[Talk Ideas] – 3rd of July 2024 16h30, Diego Gomes and Eduardo Felix

3rd of July at 16h30, Diego Gomes and Eduardo Felix  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Diego Gomes – “Vulnerabilities Detection in IoT Gateways Source Code”
Bio
Diego Ribeiro Gomes is a Ph.D. student in the Department of Informatics Engineering at the University of Coimbra. He holds a Bachelor’s degree in Computer Networks and a Master’s degree in Applied Informatics from UFRPE, with a focus on evaluating security requirements in the Internet of Things (IoT). Currently, he is involved in a project on static analysis in IoT, aiming to identify vulnerabilities and enhance the security of IoT systems. His research interests include Information Security, Cybersecurity, and the Internet of Things (IoT).
Abstract
The growth of the Internet of Things (IoT) has brought significant advancements across various industry sectors. Simultaneously, security concerns have also escalated due to the IoT expansion. Cyber-attacks target numerous IoT devices due to firmware, source code, and software vulnerabilities. In this context, static analysis integrates techniques such as taint, syntax, flow, semantics, and graph analysis to detect vulnerabilities without executing the code. However, studies indicate that these techniques have specific limitations in identifying vulnerabilities highlighted by OWASP, a recognized authority for its expertise in identifying significant threats in the community. This project aims to propose a solution based on static analysis techniques to enhance the detection of vulnerabilities highlighted in OWASP’s Top 10 in the source code of IoT gateways. 

Eduardo Felix – “Dynamic Security Evaluation of Smart Home Devices”
Bio

Eduardo Ferreira Felix holds a bachelor’s degree in Computer Science from the Federal Rural University of Pernambuco (UFRPE – Academic Unit of Garanhuns), completing his undergraduate studies in 2018. Subsequently, he obtained a Master’s degree in Applied Informatics from the same institution in Recife, completing his master’s degree in 2022. He is pursuing his Ph.D. and is a researcher at the Department of Informatics Engineering at the University of Coimbra, Portugal. His main research interests include topics such as information security, cybersecurity, and the Internet of Things.
Abstract
The continuous advancement of the Internet of Things (IoT) brings substantial security challenges, demanding approaches that ensure the integrity and confidentiality of interconnected devices. However, safeguarding these devices becomes a challenging task, calling for adaptable security solutions tailored to the distinctive attributes of these devices and the environments in which they operate. This project aims to propose a solution for the dynamic analysis of IoT device security in the context of smart homes, aiming to identify and analyze vulnerabilities listed in the OWASP Top 10 IoT reference. To accomplish this, we will explore techniques, methods, and approaches based on dynamic analysis for vulnerability detection.Our goal is to consider the distinctive characteristics of smart homes and the diversity of IoT devices, ensuring effectiveness in vulnerabilitydetection. 

[Talk Ideas] – 19th of June 2024, Ibéria Medeiros (University of Lisbon)

19th of June at 16h00, Ibéria Medeiros will give a presentation entitled“Software inSecurity: Attack, Detection and Correction of Vulnerabilities” 
Location: G4.1


Bio

Ibéria Medeiros is an Associate Professor in the Department of Informatics, at the Faculty of Sciences of the University of Lisboa, and an integrated researcher of LASIGE. She holds a PhD degree in Computer Science and a MSc degree in Informatics both at the Faculty of Sciences of the University of Lisboa. She has been involved in international and national research projects related to cybersecurity, among them SEAL, XIVT, DiSIEM, SEGRID, and she has more than 50 publications. Her main research focuses on software security, including detection and correction of vulnerabilities, in the context of web and stand-alone applications, and machine learning applied for cybersecurity. More information about her at http://www.di.fc.ul.pt/~imedeiros/

Abstract
The growing use of the web and embedded system products has led to a rise in cyber attacks exploiting software vulnerabilities, thereby causing significant damage to companies and individuals. Although there are many mechanisms to protect network infrastructures and computer systems, such as firewalls, intrusion detection and prevention systems (IDS and IPS), malicious threats are still a constant concern, which a significant amount of malicious activities is caused by vulnerabilities existent in software. 

In this talk, I will present an overview of the causes of the appearance and persistence of software vulnerabilities, the work I have been done to detect and correct them and the challenges that have arisen.

