Prof. Dr. Daniela Oliveira
University of Florida

Is the Ability to Detect Software Vulnerabilities Independent of Programming Language?

Abstract: Despite efforts of the security community, software vulnerabilities are still prevalent, with new vulnerabilities reported daily and older resurfacing. While the community has been taking steps to understand the factors that impact developers’ ability to detect software vulnerabilities, one question remains unanswered: Is the ability to detect vulnerabilities independent of programming language? In this talk we will provide answers to this question by discussing our multi-country study with 109 Java and 193 Python developers working on 18 different vulnerable programming scenarios with different types of vulnerabilities targeting different types of APIs. We looked at ability to detect software vulnerabilities not only from a technical (API type, code length and complexity, programming language), but also from a human factors perspective: developers’ perception of code correctness, familiarity, confidence, professional experience, cognitive function, and personality. Our analysis showed that for both Java and Python: (1) developers’ ability to detect vulnerability was statistically comparable, (2) developers perceive unsafe code with the same level of difficulty, clarity, familiarity, and confidence as safe ones, (3) developers’ expertise and experience did not predict better ability to detect software vulnerabilities. Regarding differences per programming language, we found: (1) only for Python, cognitive status (long-term memory) predicted a better developer ability to detect vulnerabilities in unsafe code, (2) only for Java, personality trait (openness) predicted a better ability to detect vulnerabilities in unsafe code, (3) developers’ ability to understand unsafe code depends on the API type for Java: developers had more difficulty when the vulnerability involved I/O functions, and (4) developers’ ability to detect vulnerability decreases for Java and increases for Python with the increase in code complexity.

Short Biography: Daniela Seabra Oliveira is an Associate Professor in the Department of lectrical and Computer Engineering at the University of Florida. She received her B.S. and M.S. degrees in Computer Science from the Federal University of Minas Gerais in Brazil. She then earned her Ph.D. in Computer Science from the University of California at Davis. Her main research interest is interdisciplinary computer security, where she employs successful ideas from other fields to make computer systems more secure. Currently, she is particularly interested in understanding and addressing cyber deception and social engineering susceptibility among Internet users. She received the National Science Foundation CAREER Award in 2012 and the 2014 Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama. She is a National Academy of Sciences Kavli Fellow and a National Academy of Engineers Frontiers of Engineering Symposium Alumni. Her research has been sponsored by National Science Foundation (NSF), Defense Advanced Research Projects Agency (DARPA), MIT Lincoln Laboratory, and Google.

This lecture will be presented in Portuguese(PT-BR)

Prof. Dr. Paulo Barreto
Universidade de Washington

Post-quantum cryptography – from 2007 to 2020

Abstract: A quase totalidade dos criptossistemas de chave pública em uso na atualidade baseia-se na dificuldade de resolver dois problemas computacionais: a fatoração de números inteiros e o cálculo de logaritmos discretos elípticos. O algoritmo quântico desenvolvido por Peter Shor é capaz de resolvê-los com custo comparável ao de sua utilização legítima. Avanços na construção de computadores quânticos sugerem que estes possam tornar-se uma ameaça efetiva nas próximas poucas décadas, motivando esforços de padronização das chamadas alternativas pós-quânticas para esquemas de chave pública, como o processo PQC do NIST e a futura atualização da suíte B da NSA. Nesta palestra, serão abordados o estado da arte na construção de processadores quânticos, os principais esquemas pós-quânticos propostos com suas vantagens, limitações e desafios para uma eventual migração, e o estágio atual do processo de padronização, com ênfase em cenários potenciais de utilização das principais propostas.

