ADMORPH - Towards Adaptively Morphing Embedded Systems (Researcher)

2020 - 2023

Due to the increasing performance demands of mission- and safety-critical Cyber Physical Systems (of Systems) – after this referred to as CPS(oS) – these systems exhibit a rapidly growing complexity, manifested by an increasing number of (distributed) computational cores and application components connected via complex networks. However, with the growing complexity and interconnectivity of these systems, the chances of hardware failures as well as disruptions due to cyber-attacks will also quickly increase. System adaptivity, foremost in terms of dynamically remapping of application components to processing cores, represents a promising technique to fuse fault- and intrusion tolerance with the increasing performance requirements of these mission- and safety-critical CPS(oS). In the ADMORPH project, we evaluate this hypothesis using a novel, holistic approach to the specification, design, analysis and runtime deployment of adaptive, i.e., dynamically morphing, mission- and safety-critical CPS(oS) that are robust against both component failures and cyber-attacks. To this end, we will address four aspects that are instrumental for the realization of these adaptively morphing systems: (i) the formal specification of adaptive systems; (ii) adaptivity methods like strategies for maintaining safe and secure control of CPS(oS); (iii) analysis techniques for adaptive systems to, e.g., perform timing verification of adaptive systems to avoid timing violations after system reconfigurations; and (iv) run-time systems for adaptive systems that realize the actual run-time system reconfigurations to achieve fault and intrusion tolerance. The developed methodologies, methods and tools will be evaluated using three industrial use cases taken from the radar surveillance systems, autonomous operations for aircrafts, and transport management systems domains.

---

XIVT - eXcellence In Variant Testing (Principal Investigator)

2020 - 2023

Within the XIVT project, a method and toolchain will be defined for testing highly configurable, variant-rich embedded systems in the automotive, rail, telecommunication and industrial production domains. This will enable a highly effective, cost-efficient quality assurance, allowing the shift to autonomous, flexible and adaptive applications. The method is founded on a knowledge-based analysis of requirements formulated in natural language, and a model-based test generation at product-line level. It is expected that XIVT methods will result in higher test coverage, more flexible processes of higher quality and better products.

---

SEAL - SEcurity progrAmming of web appLications (Coordinator)

2018 - 2022

The SEAL project aims to make significant advances in security of web applications, developing the SEAL platform containing tools that implement secure programming in applications written in server-side programming languages (e.g., PHP and .NET). The platform will be constituted by three layers, namely, code representation, vulnerability detection, and code correction, where: an intermediate language able to represent server-side languages and secure code features will be defined; on this language, tools to perform code analysis to detect and identify vulnerabilities will be developed, employing code analysis and machine learning techniques; and a secure code layer to remove the vulnerabilities found automatically will be created. The SEAL platform, during its development and evaluation, will resort to use cases defined with the Maxdata enterprise, the market leader in software solutions to health services.

---

REDBOOK - Robust hardwarE-based Defences against Buffer Overflows and Other cybersecurity attacKs (Researcher)

2018 - 2021

For decades, numerous vulnerabilities have put computer systems and applications at risk. Several cybersecurity issues have been recurrent, being Buffer Overflows (BOs) vulnerabilities a primary attack method, which nowadays still accounts for more than 25% of the reported attacks. Such a high number clearly shows that classical software-based and compiler-assisted techniques for preventing exploitation of buffer overflow vulnerabilities did not succeed. Existing hardware-based methods (e.g., StackGhost) are too restricted and therefore they are not widely used. This project aims the design of an innovative hardware-based system monitoring architecture, introducing novel non-intrusive observation and runtime verification mechanisms for robust defence against cybersecurity hazards emerging either from accidental faults or from malicious attacks. Technical feasibility will be demonstrated for SPARC (aerospace applications) and ARM (telecommunications, including mobile) platforms.

---

DiSIEM - Diversity Enhancements for SIEMs (Researcher)

2016 - 2019

The project aims to provide improvements to Security Information and Event Management (SIEM) systems based on diversity related technology. More specifically, the project wants to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.

---

SEGRID - Security for smart Electricity GRIDs (Researcher)

2014 - 2017

The project main objective is to enhance the protection of smart electrical grids against cyber-attacks. SEGRID does this by applying a risk management analysis approach to a number of smart grid use cases (the SEGRID use cases), which will define security requirements and determine gaps in current security technologies, standards and regulations. The identified gaps and the analysis itself will give input to the enhancement of risk assessment methodologies and the development of novel security measures for smart grids.

