XIVT - eXcellence In Variant Testing (Principal Investigator)

2018 - 2021

Within the XIVT project, a method and toolchain will be defined for testing highly configurable, variant-rich embedded systems in the automotive, rail, telecommunication and industrial production domains. This will enable a highly effective, cost-efficient quality assurance, allowing the shift to autonomous, flexible and adaptive applications. The method is founded on a knowledge-based analysis of requirements formulated in natural language, and a model-based test generation at product-line level. It is expected that XIVT methods will result in higher test coverage, more flexible processes of higher quality and better products.

---

SEAL - SEcurity progrAmming of web appLications (Coordinator)

2018 - 2021

The SEAL project aims to make significant advances in security of web applications, developing the SEAL platform containing tools that implement secure programming in applications written in server-side programming languages (e.g., PHP and .NET). The platform will be constituted by three layers, namely, code representation, vulnerability detection, and code correction, where: an intermediate language able to represent server-side languages and secure code features will be defined; on this language, tools to perform code analysis to detect and identify vulnerabilities will be developed, employing code analysis and machine learning techniques; and a secure code layer to remove the vulnerabilities found automatically will be created. The SEAL platform, during its development and evaluation, will resort to use cases defined with the Maxdata enterprise, the market leader in software solutions to health services.

---

REDBOOK - Robust hardwarE-based Defences against Buffer Overflows and Other cybersecurity attacKs (Researcher)

2018 - 2021

For decades, numerous vulnerabilities have put computer systems and applications at risk. Several cybersecurity issues have been recurrent, being Buffer Overflows (BOs) vulnerabilities a primary attack method, which nowadays still accounts for more than 25% of the reported attacks. Such a high number clearly shows that classical software-based and compiler-assisted techniques for preventing exploitation of buffer overflow vulnerabilities did not succeed. Existing hardware-based methods (e.g., StackGhost) are too restricted and therefore they are not widely used. This project aims the design of an innovative hardware-based system monitoring architecture, introducing novel non-intrusive observation and runtime verification mechanisms for robust defence against cybersecurity hazards emerging either from accidental faults or from malicious attacks. Technical feasibility will be demonstrated for SPARC (aerospace applications) and ARM (telecommunications, including mobile) platforms.

---

DiSIEM - Diversity Enhancements for SIEMs (Researcher)

2016 - 2019

The project aims to provide improvements to Security Information and Event Management (SIEM) systems based on diversity related technology. More specifically, the project wants to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.

---

SEGRID - Security for smart Electricity GRIDs (Researcher)

2014 - 2017

The project main objective is to enhance the protection of smart electrical grids against cyber-attacks. SEGRID does this by applying a risk management analysis approach to a number of smart grid use cases (the SEGRID use cases), which will define security requirements and determine gaps in current security technologies, standards and regulations. The identified gaps and the analysis itself will give input to the enhancement of risk assessment methodologies and the development of novel security measures for smart grids.

---

RC-Clouds - Resilient Computing in the Clouds (Researcher)

2011 - 2013

The objective of RC-Clouds is to improve the security and dependability of cloud computing services using Byzantine fault tolerance or intrusion tolerance.

---

MASSIF - MAnagement of Security information and events in Service InFrastructures (Researcher)

2010 - 2013

The main objective of MASSIF is to achieve a signicant advance in the area of Security Information and Event Management (SIEM). On the base of proper multi-level event correlation, MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring.
Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and performant event collection and processing framework, in the context of service-level attack models.

Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP (version 4.0 or higher) with a low rate of false positives.

WAP detects and corrects the following vulnerabilities: SQL Injection (SQLI) Cross-site scripting (XSS) Remote File Inclusion (RFI) Local File Inclusion (LFI) Directory Traversal or Path Traversal (DT/PT) Source Code Disclosure (SCD) OS Command Injection (OSCI) PHP Code Injection	WAP is an OWASP project

---

SEPTIC - SElf-Protection daTabases preventIng attaCks

SEPTIC is a mechanism put inside of the DBMS to protect in runtime any application that use the databases, detecting and blocking injection attacks, such as SQL injection and stored injection (e.g., stored XSS) attacks. It also solves the semantic mismatch between server-side language and DBMS, which is the difference of interpretation between how the queries are believed to be executed by the DBMS and how they are actually executed. This means that SEPTIC protects applications against the semantic mismatch exploitation attacks, i.e., attacks that circumventing with success some forms of protection, such as web application firewalls solutions and sanitization functions present in source code of applications.

