Ibéria Medeiros

Ibéria Medeiros

Assistant Professor

University of Lisboa, PT

ivmedeiros(at)fc.ul.pt

+351 217500087

Google Scholar



Research

  • Software security
  • Vulnerability detection
  • Source code static analysis
  • Runtime protection
  • Machine learning
  • Data mining
  • Natural language processing
  • Security



Software

WAP    Septic    Dekant


PHP parser    Deeep






Short Bio

Ibéria Medeiros is an Assistant Professor in the Department of Informatics, at the Faculty of Sciences University of Lisboa. She is an integrated researcher of the LASIGE - Large-Scale Informatics Systems Laboratory, and a member of the Navigators research group. She is also a IEEE member.

She holds a PhD degree in Computer Science and a MSc degree in Informatics both at the Faculty of Sciences University of Lisboa, and a Licenciatura (roughly equivalent to BSc+MSc) in Mathematics and Informatics at the University of Azores. She is the author of software security tools for detecting vulnerabilities in source code of applications, and a parser for PHP language. She has been participating in european projects, such as SEGRID and DiSIEM, national projects, such as SEAL, and involved in event organization.

Her research interests are concerned with software security, vulnerability detection, source code static analysis, runtime protection, machine learning, data mining, natural language processing, cyber threat intelligence, and security.



Publications

Journal Papers

  • Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Neves, Miguel Correia, Marco Vieira. Benchmarking Static Analysis Tools for Web Security. IEEE Transactions on Reliability, accepted for publication
  • Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Neves, Miguel Correia, Marco Vieira. An Empirical Study on Combining Diverse Static Analysis Tools for Web Security Vulnerabilities based on Development Scenarios. Computing, accepted for publication
  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining. IEEE Transactions on Reliability. styleVol. 65, No. 1, pages 54-69, March 2016. (journal)


Conference and Workshop Papers

2018

  • Ivo Vacas, Ibéria Medeiros, Nuno Neves. Detecting Network Threats using OSINT Knowledge-based IDS. In Proceedings of the European Dependable Computing Conference (EDCC), Sept. 2018.
  • Luís Sacramento, Ibéria Medeiros, João Bota, and Miguel Correia. FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data using Network Flows. In Proceedings of IEEE TrustCom, New York, EUA, Jul. 2018. (paper)
  • Henrique Mendes, Ibéria Medeiros and Nuno Neves. Validating and Securing DLMS/COSEM Implementations with the ValiDLMS Framework. In Proceedings of the Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS, with DSN 2018), Luxembourg, June 2018. (paper)

2017

  • Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Ferreira Neves, Miguel Correia, Marco Vieira. On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study. In Proceedings of the European Dependable Computing Conference (EDCC), Sept. 2017. (paper)
  • Ibéria Medeiros, Nuno Ferreira Neves, Miguel Beatriz, Miguel Correia. Demonstrating a Tool for Injection Attack Prevention in MySQL. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), Jun. 2017. (paper)

2016

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA), Saarbrücken, German, 12 pages, July 2016. (paper)
  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Equipping WAP with Weapons to Detect Vulnerabilities. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), Toulouse, France, 8 pages, June 2016 (paper)
  • Ibéria Medeiros, Miguel Beatriz, Nuno Neves, Miguel Correia. Hacking the DBMS to Prevent Injection Attacks. In Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY), New Orleans, EUA, 11 pages, March 2016 (paper)

2014

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. Proceedings of the 23rd International Conference on World Wide Web (WWW), Seoul, Korea, 11 pages, April 2014. (paper)(slides)

2013

  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Securing Energy Metering Software with Automatic Source Code Correction. Proceedings of the IEEE International Conference on Industrial Informatics (INDIN), Bochum, Germany, 6 pages, July 2013. (paper)(slides)


Short Papers

  • Roberto Ponte, Ibéria Medeiros, and Miguel Correia.Fuzzing Ethereum Smart Contracts (research statement). DSN Workshop on Byzantine Consensus and Resilient Blockchains (BCRB), Luxembourg, June 2018. (paper)
  • Ibéria Medeiros, Nuno Neves, Miguel Correia. Web Application Protection with the WAP tool (fast abstract). Proceedings of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'14), Atlanta, Georgia USA, June 2014. (paper)
  • Ibéria Medeiros, Miguel Correia. Finding Vulnerabilities in Software Ported from 32 to 64-bit CPUs (fast abstract). Proceedings of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'09), Estoril, Lisboa Portugal, June-July 2009. (paper)