[Conference] – LADC 2024

The Latin-American Symposium on Dependable and Secure Computing (LADC) is the major event on computer system dependability and Secure Computing in Latin America. LADC 2024 will feature technical sessions, workshops, tutorials, fast abstracts, keynote talks from international experts in the area, and an industrial track. The symposium’s scope includes recent research results on software and system dependability.

LADC 2024 will be held co-located with SBESC 2024 (Brazilian Symposium on Computing Systems Engineering) in Recife, Brazil, from November 26-29.

In 2024, SSE member Nuno Laranjeiro acted as Program Committee co-chair.

[Conference] – SRDS 2024

The 43rd International Symposium on Reliable Distributed Systems (SRDS 2024) is a forum for researchers and practitioners interested in distributed systems design, development and evaluation, with an emphasis on reliability, availability, safety, dependability, security, verification, and real-time aspects.

In 2024, SSE member Marco Vieira acted as Organizing Committee co-chair.

[Talk Ideas] – 22nd of May 2024, Frederico Cerveira

22nd of May at 16h00, Frederico Cerveira will give a presentation entitled“Virtualization and the future” 
Location: G4.1


Bio

Frederico Cerveira is an invited Assistant Professor at University of Coimbra, where he teaches the Compilers, Operating Systems and Software Quality courses. Frederico’s PhD thesis dealt with cloud computing, virtualization and fault tolerance approaches for virtualized systems. He is also interested in fault injection, software testing, dependable automotive systems and failure prediction.

Abstract
Virtualization is now an established technology with prominent use in cloud computing and a few other smaller fields. The ability to consolidate multiple software applications over a single piece of hardware is raising interest in a number of fields, where adoption can be expected in the near to medium future. This talk addresses the areas where virtualization can prove to be useful, lists the challenges behind ensuring resilient virtualization and proposes possible approaches to address these challenges.

[Talk Ideas] – 8th of May 2024, Fatima Mattiello

8th of May at 16h00, Fatima Mattiello will give a presentation entitled“Space system engineering challenges and research contributions to the ADVANCE project” 

Bio
Fatima Mattiello has a PhD in Electronics and Computer Engineering – ITA, Master Science in Electronics and Telecommunication – INPE, and Bachelor in Computer Science – ICMC/USP. Space system engineer at the Brazilian Institute for Space Research (INPE), with more than 25-years experience in space projects – small satellites and Cubesat-based nanosatellites.  Docent at INPE´s Graduate Program in Space Engineering and Technology, her research topics of interest are model-based system engineering, verification, validation and testing of software-intensive space systems and concept of operation of space systems. Head of INPE´s Teaching, Research and Capacity Building Coordination (COEPE). Currently, senior researcher on mission at University of Coimbra for the ADVANCE (Addressing Verification and Validation Challenges in Future Cyber-Physical Systems) project, EU-call H2020-MSCA-RISE-2018.

[Talk Ideas] – 24th of April 2024, José D’Abruzzo Pereira

24th of April at 16h00, José D’Abruzzo Pereira will give a presentation entitled“A Model-Driven Approach for the Management and Enforcement of Coding Conventions” 

Bio
José D’Abruzzo Pereira holds a Ph.D. in Informatics Engineering from the University of Coimbra (UC), is currently an Invited Assistant Professor at the University of Coimbra, and a member of the Software and System Engineering (SSE) group at CISUC. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, and self-adaptive systems. He received a MSc in Information Technology and Software Engineering from the University of Coimbra and Carnegie Mellon University and a BSc. in Computer Science from the State University of Campinas – Brazil (Unicamp). He is also acting as a professor in the Specialization in Software Engineering at the State University of Campinas – Brazil (Unicamp).


Abstract
Coding conventions are a means to improve the reliability of software systems, and they are especially useful to avoid the introduction of known bugs or security flaws. However, coding rules typically come in the form of text written in natural language, which makes them hard to manage and to enforce. Furthermore, relevant rules may depend from the context in which a certain software is deployed, and they may also evolve over time following the discovery of new vulnerabilities or the introduction of new language features. In this talk, we present an approach for the management and enforcement of coding conventions using structured models. We define the Coding Conventions Specification Language (CCSL), a language to define coding rules as structured specifications, from which checkers are derived automatically by code generation. To evaluate our approach, we run a thorough experiment on 8 real open-source projects and 77 coding rules for the Java language, comparing the violations identified by our checkers with those reported by the PMD static analysis tool. The obtained results are promising and confirm the feasibility of the approach. The experiment also revealed that textual coding rules rarely document all the necessary information to write a reliable checker.

