Emerson Ribeiro de MelloFederal Institute of Santa Catarina | IFSC · Grupo de Pesquisa e Desenvolvimento em Sistemas de Telecomunicações
Emerson Ribeiro de Mello
Doctor of Engineering
About
66
Publications
10,265
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
146
Citations
Introduction
Additional affiliations
January 2016 - December 2016
December 2007 - present
August 2003 - December 2008
Education
August 2003 - December 2008
March 2001 - April 2003
Publications
Publications (66)
The current scenario for experimental research in cybersecurity is promising and broad, encompassing various infrastructures and application domains. However, conducting experiments faces significant challenges, such as high costs, operational risks, resource and network management, heterogeneity, capacity and quantity of devices, flexible experime...
The use of testbeds in cybersecurity research enhances the creation of representative datasets. Some works focus on creating a dataset using a dedicated testbed for the experimental scenario, limiting the exploration of variations and requiring the creation of new testbeds to generate new datasets. This work describes a workflow that allows the fle...
Identity and access management integrates policies, business processes, and technologies to enable authentication and authorization of subjects before and during an online transaction. Technological developments, and social and regulatory demands, such as personal data protection regulations, constantly pose challenges for identity management. This...
O MENTORED Testbed auxilia pesquisas na área de prevenção, detecção e mitigação de ataques de DDoS em IoT. O ambiente lida com um alto volume de tráfego de rede e um grande número de dispositivos. Sua implementação justapõe a Infraestrutura Definida por Software da Rede Nacional de Ensino e Pesquisa (IDS-RNP) que suporta diferentes tecnologias para...
Uma atualização confiável de firmware garante que um dispositivo não ficará inutilizável ao final do processo. Uma atualização segura garante que somente firmware autênticos possam ser instalados no dispositivo. Fabricantes de microcontroladores possuem soluções próprias para uma atualização segura e confiável, porém cada solução possui particulare...
A grande escala da Internet das Coisas exige estruturas complexas capazes de suportar cenários experimentais com escala suficiente para avaliar eficientemente soluções de cibersegurança contra ataques DDoS baseados em botnets. Este trabalho descreve uma arquitetura para o MENTORED Testbed, um ambiente de experimentação criado sobre a Infraestrutura...
The federated identity model provides a solution for user authentication across multiple administrative domains. The academic federations, such as the Brazilian federation, are examples of this model in practice. The majority of institutions that participate in academic federations employ password-based authentication for their users, with an attac...
O framework Shibboleth fornece um módulo para o servidor HTTP Apache que permite que este entregue, de forma transparente, asserções SAML para suas aplicações. Aplicações web Python são comumente disponibilizadas na Internet por meio de dois servidores: um de aplicação, que implementa WSGI; e um HTTP, que atua como proxy. Na arquitetura de microsse...
More and more online businesses are using the email for a purpose other than its original one, which was to enable communication between people. Email address is used as a user account identifier and systems send transactional messages to their user's email addresses. This paper presents an analysis of the user's account registration process in the...
Mousejack is a class of vulnerabilities that affects wireless devices such as mouses and keyboards that made use of proprietary communication protocolos instead of Bluetooth standard. This work aims to check if best seller wireless devices by Brazilian electronic commerce are still vulnerable.
One of the strategies used by governments to enhance eGovernment Programs (eGov) is to define an Electronic Identity Management (IdM) system. Brazil has not yet defined a National Strategy for Identity Management. This work aims to propose a Mobile Identity Management (Mobile eID) System aligned with the Brazilian eGov Program, through a solution t...
Este artigo apresenta uma visão de futuro sobre temas com potencial para pesquisas e desenvolvimento em Gestão de Identidades de acordo com pesquisadores que têm atuado na área e colaborado no Comitê Técnico de Gestão de Identidades (CT-GId), vinculado à Rede Nacional de Ensino e Pesquisa (RNP). Os resultados apontam para a existência de muitos des...