National Conference Papers

  • Paulo Antunes, Ibéria Medeiros, Nuno Neves. Remoção Automática de Vulnerabilidades usando Análise Estática de Código Direcionada. Simpósio de Informática, INForum 2018, Coimbra, Portugal, Sept. 2018.
  • Rui Azevedo, Ibéria Medeiros, Alysson Bessani. Automated Solution for Enrichment and Quality IoC Creation from OSINT. Simpósio de Informática, INForum 2018, Coimbra, Portugal, Sept. 2018.
  • João Lopes, Ibéria Medeiros, Sérgio Sá. Infraestrutura de Chaves Públicas suportando Assinaturas na Cloud baseadas no eIDAS. Simpósio de Informática, INForum 2018, Coimbra, Portugal, Sept. 2018.
  • Ivo Vacas, Ibéria Medeiros. Geração Automática de Conhecimento para SDI extraído de OSINTs. Actas do 9º Simpósio de Informática, INForum 2017, Aveiro, Portugal, Oct. 2017. (paper)
  • Miguel Falé, Ibéria Medeiros, Nuno Neves. Resolução de Dependências Circulares em Inclusão de Código em Análise Estática de Código. Actas do 9º Simpósio de Informática, INForum 2017, Aveiro, Portugal, Oct. 2017. (paper)
  • Ibéria Medeiros, Miguel Correia. Detecção de Vulnerabilidades de Inteiros na Adaptação de Software de 32 para 64 bits. Actas da 3ª Conferência Nacional sobre Segurança nas Organizações (SINO). Lisboa, November 2007. (paper) (software)


Deliverables from Projects

  • DiSIEM project deliverable D6.1. Preliminary Architecture and Service Model of Infrastructure Enhancements. August 2017.


Thesis

  • Ibéria Medeiros. Detection of Vulnerabilities and Automatic Protection for Web Applications. PhD thesis. Faculty of Sciences of University of Lisboa, September 2016. (thesis)

  • Ibéria Medeiros. Detecção de Vulnerabilidades de Inteiros na Adaptação de Software de 32 para 64 bits. Master thesis of Master in Informatics. Faculty of Sciences of University of Lisboa, March 2008.


Projects

SEAL - SEcurity progrAmming of web appLications (Coordinator)
2018 - 2021

The SEAL project aims to make significant advances in security of web applications, developing the SEAL platform containing tools that implement secure programming in applications written in server-side programming languages (e.g., PHP and .NET). The platform will be constituted by three layers, namely, code representation, vulnerability detection, and code correction, where: an intermediate language able to represent server-side languages and secure code features will be defined; on this language, tools to perform code analysis to detect and identify vulnerabilities will be developed, employing code analysis and machine learning techniques; and a secure code layer to remove the vulnerabilities found automatically will be created. The SEAL platform, during its development and evaluation, will resort to use cases defined with the Maxdata enterprise, the market leader in software solutions to health services.


DiSIEM - Diversity Enhancements for SIEMs (Researcher)
2016 - 2019

The project aims to provide improvements to Security Information and Event Management (SIEM) systems based on diversity related technology. More specifically, the project wants to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.


SEGRID - Security for smart Electricity GRIDs (Researcher)
2014 - 2017

The project main objective is to enhance the protection of smart electrical grids against cyber-attacks. SEGRID does this by applying a risk management analysis approach to a number of smart grid use cases (the SEGRID use cases), which will define security requirements and determine gaps in current security technologies, standards and regulations. The identified gaps and the analysis itself will give input to the enhancement of risk assessment methodologies and the development of novel security measures for smart grids.


RC-Clouds - Resilient Computing in the Clouds (Researcher)
2011 - 2013

The objective of RC-Clouds is to improve the security and dependability of cloud computing services using Byzantine fault tolerance or intrusion tolerance.


MASSIF - MAnagement of Security information and events in Service InFrastructures (Researcher)
2010 - 2013

The main objective of MASSIF is to achieve a signicant advance in the area of Security Information and Event Management (SIEM). On the base of proper multi-level event correlation, MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring.
Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and performant event collection and processing framework, in the context of service-level attack models.



Software

WAP
Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP (version 4.0 or higher) with a low rate of false positives.

