The evolution of container and orchestration technologies, especially Kubernetes, has brought numerous advantages to deploying applications in distributed environments, but it has also presented significant challenges in terms of security. This dissertation introduces the SARIK framework (Security Automated Rules for Iptables in Kubernetes), a solution designed to enhance security in Kubernetes environments. SARIK addresses vulnerabilities associated with network traffic in Kubernetes clusters by implementing network policies efficiently and automatically. This study not only explores the limitations of traditional security approaches in Kubernetes but also empirically analyzes the effectiveness of SARIK, using metrics such as latency, response rate, and transmission rate. The results confirm that SARIK does not compromise application performance while strengthening security. In addition, we discuss practical implications, future challenges, and best practices for security in Kubernetes environments. The work also highlights the influence of the choice of the operating system and cluster configuration on the effectiveness of security policies. In summary, SARIK represents a significant advancement in Kubernetes security, offering a practical and automated approach to mitigating risks and enhancing cluster protection in an increasingly complex and vulnerable technological landscape.

The rise of IoT networks has presented fresh challenges in terms of scalability and security for distributed Network Intrusion Detection Systems (NIDS) due to privacy concerns. While some progress has been made in addressing these challenges, there are still unanswered questions regarding how to achieve a balance between performance and robustness to ensure privacy in a distributed manner. Additionally, there is a need to develop a reliable and scalable architecture for distributed NIDS that can be effectively deployed in various IoT scenarios. These questions about robustness relied mainly on choosing privacy-secured and distributed Machine Learning techniques. In this work, we propose the F-NIDS, an intrusion detector that utilizes federated artificial intelligence and asynchronous communication techniques between system entities to provide horizontal scalability, along with differential privacy techniques to address data confidentiality concerns. The architecture of F-NIDS is designed to be adaptable for usage in IoT networks, suited to be used in cloud or fog-based environments. Results from our experiments have shown that the confidential detection model employed in F-NIDS – considering multi-class accuracy, binary accuracy, precision, and recall metrics – was capable of predicting and determining the nature of attacks when they occur. In order to determine optimal parameters that strike a balance between data privacy and classification performance, three strategies were employed, each evaluated for its corresponding robustness performance. Firstly, models were trained with varying Gaussian noise values, and subjected to membership inference black box rule-based attacks. Secondly, regular membership inference black box attacks were performed, utilizing different stolen samples with varying sizes to determine the maximum amount of data that could be securely stored on the detection agents for training tasks. Lastly, the robustness of the trained models was evaluated against a model inversion attack, and the results were compared through graphical comparisons. Based on these evaluations, Gaussian noise level and sample size values of 21 were obtained for each detection agent in the system, with sample sizes ranging from 10K to 25K.

The Brazilian Judiciary, responsible for vital functions such as constitutional control, electoral process management, handling of significant values in judicial deposits and court orders, and managing a large volume of sensitive information from individuals and organizations, faces new challenges with the intensive digitalization of its services. Emerging cyber risks include interruptions in judicial services, wrongful issuance of sentences, diversion of funds, and inappropriate insertion of content in decisions. This study aims to propose a set of information security control measures necessary to mitigate the main risks to the essential functions of Justice. The applied methodology encompasses bibliographic review and interviews with professionals from the legal, information technology, risk management, and cybersecurity areas. A reference framework was adopted for the selection of controls, complemented by additional measures specific to the judicial context, and focus group sessions were conducted for analysis and validation of the results. Classification techniques, data analysis, and business intelligence were employed to assist in the diagnosis of priorities. The results point to the 10 most significant business risks, 40 potential causes, and 22 impactful consequences, in addition to 232 effective security measures for risk mitigation, with an emphasis on diagnosing actions and implementation priorities. This work provides a valuable contribution to risk management and the establishment of information security strategies in the Judiciary, improving communication between technical areas and top management, and offering a detailed view to direct and optimize investments in information security, with practical recommendations adaptable to different institutional contexts

