Um serviço de certificação digital para plataformas de middleware

Nowadays due to the security vulnerability of distributed systems, it is needed mechanisms to guarantee the security requirements of distributed objects communications. Middleware Platforms component integration platforms provide security functions that typically offer services for auditing, for guarantee messages protection, authentication, and access control. In order to support these functions, middleware platforms use digital certificates that are provided and managed by external entities. However, most middleware platforms do not define requirements to get, to maintain, to validate and to delegate digital certificates. In addition, most digital certification systems use X.509 certificates that are complex and have a lot of attributes. In order to address these problems, this work proposes a digital certification generic service for middleware platforms. This service provides flexibility via the joint use of public key certificates, to implement the authentication function, and attributes certificates to the authorization function. It also supports delegation. Certificate based access control is transparent for objects. The proposed service defines the digital certificate format, the store and retrieval system, certificate validation and support for delegation. In order to validate the proposed architecture, this work presents the implementation of the digital certification service for the CORBA middleware platform and a case study that illustrates the service functionalities

Proposta de modelo de gestão de riscos para uma IFES visando a realização de auditoria baseada em riscos

Organizations are susceptible to the occurrence of many events that may affect the achievement of their objectives. As a result, Brazilian Public Administration supervisory bodies have required institutions to adopt risk management policies. Given the large number of recommendations issued by Federal Audit Court (TCU) to various Federal Institutions of Higher Education (IFES) in this area, it is proposed a risk management model for Universidade Federal do Rio Grande do Norte (UFRN). This is an applied, exploratory and qualitative study. Regarding to technical procedures, it is characterized as documentary analysis, bibliographical research, case study and action research. The bibliographical research was used to support the elaboration of the Risk Management Guide for Federal Institutions of Higher Education (GERIFES). The documentary analysis, in turn, was used with the aim of knowing the organizational structure and the university´s macroprocesses. The author works in the university internal auditing department and shares the same problem. This characterizes the work as an action research. The case study supported both the elaboration of the guide and the simulation of the specific functionality for the university information system, demonstrated through the User Manual Module "Risk Management" proposed for the Integrated System of Property, Administration and Contracts (SIPAC). This manual has been prepared in order to facilitate the use of this tool if it will be incorporated into the university information system. As research results, a risk management model for UFRN was elaborated and a simulation of an informational tool, which is able to manage risks related to events that may affect the achievement of institutional objectives, was provided to the university administration.