---

RC-Clouds - Resilient Computing in the Clouds (Researcher)

2011 - 2013

The objective of RC-Clouds is to improve the security and dependability of cloud computing services using Byzantine fault tolerance or intrusion tolerance.

---

MASSIF - MAnagement of Security information and events in Service InFrastructures (Researcher)

2010 - 2013

The main objective of MASSIF is to achieve a signicant advance in the area of Security Information and Event Management (SIEM). On the base of proper multi-level event correlation, MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring.
Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and performant event collection and processing framework, in the context of service-level attack models.

Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP (version 4.0 or higher) with a low rate of false positives.

WAP detects and corrects the following vulnerabilities: SQL Injection (SQLI) Cross-site scripting (XSS) Remote File Inclusion (RFI) Local File Inclusion (LFI) Directory Traversal or Path Traversal (DT/PT) Source Code Disclosure (SCD) OS Command Injection (OSCI) PHP Code Injection	WAP is an OWASP project

---

SEPTIC - SElf-Protection daTabases preventIng attaCks

SEPTIC is a mechanism put inside of the DBMS to protect in runtime any application that use the databases, detecting and blocking injection attacks, such as SQL injection and stored injection (e.g., stored XSS) attacks. It also solves the semantic mismatch between server-side language and DBMS, which is the difference of interpretation between how the queries are believed to be executed by the DBMS and how they are actually executed. This means that SEPTIC protects applications against the semantic mismatch exploitation attacks, i.e., attacks that circumventing with success some forms of protection, such as web application firewalls solutions and sanitization functions present in source code of applications.

---

DEKANT - hidDEn marKov model diAgNosing vulnerabiliTies

DEKANT is a source code static analysis tool inspired in natural language processing that learns to recognize vulnerabilities in web applications using a hidden Markov model (HMM). It uses a sequence model for learning to characterize vulnerabilities, and then uses a HMM to classify code elements of source code, taking into account the order of code elements inside the source code.

---

PHP Parser

PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis.

---

Detector of integEr vulnerabilitiEs in softwarE Portability

DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of applications from ILP32 to LP64.

---

Software Co-Author

KAVe - Knowledge-based Agent-system Vulnerability detector
WAEFuzz - Web Application Ensemble Fuzzing
PHPCorrector - PHP Corrector
CorCA - Correction C Automatically
PatchBin - Automatic Binary Patching for C Flaws Repairing
ARRINA - Association and Recommendation for Requirements in Natural Language

• ACM/SIGAPP Symposium On Applied Computing (SAC) 2024 - PC member
• European Dependable Computing Conference (EDCC), 2024 - PC member
• Latin-American Symposium on Dependable and Secure Computing (LADC), 2023 - Student Forum PC member
• International Workshop on Attacks and Software Protection (WASP, co-located with ESORICS 2023) - PC member
• International Conference on Availability, Reliability and Security (ARES), 2023 - PC member
• ACS/IEEE International Conference on Computer Systems and Applications (AICCSA), 2023 - PC member
• International Workshop on Data-Centric Dependability and Security (DCDS, co-located with DSN 2023) - Steering committee
• International Workshop on Machine Learning for Cybersecurity (MLCS, co-located with ECML-PKDD 2023) - Organizing committee
• IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2022 - Organizing committee
• European Dependable Computing Conference (EDCC), 2022 - Organizing committee
• International Workshop on Data-Centric Dependability and Security (DCDS, co-located with DSN 2022) - Steering committee
• International Workshop on Machine Learning for Cybersecurity (MLCS, co-located with ECML-PKDD 2022) - Organizing committee
• International Conference on Ubiquous Security (UbiSec 2022) - PC member
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2022 - PC member
• IEEE International Conference on Cyber Security and resilience (CSR 2022) - PC member
• International Workshop on Reliability and Security Data Analysis (RSDA, co-located with ISSRE 2022) - PC member
• International Conference on Ubiquous Security (UbiSec 2021) - PC member
• International Workshop on Machine Learning for Cybersecurity (MLCS, co-located with ECML-PKDD 2021) - Organizing committee
• International Workshop on Reliability and Security Data Analysis (RSDA, co-located with ISSRE 2021) - PC member
• International Workshop on Data-Centric Dependability and Security (DCDS, co-located with DSN 2021) - Organizing committee
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2021 - PC member
• Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2021 - Organizing committee
• International Workshop on Reliability and Security Data Analysis (RSDA, co-located with ISSRE 2020) - PC member
• ACS/IEEE International Conference on Computer Systems and Applications (AICCSA), 2020 - PC member
• Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2020 - Organizing committee
• International Conference on Computer Safety, Reliability and Security (SafeComp), 2020 - Organizing committee
• International Workshop on Data-Centric Dependability and Security (DCDS, co-located with DSN 2020) - Organizing committee
• International Workshop on Machine Learning for Cybersecurity (MLCS, co-located with ECML-PKDD 2020) - Organizing committee
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2020 - PC member
• International Conference in Engineering Applications (ICEA), 2019 - PC member
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2019 - PC member
• International Workshop on Machine Learning for Cybersecurity (MLCS, co-located with ECML-PKDD 2019) - Organizing committee
• International Workshop on Data-Centric Dependability and Security (DCDS, co-located with DSN 2019) - Organizing committee
• IEEE International Symposium on Reliable Distributed Systems (SRDS), 2019 - Publications chair
• IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2019 - Organizing committee
• IFIP International Conference on Distributed Applications and Interoperable Systems (DAIS 2019) - PC member
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2018 - Track Chair
• International Conference on Principles of Distributed Systems (OPODIS), 2017 - Organizing committee
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2017
• 1º Seminário sobre Internet of Things nos Açores (SIoTA), 2015
• 1º Workshop sobre Cloud Computing nos Açores (WCC), 2013

