Arquitectura de seguridad multinivel: una guía para las organizaciones modernas

La información puede considerarse como el activo más importante de cualquier organización moderna. Garantizar la seguridad de esta información implica preservar la confidencialidad, la integridad y la disponibilidad de la misma, tríada conocida como CIA en inglés. Este trabajo presenta una arquitectura de seguridad multinivel motivado por la necesidad de considerar la información desde diferentes puntos de vista con el fin de protegerla. Además, se sugiere una nueva clasificación de los elementos de información, operaciones, entidades y componentes que se pueden integrar para mostrar las distintas fuentes de riesgos al tratar con información sensible. Se muestra también una visión general de cómo se trata y se representa actualmente la información y por qué es tan difícil garantizar la seguridad en todos los aspectos del tratamiento de la información

Group trust yields improved scalability and anomalydetection for p2p systems

This paper implements an existing computational model of trust and reputationapplied to a P2P environment, and extends the approach using a novel group trust calculationthat demonstrates improved scalability and anomaly detection for P2P systems. Our analysis isbased on results obtained by simulating a P2P environment using the JXTA open source platform.A trust and reputation model was implemented in the same platform, allowing to constructinga baseline for the behavior of the nodes using combined trust and reputation coefficients in ascenario without malicious nodes. Then simulations were conducted with malicious nodes andthe effect of trust and reputation factors were analyzed regarding their influence on the anomalydetection capacity and scalability in P2P communications. Several simulation scenarios wereconfigured and explored, considering the presence of different number of malicious nodes in theP2P environment, with both constant and variable behavior. Other scenarios included calculationsof combined trust and reputation for node groups. The results show that group trust ensure moreinteractions among nodes, even in the presence of a large number of malicious nodes (60% of thetotal), besides providing focused identification of malicious nodes inside groups

Towards establishing trust in manet:An integrated approach for auto-configuration,Authentication and certification

In this paper, we discuss open issues regarding certification, auto-configuration and authentication of routing messages for mobile ad-hoc networks (MANET). We describe and discuss existing models for these operations and highlight their specific problems. Considering routing protocols usage, we propose new solutions based on protocol modifications and distributed certifications that can be integrated to establish trust relationships for MANET operation and utilizatio

Distributed data service for data management in internet of things middleware

The development of the Internet of Things (IoT) is closely related to a considerable increase in the number and variety of devices connected to the Internet. Sensors have become a regular component of our environment, as well as smart phones and other devices that continuously collect data about our lives even without our intervention. With such connected devices, a broad range of applications has been developed and deployed, including those dealing with massive volumes of data. In this paper, we introduce a Distributed Data Service (DDS) to collect and process data for IoT environments. One central goal of this DDS is to enable multiple and distinct IoT middleware systems to share common data services from a loosely-coupled provider. In this context, we propose a new specification of functionalities for a DDS and the conception of the corresponding techniques for collecting, filtering and storing data conveniently and efficiently in this environment. Another contribution is a data aggregation component that is proposed to support efficient real-time data querying. To validate its data collecting and querying functionalities and performance, the proposed DDS is evaluated in two case studies regarding a simulated smart home system, the first case devoted to evaluating data collection and aggregation when the DDS is interacting with the UIoT middleware, and the second aimed at comparing the DDS data collection with this same functionality implemented within the Kaa middleware

Set of usability heuristics for quality assessment of mobile applications on smartphones

The innovations proposed by the cell phone market have grown steadily in recent years, along with the increasing complexity of the hardware, operating systems, and applications available in this market. These changes bring new challenges related to usability that need to be considered during the development process of these applications since the new forms of user-application interactions increasingly require adapting the behavior of smartphone users. In this situation, usability is an important issue that depends on factors such as the Users, their characteristics and abilities, the Task which the users intend to achieve and also the application usage Context. This work presents a systematic literature review with the objective of identifying the heuristics and usability metrics used in the literature and/or industry. Based on the review results, this work presents another contribution with a proposal of a set of usability heuristics focused in mobile applications on smartphones, considering the User, Task and Context as usability factors and Cognitive Load as an important attribute of usability. The components of this set are detailed in a model intended to be used in empirical validations allowing to dynamically incorporate improvements to the proposal

Telejornalismo católico e seus noticiários: o caso do CN Notícias (Canção Nova) e do TJ Aparecida (TV Aparecida) na cobertura de admissibilidade do impeachment (2016)