The development of software in governmental contexts, particularly for social programs, faces challenges that emphasize the importance of risk management to better ensure success and the effective delivery of services to the population. The general objective of this research is to identify the main risks associated with the stages of the software development process for providers of the Brazilian Social Program Alfa. The research, descriptive and applied in nature, adopts a qualitative approach, using a case study as the methodological strategy. The collected data include interviews with developers, architects, project managers, complemented by the collection of internal documents from Company Alfa. The data treatment covered document analysis and content analysis, considering 64 attributes, 13 class elements, and 3 classes described in the hierarchical risk taxonomy proposed by the Software Engineering Institute - SEI. After detailing the phases of software development for providers of the said social program, the main results of the analyses allowed the identification of 39 attributes, with 17 linked to the 'Product Engineering' class, 12 linked to the 'Development Environment' class, and 10 linked to the 'Program Constraints' class. The examination of the identified attributes emphasized the 'Program Constraints' class, showing the influence of external factors on the software development process, in line with findings from previous studies. Additionally, the analyses allowed the detailing of attributes according to class elements, highlighting the 'Schedule' attribute, linked to the 'Resources' class element. This work contributes to the field of risk management and software engineering, offering evidence on the use of attributes that can help identify risks in the process of developing software for social programs and highlighting the importance of risk identification that considers the specificities of each stage of software development. The results can also contribute to reflections on risk management in software development processes for social programs in the country.

The present work aims to perform an evaluation on the probabilistic effectiveness of the security system for a nuclear facility model, under attack scenarios involving hybrid threats, i.e. with both cyber and physical capabilities. Amid a global context propitious to the increase in attacks over critical infrastructure, including those involving illicit access and sabotage on nuclear materials, combined with the rapid evolution and diversity of cyber-attacks in various sectors of society, it is a notable challenge to assess the security of critical infrastructure. Considering aspects of confidentiality on security systems designs for real nuclear facilities, a hypothetical one (Instituto de Ciências Nucleares do Cerrado) was modelled, considering the legal and regulatory framework in force in Brazil and similar models in use by the International Agency of Atomic Energy (IAEA) for training purposes. The model describes the characterization of the threat, the security system and the cyber-physical attack scenarios, using probabilistic performance parameters from the literature to calculate the effectiveness (P E) of the security system, comparing scenarios of purely physical attacks to others in which security-critical digital assets are compromised. The results showed a significant decrease in the effectiveness of the system, indicating the need for improvements in the safety measures of nuclear installations, from a regulatory and operational point of view. Furthermore, the methodology used in the work is general and appli

Within the last five year, in Brazil, an average of 200 people disappeared per day. When someone disappears, the policial authorities make a research about the person’s physical appearance. This research may result in a photography for divulgation purposes about the persons’s missing or a police sketch. Through the pass of time, theses portraits get outdated due to aging, specially in cases of missing children. There is a multitude of techniques for age progressing of all of the missing people. Brazilian’s legislation demands an update of the images of age progressing for all of the missing people. For those who are less than 18 years-old the update must be made every three year, and after 18 years-old every five years. However, there are a lot of factors that make this procedure difficult such as the volume of images and the absence of a database. These problems may be approached by using automation through machine’s learning, more specifically using Generative Adversarial Networks (GANs). For this purpose, a data bank of missing Brazilian citizens would be necessary. Even though there is Brazilian legislation instituting the unification of missing people’s information, including images, the Brazilian government and the authorities involved in this procedure are yet far from getting the final results imposed by law. This paper demonstrates how Brazilian authorities deal with missing people’s data and emphasizes the importance and urgency of a unified database. Furthermore, this paper demonstrates how the usage of new techniques of image’s manipulation may aid policial authorities during a missing investigation of children and teenagers. It was possible to demonstrate how the disappearances information is disseminated across the country. In addition, it was possible to obtain promising results in terms of accuracy between images generated by neural networks and to create an image database of Brazilian victims.

Although The General Personal Data Protection Law (LGPD) establishes that its provisions are not applicable to the processing of personal data carried out for exclusive purposes of State security, the rules that define fundamental rights and guarantees have immediate application, which is why the fundamental right to the protection of personal data and the LGPD affect the State Intelligence activity and, in particular, the analysis of big data (big data analytics) used by the Brazilian Intelligence service for the production of open source intelligence (Osint). This dissertation aims to identify the possible risk factors for State Intelligence arising from this fundamental right incidence, analyze their consequences and propose measures to mitigate them. The methodological scientific procedure used was applied, explanatory, bibliographical and documental research. The main results of this work consist in the identification of possible risk factors, in their analysis and proposition of measures to mitigate them, and in the demonstration that the fundamental right to the protection of personal data may be limited by the constitutional restriction on access to information, whose secrecy is essential to the security of society and of the State. The main contributions of this dissertation are suggestions for future draft law on the protection of personal data for State security and the proposal on how the Brazilian Intelligence Agency could implement privacy engineering in the development of big data analytics applications for the production of Osint.