---

DEKANT - hidDEn marKov model diAgNosing vulnerabiliTies

DEKANT is a source code static analysis tool inspired in natural language processing that learns to recognize vulnerabilities in web applications using a hidden Markov model (HMM). It uses a sequence model for learning to characterize vulnerabilities, and then uses a HMM to classify code elements of source code, taking into account the order of code elements inside the source code.

---

PHP Parser

PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis.

---

Detector of integEr vulnerabilitiEs in softwarE Portability

DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of applications from ILP32 to LP64.

• International Conference in Engineering Applications (ICEA), 2019 - PC member
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2019 - PC member
• 1st International Workshop on Data-Centric Dependability and Security (co-located with DSN 2019) - Organizing committee
• IEEE International Symposium on Reliable Distributed Systems (SRDS), 2019 - Publications chair
• IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2019 - Organizing committee
• IFIP International Conference on Distributed Applications and Interoperable Systems (DAIS 2019) - PC member
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2018 - Track Chair
• International Conference on Principles of Distributed Systems (OPODIS), 2017 - Organizing committee
• Sessão de Segurança de Sistemas de Computadores e Comunicações - INforum, 2017
• 1º Seminário sobre Internet of Things nos Açores (SIoTA), 2015
• 1º Workshop sobre Cloud Computing nos Açores (WCC), 2013

---

PhD

• Paulo Antunes, Web application Security (Co-advised with Nuno Neves)
• Adriano Serckumecka, Low-cost Serverless SIEM in the Cloud (Co-advised with Alysson Bessani)
• Miguel Morelli, TBD

---

Master

• Ricardo Morgado, Invalidating web applications attacks by employing the right secure code (Co-advised with Nuno Neves)
• Francisco Araújo, Generating software tests to check for flaws and functionalities (Co-advised with Nuno Neves)
• Miguel Moreira, Enforcing security from the bottom-up (Co-advised with Francisco Martins, Uac)
• Cláudio Martins, Processing Cyber threat intelligence to enhance the SIEM's capabilities in avoiding threats
• Bruno Lourenço, Detection of Web Applications Through Web development Platforms (Co-advised with Nuno Neves)
• Ana Fidalgo, Detecting vulnerabilities leveraring from machine learning techniques (Co-advised with Nuno Neves)
• Pedro Gaspar, Processing netflows for intrusion detection
• Roberto Ponte, Blockchain Software Security (Co-advised with Miguel Correia, INESC-ID/IST)
• João Lopes, Public Key Infrastructure supporting eIDAS based Cloud Signatures (Co-advised with Sérgio Sá, Ernst & Young)

---

Past

• Rui Azevedo. Leveraging OSINT to Improve Threat Intelligence Quality, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, January 2019. (Co-advised with Alysson Bessani)
• Paulo Antunes, Monitoring Web Applications for Vulnerability Discovery and Removal Under Attack, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, October 2018. (Co-advised with Nuno Neves)
• Rui Calado, Auditoria Contínua e os Incidentes de Segurança, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, October 2018. (Co-advised with Artur Martins, Layer8)
• Anabela Borges, Whitebox Fuzzing for Web Application Security, Mestrado em Engenharia Informática e de Computadores, Departamento de Engenharia Informática, Instituto Superior Técnico da Universidade de Lisboa, June 2018. (Co-advised with Miguel Correia)
• Henrique Mendes, Security Auditing of a DLMS/COSEM Smart Grid Communication Protocol Implementation, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, April 2018. (Co-advised with Nuno Neves) (thesis)
• Miguel Falé, Improving Vulnerability Detection of WAP, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, December 2017. (Co-advised with Nuno Neves) (thesis)
• Ivo Vacas, Geração Automática de Conhecimento para SDI extraído de OSINTs, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Sept. 2017. (Co-advised with Carlos Ribeiro, Reitoria ULisboa) (thesis)

2019

• SeEcurity progrAmming of web appLications (SEAL). DINavtalk, FCUL. January 2019.