[Talk Ideas][Extra] – 12th of April 2024, Patricio Pelliccione (Gran Sasso Science Institute)

12th of April at 16h00, Patrizio Pelliccione will give an extra presentation entitled“Democratizing the use of robots” 
Location: G4.1

Bio
Patrizio Pelliccione is a Professor in Computer Science at Gran Sasso Science Institute (GSSI, Italy). Patrizio is also adjunct professor at the University of Bergen in Norway. His research topics are mainly in software engineering, software architecture modeling and verification, autonomous systems, and formal methods. He received his PhD in computer science from the University of L’Aquila (Italy). Thereafter, he worked as a senior researcher at the University of Luxembourg in Luxembourg, then assistant professor at the University of L’Aquila in Italy, then Associate Professor at both Chalmers | University of Gothenburg in Sweden and University of L’Aquila.He has been on the organization and program committees for several top conferences and he is a reviewer for top journals in the software engineering domain. He is very active in European and National projects. In his research activity, he has collaborated with several companies. More information is available at http://patriziopelliccione.com.


Abstract
Autonomous systems and robots promise to facilitate a myriad of tasks of everyday life. Software engineering is called to play a key role in making robotic research pervasive and ubiquitous and in democratizing the use of robots in everyday-life scenarios. There is the need of rethinking the development processes, as well as the architecting, designing and integration of robotic software. In this talk, I will describe our experience in making robots accessible to people with expertise neither in ICT nor in robotics. Specifically, I will describe our solutions to enable the specification of complex missions for multi-robots in a user-friendly but still accurate and unambiguous way. I will close the talk with a view of future research and development directions.

[Talk Ideas] – 10th of April 2024, Omid Asghari and Jiawei Wang

10th of April at 16h00, Omid Asghari and Jiawei Wang  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Omid Asghari – “Sensitivity Analysis of Safety Metrics for Monitoring UAV Operations in U-Space”
Bio
Omid is a third-year Ph.D. candidate at the University of Coimbra. He earned his Bachelor’s degree in Computer Engineering – Software from the University of Kurdistan and his master’s degree from the Islamic Azad University, Science and Research Branch in Tehran. During his master’s program, he gained practical experience in the industry as a software developer and application security specialist for six years. Omid’s research interests primarily focus on U-Space safety assessment and the integration of analytical safety assessments with experimentation.
Abstract
In recent years, UAVs have increasingly been utilized in urban environments due to their agility in movement, mechanical simplicity, affordability, and capacity to access locations that are challenging or impossible for humans to reach. With a significant number of drones expected to operate in urban airspace soon, enhancing safety through monitoring drone operations in U-space is essential. To achieve this monitoring, several safety metrics need to be calculated as measurement units.The goal of this research is to monitor drone operations in U-space and calculate UAV operation risks by conducting sensitivity analyses on various safety metrics. This involves assessing the impact of different parameters on these metrics.

Jiawei Wang – “AI-based Safety-critical Components”
Bio
Jiawei Wang is a Ph.D. student at CISUC, University of Coimbra. She received her master’s degree in Software Engineering from Beijing Institute of Technology, China, in 2020, with a specialization in Machine Learning applied to perception tasks. Under the supervision of Prof. João Campos, her current research is centered on characterizing and improving safety of AI-based components by addressing biases between data in training and deployment phases.
Abstract
Artificial intelligence (AI) has become indispensable in safety-critical applications because of its exceptional performance. However, the inherent “black-box” nature often leads to incidents resulting in loss of property and lives. While AI’s capability to autonomously learn from big data surpasses traditional algorithms, the quality of the dataset sets the upper limit on model performance. Dataset bias has remained a persistent challenge in machine learning (ML) since its start. Contemporary approaches such as data augmentation offer some mitigation against bias effects. While achieving comparable performance on data distinct from the training set remains challenging. In our work, we aim to enhance AI safety by identifying, transferring, and mitigating dataset-related biases. In particular, we will consider AI used in the perception components. Our preliminary results reveal there exist distinct dataset-related patterns across various image datasets for pedestrian classification task. Our next step is designing experiments to overcome the influence caused by dataset bias using the ideas from Generative Adversarial Networks (GANs).