Short Biography: Paulo Barreto é um criptógrafo nascido em Salvador, Bahia, Brasil (1965). Graduou-se em Física em 1987, obteve o grau de Doutor em Engenharia em 2003 e o de Livre-Docente em Engenharia da Computação em 2011, todos pela Universidade de São Paulo. Trabalhou na indústria por 15 anos antes de ingressar no corpo docente da Escola Politécnica da Universidade de São Paulo e mais recentemente na Escola de Engenharia e Tecnologia da Universidade de Washington | Tacoma (EUA). Seus interesses de pesquisa em criptografia são bastante ecléticos e incluem projeto e análise de cifras de bloco e funções de hash, criptossistemas eficientes baseados em curvas elípticas e emparelhamentos bilineares, e criptossistemas pós-quânticos (especialmente baseados em códigos, reticulados, funções de hash e isogenias supersingulares).

This lecture will be presented in Portuguese(PT-BR)

Prof. Dr. Kristin E. Lauter
Microsoft Research

Private AI: Machine Learning on Encrypted Data

Abstract: As the world adopts Artificial Intelligence, the privacy risks are many. AI can improve our lives, but may leak or misuse our private data. Private AI is based on Homomorphic Encryption (HE), a new encryption paradigm which allows the cloud to operate on private data in encrypted form, without ever decrypting it, enabling private training and private prediction. The security of Homomorphic Encryption is based on hard problems in mathematics involving lattices, a candidate for post-quantum cryptography. Cyclotomic number rings are a good source of the lattices used in practice, which leads to new interesting problems in number theory. This talk will explain Homomorphic Encryption and show demos of HE in action.

Short Biography: Kristin Lauter is a mathematician and cryptographer whose research areas are number theory, algebraic geometry, and applications to cryptography. She is particularly known for her work on homomorphic encryption, elliptic curve cryptography, and post-quantum cryptography. She is a Principal Researcher and Partner Research Manager of the Cryptography and Privacy Group at Microsoft Research in Redmond, Washington. She served as President of the Association for Women in Mathematics (AWM) from 2015 –2017, and she currently serves on the Board of Trustees for MSRI. She is a Fellow of the American Mathematical Society (AMS), the Society of Industrial and Applied Mathematics (SIAM), and the Association for Women In Mathematics (AWM). She is the 2018-2020 Polya Lecturer for the Mathematical Association of America (MAA). She has published more than 100 papers and holds more than 50 patents.

Prof. Dr. Max Mühlhäuser
Technical University of Darmstadt

Security needs Trust needs Security

Abstract: The tight relationship between computational trust and IT security has been addressed by different authors in several publications. There were attempts to harmonize both fields, considering them as two sides of the same medal - coined as soft security and hard security, or conversely, as soft trust and hard trust. In the keynote, we will briefly review this past research that concentrates on how trust and security can *complement* each other. We will then focus on more recent efforts hat concentrate on how trust and security can *act in service of* each other. Under the heading "security needs trust", we will investigate how IT security scenarios can be assessed by means of computational trust; under the heading "trust needs security", we will investigate how computational trust assessment can be "secured" against various threats. Research contributions to both fields and open challenges will conclude the talk.

Short Biography: Max Mühlhäuser is a full professor at Technical University of Darmstadt and head of Telecooperation Lab. He holds key positions in several large collaborative research centers and is leading the Doctoral School on Privacy and Trust for Mobile Users. He and his lab members conduct research on the future Internet, Human Computer Interaction, Intelligent Systems, and Cybersecurity, Privacy & Trust. Max founded and managed industrial research centers, and worked as either professor or visiting professor at universities in Germany, the US, Canada, Australia, France, and Austria. He is a member of acatech, the German Academy of the Technical Sciences. He was and is active in numerous conference program committees, as organizer of several annual conferences, and as a member of editorial boards or a Guest Editor for journals such as ACM IMWUT, ACM ToIT, Pervasive Computing, ACM Multimedia, and Pervasive and Mobile Computing.

