre...

Abstract—In policy-based management, service providers want to enforce fine-grained policies for their resources and services. Besides the assurance of digital identity, service providers usually need personal data for evaluation of access control policies. The disclosure of personal data, also known as Personally Identifiable Information (PII), co...

Autonomic Cloud Computing management requires a model to represent the elements into the managed computing process. This tutorial proposes an approach to model the load flow through abstract and concrete Cloud components. Our model has a formal mathematical background and is generic, in contrast with other proposals. It receives new Virtual Machine...

With the increasing amount of personal data stored and processed in the cloud, economic and social incentives to collect and aggregate such data have emerged. Therefore, secondary use of data, including sharing with third parties, has become a common practice among service providers and may lead to privacy breaches and cause damage to users since i...

Summary: 1 - Cloud Computing Security Monitoring 2 - Federated Identity for Cloud Computing 3 - Risk Analysis for Cloud Computing 4 - Secure Internet of Things

Cloud computing is advantageous for customers and service providers. However, it has specific security requirements that are not captured by traditional access control models, e.g., secure information sharing in dynamic and collaborative environments. Risk-based access control models try to overcome these limitations, but while there are well-known...

Cloud computing offers benefits in terms of availability and cost, but transfers the responsibility of information security management for the cloud service provider. Thus the consumer loses control over the security of their information and services. This factor has prevented the migration to cloud computing in many businesses. This paper proposes...

The increase of dynamic cloud computing environments introduces the need for new ways of access control in applications. One access control model which adapts flexibly to such systems on the Internet is the RAdAC (Risk-Adaptive Access Control). This model is based on the user confidence degree and the risk of releasing access to some information ta...

T2. Clouds and Security: A Scrutinized Marriage Presenters: Prof. Dr. Carlos Becker Westphall, Federal University of Santa Catarina, Brazil Prof. Dr. Carla Merkle Westphall, Federal University of Santa Catarina, Brazil Introduction Motivation Cloud security challenges and problems Basic concepts Cloud computing Security Cloud Security Concerns Iden...

Dynamic federations allow users to access new service providers on demand. This dynamic access adds risks to personally identifiable information (PII) of users, since there are untrusted service providers. The federated identity management is essential to preserve privacy of users while performing authen-tication and access control in dynamic feder...

As multi-tenant authorization and federated identity management systems for cloud computing matures, the provisioning of services using this paradigm allows maximum efficiency on business that requires access control. However, regarding scalability support, mainly horizontal, some characteristics of those approaches based on central authentication...

Cloud computing allows the use of resources and systems in thousands of providers. This paradigm can use federated identity management to control user's identification data, but it is essential to preserve privacy, while performing authentication and access control. This article discusses necessary characteristics to improve privacy in the dissemin...

RENASIC LATIM - Laboratório Virtual de Técnicas de Implementação Segura Meta 38 – GerPri – Gerenciamento de Identidades com Privacidade II Encontro CTC Setembro 2015

Several risk analysis solutions have been proposed for cloud computing environments. But these solutions are usually centered on the Cloud Service Provider, have limited scope and do not consider the business requirements of the Cloud Consumer. These features reduce the confiability of the results of a cloud computing risk analysis. This paper prop...

The concepts proposed by Green IT have changed the priorities in the design of information systems and infrastructure, adding to traditional performance and cost requirements, the need for efficiency in energy consumption. The approach of Green Cloud Computing builds on the concepts of Green IT and Cloud in order to provide a flexible and efficient...

Cloud computing is widely used to provide on demand services as a consequence of its benefits such as reduced costs, structure flexibility and agility on resource provisioning. However, there are still people that are not comfortable with the idea of sending their sensitive data to the cloud such as the personally identifiable information (PII) tha...

Cloud computing is becoming increasingly more popular and telecommunications companies perceive the cloud as an alternative to their service deployment models, one that brings them new possibilities. But to ensure the successful use of this new model there are security and management challenges that still need to be faced. There are numerous threat...

