Ibéria Medeiros

Ibéria Medeiros

Invited Assistant Professor

University of Lisbon, PT

ivmedeiros(at)fc.ul.pt

+351 217500087

Google Scholar



Research

  • Software security
  • Vulnerability detection
  • Source code static analysis
  • Runtime protection
  • Machine learning
  • Data mining
  • Natural language processing
  • Security



Software

WAP    Septic    Dekant


PHP parser    Deeep






Short Bio

Ibéria Medeiros is an invited Assistant Professor in the Department of Informatics, at the Faculty of Sciences University of Lisbon. She is an integrated researcher of the LaSIGE - Large-Scale Informatics Systems Laboratory, and a member of the Navigators research group. She is also a IEEE member.

She holds a PhD degree in Computer Science and a MSc degree in Informatics at the Faculty of Sciences University of Lisbon, and a Licenciatura (roughly equivalent to BSc+MSc) in Mathematics and Informatics at the University of Azores. She is the author of software security tools for detecting vulnerabilities in source code of applications, and a parser for PHP language. She has been participating in SEGRID and DiSIEM european projects and involved in events organization.

Her research interests are concerned with software security, vulnerability detection, source code static analysis, runtime protection, machine learning, data mining, natural language processing, and security.



Publications

Journal Papers

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining. IEEE Transactions on Reliability. styleVol. 65, No. 1, pages 54-69, March 2016. (journal)


Conference and Workshop Papers

2017

  • Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Ferreira Neves, Miguel Correia, Marco Vieira, On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study, in Proceedings of the 13th European Dependable Computing Conference (EDCC), Sept. 2017. (paper)

  • Ibéria Medeiros, Nuno Ferreira Neves, Miguel Beatriz, Miguel Correia, Demonstrating a Tool for Injection Attack Prevention in MySQL, in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Jun. 2017. (paper)


2016

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA), Saarbrücken, German, 12 pages, July 2016. (paper)

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Equipping WAP with Weapons to Detect Vulnerabilities. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), Toulouse, France, 8 pages, June 2016 (paper)

  • Ibéria Medeiros, Miguel Beatriz, Nuno Neves, Miguel Correia. Hacking the DBMS to Prevent Injection Attacks. In Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY), New Orleans, EUA, 11 pages, March 2016 (paper)

2014

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. Proceedings of the 23rd International Conference on World Wide Web (WWW), Seoul, Korea, 11 pages, April 2014. (paper)(slides)

2013

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Securing Energy Metering Software with Automatic Source Code Correction. Proceedings of the IEEE International Conference on Industrial Informatics (INDIN), Bochum, Germany, 6 pages, July 2013. (paper)(slides)


Short Papers

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Web Application Protection with the WAP tool (fast abstract). Proceedings of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'14), Atlanta, Georgia USA, June 2014. (paper)

  • Ibéria Medeiros, Miguel Correia. Finding Vulnerabilities in Software Ported from 32 to 64-bit CPUs (fast abstract). Proceedings of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'09), Estoril, Lisboa Portugal. June-July 2009. (pdf)


National Conference Papers

  • Ivo Vacas, Ibéria Medeiros, Geração Automática de Conhecimento para SDI extraído de OSINTs, in Proceedings of the 9th Simpósio de Informática, INForum 2017, Aveiro, Portugal, Oct. 2017. (paper)

  • Miguel Falé, Ibéria Medeiros, Nuno Ferreira Neves, Resolução de Dependências Circulares em Inclusão de Código em Análise Estática de Código, in Proceedings of the 9th Simpósio de Informática, INForum 2017, Aveiro, Portugal, Oct. 2017. (paper)

  • Ibéria Medeiros, Miguel Correia. Detection of Integer Vulnerabilities in Porting Software from 32 to 64 bits. Proceedings of the 3th Nacional Conference on Segurança nas Organizações (SINO'07). Lisboa, November 2007. (pdf) (software)


Thesis

  • Ibéria Medeiros. Detection of Vulnerabilities and Automatic Protection for Web Applications. PhD thesis. Faculty of Sciences of University of Lisboa, September 2016. (thesis)

  • Ibéria Medeiros. Detecção de Vulnerabilidades de Inteiros na Adaptação de Software de 32 para 64 bits. Master thesis of Master in Informatics. Faculty of Sciences of University of Lisboa, March 2008.


Projects

DiSIEM - Diversity Enhancements for SIEMs (Researcher)
2016 - 2019

The project aims to provide improvements to Security Information and Event Management (SIEM) systems based on diversity related technology. More specifically, the project wants to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.


SEGRID - Security for smart Electricity GRIDs (Researcher)
2014 - 2017

The project main objective is to enhance the protection of smart electrical grids against cyber-attacks. SEGRID does this by applying a risk management analysis approach to a number of smart grid use cases (the SEGRID use cases), which will define security requirements and determine gaps in current security technologies, standards and regulations. The identified gaps and the analysis itself will give input to the enhancement of risk assessment methodologies and the development of novel security measures for smart grids.


RC-Clouds - Resilient Computing in the Clouds (Researcher)
2011 - 2013

The objective of RC-Clouds is to improve the security and dependability of cloud computing services using Byzantine fault tolerance or intrusion tolerance.


MASSIF - MAnagement of Security information and events in Service InFrastructures (Researcher)
2010 - 2013

The main objective of MASSIF is to achieve a signicant advance in the area of Security Information and Event Management (SIEM). On the base of proper multi-level event correlation, MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring.
Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and performant event collection and processing framework, in the context of service-level attack models.



