01. Universidade Federal Rural de Pernambuco - UFRPE (Sede)
URI permanente desta comunidadehttps://arandu.ufrpe.br/handle/123456789/1
Navegar
2 resultados
Resultados da Pesquisa
Item Security evaluation of operating systems considering compliance policies(2021-03-01) Teixeira, Vanessa Bandeira Lins; Lins, Fernando Antonio Aires; Nóbrega, Obionor de Oliveira; http://lattes.cnpq.br/8576087238071129; http://lattes.cnpq.br/2475965771605110; http://lattes.cnpq.br/9351392044969981Currently, to search, mitigate and solve security vulnerabilities is considered a relevant and complex task. New software are being developed everyday, and each one of them may bring its own vulnerabilities. In addition, the configurations of these applications can also increase these vulnerabilities. In this context, there is a lack of securityoriented configurations in a significant part of the current operating systems. These assets, which are usually not properly configured considering security requirements, become easy targets for a considered number of security attacks. The application of compliance policies in an operating system helps to preserve the environment from malicious exploitation. The main objective of this work is to evaluate the use of compliance policies to assess and improve the security level of operating systems. To achieve this, a methodology is proposed and described. This methodology is also applied to a case study with server operating systems. For this purpose, faults in the factory configuration of the operating systems were considered, which were identified using the Center for Internet Security (CIS) compliance policies. Thus, it became possible to evaluate the system security level and to classify the main recommendations for prioritizing the corrections that users can follow. Such recommendations aim to reduce the attacks surface on systems and increase the security level by mitigating the vulnerabilities to which the systems are exposed.Item Verificação de deadlock e não-determinismo em ações de SysML 2.0(2021-07-15) Ribeiro Júnior, Amaury Tavares; Lima, Lucas Albertins de; http://lattes.cnpq.br/0465071050875729; http://lattes.cnpq.br/5978273506894399The growing complexity of systems has led to an increasing effort to validate them. Focusing on initiatives for creating tools to identify problems as early as possible has been a very desirable approach to minimize costs and efforts. Some problems like deadlock and nondeterminism can become increasingly difficult to detect due to the concurrent and distributed nature that systems can present. The SysML 2.0 language has been developed by OMG. It provides notation for actions that can be used to model behaviors, even concurrent ones, which makes them suitable for describing the dynamics of these systems. Several works propose formal semantics to SysML 1.0 models for verification purposes, including deadlock verification. But our proposal is distinct in that we provide a formal semantics for SysML 2.0 actions that not only check for the presence of deadlocks, but also nondeterminism. The latter is generally neglected in the literature, although it can be considered relevant in complex system architectures. This entire verification process is automated and also provides full traceability back to SysML 2.0 in case a problem is detected in the model. Therefore, the user does not need to understand or manipulate formal notations in any part of the process. Therefore, our main contribution is a checker for analyzing properties of SysML 2.0 actions, specifically deadlock and nondeterminism, not requiring any knowledge on the underlying formal semantics.