O artigo analisa a pauta da votação da Câmara dos Deputados sobre a admissibilidade do processo de impeachment de Dilma Rousseff nostelejornais: CN Notícias (TV Canção Nova) e TJ Aparecida (TV Aparecida), constituindo um estudo comparativo por meio da análise de conteúdo (BARDIN, 1977), com base nos programas captados no dia 18 de abril de 2016 (segunda), dia após à sessão plenária (domingo), deste evento marcante na política brasileira. O objetivo é checar como cada telejornal de emissoras confessionais trataram o tema a partir dos aspectos técnicos do jornalismo (BARBEIRO; LIMA, 2002) a partir de sua estrutura de cobertura (Newsmaking). Telejornais de emissoras comerciais tradicionais possuem maior aparato e mais recursos do que os telejornais de emissoras confessionais e filantrópicas. É neste sentido que esta pesquisa avalia, de modo inédito, o tratamento desta pauta. O resultado mostra a cobertura feita com ineditismo e alto grau de valor notícia, em detrimento do que se pensava no previamente à investigação que os telejornais de emissoras confessionais fariam mero follow up: ao cozinhar notícias de outras emissoras.El artículo analiza la nota sobre la votación de la Cámara de los Diputados brasileña sobre la admisibilidad del proceso de impeachment de Dilma Rousseff en los noticieros: CN Noticias (TV Canção Nova) y TJ Aparecida (TV Aparecida), constituyendo un estudio comparativo a través del análisis de contenido (BARDIN, 1977), con base en los programas captados el 18 de abril de 2016 (lunes), día después de la sesión plenaria (domingo) de este evento marcante en la política del Brasil. El objetivo es verificar cómo cada noticiero de las emisoras confesionales trató el tema a partir de los aspectos técnicos del periodismo (BARBEIRO, LIMA, 2002), con base en su estructura de cobertura (Newsmaking). Los noticieros de las emisoras comerciales tradicionales cubrieron en vivo, y con todo el equipo de comentaristas posible, con desdoblamiento sobre innumerables programas de los noticieros (en el mismo domingo) y utilizaron en el día posterior (el lunes) diversos tipos de géneros y formatos como follow up. Se sabe que las emisoras confesionales son de porte inferior y tienen un aparato menor para la cobertura. En este sentido, esta investigación evalúa de modo inédito el tratamiento de esta nota.The article analyzes the Lord Chamber impeachment process possibility votation to Dilma Rousseff president. CN News (TV Canção Nova) and TJ Aparecida (TV Aparecida) are confessional news programs and our objetcts in this comparative study by content analysis (BARDIN, 1977). The event is based on April 18, 2016, broadcast (Monday), the day after parliament votation session (Sunday). The aim is to check how each confessional newscast stations dealt theme from their technical journalism skills and Newsmaking structrure (BARBER; LIMA, 2002). Traditional commercial broadcasters newscasts have increased apparatus and more features than the devocional and philanthropic stations and TV News. This research evaluates this agendatreating. The result shows high degree of news values. Devocional newscast programs are not merely follow upbroadcasters. They can be original and relevant players in news stations contexts

Strategic assessment of cyber security contenders to the Brazilian agribusiness in the beef sector

The current international commercial structure places Brazilian Agribusiness in constant conflict to protect its interests before other nations in the global market. Technological innovations are used in all stages from the simplest production tasks, up to the design of negotiation tactics at high-level affairs. This paper has the objective of finding Brazilian contenders in the beef market with cyber capabilities and commercial interest to act in favor of their interests. To construct such a list, a review of the literature on Threat and Cyber Threat Intelligence is presented, followed by a background presentation of how embedded technology is in nowadays agriculture and supply chains in general, and the real necessity for those sectors to be seen as critical infrastructure by governments in general. Also as background information recent cyber attack cases and attacker countries are shown. A Step-by-Step multidisciplinary method is presented that involves the extent of international trade, the interest on specific markets, and the intersection of country cyber capacity index. After applying the method and criteria generated a list of five contender countries. The method may be replicated and/or applied, considering adequate data source assessment and following specifics of each sector

Ocorrência de Listeria monocytogenes em produtos de carne de peru comercializados na cidade de Niterói-RJ-Brasil

A partir dos anos oitenta, o aumento de surtos de listeriose humana e a possível relação com alimentos contaminados, vem preocupando as autoridades sanitárias. No Brasil não existe ainda descrição de surtos de listeriose de origem alimentar, entretanto, trabalhos recentes relatam a presença da Listeria monocytogenes em produtos de aves. O trabalho objetivou pesquisar a sua ocorrência em produtos de carne de peru, testar a sensibilidade aos antimicrobianos e realizar a sorologia dos isolados. Foram analisadas 40 amostras de carne de peru, divididas em 4 grupos de 10: blanquet inteiro, blanquet fatiado, presunto inteiro e presunto fatiado, todas produzidas sob Inspeção Federal e comercializadas em estabelecimentos varejistas da cidade de Niterói- RJ. Nos produtos fatiados se observou uma alta incidência de bactérias do gênero Listeria, da ordem de 80% em blanquet e de 90% em presunto, contrastando com a ausência nos inteiros. Os isolados de L. monocytogenes foram susceptíveis aos antimicrobianos testados e pertenciam aos sorotipos 4b (51,9%), ½ c (34,6%) , ½ b (7,7%) e ½ a (5,8%). Os sorotipos de L. monocytogenes mais isolados são aqueles mais associados à listeriose. A ausência de Listeria nos produtos inteiros e sua alta ocorrência nos fatiados, sugere provável manipulação inadequada dos produtos no momento do fatiamento e estocagem, o que implica necessidade de melhorar o controle higiênico durante o processamento

Securing instant messages with hardware-based cryptography and authentication in browser extension

Instant Messaging (IM) provides near-real-time communication between users, which has shown to be a valuable tool for internal communication in companies and for general-purpose interaction among people. IM systems and supporting protocols, however, must consider security aspects to guarantee the messages' authenticity, confidentiality, and integrity. In this paper, we present a solution for integrating hardware-based public key cryptography into Converse.js, an open-source IM client for browsers enabled with the Extensible Messaging and Presence Protocol (XMPP). The proposal is developed as a plugin for Converse.js, thus overriding the original functions of the client; and a browser extension that is triggered by the plugin and is responsible for calling the encryption and decryption services for each sent and received message. This integrated artifact allowed the experimental validation of the proposal providing authenticity of IM users with digital certificates and protection of IM messages with hardware-based cryptography. Results also shows the proposed systems is resistent to adversarial attacks against confidentiality and integrity and it is secure when considering cryptrographic tests like the Hamming distance and the NIST SP800-22