A Internet das coisas (Internet of Things - IoT) está sendo utilizada em diversos domínios de aplicação, incluindo sistemas de controle de acesso físico. Entretanto, as soluções existentes não consideram a transposição da autenticação federada combinada com o acesso físico e acesso lógico unificado. Neste contexto, este artigo descreve uma solução...
Federated identity management model provides a solution for credencial access proliferation, such as based on passwords. However, it only takes the attacker to find out one password in order to personify the user in all federated service providers. The multifactor authentication emerge as a solution to increase the authentication process robustness...
Dispositivos de entrada sem fio, como mouses e teclados, são geralmente utilizados pelos usuários de laptops devido à sua praticidade. A comunicação sem fio destes dispositivos se dá por meio de rádio frequência em uma faixa não licenciada de 2.4GHz. Alguns fabricantes utilizam as especificações Bluetooth, que além de ser um protocolo de comunicaçã...
Amongst the several problems with the Brazilian e-government services (e-Gov), many of them are related to the fact that Brazil does not have a National Strategy for Digital Identity Management (IdM). To design a national strategy, it is crucial to analyze the solutions adopted in other countries and take into account Brazilian characteristics, suc...
Na Comunidade Acadêmica Federada (CAFe) a ampla maioria das instituições clientes atua somente como provedor de identidade e consome serviços providos pela Rede Nacional de Ensino e Pesquisa ou de outras federações que a CAFe possui acordo de colaboração. Este trabalho apresenta os pontos que precisaram ser considerados para ofertar o sistema de vo...
To perform research in Identity Management, the researcher needs a complete infrastructure with Identity Providers (IdPs) and Service Providers (SPs) so that it can conduct your experiments. The process to provide this kind of infrastructure is time-consuming and requires a thorough knowledge on the tools, which are limiting factors for researchers...
Resumo. A necessidade de uma participação ampla e democrática em pleitos realizados pela instituição de ensino multicampi exigia que problemas como o deslocamento de pessoas da comissão eleitoral e urnas para os municípios onde houvesse um campus ou polo de Educação a Distância , bem como a realização da apuração, não fossem impeditivos para a efet...
Resumo. A adoç ao de programas de Governo Eletrônico (e-Gov) ´ e uma impor-tante ferramenta para promover a transparência dos gastos públicos e o acesso eficiente aos serviços. Para muitos países , ´ e fundamental conceber sistemas de gestão de identidades que ofereçam a autenticaç aó unica e o acesso seguro dos cidadãos as aplicaç oes de e-Gov. O...
The next step in growth of the Internet is the extensive integration of networked physical objects, known as things. The Internet of Things (IoT) paradigm is characterized by the diversity of devices that cooperate to achieve a common goal. In this environment, compose of constrained devices, the widespread adoption of this paradigm depends of secu...
O framework Shibboleth é a infraestrutura de autenticação e autorização mais empregada para constituição de federações acadêmicas, possibilitando que usuários, através de um navegador web, acessem serviços disponibilizados pela federação usufruindo do conceito de autenticação única. O Shibboleth faz uso do padrão SAML, porém, nem todas as aplicaçõe...
Identity management is an integrated system of policies, business processes and technologies that enables organizations to provide resources safely, only to their users. This also involves issues related to definition, certification and life cycle management of digital identities. The federated identity model is an approach to optimize the exchange...
Os sistemas de vigilância, formados por circuitos internos de TV, não são mais exclusividade de grandes empresas e estão cada vez mais presentes em residências e condomínios. O ZoneMinder é um projeto de código aberto que roda em um computador pessoal e permite ao usuário monitorar câmeras de vigilância através de um navegador web. Os telefones int...
Business process-oriented services are crossing organizational boundaries and are provided by different partners. This work defines a probabilistic trust model that aims dynamic trust establishment between business partners, even in front of entities that do not have any previous link. The proposed model is based on a distributed reputation system...
Due to the increasing number of service providers, the grouping of these providers following the federation concept and the
use of the Single Sign On (SSO) concept are helping users to gain a transparent access to resources, without worrying about
their locations. However, current industry and academic production only provide SSO in cases with homo...
