Author: admin

24th of July at 16h00, Paulo Carvalho will give a presentation entitled“Dependability Challenges in Digital Health” 
Location: G4.1

Bio
Paulo de Carvalho holds a PhD in Informatics Engineering (2002) and a Full Professor position at the University of Coimbra. He is a co-founder of the Health Informatics Lab at CISUC. His main research interests are bio-signal processing, feature engineering and intelligent algorithms for medical applications. He has published approx. 300 papers in scientific journals and conferences with over 4000 known citations. He was the coordinator for several national and EU projects in Digital Health. He currently is the coordinator of the Digital Health Division of the International Federation of Medical and Biological Engineering, an Associate Editor of the IEEE International Journal on Biomedical and Health Informatics and the Vice-President of the Ethics Committee at the University of Coimbra. 

Abstract
The broad scope of digital health includes categories such as mobile health (mHealth), health information technology (IT), wearable devices, telehealth and telemedicine, and personalized medicine. These tools are absolutely instrumental in order to provide the much-needed support in today’s social challenges related to chronic diseases and population ageing. In this talk we will discuss some dependability related challenges in digital health as well as some ideas how digital health technology might assist research in dependability. We will start with a short overview of the social and medical context faced in today’s societies as well as an overview of some of the solutions developed inside the Health Informatics Lab. This will serve as the context to introduce and discuss some relevant dependability issues raised by big data/open data spaces requirements, intelligent systems where the human is part of the loop and certification processes. 

• 

3rd of July at 16h30, Diego Gomes and Eduardo Felix  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Diego Gomes – “Vulnerabilities Detection in IoT Gateways Source Code”
Bio
Diego Ribeiro Gomes is a Ph.D. student in the Department of Informatics Engineering at the University of Coimbra. He holds a Bachelor’s degree in Computer Networks and a Master’s degree in Applied Informatics from UFRPE, with a focus on evaluating security requirements in the Internet of Things (IoT). Currently, he is involved in a project on static analysis in IoT, aiming to identify vulnerabilities and enhance the security of IoT systems. His research interests include Information Security, Cybersecurity, and the Internet of Things (IoT).
Abstract
The growth of the Internet of Things (IoT) has brought significant advancements across various industry sectors. Simultaneously, security concerns have also escalated due to the IoT expansion. Cyber-attacks target numerous IoT devices due to firmware, source code, and software vulnerabilities. In this context, static analysis integrates techniques such as taint, syntax, flow, semantics, and graph analysis to detect vulnerabilities without executing the code. However, studies indicate that these techniques have specific limitations in identifying vulnerabilities highlighted by OWASP, a recognized authority for its expertise in identifying significant threats in the community. This project aims to propose a solution based on static analysis techniques to enhance the detection of vulnerabilities highlighted in OWASP’s Top 10 in the source code of IoT gateways. 

Eduardo Felix – “Dynamic Security Evaluation of Smart Home Devices”
Bio
Eduardo Ferreira Felix holds a bachelor’s degree in Computer Science from the Federal Rural University of Pernambuco (UFRPE – Academic Unit of Garanhuns), completing his undergraduate studies in 2018. Subsequently, he obtained a Master’s degree in Applied Informatics from the same institution in Recife, completing his master’s degree in 2022. He is pursuing his Ph.D. and is a researcher at the Department of Informatics Engineering at the University of Coimbra, Portugal. His main research interests include topics such as information security, cybersecurity, and the Internet of Things.
Abstract
The continuous advancement of the Internet of Things (IoT) brings substantial security challenges, demanding approaches that ensure the integrity and confidentiality of interconnected devices. However, safeguarding these devices becomes a challenging task, calling for adaptable security solutions tailored to the distinctive attributes of these devices and the environments in which they operate. This project aims to propose a solution for the dynamic analysis of IoT device security in the context of smart homes, aiming to identify and analyze vulnerabilities listed in the OWASP Top 10 IoT reference. To accomplish this, we will explore techniques, methods, and approaches based on dynamic analysis for vulnerability detection.Our goal is to consider the distinctive characteristics of smart homes and the diversity of IoT devices, ensuring effectiveness in vulnerabilitydetection. 