Current world commercial structure places Brazilian Agribusiness at constant conflict to protect its interests before other nations in the global market. Technological innovations are used in all stages from the simplest production tasks, up to the design of negotiation tactics at highlevel affairs. This paper has the objective of finding Brazilian contenders in the beef market with cyber capabilities and commercial interest to act in favor of their interests. To reach such a list, a review of the literature on Threat and Cyber Threat Intelligence is presented, followed by a background presentation of how embedded technology is in nowadays agriculture and supply chains in general, and the real necessity for those sectors to be seen as critical infrastructure by governments in general. Also as background information recent cyber attack cases and attacker countries are shown. A Step-by-Step multidisciplinary method is presented that involves the extent of international trade, the interest on specific markets, and the intersection of country cyber capacity index. After applying the method and criteria, it generated a list of five contender countries to the Brazilian Beef in the International Market that hold cyber attack capacities. The list includes the USA, Australia, China, Netherlands and Russia. The method may be replicated and/or applied, considering adequate data source assessment and following specifics of each sector.

The Internet of Things is one of the most important paradigms of the last years, because its main characteristic is the possibility of merging the real world with the virtual world, using the concept of “things”. On the one hand, it presents a great convenience in our daily lives, revolutionizing the communication between people and objects. On the other hand, the vulnerabilities presented and the attacks that have occurred indicate that this technology remains an expectation for the future, thus submerging the benefits it could provide us. In this paper, we propose a framework for real time intrusion detection system in IoT devices, where the DoS attacks will be detected, identified, and classified, following the present literature. For this purpose, machine learning is used to identify attacks through anomalies that occurred in monitoring IoT devices on the ELK suite with the Wazuh plugin. The first experimental result with the NSL-KDD dataset show our proposal's efficiency, with 91.90% accuracy, 0.9217 precision, 0.9190 recall, and 0.9168 F1-score. The second experimental result with real time syn flood attack, created by metasploit, show accuracy of 99,89%, precision of 1.0000, recall of 0.9953, F1-Score of 0.9977.

In cyberspace, boundaries are constantly being crossed in the name of progress and convenience, invariably paving the way for new vulnerabilities and potential attacks. Traditional security approaches are not able to contain the dynamic nature of new techniques and threats, which are increasingly adaptive and complex. In this scenario, threat intelligence sharing is growing. However, the heterogeneity and the large volume of threat data make it difficult to identify the relevant data, imposing significant limitations on security analysts. Among the factors contributing to the low quality of Cyber Threat Intelligence (CTI), the lack of direction and planning stands out, resulting in the production of inaccurate, incomplete, or outdated information that leads to reactive actions. However, quality threat intelligence has a positive impact on the response time to an incident. The proposed solution to overcome this limitation is the adoption of a knowledge production process based on the intelligence cycle, supported by situational awareness and the 5W3H model for context creation. The direction and planning phase isthe least addressed phase in scientific research, but when executed properly it directly contributes to the relevance, accuracy and timeliness of the intelligence produced, as it defines the purpose and scope of the subsequent steps. The next phases of the process aims at the progressive refinement of data, which starts with a large volume and low relevance and, by means of evaluation, search for correlations, analysis, context formation, and interpretation, ends up with a low volume, but capable of being used for decision making.

The added value of the information transmitted in a cybernetic environment has resulted in a sophisticated malicious actions scenario aimed at data exfiltration, and, in today’s advanced and dynamic cyber threat environment, organizations need yeld new methods to address their cyber defenses. In situations with unconventional malicious actors, like APTs, obfuscating harmful activity techniques are used to ensure maintenance on strategic targets, avoiding detection by known defense systems and forwarding data of interest to external elements with as little noise as possible.The MADEX and NERD architectures proposed flow analysis solutions to detect rootkits that hide network traffic; however, it presents some operational cost, either in traffic volume or due to lack of aggregated information. In that regard, this work  changes and improves user flow analysis techniques to eliminate impacts on network traffic, with data enrichment on local and remote bases, detection of domains consulted by rootkits and aggregation of information to generate threat intelligence, while maintaining high performance and allowing concomitant use with previously existing cyber defense systems. The results show the possibility of aggregating information to data flows used by rootkits in order to have effective cyber defense actions against cybernetic threats without major impacts on the existing network infrastructure.