Distributed security models based on a 'web of trust' eliminate single points of failure and alleviate performance bottlenecks. However, such distributed approaches rely on the ability to find trust paths between participants, which introduces performance overhead. It is therefore of importance to develop trust path discovery algorithms that minimi...
The purpose of the XML Key Management Specification (XKMS) is to facilitate the use of a Public Key Infrastructure (PKI) by transferring the complexity associated with PKI to a trusted Web Service. Although this specification contains information on how compatibility with PKIs such as PGP and SPKI/SDSI can be reached, it is straight focused on X.50...
The Single Sign-On (SSO) authentication enables a user authenticates once in your original domain and uses this authentication in other domains of the distributed system. This article defines a model for authentication and authorization in system oriented services. Using the SAML standard and the identity federated concepts, the model emphasizes th...
This paper introduces SOAR, a service-oriented architecture for the real-estate industry that embeds trust and security, allows for formal correctness proofs of service interactions, and systematically addresses human interaction capabilities through web-based user access to services. We demonstrate the features of SOAR through a DealMaker service...
O propósito do XML Key Management Specification (XKMS) é facilitar o uso de uma Infra-estrutura de Chave Pública (ICP), transferindo a complexidade da mesma para um Serviço Web de confiança. Apesar de trazer indicações de como se adequar a ICPs como o PGP e o SPKI/SDSI, esta especificação está fortemente focada na ICP X.509. Para que aplicações dis...
This paper introduces a model making use of the security proposals based on Web Services architecture that aims to provide
guarantees authentication and authorization transfer among different security domains. The model describes a flexible, scalable
and secure way to establish trust relationships among Virtual Organization partners and to assign t...
We introduce SOAR, a service-oriented architecture for the real-estate industry that embeds trust and security, allows for formal correctness proofs of service interactions, and systematically addresses human interaction capabilities through web-based user access to services. We demonstrate the features of SOAR through a Deal- Maker service that he...
The use of open standards and integrative nature are features that made Web Ser-vices an interesting area to academic research and to industry. This chapter introduces the concepts behind the Service Oriented Architecture, Web Services, in particular. This text shows, through a use case, the benefits of this architecture and its security challenges...
The XML Key Management Specification (XKMS) moves the comple- xity associated with Public Key Infrastructure (PKI) to a trusted Web Service. Although the specification shows that is possible to use PGP or SPKI/SDSI it is straight focused in X.509 PKI. This work does use of XKMS to propose a federated management model for SPKI/SDSI which permits tha...
Neste trabalho é apresentado um modelo que visa permitir a transferência de autenticação e autorização entre diferentes domínios administrativos e de segurança. O modelo faz uso das especificações de segurança propostas para a arquitetura dos Serviços Web e está fundamentado no conceito das teias de federações que permite soluções de gerenciamento...
This work presents the use of security proposals in the Web Services architecture aiming to provide an environment that guarantees authentication and authorization transfer between different security domains. The model described facilitates the access of rights owners into an environment with different security technologies. This model is based on...
This paper presents a form to integrate trust chains and peer-to-peer networks. The peer-to-peer networks are used to locate SPKI/SDSI certificates chains, which is the main difficult of SPKI/SDSI model. The SPKI/SDSI is used to provide security guarantees as authenticity, confidentiality and a fine access control in peer-to-peer applications. This...
Este trabalho apresenta um modelo de segurança para Serviços Web (Web Services), o qual utiliza padrões XML para a troca de informações sobre autenticação, controle de acesso e especificação das políticas de segurança. O modelo utiliza os padrões de segurança especificados pela W3C e OASIS para garantir a autenticação e autorização entre os Serviço...
This work presents an authentication and authorization model that results from the integration of the SPKI/SDSI infrastructure with CORBAsec. The paper presents the main facilities provided by the proposed model, showing the advantages of using the SPKI/SDSI infrastructure. CORBA provides to the model the advantages of interoperable distributed obj...