WAP detects and corrects the following vulnerabilities:
  • SQL Injection (SQLI)
  • Cross-site scripting (XSS)
  • Remote File Inclusion (RFI)
  • Local File Inclusion (LFI)
  • Directory Traversal or Path Traversal (DT/PT)
  • Source Code Disclosure (SCD)
  • OS Command Injection (OSCI)
  • PHP Code Injection

WAP is an OWASP project
OWASP


Septic
SEPTIC - SElf-Protection daTabases preventIng attaCks

SEPTIC is a mechanism put inside of the DBMS to protect in runtime any application that use the databases, detecting and blocking injection attacks, such as SQL injection and stored injection (e.g., stored XSS) attacks. It also solves the semantic mismatch between server-side language and DBMS, which is the difference of interpretation between how the queries are believed to be executed by the DBMS and how they are actually executed. This means that SEPTIC protects applications against the semantic mismatch exploitation attacks, i.e., attacks that circumventing with success some forms of protection, such as web application firewalls solutions and sanitization functions present in source code of applications.



Dekant
DEKANT - hidDEn marKov model diAgNosing vulnerabiliTies

DEKANT is a source code static analysis tool inspired in natural language processing that learns to recognize vulnerabilities in web applications using a hidden Markov model (HMM). It uses a sequence model for learning to characterize vulnerabilities, and then uses a HMM to classify code elements of source code, taking into account the order of code elements inside the source code.



PHP parser
PHP Parser

PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis.



Deeep
Detector of integEr vulnerabilitiEs in softwarE Portability

DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of applications from ILP32 to LP64.



Students

PhD

  • Paulo Antunes, Web application Security (Co-advised with Nuno Neves)
  • Adriano Serckumecka, Low-cost Serverless SIEM in the Cloud (Co-advised with Alysson Bessani)
  • Miguel Morelli, TBD


Master

  • Ricardo Morgado, Invalidating web applications attacks by employing the right secure code (Co-advised with Nuno Neves)
  • Francisco Araújo, Generating software tests to check for flaws and functionalities (Co-advised with Nuno Neves)
  • Miguel Moreira, Enforcing security from the bottom-up (Co-advised with Francisco Martins, Uac)
  • Cláudio Martins, Processing Cyber threat intelligence to enhance the SIEM's capabilities in avoiding threats (Co-advised with Alysson Bessani)
  • Bruno Lourenço, Detection of Web Applications Through Web development Platforms (Co-advised with Nuno Neves)
  • Ana Fidalgo, Detecting vulnerabilities leveraring from machine learning techniques (Co-advised with Nuno Neves)
  • Diogo Sousa, A single language to serve different programming languages (Co-advised with Nuno Neves)
  • Pedro Gaspar, Processing netflows for intrusion detection
  • Rui Azevedo, Secure SIEM using OSINT for avoiding threats (Co-advised with Alysson Bessani)
  • Roberto Ponte, Blockchain Software Security (Co-advised with Miguel Correia, INESC-ID/IST)
  • João Lopes, Public Key Infrastructure supporting eIDAS based Cloud Signatures (Co-advised with Sérgio Sá, Ernst & Young)


Past

  • Paulo Antunes, Monitoring Web Applications for Vulnerability Discovery and Removal Under Attack, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, October 2018. (Co-advised with Nuno Neves)
  • Rui Calado, Auditoria Contínua e os Incidentes de Segurança, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, October 2018. (Co-advised with Artur Martins, Layer8)
  • Anabela Borges, Whitebox Fuzzing for Web Application Security, Mestrado em Engenharia Informática e de Computadores, Departamento de Engenharia Informática, Instituto Superior Técnico da Universidade de Lisboa, June 2018. (Co-advised with Miguel Correia)
  • Henrique Mendes, Security Auditing of a DLMS/COSEM Smart Grid Communication Protocol Implementation, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, April 2018. (Co-advised with Nuno Neves) (thesis)
  • Miguel Falé, Improving Vulnerability Detection of WAP, Mestrado em Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, December 2017. (Co-advised with Nuno Neves) (thesis)
  • Ivo Vacas, Geração Automática de Conhecimento para SDI extraído de OSINTs, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Sept. 2017. (Co-advised with Carlos Ribeiro, Reitoria ULisboa) (thesis)



Talks

2018

  • Detecting Network Threats using OSINT Knowledge-based IDS. Conference on European Dependable Computing Conference (EDCC), Iasi, Romania, September 2018.
  • FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data using Network Flows. Conference on IEEE TrustCom, New York, EUA, Jul. 2018.
  • Validating and Securing DLMS/COSEM Implementations with the ValiDLMS Framework. Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS), Luxembourg, June 2018.
  • Detecting Web Application Vulnerabilities using Fuzzing and Symbolic Execution. DINavtalk, FCUL. March 2018.
  • Building a SIEM in the Cloud. IFIP WG 10.4 Meeting, Goa, India, January 2018.

