Assistant Professor
University of Lisboa, PT
ivmedeiros(at)fc.ul.pt
+351 217500087 (ext: 26380)
Research
Software
   
   
   
Ibéria Medeiros is an Assistant Professor in the Department of Informatics, at the Faculty of Sciences of the University of Lisboa. She is an integrated researcher of the LASIGE - Large-Scale Informatics Systems Laboratory, and a member of the Navigators research group. She is also a IEEE member. She holds a PhD degree in Computer Science and a MSc degree in Informatics both at the Faculty of Sciences of the University of Lisboa.
Her main research focuses on software security, cybersecurity, and machine learning. She investigates techniques and models, resorting machine learning, to improve the code security of web applications and programs deployed in industrial products, once web applications are the most used forms of accessing to services and industrial products must be realiable systems and work properly. She is author of tools for software security to detect and remove vulnerabilities in web applications, correcting their code, and of mechanisms and systems for cybersecurity to improve the quality of threat intelligence (from OSINT) and the detection of incidents and intrusions. Her research interests are: software security, vulnerability detection, code correction, cybersecurity, cyber threat intelligence, intrusion detection, runtime protection, machine learning, natural language processing, and data mining.
She is the principal investigator of the SEAL national project and the XIVT European project, and has been involved in international and national projects, including the ADMORPH, DiSIEM, SEGRID, and MASSIF European projects, and the REDBOOK national project.
I am looking for future students that woulkd like to do research on security of web applications and/or cyber threat intelligence (CTI), including Data Science students that would like to have the experience on how to build machine learning models for these areas. Hence, if you are a student that would like to do research, for example, on finding vulnerabilities, detecting attacks, and analyzing CTI, and you have good skills in programming, are resilient :) and want new challenges, please contact me.
Due to the increasing performance demands of mission- and safety-critical Cyber Physical Systems (of Systems) – after this referred to as CPS(oS) – these systems exhibit a rapidly growing complexity, manifested by an increasing number of (distributed) computational cores and application components connected via complex networks. However, with the growing complexity and interconnectivity of these systems, the chances of hardware failures as well as disruptions due to cyber-attacks will also quickly increase. System adaptivity, foremost in terms of dynamically remapping of application components to processing cores, represents a promising technique to fuse fault- and intrusion tolerance with the increasing performance requirements of these mission- and safety-critical CPS(oS). In the ADMORPH project, we evaluate this hypothesis using a novel, holistic approach to the specification, design, analysis and runtime deployment of adaptive, i.e., dynamically morphing, mission- and safety-critical CPS(oS) that are robust against both component failures and cyber-attacks. To this end, we will address four aspects that are instrumental for the realization of these adaptively morphing systems: (i) the formal specification of adaptive systems; (ii) adaptivity methods like strategies for maintaining safe and secure control of CPS(oS); (iii) analysis techniques for adaptive systems to, e.g., perform timing verification of adaptive systems to avoid timing violations after system reconfigurations; and (iv) run-time systems for adaptive systems that realize the actual run-time system reconfigurations to achieve fault and intrusion tolerance. The developed methodologies, methods and tools will be evaluated using three industrial use cases taken from the radar surveillance systems, autonomous operations for aircrafts, and transport management systems domains.
Within the XIVT project, a method and toolchain will be defined for testing highly configurable, variant-rich embedded systems in the automotive, rail, telecommunication and industrial production domains. This will enable a highly effective, cost-efficient quality assurance, allowing the shift to autonomous, flexible and adaptive applications. The method is founded on a knowledge-based analysis of requirements formulated in natural language, and a model-based test generation at product-line level. It is expected that XIVT methods will result in higher test coverage, more flexible processes of higher quality and better products.