Traditional security systems are not easily scalable and can become single points of failure or performance bottlenecks when used on a large-scale distributed system such as the Internet. This problem occurs also when using a Public Key Infrastructure (PKI) with a hierarchical trust model. SDSI/SPKI is a PKI that adopts a more scalable trust paradi...
This work presents an authentication and authorization model that results from the integration of the SPKI/SDSI infrastructure with CORBAsec. The paper presents the main facilities provided by the proposed model, showing the advantages of using the SPKI/SDSI infrastructure. CORBA provides to the model the advantages of interoperable distributed obj...
Classic security systems use a trust model centered in the authentication procedure, which depends on a naming service. Even when using a Public Key Infrastructure as X.509, such systems are not easily scalable and can become single points of failure or performance bottlenecks. Newer systems, with trust paradigm focused on the client and based on a...
This work presents an authentication and authorization model that results from the integration of the SPKI/SDSI infrastructure with CORBAsec. The paper presents the main facilities provided by the proposed model, showing the advantages of using the SPKI/SDSl infrastructure. CORBA provides to the model the advantages of interoperable distributed obj...
Traditional security systems are not easily scalable and can become single points of failure or performance bottlenecks when used on a large-scale distributed system such as the Internet. This problem occurs also when using a public key infrastructure (PKI) with a hierarchical thrust model. SDSI/SPKI is a PKI that adopts a more scalable trust parad...
Este trabalho apresenta um modelo de autorização e autenticação que visa minimizar, principalmente, as dificuldades de escalabilidade e flexibilidade dos sistemas clássicos, em ambiente de larga escala como a Internet. O modelo se baseia em redes de confiança construídas a partir da delegação de privilégios de acesso, codificados em certificados de...
The paper presents a survey about the SPKI/SDSI public key infras-tructure. SPKI/SDSI is a security model for distributed systems and follows a descentralized approach, where the authentication and authorization controls are in distributed way. This work presents the advantages, difficulties and some solutions for this difficulties, as well as an i...
This work presents a security model for Web Services that utilize XML standards for information interchange on authentication, access control and security policies specifications. The model uses W3C and OASIS standards to guarantee the authentication and authorization between Web Services. Further- more, mechanisms for digital signatures as well as...
This work presents a proposal of extension to the m odel of Role- Based Access control (RBAC) to support activities t hat demands mutability in their authorization attributes in runtime. Such act ivities cannot be subdivided in a set of subtasks executed sequentially and nor they can be accomplished by a single role. The presented approach allows t...
Business process-oriented services are crossing organizational boun- daries and are provided by different partners. This work defines a probabilistic trust model that aims dynamic trust establishment between business partners, even in front of entities that do not have any previous link. The proposed model is based on a distributed reputation syste...
The infrastructure provided by Internet stimulated the creation of different forms of collaborative networks. This Chapter introduces an analysis about security challenges in colaborative networks based on service oriented architecture, in particular, virtual or- ganizations and national research and education networks. Dynamic trust establishment,...
The Single Sign-On (SSO) authentication enables a user authenti- cates once in your original domain and uses this authentication in other do- mains of the distributed system. This article defines a model for authentication and authorization in system oriented services. Using the SAML standard and the identity federated concepts, the model emphasize...
This work presents a model that guarantees authentication and au- thorization transfer among differents security and administrative domains. The model uses security specifications for Web Services architecture and is based on the federation web concept, which allows scalable and flexible rights man- agement solutions. In this work is presented an e...
This paper presents a form to integrate trust chains and peer-to-peer networks. The peer-to-peer networks are used to locate SPKI/SDSI certifica-tes chains, which is the main difficult of SPKI/SDSI model. The SPKI/SDSI is used to provide security guarantees as authenticity, confidentiality and a fine access control in peer-to-peer applications. Thi...
Resumo. Os sistemas de vigilância, formados por circuitos internos de TV, não são mais exclusividade de grandes empresas e estão cada vez mais presentes em residências e condomínios. O ZoneMinde e um projeto de código aberto que roda em um computador pessoal e permite ao usuário monitorar câmeras de vigilância através de um navegador web. Os telefo...