Software

WAP
Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP (version 4.0 or higher) with a low rate of false positives.

WAP detects and corrects the following vulnerabilities:
  • SQL Injection (SQLI)
  • Cross-site scripting (XSS)
  • Remote File Inclusion (RFI)
  • Local File Inclusion (LFI)
  • Directory Traversal or Path Traversal (DT/PT)
  • Source Code Disclosure (SCD)
  • OS Command Injection (OSCI)
  • PHP Code Injection

WAP is an OWASP project
OWASP


Septic
SEPTIC - SElf-Protection daTabases preventIng attaCks

SEPTIC is a mechanism put inside of the DBMS to protect in runtime any application that use the databases, detecting and blocking injection attacks, such as SQL injection and stored injection (e.g., stored XSS) attacks. It also solves the semantic mismatch between server-side language and DBMS, which is the difference of interpretation between how the queries are believed to be executed by the DBMS and how they are actually executed. This means that SEPTIC protects applications against the semantic mismatch exploitation attacks, i.e., attacks that circumventing with success some forms of protection, such as web application firewalls solutions and sanitization functions present in source code of applications.



Dekant
DEKANT - hidDEn marKov model diAgNosing vulnerabiliTies

DEKANT is a source code static analysis tool inspired in natural language processing that learns to recognize vulnerabilities in web applications using a hidden Markov model (HMM). It uses a sequence model for learning to characterize vulnerabilities, and then uses a HMM to classify code elements of source code, taking into account the order of code elements inside the source code.



PHP parser
PHP Parser

PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis.



Deeep
Detector of integEr vulnerabilitiEs in softwarE Portability

DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of applications from ILP32 to LP64.



Events

Soon...
2017



Students

PhD

  • Adriano Serckumecka (Co-advised with Alysson Bessani)


Master

  • Paulo Antunes, Finding Vulnerabilities using Oracles (Co-advised with Nuno Neves)
  • Rui Azevedo, Secure SIEM using OSINT for avoiding threats (Co-advised with Alysson Bessani)
  • Roberto Ponte, Blockchain Software Security (Co-advised with Miguel Correia, INESC-ID/IST)
  • João Lopes, Public Key Infrastructure supporting eIDAS based Cloud Signatures (Co-advised with Sérgio Sá, Ernst & Young)
  • Rui Calado, Auditorias de Vulnerabilidades e Testes de Intrusão (Co-advised with Artur Martins, Layer8)
  • Bruno Lourenço, Vulnerability Discovery (Co-advised with Nuno Neves)
  • Anabela Borges, Whitebox Fuzzing for Web Application Security (Co-advised with Miguel Correia, INESC-ID/IST)
  • Henrique Mendes, Security Auditing of a DLMS/COSEM Smart Grid Communication Protocol Implementation (Co-advised with Nuno Neves)


Past

  • Miguel Falé, Improving Vulnerability Detection of WAP, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, December 2017. (Co-advised with Nuno Neves) (thesis)
  • Ivo Vacas, Geração Automática de Conhecimento para SDI extraído de OSINTs, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Sept. 2017. (Co-advised with Carlos Ribeiro, Reitoria ULisboa) (thesis)



Talks

2016

  • Hacking the DBMS to Prevent Injection Attacks. Conference on Data and Applications Security and Privacy (CODASPY). New Orleans, EUA, March 2016.

2015

  • Web Application Protection. ParIS – Intensive Study Program. University of Luxembourg, March 2015.
  • Web Application Protection. SECURITY_!3V3NTZ#, ACM Student Chapter, ISCTE-IUL, March 2015.
  • Hacking a DBMS to Avoid SQL Injection. Doctoral Seminar, FCUL, March 2015.
  • Challenges to Security and Privacy of the Things in the Internet. 1º Seminário sobre Internet of Things - Açores. Janeiro 2015. (pt presentation)

2014

  • Detection of Web Application Vulnerabilities using Sequence Models. DI-Smalltalk, FCUL. December 2014.
  • Data Protection in the Age of Information Technologies. 13º Encontro Regional da BAD. November 2014. (pt presentation)
  • Hybrid Methods to Detect and Correct Web Application Vulnerabilities Automatically. Doctoral Seminar, FCUL, May 2014.
  • Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. World Wide Web (WWW) Conference. Seoul, Korea, April 2014.
  • Information Security: How and Why? Segurança da Informação e Direitos de Autor em Contexto Digital. Açores. April 2014. (pt presentation)
  • Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. Navigators Navtalk, FCUL, March 2014.
  • Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. INESC-ID Seminar, INESC-ID, March 2014.

2013

  • Securing Energy Metering Software with Automatic Source Code Correction. 11th IEEE International Conference on Industrial Informatics (INDIN), Bochum, Germany, July 2013.
  • Software in the Cloud: Challenges to Security. 1º Workshop on Cloud Computing - Açores. April 2013.

2012

  • Is the Code You Develop Secure? Software Engineering Seminar - UAc, Nov. 2012.

2009

  • As Tecnologias no Ensino versus o Ensino da Informática. Colóquio de Didácticas – No Caminho das Didćticas: Saberes, Experiências e Inovação. Universidade dos Açores. Março 2009.

2008

  • Detecção de Vulnerabilidades de Inteiros na Adaptação de Software de 32 para 64 bits. Master Thesis. March 2008.