Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
About

About

I work as an assistant professor at the Department of Informatics in the School of Engineering at the University of Minho. My main responsibility is teaching information security courses. Additionally, I am a senior researcher at INESC TEC where my research currently focuses on network security, energy-efficient communications, and non-authoritative identification systems.


Interest
Topics
Details

Details

  • Name

    João Marco
  • Role

    Senior Researcher
  • Since

    22nd December 2016
002
Publications

2024

A worldwide overview on the information security posture of online public services

Authors
Silva, JM; Ribeiro, D; Ramos, LFM; Fonte, V;

Publication
57th Hawaii International Conference on System Sciences, HICSS 2024, Hilton Hawaiian Village Waikiki Beach Resort, Hawaii, USA, January 3-6, 2024

Abstract
The availability of public services through online platforms has improved the coverage and efficiency of essential services provided to citizens worldwide. These services also promote transparency and foster citizen participation in government processes. However, the increased online presence also exposes sensitive data exchanged between citizens and service providers to a wider range of security threats. Therefore, ensuring the security and trustworthiness of online services is crucial to Electronic Government (EGOV) initiatives' success. Hence, this work assesses the security posture of online platforms hosted in 3068 governmental domain names, across all UN Member States, in three dimensions: support for secure communication protocols; the trustworthiness of their digital certificate chains; and services' exposure to known vulnerabilities. The results indicate that despite its rapid development, the public sector still falls short in adopting international standards and best security practices in services and infrastructure management. This reality poses significant risks to citizens and services across all regions and income levels. © 2024 IEEE Computer Society. All rights reserved.

2024

Impact of Traffic Sampling on LRD Estimation

Authors
Mendes, J; Lima, SR; Carvalho, P; Silva, JMC;

Publication
INFORMATION SYSTEMS AND TECHNOLOGIES, VOL 1, WORLDCIST 2023

Abstract
Network traffic sampling is an effective method for understanding the behavior and dynamics of a network, being essential to assist network planning and management. Tasks such as controlling Service Level Agreements or Quality of Service, as well as planning the capacity and the safety of a network can benefit from traffic sampling advantages. The main objective of this paper is focused on evaluating the impact of sampling network traffic on: (i) achieving a low-overhead estimation of the network state and (ii) assessing the statistical properties that sampled network traffic presents regarding the eventual persistence of LongRange Dependence (LRD). For that, different Hurst parameter estimators have been used. Facing the impact of LRD on network congestion and traffic engineering, this work will help clarify the suitability of distinct sampling techniques in accurate network analysis.

2024

Expert Systems in Information Security: A Comprehensive Exploration of Awareness Strategies Against Social Engineering Attacks

Authors
Cardoso, WR; Ribeiro, ADL; da Silva, JMC;

Publication
GOOD PRACTICES AND NEW PERSPECTIVES IN INFORMATION SYSTEMS AND TECHNOLOGIES, VOL 2, WORLDCIST 2024

Abstract
This article delves into the pivotal role of expert systems in bolstering information security, with a specific emphasis on their effectiveness in awareness and training programs aimed at thwarting social engineering attacks. Employing a snowball methodology, the research expands upon seminal works, highlighting the intersection between expert systems and cybersecurity. The study identifies a gap in current understanding and aims to contribute valuable insights to the field. By analyzing five key articles as seeds, the research explores the landscape of expert systems in information security, emphasizing their potential impact on cultivating robust defenses against evolving cyber threats.

2023

Flexcomm Simulator: Exploring Energy Flexibility in Software Defined Networks with ns-3

Authors
Monteiro, RPC; Silva, JMC;

Publication
PROCEEDINGS OF THE 2023 WORKSHOP ON NS-3, WNS3 2023

Abstract
The digitalization of energy generation and distribution systems opens new opportunities for devising network operation and traffic engineering strategies capable of adapting to the energy availability and sources. Despite the potential, developing and testing new approaches are challenging in production environments. Furthermore, no simulators support such integration between the communication infrastructure and the power grid. Thus, this paper introduces Flexcomm Simulator, a tool based on ns-3 that supports developing and assessing multiple strategies toward green networking and communications driven by real-time information from the power grid (i.e., Energy Flexibility). The proof-of-concept results demonstrate this contribution's potential by implementing an energy-aware routing algorithm that adapts to real-world Energy Flexibility data in a Metropolitan Area Network (MAN). Also, it showcases the simulator's capacity to deal with large-scale simulations through MPI-based distributed environments.

2023

AGE: Automatic Performance Evaluation of API Gateways

Authors
Moreira, P; Ribeiro, A; Silva, JMC;

Publication
IEEE Symposium on Computers and Communications, ISCC 2023, Gammarth, Tunisia, July 9-12, 2023

Abstract
The increasing use of microservices architectures has been accompanied by the profusion of tools for their design and operation. One relevant tool is API Gateways, which work as a proxy for microservices, hiding their internal APIs, providing load balancing, and multiple encoding support. Particularly in cloud environments, where the inherent flexibility allows on-demand resource deployment, API Gateways play a key role in seeking quality of service. Although multiple solutions are currently available, a comparative performance assessment under real workloads to support selecting the more suitable one for a specific service is time-consuming. In this way, the present work introduces AGE, a service capable of automatically deploying multiple API Gateways scenarios and providing a simple comparative performance indicator for a defined workload and infrastructure. The designed proof of concept shows that AGE can speed up API Gateway deployment and testing in multiple environments. © 2023 IEEE.

Supervised
thesis

2023

Exploring programmable data planes towards green communications and networking

Author
Rui Pedro da Cunha Monteiro

Institution
INESCTEC

2023

Non-Authoritative Identification Systems

Author
Diogo Pinto Ribeiro

Institution
INESCTEC

2023

Green communications: An environment to support energy-aware networks developments

Author
Rui Pedro da Cunha Monteiro

Institution
INESCTEC

2022

Otimização de processos de amostragem de tráfego

Author
Joel Filipe Esteves Gama

Institution
INESCTEC

2022

Information security monitoring systems in digital and mobile identification environments

Author
Paulo Miguel Novais Gameiro

Institution
INESCTEC