2018 - 2021
The SEAL project aims to make significant advances in security of web applications, developing the SEAL platform containing
tools that implement secure programming in applications written in server-side programming languages (e.g., PHP and .NET). The platform will be
constituted by three layers, namely, code representation, vulnerability detection, and code correction, where: an intermediate language able to
represent server-side languages and secure code features will be defined; on this language, tools to perform code analysis to detect and identify
vulnerabilities will be developed, employing code analysis and machine learning techniques; and a secure code layer to remove the vulnerabilities
found automatically will be created. The SEAL platform, during its development and evaluation, will resort to use cases defined with the Maxdata
enterprise, the market leader in software solutions to health services.
2016 - 2019
The project aims to provide improvements to Security Information and Event Management (SIEM) systems based on diversity
related technology. More specifically, the project wants to (1) enhance the quality of events collected using a diverse set
of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open source
intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the
SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of
multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM
infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems,
and will be validated through the deployed in three large-scale production environments.
REDBOOK - Robust hardwarE-based Defences against Buffer Overflows and Other cybersecurity attacKs
2018 - 2021
For decades, numerous vulnerabilities have put computer systems and applications at risk. Several
cybersecurity issues have been recurrent, being Buffer Overflows (BOs) vulnerabilities a primary attack method, which
nowadays still accounts for more than 25% of the reported attacks. Such a high number clearly shows that classical
software-based and compiler-assisted techniques for preventing exploitation of buffer overflow vulnerabilities did not
succeed. Existing hardware-based methods (e.g., StackGhost) are too restricted and therefore they are not widely used.
This project aims the design of an innovative hardware-based system monitoring architecture, introducing novel
non-intrusive observation and runtime verification mechanisms for robust defence against cybersecurity hazards emerging
either from accidental faults or from malicious attacks. Technical feasibility will be demonstrated for SPARC
(aerospace applications) and ARM (telecommunications, including mobile) platforms.
2014 - 2017
The project main objective is to enhance the protection of smart electrical grids against cyber-attacks. SEGRID does this by
applying a risk management analysis approach to a number of smart grid use cases (the SEGRID use cases), which will define security
requirements and determine gaps in current security technologies, standards and regulations. The identified gaps and the analysis
itself will give input to the enhancement of risk assessment methodologies and the development of novel security measures for
2011 - 2013
The objective of RC-Clouds is to improve the security and dependability of cloud computing services using
Byzantine fault tolerance or intrusion tolerance.
2010 - 2013
The main objective of MASSIF is to achieve a signicant advance in the area of Security Information and Event
Management (SIEM). On the base of proper multi-level event correlation, MASSIF will provide innovation techniques in order to enable
the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences.
Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and
multi-level/multi-domain security event processing and predictive security monitoring.
Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture
for dependable and resilient collection of service events, supported by an extremely scalable and performant event collection and
processing framework, in the context of service-level attack models.
WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities
in web applications written in PHP (version 4.0 or higher) with a low rate of false positives.
WAP detects and corrects the following vulnerabilities:
- SQL Injection (SQLI)
- Cross-site scripting (XSS)
- Remote File Inclusion (RFI)
- Local File Inclusion (LFI)
- Directory Traversal or Path Traversal (DT/PT)
- Source Code Disclosure (SCD)
- OS Command Injection (OSCI)
- PHP Code Injection
WAP is an OWASP project
SEPTIC is a mechanism put inside of the DBMS to protect in runtime any
application that use the databases, detecting and blocking injection
attacks, such as SQL injection and stored injection (e.g., stored XSS)
attacks. It also solves the semantic mismatch between server-side
language and DBMS, which is the difference of interpretation between
how the queries are believed to be executed by the DBMS and how they
are actually executed. This means that SEPTIC protects applications
against the semantic mismatch exploitation attacks, i.e., attacks that
circumventing with success some forms of protection, such as web
application firewalls solutions and sanitization functions present in
source code of applications.
DEKANT is a source code static analysis tool inspired in natural
language processing that learns to recognize vulnerabilities in web
applications using a hidden Markov model (HMM). It uses a sequence
model for learning to characterize vulnerabilities, and then uses a
HMM to classify code elements of source code, taking into account the
order of code elements inside the source code.
PHParser 1.2 generates a pure Java parser for PHP programs.
Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis.
DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities
caused by the bad adaption of applications from ILP32 to LP64.