The evolution of computer networks has made them increasingly complex and expanded their attack surface, rendering traditional perimeter protection less secure. In this context, a new trust model called Zero Trust (ZT) emerged. This concept, encompassing various controls for its implementation, makes risk management a challenging task, as managers face the challenge of prioritizing these controls. ISO 31000 describes how the multicriteria decision-making methodology can assist decision-makers in problem modeling and action prioritization. The multicriteria concept is based on two schools of thought: the American approach, which focuses on precise calculations to prioritize controls, and the European approach, which views decision-making as a human activity. MCDA-C, originating from the European school, has the capability to incorporate multiple levels within an organization to facilitate knowledge construction and decisionmaking for decision-makers. This study proposes the utilization of controls described in the CISA's Zero Trust Architecture (ZTA) Maturity Model in conjunction with MCDA-C. This approach provides clarity in visualizing the ideal performance from decision-makers' perspectives and facilitates prioritization for ZTA control implementation. Finally, considering the proposed controls, this study demonstrates the capability of MCDA-C in aiding the understanding of the problem within the organization and constructing knowledge through the analysis of collected data. Consequently, it becomes possible to present decision-makers with the controls that should be prioritized at the outset of a ZTA implementation.

This dissertation presents the specification of an accelerator for CRYSTALS-Kyber, the first Key Encapsulation Mechanism (KEM) standardized by the National Institute of Standards and Technology (NIST) as Post-Quantum Cryptography (PQC). The accelerator was developed with high-level synthesis (HLS) and it is composed of the encryption and decryption operations present in the KEM Kyber encapsulation and decapsulation algorithms. The developed architecture makes use of 33733 LUTs, 22810 FFs and 151 DSPs, being implemented in a low cost FPGA PYNQ-Z1 (XC7Z020-1 CLG400C). In a key exchange simulation performed with the Vitis HLS tool, the accelerator spent a total time of approximately 3.81 milliseconds, operating at 100MHz. In this simulation, the architecture developed had an estimated consumption of 2.243W of power. With the implementation of the accelerator in the FPGA, the observed time to perform the encryption and decryption operations was 5.01 and 2.24 milliseconds, respectively. The energy consumption in this process was approximately 6.2 Joules

Brazil is an important global player due to several characteristics: physical, economic, political and military. It occupies 43.7% of the South American continent with 8,510,417.771 Km² of territory and has approximately 15,719 Km of land borders and another 7,400 Km of maritime borders. It holds several strategic natural resources in its subsoil and soil and on its extensive coastline in the South Atlantic Ocean. In addition, it has about 207,750,291 inhabitants, according to the census of 12/25/2022, and all this human and territorial heritage and strategic resources must be safeguarded from external and internal threats. Nowadays, in the Information Age, and with the advent of 5G Ecosystem in the world, the threats have become more comprehensive because of the Cyber Power of other foreign nations. Therefore, this work addressed some national and international doctrinal concepts on Information and Communications Security, Cybernetic Security, and on the 5G Global and 5G Brazilian Ecosystems. A wide bibliographical and documentary research was carried out between the years 2012 to 2023, of an applied nature with a qualitative approach, with an exploratory objective in the various international and national academic sources. An online questionnaire was also applied to groups of Brazilian Army soldiers about the dual use – civil and military – of the 5G Brazil Ecosystem in National Defense and Security. An electronic simulation was also carried out in HTZ Warfare software for the 5G coverage of the strategic areas of the Urban Military Sector, in the Federal District, which served as the basis for my proposal for a conceptual architecture of 5G for the Brazilian Army.