---

Announcement. I am looking for future students that woulkd like to do research on security of web applications and/or cyber threat intelligence (CTI), including Data Science students that would like to have the experience on how to build machine learning models for these areas. Hence, if you are a student that would like to do research, for example, on finding vulnerabilities, detecting attacks, and analyzing CTI, and you have good skills in programming, are resilient :) and want new challenges, please contact me.

PhD

• Rafael Ramires, Detecting Vulnerabilities (Co-advised with Ana Respício)
• Paulo Antunes, Web Application Security (Co-advised with Nuno Neves)
• Adriano Serckumecka, Low-cost Serverless SIEM in the Cloud (Co-advised with Alysson Bessani)

---

Master

• António Silvestre, Detecting SQL Injection in Web Applications with FreeST (Co-advised with Andreia Mordido)
• David Gonçalves, Vulnerability Dataset Creation System (Co-advised with Nuno Neves)
• David Prates, Detecting and Removing Vulnerabilities (Co-advised with Vinicius Cogo)
• Luís Ferreirinha, Detecting and Removing Vulnerabilities in Binary Code
• Rodrigo Branco, Detecting Attacks and Code Vulnerabilities (Co-advised with Vinicius Cogo)
• Sérgio Ferreira, Detecting Vulnerabilities
• Tomás Ferreira, Detecting and Removing Vulnerabilities in Stand Alone Applications
• Rafael Abrantes, Detecting Vulnerabilities
• Bruno Matos, Detecting and Removing Vulnerabilities
• João Queimado, Large-scale distributed similarity search with Locality-Sensitive Hashing (LSH) (Co-advised with Vinicius Cogo)
• Miguel Oliveira, Detecting Vulnerabilities
• Miguel Ferreira, Dataset creation system (Co-advised with Nuno Neves)
• Pedro Martins, Detecting and Removing Vulnerabilities (Co-advised with Vinicius Cogo)