2018

• Software (in)Security – The Root of Threats. PhD Seminar, IST. December 2018.
• Detecting Network Threats using OSINT Knowledge-based IDS. Conference on European Dependable Computing Conference (EDCC), Iasi, Romania, September 2018.
• FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data using Network Flows. Conference on IEEE TrustCom, New York, EUA, Jul. 2018.
• Validating and Securing DLMS/COSEM Implementations with the ValiDLMS Framework. Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS), Luxembourg, June 2018.
• Detecting Web Application Vulnerabilities using Fuzzing and Symbolic Execution. DINavtalk, FCUL. March 2018.
• Building a SIEM in the Cloud. IFIP WG 10.4 Meeting, Goa, India, January 2018.

2017

• Detection of Vulnerabilities broken by Circular Dependencies in Static Analysis. IFIP WG 10.4 Meeting, Denver, EUA, June 2017.
• Demonstrating a Tool for Injection Attack Prevention in MySQL. Conference on Dependable Systems and Networks (DSN), Denver, EUA, June 2017.
• Avoiding Vulnerabilities by Application of Software Security. Lecture of Software Security on ParIS (Intensive Study Program). Luxembourg, April 2017.
• Detecting Vulnerabilities and Protecting Web Applications. DI-Talk. Março 2017.

2016

• Attacks, you shall not pass! SEPTIC will not avail you. DI-Navtalk, FCUL. December 2016.
• DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities. Symposium on Software Testing and Analysis (ISSTA). Saarbrücken, Germany, July 2016.
• Equipping WAP with Weapons to Detect Vulnerabilities. Conference on Dependable Systems and Networks (DSN). Toulouse, France, June 2016.
• Hacking the DBMS to Prevent Injection Attacks. Conference on Data and Applications Security and Privacy (CODASPY). New Orleans, EUA, March 2016.

2015

• Web Application Protection. ParIS – Intensive Study Program. University of Luxembourg, March 2015.
  
• Web Application Protection. SECURITY_!3V3NTZ#, ACM Student Chapter, ISCTE-IUL, March 2015.
  
• Hacking a DBMS to Avoid SQL Injection. Doctoral Seminar, FCUL, March 2015.
  
• Challenges to Security and Privacy of the Things in the Internet. 1º Seminário sobre Internet of Things - Açores. Janeiro 2015. (pt presentation)
  

2014

• Detection of Web Application Vulnerabilities using Sequence Models. DI-Smalltalk, FCUL. December 2014.
• Data Protection in the Age of Information Technologies. 13º Encontro Regional da BAD. November 2014. (pt presentation)
• Hybrid Methods to Detect and Correct Web Application Vulnerabilities Automatically. Doctoral Seminar, FCUL, May 2014.
• Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. World Wide Web (WWW) Conference. Seoul, Korea, April 2014.
• Information Security: How and Why? Segurança da Informação e Direitos de Autor em Contexto Digital. Açores. April 2014. (pt presentation)
• Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. Navigators Navtalk, FCUL, March 2014.
• Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. INESC-ID Seminar, INESC-ID, March 2014.

2013

• Securing Energy Metering Software with Automatic Source Code Correction. 11th IEEE International Conference on Industrial Informatics (INDIN), Bochum, Germany, July 2013.
• Software in the Cloud: Challenges to Security. 1º Workshop on Cloud Computing - Açores. April 2013.

2012

• Is the Code You Develop Secure? Software Engineering Seminar - UAc, Nov. 2012.

2009

• As Tecnologias no Ensino versus o Ensino da Informática. Colóquio de Didácticas – No Caminho das Didćticas: Saberes, Experiências e Inovação. Universidade dos Açores. Março 2009.

2008

• Detecção de Vulnerabilidades de Inteiros na Adaptação de Software de 32 para 64 bits. Master Thesis. March 2008.

FCUL, courses of the master in Security, Computer Engineering, and Informatic

• Software Security / Secure Software Systems
• Applied Security / Security Technologies

---

FCUL, courses of the bachelor in Informatic Technologies, and Computer Engineering

• Security and Dependability - TP
• Distributed Systems - TP
• Distributed Applications - TP, PL
• Introduction to Computer Architectures - TP

---

UAç, courses of the bachelor in Informatic: Network and Multimedia and Pos-graduation in Informatics

• Security and Network Management
• Distributed Systems
• Operating Systems
• Network and System Adminstration

---