Accepted Papers

Doctorate degree

System Identification Attacks, Model-based Offensives and Countermeasures in Networked Control Systems
Alan de Sá (Marinha do Brasil/UFRJ)
Luiz Fernando Rust da Costa Carmo (INMETRO)
Raphael Machado (INMETRO)

Functionality-Based Mobile Application Recommendation System with Security and Privacy Awareness
Thiago Rocha (UFAM)
Eduardo Souto (UFAM)
Khalil El-Khatib (Ontario Institute of Technology)

A Study on Approximate Matching for Similarity Search: Techniques, Limitations and Improvements for Digital Forensic Investigations
Vitor Hugo Galhardo Moia (UNICAMP)
Marco Aurelio Amaral Henriques (UNICAMP)

Towards Reliable Intrusion Detection in High Speed Networks
Eduardo Viegas (PUC-PR)
Altair Santin (PUC-PR)

Computer Security by Hardware-Intrinsic Authentication
Caio Hoffman (UNICAMP)
Diego Aranha (Aarhus University)
Mario Lúcio Côrtes (UNICAMP)
Guido Araujo (UNICAMP)


Blockchain-Based Academic Record System
Lucas da Palma (UFSC)
Martín Vigil (UFSC)
Jean Martina (UFSC)

Improving cloud based encrypted databases
Eduardo Cominetti (USP)
Marcos Simplicio Jr (USP)

An Exploratory Study of Biometrics using Trajectory Images of Eye Movements collected by Natural Image as Stimuli
Antonio Alexandre Brasil (IFES)
Luiz Pinto (IFES)
Karin Komati (IFES)

Controle da Disseminação em Agrupamentos Dinâmicos de Dados Para Rede IoT Densa Contra o Ataque de Injeção de Dados Falsos
Carlos Pedroso(UFPR)
Aldri dos Santos (UFPR)

Secure and efficient software implementation of QC-MDPC code-based cryptography
Antonio Guimarães (UNICAMP)
Diego Aranha (Aarhus University)
Edson Borin (UNICAMP)

Trail of Computer Systems and Communication Networks
Full Papers

An Entropy Source based on the Bluetooth Received Signal Strength Indicator
Alexandre Augusto Giron (UFSC)
Ricardo Custódio (UFSC)

Uma Avaliação da Tecnologia Blockchain considerando Eficiência e Segurança de Aplicações do Ecossistema IoT
Carlo Rodrigues (UFABC)
Vladimir Rocha (UFABC)

Análise de Aplicativos no Android utilizando Traços de Execução
Renan Polisciuc (Graduate)
Luiz Carlos Albini (UFPR)
André Grégio (UFPR)
Luis Carlos De Bona (UFPR)

Uma Arquitetura de Firewall derivada do OWASP ModSecurity Core Rule Set baseada em ganchos de APIs I/O
Carlo Silva (UPE)
Muryllo Oliveira (UPE)

Xphide: Um Sistema Especialista para a Detecção de Phishing
Carlo Silva (UPE)
Péricles Miranda (UFRPE)
Mateus Barros (UFRPE)

A Trusted Message Bus Built on Top of D-Bus
Newton Will (UTFPR)
Tiago Heinrich (UFPR)
Amanda Viescinski (UFPR)
Carlos Maziero (UFPR)

An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Level to Counter In-The-Wild Malware Infections
Marcus Botacin (UFPR)
Paulo de Geus (Unicamp)
André Grégio (UFPR)

Lokke, a hybrid security hypervisor
Otávio Augusto Silva (Unicamp)
Paulo de Geus (Unicamp)

Detecção de Fraudes na Emissão de Certificados Digitais dentro da Infraestrutura de Chaves Públicas Brasileira
Fernanda Gomes (UFSC)
Bruno Agostinho (UFSC)
Julia Baldissera (UFSC)
Raphael Schwinden da Silveira (UFSC)
Jean Martina (UFSC)

Construção de modelos baseados em N-gramas para detecção de anomalias em aplicações distribuídas
Amanda Viescinski (UFPR)
Tiago Heinrich (UFPR)
Newton Will (UTFPR)
Carlos Maziero (UFPR)