• 

• 

• 

19th of June at 16h00, Ibéria Medeiros will give a presentation entitled“Software inSecurity: Attack, Detection and Correction of Vulnerabilities” 
Location: G4.1

Bio
Ibéria Medeiros is an Associate Professor in the Department of Informatics, at the Faculty of Sciences of the University of Lisboa, and an integrated researcher of LASIGE. She holds a PhD degree in Computer Science and a MSc degree in Informatics both at the Faculty of Sciences of the University of Lisboa. She has been involved in international and national research projects related to cybersecurity, among them SEAL, XIVT, DiSIEM, SEGRID, and she has more than 50 publications. Her main research focuses on software security, including detection and correction of vulnerabilities, in the context of web and stand-alone applications, and machine learning applied for cybersecurity. More information about her at http://www.di.fc.ul.pt/~imedeiros/

Abstract
The growing use of the web and embedded system products has led to a rise in cyber attacks exploiting software vulnerabilities, thereby causing significant damage to companies and individuals. Although there are many mechanisms to protect network infrastructures and computer systems, such as firewalls, intrusion detection and prevention systems (IDS and IPS), malicious threats are still a constant concern, which a significant amount of malicious activities is caused by vulnerabilities existent in software. 

In this talk, I will present an overview of the causes of the appearance and persistence of software vulnerabilities, the work I have been done to detect and correct them and the challenges that have arisen.

• 

• 

22nd of May at 16h00, Frederico Cerveira will give a presentation entitled“Virtualization and the future” 
Location: G4.1

Bio
Frederico Cerveira is an invited Assistant Professor at University of Coimbra, where he teaches the Compilers, Operating Systems and Software Quality courses. Frederico’s PhD thesis dealt with cloud computing, virtualization and fault tolerance approaches for virtualized systems. He is also interested in fault injection, software testing, dependable automotive systems and failure prediction.

Abstract
Virtualization is now an established technology with prominent use in cloud computing and a few other smaller fields. The ability to consolidate multiple software applications over a single piece of hardware is raising interest in a number of fields, where adoption can be expected in the near to medium future. This talk addresses the areas where virtualization can prove to be useful, lists the challenges behind ensuring resilient virtualization and proposes possible approaches to address these challenges.

• 

• 

8th of May at 16h00, Fatima Mattiello will give a presentation entitled“Space system engineering challenges and research contributions to the ADVANCE project” 

Bio
Fatima Mattiello has a PhD in Electronics and Computer Engineering – ITA, Master Science in Electronics and Telecommunication – INPE, and Bachelor in Computer Science – ICMC/USP. Space system engineer at the Brazilian Institute for Space Research (INPE), with more than 25-years experience in space projects – small satellites and Cubesat-based nanosatellites.  Docent at INPE´s Graduate Program in Space Engineering and Technology, her research topics of interest are model-based system engineering, verification, validation and testing of software-intensive space systems and concept of operation of space systems. Head of INPE´s Teaching, Research and Capacity Building Coordination (COEPE). Currently, senior researcher on mission at University of Coimbra for the ADVANCE (Addressing Verification and Validation Challenges in Future Cyber-Physical Systems) project, EU-call H2020-MSCA-RISE-2018.

• 

• 

• 

• 

• 

• 

• 

24th of April at 16h00, José D’Abruzzo Pereira will give a presentation entitled“A Model-Driven Approach for the Management and Enforcement of Coding Conventions” 

Bio
José D’Abruzzo Pereira holds a Ph.D. in Informatics Engineering from the University of Coimbra (UC), is currently an Invited Assistant Professor at the University of Coimbra, and a member of the Software and System Engineering (SSE) group at CISUC. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, and self-adaptive systems. He received a MSc in Information Technology and Software Engineering from the University of Coimbra and Carnegie Mellon University and a BSc. in Computer Science from the State University of Campinas – Brazil (Unicamp). He is also acting as a professor in the Specialization in Software Engineering at the State University of Campinas – Brazil (Unicamp).

Abstract
Coding conventions are a means to improve the reliability of software systems, and they are especially useful to avoid the introduction of known bugs or security flaws. However, coding rules typically come in the form of text written in natural language, which makes them hard to manage and to enforce. Furthermore, relevant rules may depend from the context in which a certain software is deployed, and they may also evolve over time following the discovery of new vulnerabilities or the introduction of new language features. In this talk, we present an approach for the management and enforcement of coding conventions using structured models. We define the Coding Conventions Specification Language (CCSL), a language to define coding rules as structured specifications, from which checkers are derived automatically by code generation. To evaluate our approach, we run a thorough experiment on 8 real open-source projects and 77 coding rules for the Java language, comparing the violations identified by our checkers with those reported by the PMD static analysis tool. The obtained results are promising and confirm the feasibility of the approach. The experiment also revealed that textual coding rules rarely document all the necessary information to write a reliable checker.

• 

•