Afonso Araújo Neto

Learn More
This paper presents an approach to assess security of Web servers. This method can be used to compare the security features of different Web servers installations and to determine how secure a given Web server configuration is. The assessment is done by applying a set of tests designed to check if the system under evaluation fulfils a set of security(More)
Benchmarking the security of web applications is complex and, although there are many proposals of metrics, no consensual quantitative security metric has been proposed so far. Static analysis is an effective approach for detecting vulnerabilities, but the complexity of applications and the large variety of vulnerabilities prevent any single tool from being(More)
Database management systems (DBMS) have a long tradition in high security. Several mechanisms needed to protect data have been proposed/consolidated in the database arena. However, the effectiveness of those mechanisms is very dependent on the actual configuration chosen by the database administrator. Tuning a large database is quite complex and achieving(More)
The multiplicity of available software and component alternatives has boosted the interest in suitable benchmarks, able to assist in the selection of candidate solutions from the existing diversity, concerning several attributes. The huge success of performance and dependability benchmarking, however, markedly contrasts with the small advances on security(More)
Database Management Systems (DBMS), the central component of many computers applications, are typically immersed in very complex environments. Protecting the DBMS from security attacks requires evaluating a long list of complex configuration characteristics that may impact, in a variety of ways, the applications and people that interact with the database(More)
Quantifying security is very hard and, although there are many proposals of security metrics in the literature, no consensual quantitative security metric has been proposed so far. A key difficulty is that security is, usually, more influenced by what is unknown about a system than by what is known about it. In this paper we present the idea of trust-based(More)
Resilience benchmarking is currently the focus of many research initiatives. Assessing and comparing computer systems under changing environments is becoming crucial due to the dynamic characteristics of modern computing environments. Although several metrics have been proposed over the years, there is no universally accepted resilience metric, which(More)