Cloud computing is a distributed computing model that still faces problems. New ideas emerge to take advantage of its features and among the research challenges found in the cloud, we can highlight security concerns. This tutorial discusses the use of risk-based dynamic access control for cloud computing, presenting an access control model based on...

Cloud computing is becoming increasingly more pop-ular and telecommunications companies perceive the cloud as an alternative to their service deployment models, one that brings them new possibilities. But to ensure the successful use of this new model there are security and management challenges that still need to be faced. There are numerous threa...

The aim of Green Cloud Computing is to achieve a balance between resource consumption and quality of service. In order to achieve this objective and to maintain the flexibility of the Cloud, dynamic provisioning and allocation strategies are needed to manage the internal settings of the Cloud, addressing oscillatory peaks of workload. In this conte...

Purpose - The lack of a security evaluation method might expose organizations to several risky situations. This paper aims at presenting a cyclical evaluation model of information security maturity. Design/methodology/approach - This model was developed through the definition of a set of steps to be followed in order to obtain periodical evaluatio...

This paper presents some scope, context, proposals and solutions related with the following topics: Decision- Theoretic Planning for Cloud Computing; An Architecture for Risk Analysis in Cloud; Risk-based Dynamic Access Control for a Highly Scalable Cloud Federation; Challenges of Operationalizing PACS on Cloud Over Wireless Networks; Environment,...

The aim of green cloud computing is to achieve a balance between resource consumption and quality of service. This work introduces the distributed system management model, analyses the system’s behavior, describes the operation principles, and presents case study scenarios and some results. We extended CloudSim to simulate the organization model ap...

Cloud computing is a distributed computing model that still faces problems. New ideas emerge to take advantage of its features and among the research challenges found in the cloud, we can highlight Identity and Access Management. The main problems of the application of access control in the cloud are the necessary flexibility and scalability to sup...

As multi-tenant authorization and federated identity management systems for cloud computing matures, the provisioning of services using this paradigm allows maximum efficiency on business that requires access control. However, regarding scalability support, mainly horizontal, some characteristics of those approaches based on central authentication...

The concepts proposed by Green IT have changed the priorities in the design of information systems and infrastructure, adding to traditional performance and cost requirements, the need for efficiency in energy consumption. The approach of Green Cloud Computing builds on the concepts of Green IT and Cloud in order to provide a flexible and efficient...

This paper presents a mathematical model of decision planning for autonomic Cloud Computing based on the decision-theoretic planning model. It uses Markov decision process on the cloud manager to evaluate decisions and manage the Cloud environment. Also, it contributes to the state-of-art of Cloud Computing approaching the planning phase of the aut...

Cloud computing offers benefits in terms of availability and cost, but transfers the responsibility of information security management for the cloud service provider. Thus, the consumer loses control over the security of their information and services. This factor has prevented the migration to cloud computing in many businesses. This paper propose...

This paper describes ChiWa, the improvement and implementation of the basic properties of the Chinese Wall security model, which can be used to implement application security policies. The Chinese Wall security model is based on the prevention of commercial conflict of interest classes, accomplishing the multilateral security concept that strives t...

Because of the growth in the use of cloud computing and the migration of services to this paradigm, it becomes necessary to investigate security issues that might compromise its use. Identity and Access Management is among these issues and is related to the management of users and access to their data. Federated Identity Management is widely adopte...

The services provided in clouds may represent an increase in the efficiency and effectiveness in the operations of the enterprise business, improving the cost-effectiveness related to services and resources consumption. However, there is concern about the privacy of data, since such data are outside the client’s domain. For these services to be eff...

Cloud Computing is already a successful paradigm for distributed computing and is still growing in popularity. However, many problems still linger in the application of this model and some new ideas are emerging to help leverage its features even further. One of these ideas is the cloud federation, which is a way of aggregating different clouds to...