---

Past

Post Docs

• David Matos, Web Application Security, 2021-22

Masters

• Rafael Ramires. Detect Web Vulnerabilities using Knowledge Graphs, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, May 2023. (Co-advised with Ana Respício)
• Jorge Martins. Code Privacy in Detection of Web Vulnerabilities, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, April 2023. (Co-advised with Bernardo Ferreira)
• Diogo Ferreira. Automatic Binary Patching for Flaws Repairing using Static Re-writing and Reverse Dataflow Analysis, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, March 2023.
• João Inácio. Automatic Removal of Flaws in Embedded System Software, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, May 2022.
• Nuno Durão. Discovery of Web Attacks by Inspecting HTTPS Network Traffic with Machine Learning and Similarity Search, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, May 2022. (Co-advised with Vinicius Cogo)
• João Caseirito. Attacking Web Applications for Dynamic Discovering of Vulnerabilities, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, February 2022.
• Jorge Vigário. ZERODays: Sistema de Gestão de Ameaças de Ciber-segurança de Dia-Zero, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, December 2021. (Co-advised with José Alegria, Altice)
• Vasco Leitão. Prioritization of Software and System Requirements through Natural Language Processing for Testing Software, Mestrado em Ciências de Dados, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Novembro 2021.
• Miguel Moreira. Imposição de Segurança em Aplicações Web a partir de Linguagem Intermédia, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Julho 2021. (Co-advised with Francisco Martins, Uac)
• Rui Pereira. Automatização de Requisitos de Segurança em Aplicações Android, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, December 2020. (Co-advised with Nuno Neves)
• Ana Fidalgo. Detecting Web Vulnerabilities in an Intermediate Language Resorting of Machine Learning Techniques, Mestrado em Ciência de Dados, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, November 2020. (Co-advised with Nuno Neves)
• Cláudio Martins. Generating Threat Intelligence based on OSINT and a Cyber Threat Unified Taxonomy, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, September 2020.
• Bruno Lourenço. Vulnerabilities Detection at Runtime and Continuous Auditing, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, April 2020. (Co-advised with Nuno Neves)
• Ricardo Morgado. Invalidating web applications attacks by employing the right secure code, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, September 2019. (Co-advised with Nuno Neves)
• Francisco Araújo. Generating software tests to check for flaws and functionalities, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, September 2019. (Co-advised with Nuno Neves)
• Rui Azevedo. Leveraging OSINT to Improve Threat Intelligence Quality, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, January 2019. (Co-advised with Alysson Bessani)
• Paulo Antunes, Monitoring Web Applications for Vulnerability Discovery and Removal Under Attack, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, October 2018. (Co-advised with Nuno Neves)
• Rui Calado, Auditoria Contínua e os Incidentes de Segurança, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, October 2018. (Co-advised with Artur Martins, Layer8)
• Anabela Borges, Whitebox Fuzzing for Web Application Security, Mestrado em Engenharia Informática e de Computadores, Departamento de Engenharia Informática, Instituto Superior Técnico da Universidade de Lisboa, June 2018. (Co-advised with Miguel Correia)
• Henrique Mendes, Security Auditing of a DLMS/COSEM Smart Grid Communication Protocol Implementation, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, April 2018. (Co-advised with Nuno Neves) (thesis)
• Miguel Falé, Improving Vulnerability Detection of WAP, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, December 2017. (Co-advised with Nuno Neves) (thesis)
• Ivo Vacas, Geração Automática de Conhecimento para SDI extraído de OSINTs, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Sept. 2017. (Co-advised with Carlos Ribeiro, Reitoria ULisboa) (thesis)

2023

• Testing Software Out-of-House: How to Make it Reliable while Ensuring Code Privacy. IFIP Working Group 10.4 - Dependable Computing and Fault Tolerance, Arcos de Valdevez, Portugal, June 2023.
• CorCA: An Automatic Program Repair Tool for Checking and Removing Effectively C Flaws. Conference on Software Testing, Verification and Validation (ICST), Dublin, Ireland, April 2023.

2022

• Effectiveness on C Flaws Checking and Removal. Conference on Dependable Systems and Networks (DSN), Baltimore, Maryland, USA, June 2022.
• Effectiveness on C Flaws Checking and Removal. IFIP Working Group 10.4 - Dependable Computing and Fault Tolerance, Alexandria, VA, USA, June 2022.

2021

• Finding Web Application Vulnerabilities with an Ensemble Fuzzing. Conference on Dependable Systems and Networks (DSN), Tapei, Taiwan, June 2021.
• Clustering and Correlating OSINT Towards Threat Intelligence Enrichment. Open Source Intelligence (OSINT) Workshop. European Comission - JRC, Text and Data Mining, February 2021.

2020

• Cybersecurity: Leveraging Threat Intelligence to Improve Defense Systems. I-Data Meeting Live Virtual Event, Lisboa, Portugal, September 2020.
• Effect of Coding Styles in Detection of Web Application Vulnerabilities. Conference on European Dependable Computing Conference (EDCC), Munich, Germany, September 2020.
• Impact of Coding Styles on Behaviours of Static Analysis Tools for Web Applications. Conference on Dependable Systems and Networks (DSN), Valencia, Spain, July 2020.
• Towards Web Application Security by Automated Code Correction. Conference on Evaluation of Novel Approaches to Software Engineering (ENASE), Prague, Czech Republic, May 2020.
• Generating Tests for the Discovery of Security Flaws in Product Variants. DINavtalk, FCUL. February 2020.

2019

• PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT. Conference on IEEE TrustCom, Rotorua, New Zealand, Agt 2019.
• Enhancing Information Sharing and Visualization Capabilities in Security Data Analytic Platforms. Workshop on Data-Centric on Security and Dependability (DCDS, with DSN 2019), Portland, EUA, June 2019.
• Generating Threat Intelligence by Classification and Association of Security Events. Workshop on Data-Centric on Security and Dependability (DCDS, with DSN 2019), Portland, EUA, June 2019.
• SeEcurity progrAmming of web appLications (SEAL). DINavtalk, FCUL. January 2019.