Technological advances have produced a process of change in the operational techniques used by intelligence services around the world. Obtaining information through photographs, communications, signals, images, waves, radiation and electromagnetic signatures developed rapidly and became a routine practice for intelligence services. The collection of information from open sources itself, together with the ability to analyze big data, has reached a unique stage. Old operational techniques have been converted into means of search and collection using technological mechanisms, giving an unprecedented range and breadth of data. Geolocation or determination in real time of an individual’s location, the electronic correspondent of surveillance, has been used, without further questioning, in several countries. This finding drives the development of this research, which once again verifies whether real-time geolocation can be used by ABIN, without this infringing national legislation and the privacy of individuals. It is in this context that it is essential to scrutinize the characteristics of intelligence services and the evolution of the right to privacy and data protection, also drawing a comparison between the instrumentality of data collection by the State with technology companies. Another important point to reach robust conclusions on the subject is to verify if the legislation, the chain and competence of authorization to act and the control mechanisms of the foreign intelligence services approach or distance themselves from the Brazilian one. Finally, an indepth examination of judicial decisions of the Federal Supreme Court and the Superior Court of Justice regarding privacy, data sharing, balancing of interests and static geolocation aims to reinforce the reasoning regarding the possibility of using geolocation in real time.

In recent years, large organizations have made major investments in alternative energy sources, with thecentral objective of medium-term financial tax and predictability in energy consumption planning. However, the commonly used solutions do not provide for broad monitoring and do not integrate the most diverseinformation on consumption and operability. The present work has as a general objective, the implementation of a IoT supervision platform with supervisory based on SCADA type systems (Supervisory Control And Data Acquisition), for the integration of the photovoltaic power plant installed in the Ministry of Defense (MD) located on the Esplanade of Ministries, Brasília-DF, establishing indicators and data of building operability, with the use of resourcesof the HTTP/Web Protocol, cloud computing and the guidelines of the RESTful Software Architecture Model. The platform integrates the intelligent components of the photovoltaic plant installed in the MD, such as inverters, power optimizers, microcontrollers, temperature and humidity sensors, for example, remotely monitoring the generation plant and the available building integration devices. In addition to the development of a monitoring system via WEB Services (WS) and mobile devices, the present work also presents performance analysis of the photovoltaic plant, allowing continuous and real-time monitoring of devices, fault detection, financial analysis of energy production and saving factors

The general structure of Internet of Things (IoT) networks is still an interesting subject for research and innovation. The general monitoring of devices in networks becomes a big challenge in these networks. This article proposes a study of an IoT platform for continuous monitoring of the internal temperature in ultra-low freezers used in vaccine storage to predict failures and unexpected stops. The proposal is to create an IoT system architecture model composed of a physical unit (Hardware) for local data collection and sending, temperature sensors and a cloud server that performs continuous (24/7) temperature monitoring in distributed freezers. in several health institutions in Brazil, in order to identify signs of failure through the use of a statistical method using predictive models for time series.

Context: The concerning about data privacy has been highlighted over the years on the world. In Brazil the General Data Protection Law (LGPD) [42] was published in August 2018 and entered into force two years after its publication. However, some primor difficulties are still faced into the institution by the praticioners in the process of complying to LGPD [56] yet. Goal: This work proposes a taxonomy of privacy requirements based on LGPD and ISO/IEC 29100 in order to support software development teams in achieving compliance with LGPD principles. Method: A Systematic Literature Review (SLR) was carried out to identify existing data privacy taxonomies in the literature in order to support the elaboration of the taxonomy proposed in this work and its application in the Open Banking Brazil project (OPB). This project is suitable as it shares its customers’ data based on their consent, which is based on LGPD, making it an interesting project to assess compliance with the legislation. The practical application of the proposed taxonomy was carried out in the consent request process and in the terms and conditions of three Brazilian banks from the application of the proposed taxonomy through a form. Result: The SLR identified 10 primary studies, but none of them proposed a taxonomy of privacy requirements in the context of LGPD. The proposed taxonomy generated 129 requirements, divided into 10 categories and 5 contexts. Conclusion: The practical application of the taxonomy resulted in a satisfactory percentage of adherence to privacy requirements. Therefore, the application of the taxonomy in a real context demonstrated that the taxonomy can support software development teams in the search for compliance with LGPD of the privacy requirements specified by the development teams.