The SEAL project aims to make significant advances in security of web applications, developing the SEAL platform containing tools that implement secure programming in applications written in server-side programming languages (e.g., PHP and .NET). The platform will be constituted by three layers, namely, code representation, vulnerability detection, and code correction, where: an intermediate language able to represent server-side languages and secure code features will be defined; on this language, tools to perform code analysis to detect and identify vulnerabilities will be developed, employing code analysis and machine learning techniques; and a secure code layer to remove the vulnerabilities found automatically will be created. The SEAL platform, during its development and evaluation, will resort to use cases defined with the Maxdata enterprise, the market leader in software solutions to health services.
For decades, numerous vulnerabilities have put computer systems and applications at risk. Several cybersecurity issues have been recurrent, being Buffer Overflows (BOs) vulnerabilities a primary attack method, which nowadays still accounts for more than 25% of the reported attacks. Such a high number clearly shows that classical software-based and compiler-assisted techniques for preventing exploitation of buffer overflow vulnerabilities did not succeed. Existing hardware-based methods (e.g., StackGhost) are too restricted and therefore they are not widely used. This project aims the design of an innovative hardware-based system monitoring architecture, introducing novel non-intrusive observation and runtime verification mechanisms for robust defence against cybersecurity hazards emerging either from accidental faults or from malicious attacks. Technical feasibility will be demonstrated for SPARC (aerospace applications) and ARM (telecommunications, including mobile) platforms.
The project aims to provide improvements to Security Information and Event Management (SIEM) systems based on diversity related technology. More specifically, the project wants to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.
The project main objective is to enhance the protection of smart electrical grids against cyber-attacks. SEGRID does this by applying a risk management analysis approach to a number of smart grid use cases (the SEGRID use cases), which will define security requirements and determine gaps in current security technologies, standards and regulations. The identified gaps and the analysis itself will give input to the enhancement of risk assessment methodologies and the development of novel security measures for smart grids.
The objective of RC-Clouds is to improve the security and dependability of cloud computing services using Byzantine fault tolerance or intrusion tolerance.
The main objective of MASSIF is to achieve a signicant advance in the area of Security Information and Event
Management (SIEM). On the base of proper multi-level event correlation, MASSIF will provide innovation techniques in order to enable
the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences.
Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and
multi-level/multi-domain security event processing and predictive security monitoring.
Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture
for dependable and resilient collection of service events, supported by an extremely scalable and performant event collection and
processing framework, in the context of service-level attack models.
![]() |
Web Application Protection |
WAP detects and corrects the following vulnerabilities:
|
![]() |
SEPTIC - SElf-Protection daTabases preventIng attaCks |
SEPTIC is a mechanism put inside of the DBMS to protect in runtime any application that use the databases, detecting and blocking injection attacks, such as SQL injection and stored injection (e.g., stored XSS) attacks. It also solves the semantic mismatch between server-side language and DBMS, which is the difference of interpretation between how the queries are believed to be executed by the DBMS and how they are actually executed. This means that SEPTIC protects applications against the semantic mismatch exploitation attacks, i.e., attacks that circumventing with success some forms of protection, such as web application firewalls solutions and sanitization functions present in source code of applications.
![]() |
DEKANT - hidDEn marKov model diAgNosing vulnerabiliTies |
DEKANT is a source code static analysis tool inspired in natural language processing that learns to recognize vulnerabilities in web applications using a hidden Markov model (HMM). It uses a sequence model for learning to characterize vulnerabilities, and then uses a HMM to classify code elements of source code, taking into account the order of code elements inside the source code.
![]() |
PHP Parser
|
PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis.
![]() |
Detector of integEr vulnerabilitiEs in softwarE Portability |
DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of applications from ILP32 to LP64.
Announcement. I am looking for future students that woulkd like to do research on security of web applications and/or cyber threat intelligence (CTI), including Data Science students that would like to have the experience on how to build machine learning models for these areas. Hence, if you are a student that would like to do research, for example, on finding vulnerabilities, detecting attacks, and analyzing CTI, and you have good skills in programming, are resilient :) and want new challenges, please contact me.