2018

• Software (in)Security – The Root of Threats. PhD Seminar, IST. December 2018.
• Detecting Network Threats using OSINT Knowledge-based IDS. Conference on European Dependable Computing Conference (EDCC), Iasi, Romania, September 2018.
• FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data using Network Flows. Conference on IEEE TrustCom, New York, EUA, Jul. 2018.
• Validating and Securing DLMS/COSEM Implementations with the ValiDLMS Framework. Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS), Luxembourg, June 2018.
• Detecting Web Application Vulnerabilities using Fuzzing and Symbolic Execution. DINavtalk, FCUL. March 2018.
• Building a SIEM in the Cloud. IFIP WG 10.4 Meeting, Goa, India, January 2018.

2017

• Detection of Vulnerabilities broken by Circular Dependencies in Static Analysis. IFIP WG 10.4 Meeting, Denver, EUA, June 2017.
• Demonstrating a Tool for Injection Attack Prevention in MySQL. Conference on Dependable Systems and Networks (DSN), Denver, EUA, June 2017.
• Avoiding Vulnerabilities by Application of Software Security. Lecture of Software Security on ParIS (Intensive Study Program). Luxembourg, April 2017.
• Detecting Vulnerabilities and Protecting Web Applications. DI-Talk. Março 2017.

2016

• Attacks, you shall not pass! SEPTIC will not avail you. DI-Navtalk, FCUL. December 2016.
• DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities. Symposium on Software Testing and Analysis (ISSTA). Saarbrücken, Germany, July 2016.
• Equipping WAP with Weapons to Detect Vulnerabilities. Conference on Dependable Systems and Networks (DSN). Toulouse, France, June 2016.
• Hacking the DBMS to Prevent Injection Attacks. Conference on Data and Applications Security and Privacy (CODASPY). New Orleans, EUA, March 2016.

2015

• Web Application Protection. ParIS – Intensive Study Program. University of Luxembourg, March 2015.
  
• Web Application Protection. SECURITY_!3V3NTZ#, ACM Student Chapter, ISCTE-IUL, March 2015.
  
• Hacking a DBMS to Avoid SQL Injection. Doctoral Seminar, FCUL, March 2015.
  
• Challenges to Security and Privacy of the Things in the Internet. 1º Seminário sobre Internet of Things - Açores. Janeiro 2015. (pt presentation)
  

2014

• Detection of Web Application Vulnerabilities using Sequence Models. DI-Smalltalk, FCUL. December 2014.
• Data Protection in the Age of Information Technologies. 13º Encontro Regional da BAD. November 2014. (pt presentation)
• Hybrid Methods to Detect and Correct Web Application Vulnerabilities Automatically. Doctoral Seminar, FCUL, May 2014.
• Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. World Wide Web (WWW) Conference. Seoul, Korea, April 2014.
• Information Security: How and Why? Segurança da Informação e Direitos de Autor em Contexto Digital. Açores. April 2014. (pt presentation)
• Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. Navigators Navtalk, FCUL, March 2014.
• Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. INESC-ID Seminar, INESC-ID, March 2014.

2013

• Securing Energy Metering Software with Automatic Source Code Correction. 11th IEEE International Conference on Industrial Informatics (INDIN), Bochum, Germany, July 2013.
• Software in the Cloud: Challenges to Security. 1º Workshop on Cloud Computing - Açores. April 2013.

2012

• Is the Code You Develop Secure? Software Engineering Seminar - UAc, Nov. 2012.

2009

• As Tecnologias no Ensino versus o Ensino da Informática. Colóquio de Didácticas – No Caminho das Didćticas: Saberes, Experiências e Inovação. Universidade dos Açores. Março 2009.

2008

• Detecção de Vulnerabilidades de Inteiros na Adaptação de Software de 32 para 64 bits. Master Thesis. March 2008.

FCUL, courses of the master in Security, Computer Engineering, and Informatic

• Software Security / Secure Software Systems
• Offensive and Defensive Methodologies for Cybersecurity
• Applied Security / Security Technologies

---

FCUL, courses of the bachelor in Informatic Technologies, and Computer Engineering

• Operating Systems - T, TP
• Security and Dependability - TP
• Distributed Systems - TP
• Distributed Applications - TP, PL
• Introduction to Computer Architectures - TP

---

UAç, courses of the bachelor in Informatic: Network and Multimedia and Pos-graduation in Informatics

• Security and Network Management - T, PL
• Distributed Systems - T, PL
• Operating Systems - T, PL
• Network and System Adminstration - T, PL

---