Several studies have researched how to adapt the General Data Protection Law (GDPL) according to the privacy of the user’s data. Facing this compliance scenario, this study aims to conduct an analysis of the principles of the LGPD and investigate the knowledge level of information and communications technology (ICT) professionals working directly and indirectly with this law. In addition, investigate whether Archivematica secure storage service is in accordance with the GDPL guidelines. To achieve this essay’s purposes, three execution stages were established as follows: 1) an analysis of data privacy laws; 2) conducting a survey with 43 ICT professionals working in public and private organizations; and 3) a technical analysis of Archivematica through practical, static, and dynamic tests with the help of open-source solutions to perform a vulnerability scan. The results show that even after the GDPL enters into force, 10% of those ICT professionals do not know the principles of the law. Regarding the storage service, 45% of the ICT professionals stated they have no knowledge on how their organizations store user data or share them and 25% of the ICT professionals claimed they are aware that their data can be shared by the organizations. The analysis performed by Archivematica evidenced issues that may indicate vulnerabilities. Majority of the issues identified by the tool were classified as low and medium risks and could result in opportunities for attackers, although they would need a series of variants to succeed. The results also showed that the ICT professionals responsible for the adequacy/compliance of the organizations need further training courses to conduct activities related to data privacy and information security, and that the Archivematica secure storage service, whilst meets with the defined requirements by the legislating body to be considered safe, does not comply with the GDPL guidelines related to data security and privacy. Therefore, it is necessary to highlight two points: the first is the organizational restructuring, which aims to improve the integration between areas and departments, and the second is the transparency, as GLPD emphasizes that rules need to be explicit to users, including access and permissions.

Cyber attacks have increased in frequency in recent years, affecting small, medium and large companies, creating an urgent need for solutions capable of helping on the mitigation and response of such threats. Thus, with the increasing number of cyber attacks, we have a large amount of threat data from heterogeneous sources that needs to be ingested, processed and analyzed to obtain useful insights for their mitigation. This work proposes a methodological framework to collect, organize, filter, share and visualize cyber-threat data to mitigate attacks and fix vulnerabilities, based on an eight-step Cyber Threat Intelligence model with timeline visualization of threats information and analytic data insights. We developed a tool to address those needs in which the cyber security analyst can insert threat data, analyze them and create a timeline to get insights and a better contextualization of a threat. Results show the facilitation of understanding the context in which the threats are inserted, making the mitigation of vulnerabilities more effective.

Cyber attacks are a ubiquitous reality nowadays, affecting organizations and countries worldwide. In 2021, information security incidents resulted in billions of dollars in losses. Most of those events result from known vulnerabilities in information technology assets. However, several heterogeneous databases and sources host information about those flaws, turning the risk assessment difficult. Despite massive vulnerability databases that are respectively supported by the USA and China governments, they differ in operation and coverage, which hinders and turns uncertain risk assessment processes. This work proposes a methodology to compare the USA National Vulnerability Database (NVD), the China National Vulnerability Database (CNVD), the China National Vulnerability Database of Information Security (CNNVD), and the Exploit Database (EDB). The results reveal that the CNNVD has 1,661 vulnerabilities entries more than the NVD and at least 40 more entries regarding Chinese vendors. Besides, they show a temporal correlation of 0.917560 with 70% of text similarity between the NVD and CNNVD, indicating that despite the latter tracking the former, it is not an automatic translation of the NVD. Moreover, this work proposes a Recommender Exploitation-Vulnerability System (REVS) with the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) using entropy-based weighting to rank vulnerability-exploit. REVS works as a network scanning and recommender system leveraging a mix of national vulnerability and exploit databases. Experiments evaluated in the GNS3 emulator show that this work approach identifies nine more vulnerabilities than the commercial tool Vulners and that the exploit features are more important criteria than the Common Vulnerability Scoring System (CVSS) parameters to rank vulnerabilities. To the best of the authors’ knowledge, this work is the first to normalize and compare the NVD, CNVD, CNNVD, and EDB, showing that the Chinese national vulnerability databases are leveraging exploit data to infer reserved status CVEs.

This research has an applied nature, its objective is to propose measures that ensure the essential properties of the intelligence document against the vulnerabilities arising from the digital document. The work employs an exploratory methodology with a qualitative approach through the analysis of documental content of academic papers selected from the Systematic Literature Review. The study identifies a relationship between vulnerabilities of the digital document and essential properties of the intelligence document; validates effective measures to mitigate these vulnerabilities, including the Digital Chain of Custody and Digital Curation foreseen in the research hypothesis; presents a proposal for guidelines applicable to the institution’s governance architecture for the implementation of mitigation measures; points out technical gaps to be overcome for the effective integration between the Document Management Systems and the Trusted Digital Repositories; launches bases for case studies focused on the implantation and certification of trusted digital repositories; and suggests in-depth studies on Long Term Digital Preservation as a Service (LTDPaaS) as a storage platform in cloud architecture.

