Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Tópicos
de interesse
Detalhes

Detalhes

  • Nome

    João Marco
  • Cargo

    Investigador Sénior
  • Desde

    22 dezembro 2016
002
Publicações

2025

Assessing the information security posture of online public services worldwide: Technical insights, trends, and policy implications?

Autores
Ribeiro, D; Fonte, V; Ramos, LF; Silva, M;

Publicação
GOVERNMENT INFORMATION QUARTERLY

Abstract
The fast global expansion of online public services has transformed how governments interact with citizens, offering convenience and efficiency. However, this digital transformation also introduces significant security risks, as sensitive data exchanged between users and service providers over public networks are exposed to cyber threats. Thus, ensuring the security and trustworthiness of these services is critical to the success of Electronic Government (EGOV) initiatives. This study evaluates the information security posture of 3068 public service platforms across all 193 UN Member States through non-intrusive assessments conducted in 2023 and 2024. The evaluation focuses on three key dimensions: (i) the adoption of secure end-to-end communication protocols, (ii) the trustworthiness of digital certificate chains, and (iii) the exposure of hosting servers to known vulnerabilities. The findings reveal that while some progress has been made in securing online public services, substantial gaps remain in the implementation of international security standards and best practices. Many platforms continue to rely on outdated cryptographic protocols, misconfigured certificates, and unpatched vulnerabilities, leaving citizens and services vulnerable to cyber threats due to weaknesses that malicious actors can easily and inconspicuously identify. These insights emphasize the need for effective implementation of more comprehensive cybersecurity policies, proactive security assessments, and improved regulatory compliance checks. Additionally, this work provides actionable guidance for governments and system administrators to enhance the security of EGOV infrastructures by addressing persistent vulnerabilities and adopting robust cybersecurity practices.

2024

A worldwide overview on the information security posture of online public services

Autores
Silva, JM; Ribeiro, D; Ramos, LFM; Fonte, V;

Publicação
PROCEEDINGS OF THE 57TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES

Abstract
The availability of public services through online platforms has improved the coverage and efficiency of essential services provided to citizens worldwide. These services also promote transparency and foster citizen participation in government processes. However, the increased online presence also exposes sensitive data exchanged between citizens and service providers to a wider range of security threats. Therefore, ensuring the security and trustworthiness of online services is crucial to Electronic Government (EGOV) initiatives' success. Hence, this work assesses the security posture of online platforms hosted in 3068 governmental domain names, across all UN Member States, in three dimensions: support for secure communication protocols; the trustworthiness of their digital certificate chains; and services' exposure to known vulnerabilities. The results indicate that despite its rapid development, the public sector still falls short in adopting international standards and best security practices in services and infrastructure management. This reality poses significant risks to citizens and services across all regions and income levels.

2024

Impact of Traffic Sampling on LRD Estimation

Autores
Mendes, J; Lima, SR; Carvalho, P; Silva, JMC;

Publicação
INFORMATION SYSTEMS AND TECHNOLOGIES, VOL 1, WORLDCIST 2023

Abstract
Network traffic sampling is an effective method for understanding the behavior and dynamics of a network, being essential to assist network planning and management. Tasks such as controlling Service Level Agreements or Quality of Service, as well as planning the capacity and the safety of a network can benefit from traffic sampling advantages. The main objective of this paper is focused on evaluating the impact of sampling network traffic on: (i) achieving a low-overhead estimation of the network state and (ii) assessing the statistical properties that sampled network traffic presents regarding the eventual persistence of LongRange Dependence (LRD). For that, different Hurst parameter estimators have been used. Facing the impact of LRD on network congestion and traffic engineering, this work will help clarify the suitability of distinct sampling techniques in accurate network analysis.

2024

Expert Systems in Information Security: A Comprehensive Exploration of Awareness Strategies Against Social Engineering Attacks

Autores
Cardoso, WR; Ribeiro, ADL; da Silva, JMC;

Publicação
GOOD PRACTICES AND NEW PERSPECTIVES IN INFORMATION SYSTEMS AND TECHNOLOGIES, VOL 2, WORLDCIST 2024

Abstract
This article delves into the pivotal role of expert systems in bolstering information security, with a specific emphasis on their effectiveness in awareness and training programs aimed at thwarting social engineering attacks. Employing a snowball methodology, the research expands upon seminal works, highlighting the intersection between expert systems and cybersecurity. The study identifies a gap in current understanding and aims to contribute valuable insights to the field. By analyzing five key articles as seeds, the research explores the landscape of expert systems in information security, emphasizing their potential impact on cultivating robust defenses against evolving cyber threats.

2023

Flexcomm Simulator: Exploring Energy Flexibility in Software Defined Networks with ns-3

Autores
Monteiro, RPC; Silva, JMC;

Publicação
PROCEEDINGS OF THE 2023 WORKSHOP ON NS-3, WNS3 2023

Abstract
The digitalization of energy generation and distribution systems opens new opportunities for devising network operation and traffic engineering strategies capable of adapting to the energy availability and sources. Despite the potential, developing and testing new approaches are challenging in production environments. Furthermore, no simulators support such integration between the communication infrastructure and the power grid. Thus, this paper introduces Flexcomm Simulator, a tool based on ns-3 that supports developing and assessing multiple strategies toward green networking and communications driven by real-time information from the power grid (i.e., Energy Flexibility). The proof-of-concept results demonstrate this contribution's potential by implementing an energy-aware routing algorithm that adapts to real-world Energy Flexibility data in a Metropolitan Area Network (MAN). Also, it showcases the simulator's capacity to deal with large-scale simulations through MPI-based distributed environments.

Teses
supervisionadas

2023

Green communications: An environment to support energy-aware networks developments

Autor
Rui Pedro da Cunha Monteiro

Instituição
INESCTEC

2023

Exploring programmable data planes towards green communications and networking

Autor
Rui Pedro da Cunha Monteiro

Instituição
INESCTEC

2023

Non-Authoritative Identification Systems

Autor
Diogo Pinto Ribeiro

Instituição
INESCTEC

2022

Análise de Problemas de Configuração e Conformidade em Infrastructure-as-Code

Autor
Rafaela Maria Soares da Silva

Instituição
INESCTEC

2022

Otimização de processos de amostragem de tráfego

Autor
Joel Filipe Esteves Gama

Instituição
INESCTEC