2017

  • Detection of Vulnerabilities broken by Circular Dependencies in Static Analysis. IFIP WG 10.4 Meeting, Denver, EUA, June 2017.
  • Demonstrating a Tool for Injection Attack Prevention in MySQL. Conference on Dependable Systems and Networks (DSN), Denver, EUA, June 2017.
  • Avoiding Vulnerabilities by Application of Software Security. Lecture of Software Security on ParIS (Intensive Study Program). Luxembourg, April 2017.
  • Detecting Vulnerabilities and Protecting Web Applications. DI-Talk. Março 2017.

2016

  • Attacks, you shall not pass! SEPTIC will not avail you. DI-Navtalk, FCUL. December 2016.
  • DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities. Symposium on Software Testing and Analysis (ISSTA). Saarbrücken, Germany, July 2016.
  • Equipping WAP with Weapons to Detect Vulnerabilities. Conference on Dependable Systems and Networks (DSN). Toulouse, France, June 2016.
  • Hacking the DBMS to Prevent Injection Attacks. Conference on Data and Applications Security and Privacy (CODASPY). New Orleans, EUA, March 2016.

2015

  • Web Application Protection. ParIS – Intensive Study Program. University of Luxembourg, March 2015.
  • Web Application Protection. SECURITY_!3V3NTZ#, ACM Student Chapter, ISCTE-IUL, March 2015.
  • Hacking a DBMS to Avoid SQL Injection. Doctoral Seminar, FCUL, March 2015.
  • Challenges to Security and Privacy of the Things in the Internet. 1º Seminário sobre Internet of Things - Açores. Janeiro 2015. (pt presentation)

2014

  • Detection of Web Application Vulnerabilities using Sequence Models. DI-Smalltalk, FCUL. December 2014.
  • Data Protection in the Age of Information Technologies. 13º Encontro Regional da BAD. November 2014. (pt presentation)
  • Hybrid Methods to Detect and Correct Web Application Vulnerabilities Automatically. Doctoral Seminar, FCUL, May 2014.
  • Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. World Wide Web (WWW) Conference. Seoul, Korea, April 2014.
  • Information Security: How and Why? Segurança da Informação e Direitos de Autor em Contexto Digital. Açores. April 2014. (pt presentation)
  • Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. Navigators Navtalk, FCUL, March 2014.
  • Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. INESC-ID Seminar, INESC-ID, March 2014.

2013

  • Securing Energy Metering Software with Automatic Source Code Correction. 11th IEEE International Conference on Industrial Informatics (INDIN), Bochum, Germany, July 2013.
  • Software in the Cloud: Challenges to Security. 1º Workshop on Cloud Computing - Açores. April 2013.

2012

  • Is the Code You Develop Secure? Software Engineering Seminar - UAc, Nov. 2012.

2009

  • As Tecnologias no Ensino versus o Ensino da Informática. Colóquio de Didácticas – No Caminho das Didćticas: Saberes, Experiências e Inovação. Universidade dos Açores. Março 2009.

2008

  • Detecção de Vulnerabilidades de Inteiros na Adaptação de Software de 32 para 64 bits. Master Thesis. March 2008.



Teaching

FCUL, courses of the master in Security, Computer Engineering, and Informatic

  • Software Security / Secure Software Systems
  • Applied Security / Security Technologies

FCUL, courses of the bachelor in Informatic Technologies, and Computer Engineering

  • Security and Dependability - TP
  • Distributed Systems - TP
  • Distributed Applications - TP, PL
  • Introduction to Computer Architectures - TP

UAç, courses of the bachelor in Informatic: Network and Multimedia and Pos-graduation in Informatics

  • Security and Network Management
  • Distributed Systems
  • Operating Systems
  • Network and System Adminstration