KafkaProxy: data-at-rest encryption and confidentiality support for Kafka clusters
Fábio Silva (UFCG)
Matteus Silva (UFCG)
Andrey Brito (UFCG)

Detecção de Ataques a Redes IoT Usando Técnicas de Aprendizado de Máquina e Aprendizado Profundo
Kaylani Bochie (UFRJ)
Ernesto Rodriguez Gonzalez (UFRJ)
Luiz Giserman (UFRJ)
Miguel Elias Mitre Campista (UFRJ)
Luis Henrique Costa (UFRJ)

Abordagem fim-a-fim para uso de aprendizado de máquina em IDS - Caso de detecção stateless para TCP Scan
Gustavo de Carvalho Bertoli (ITA)
Lourenco Pereira Jr (ITA)
Aldri dos Santos (UFPR)
Filipe Verri (ITA)
Cesar Marcondes (ITA)
Osamu Saotome (ITA)

Um algoritmo de reputação centralizado para redes veiculares contra ataques de inconsistência e bad-mouthing
Diego Natividade (UFLA)
Luiz Henrique Correia (UFLA)
Aldri dos Santos (UFPR)

Gerenciamento de Tráfego Seguro para Redes VANETs na Presença de Ataques de Envenenamento de dados
Carlos Pedroso (UFPR)
Thiago Gomides (UFSJ)
Daniel Guidoni (UFSJ)
Aldri dos Santos (UFPR)

Um Sistema para Detecção On-line Não Supervisionada de Botnet
Bruno Schwengber (UFPR)
Michele Nogueira (UFPR)

Um Sistema Seguro de Comercialização de Dados Pessoais Sensíveis baseado em Reputação, Confiança e Corrente de Blocos
Gustavo Camilo (UFRJ)
Gabriel Rebello (UFRJ)
Lucas Airam Souza (UFRJ)
Otto Carlos Muniz Bandeira Duarte (UFRJ)

Segurança e Desempenho de Protocolos de Consenso Baseados em Prova para Corrente de Blocos
Gabriel Rebello (UFRJ)
Gustavo Camilo (UFRJ)
Lucas Guimarães (UFRJ)
Lucas Airam Souza (UFRJ)
Otto Carlos Muniz Bandeira Duarte (UFRJ)

DFedForest: Floresta Federada Descentralizada
Lucas Airam Souza (UFRJ)
Gabriel Rebello (UFRJ)
Gustavo Camilo (UFRJ)
Lucas Guimarães (UFRJ)
Otto Carlos Muniz Bandeira Duarte (UFRJ)

Detecção estática e dinâmica de malwares usando redes neurais sem peso
Luiz Claudio Sampaio Ramos (UFRJ)
Leopoldo Lusquino (UFRJ)
Felipe França (UFRJ)
Priscila M V Lima (UFRJ)

Sistema de Detecção de Intrusão Confiável Baseado em Aprendizagem por Fluxo
Eduardo Viegas (PUCPR)
Altair Santin (PUCPR)
Roger Santos (PUCPR)
Vilmar Abreu (PUCPR)

Um Sistema de Detecção de Intrusão Baseado em Aprendizagem por Reforço
Roger Santos (PUCPR)
Eduardo Viegas (PUCPR)
Altair Santin (PUCPR)
Jackson Mallmann (Instituto Federal)

Registro Prático Aplicado a um Sistema de Votação Resistente à Coerção
Matheus Leite (UFPA)
Roberto Samarone Araujo (UFPA)
Alberto Sobrinho (UFPA)
Jacques Traore (Orange Labs)

Auth4App: Protocols for Identification and Authentication using Mobile Applications
Diego Kreutz (UNIPAMPA)
Rafael Fernandes (UNIPAMPA)
Giulliano Paz (UNIPAMPA)
Tadeu Jenuario (UNIPAMPA)
Rodrigo Mansilha (UNIPAMPA)
Roger Immich (UFRN)