DNS tunneling uses DNS protocol features to establish command and control channels, thus being possibly exploited as a malicious tool for data exfiltration. Nowadays, security threats using DNS tunneling affect cross-platform systems within local and cloud computing resources. Many DNS tunnel detection studies combine feature extraction techniques and machine learning (ML) algorithms to achieve high levels of accuracy. However, training ML models on a large scale and in real-time, remains an operational challenge and high computational cost for many institutions. This article proposes a methodology for DNS tunneling detection through hybrid resource collections using unsupervised anomaly detection algorithms. The proposed model has an operational approach and can be adapted to compose security control systems in organizations.

Cloud computing has introduced new technologies that have enabled a more agile continuous integration and continuous delivery (CI/CD) model to be built into the application development pipeline. One such technology is the use of containers in replacement to the traditional virtual machines. In addition to the benefits brought by the use of containers, threats and risks of attacks aimed at these environments have grown in equal proportion to their adoption. Intrusion Detection Systems (IDS) have been employed to secure cloud environments, however, the inherent characteristics of these environments have presented new challenges to achieving good intrusion detection results. Strictly, regarding intrusion detection in container environments, few studies have been conducted so far aiming at its improvement. In this work, a framework containing an architecture composed of five layers and its tools is proposed to implement a Host-based IDS (HIDS) aimed at container orchestration platforms through the identification of anomalies in system calls. The framework implemented in a functional corporate network topology emulated in the GNS3 software was tested with a public dataset of system calls demonstrating the viability of its operation. Through the experiment, it was possible to validate the integration between the layers of the framework vi and the detection results obtained using an unsupervised machine learning model surpassed those of the work that originated the public dataset used. The datasets are loaded, transformed and extracted from a free and open platform with front-end for visualization of anomaly detection alerts that can be analyzed by the SOC team in a dashboard created for IDS monitoring and decision making support.

The digitization of relationships and information has increased human beings’ ability to produce data exponentially. However, at the same rate at which new data is created, it is increasingly necessary to understand and mine large databases, even without any structure or formatting and with different purposes. In this context, the use of data indexing techniques using search engines (from English Search Engines) and the interpretation of datasets with the aim of classifying and categorizing them proves to be indispensable for scenarios of textitBig Data and Data Lake, where information can come from different sources with different technical and semantic characteristics, requiring multi-class classifications and natural language processing techniques, commonly known as NLP techniques (from English Natural Language Processing). Additionally, it is necessary to understand whether the classification tools are biased and whether the results are useful and consistent with expectations, especially in cybercrime investigation contexts. This is the problem of decision-making transparency, that is, the clear and/or legible representation of the parameters that led the machine to a certain decision/classification. An ideal research system, therefore, should be able to index large databases, understand the semantics and be subject to adaptation/learning to act in different scenarios, and at the end of the process, still provide results enriched with the parameters that led to machine to make certain decisions for subsequent auditing of transparency in the process. Therefore, this dissertation aims to propose an end-to-end architecture of a search engine that indexes and uses metasemantic interpretations based on natural language processing techniques on data from Web pages, in order to also provide examples of parameters similar to the classifications derived from the samples. The ”meta” prefix in the term ”metasemantics” refers to a set of classification, prediction and data enrichment techniques applied to emulate the semantic indexing process, while preserving the auditability of the process. For the purpose of validating the proposal, samples of Web pages were created and official databases were used to train instances of machine learning to simulate real contexts of application of the project. As a result, the validation shows how the proposed search engine allows the storage and processing of plain data originating from Web pages and increases the speed and objectivity with which investigations are carried out and audited in language processing contexts natural, especially relevant to cybercrime contexts.

The cyber supply chain has been a target of sophisticated attacks. Vulnerabilities in components that were once considered secure due to perceived trusting relationships are being exploited. One way to reduce this type of cyber risk is through the use of a Zero Trust architecture. This type of approach revises trust in all relationships. It disregards the implicit trust in any component and is based on the premise of the existence of internal threats to the corporate network. The present work proposes to integrate a Zero Trust architecture in a cyber supply chain. The main contribution of this study is to propose an organization of security controls for a cyber supply chain in domains, enabling improvements in the security of the cyber supply chain by applying the principles of a Zero Trust architecture. The study also provides a checklist of controls that allows a gap analysis and suggests some ways of visualizing this result.