Entendendo e melhorando a capacidade de detecção de estratégias de busca de similaridade em investigações forenses
João Bizzi Velho (Unicamp)
Vitor Hugo Galhardo Moia (Unicamp)
Marco Aurelio Amaral Henriques (Unicamp)

Mensurando a Eficiência do Controle de Integridade de Fluxo Através do Contexto Dinâmico
Pedro Delboni (Unicamp)
João Moreira (Unicamp)
Sandro Rigo (Unicamp)

Evaluating the Performance of Twitter-based Exploit Detectors
Rodrigo Miani (UFU)
Elaine Faria (UFU)
Daniel Sousa (UFU)

Short Papers

Identificando Indicadores de BrowserFingerprinting em Páginas Web
Geandro Farias de Matos (UFAM)
Eduardo Feitosa (UFAM)

Applying Zero Trust Principles to Secure Industrial Control Networks
Eduardo Marsola do Nascimento (Petrobras)

Gerenciamento de Firewalls em Redes Híbridas
Maurício Fiorenza (UNIPAMPA)
Diego Kreutz (UNIPAMPA)
Rodrigo Mansilha (UNIPAMPA)

Security Smells em Infraestrutura como Código utilizando Docker
Daniel Fernandes (UFBA)
Lucas Ayres (UFBA)
Claudio Sant`Anna (UFBA)

Tool Session

MinimalisticWAF: Um Web Application Firewall baseado em ganchos de APIs I/O Next

Library Application for a Fair, Traceable, Auditable and Participatory Drawing Tool for Legal Systems

Freechains: Disseminação de Conteúdo Peer-to-Peer

Ferramenta PPCensor: detecção de pornografia em tempo real no streaming de vídeo

Sintetizador de Gramáticas para Obfuscação de Dados em Sistemas de Logs

hashify: Uma Ferramenta para Visualização de Hashes com Animações

Breaking Good: Injeção de Payloads Legítimos em Binários Maliciosos para Teste de Robustez de Antivírus contra Evasão

Como ofertar aplicações web Python como um provedor de serviço Shibboleth usando microsserviços

Cryptography Trail
Full Papers

A machine learning approach to detect misuse of cryptographic APIs in source code
Gustavo Eloi de Paula Rodrigues (UNICAMP)
Alexandre Braga (UNICAMP)
Ricardo Dahab (UNICAMP)

Improving the Security of Chacha against Differential Cryptanalysis
Murilo Coutinho (CEPESC)
Iago Silva (UnB)
Fabio Borges (LNCC)
Rafael de Sousa Junior (UnB)

The First Biclique Cryptanalysis of Serpent-256
Gabriel de Carvalho (UFF)
Luis Antonio Kowada (UFF)

Converting Symmetric Cryptography to SAT Problems Using Model Checking Tools
Pedro Lara (CEFET-RJ)
Felipe Henriques (CEFET-RJ)
Fabio Borges (LNCC)

LGPD: Levantamento de Técnicas Criptográficas e de Anonimização para Proteção de Bases de Dados
Thiago do Rego Sousa (CEPESC)
Murilo Coutinho (CEPESC)
Lilian Coutinho (Escola de Inteligência)
Robson Albuquerque (UnB)

Post-quantum signature with preimage chameleon hashing
Thiago Astrizi (UFSC)
Ricardo Custódio (UFSC)
Lucia Moura (University of Ottawa)

A study on fitting SPHINCS+ to blockchain usage
Antônio Lucena (UNICAMP)
Marco Aurelio Amaral Henriques (UNICAMP)

Generation of Elliptic Curve Points in Tandem
Armando Faz Hernández (UNICAMP)
Julio Hernandez (UNICAMP)

Short Papers

Computação da Quadratura Gaussiana em um Esquema Criptográfico Parcialmente Homomórfico
Paulo Ricardo Reis (LNCC)
Fabio Borges (LNCC)
Pedro Lara (CEFET-RJ)