Author: admin

29th of March, at 16h00, Gabriel Campos will give a presentation entitled“Towards safe autonomous driving” 
Location: G4.1  (speaker will be remote)

Bio
Gabriel R. Campos is a Technical Expert on Precautionary Safety and Research Manager at Zenseact, where he works on safe planning and decision making for ADAS and AD systems. With a background on control theory, his research interests include safety assurance, behavioural prediction and threat-assessment and decision-making techniques. He has driven and participated to several production and research projects on robotic and autonomous vehicles topics, with a particular emphasis on safety critical systems and collision avoidance techniques. He received his Ph.D. in Automatic Control in 2012 from Grenoble University/Grenoble INP, France. Prior to joining the Zenseact, he was a visiting researcher at KTH, Sweden, as well as a postdoctoral fellow with the Department of Signals and Systems, Chalmers University of Technology, Sweden and the DEIB, Politecnico di Milano, Italy.

Abstract
This talk will focus on Zenseact’s journey towards safe automation solutions. We will provide an overview of our technology and  development platform, and describe some of our concepts and visions regarding the development of autonomous vehicles. We will also provide an overview of our research activities and bring forward some challenges and future research avenues.

8th of March at 16h00, Gonçalo Carvalho and José Pereira will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Gonçalo Carvalho – “From the ER+ conceptual model to its logical model” 
Bio
Gonçalo Carvalho has a background in Geography and after a change of field is currently doing his Ph.D. research in Data models for multi-layer systems. His major research interests are in the areas of databases, distributed systems, edge computing, cyber-physical systems, and green computing.

Abstract
Distributed databases and data transformation mechanisms are remarkably relevant for Business Intelligence and Data Analytics. The Entity-Relational (ER) model is fundamental for modeling complex enterprise systems, but has shortcomings. ER+ tackled the representation of multiple database locations and conceptually expressed data transportation and data transformation operations, such as aggregate and line functions, which are standard for data analytics. The new ER+ concepts need a logical representation, which we will introduce in this talk. 

José Pereira – “On the Use of Deep Graph CNN to Detect Vulnerable C Functions and Function Prioritization Techniques” 
Bio
José D’Abruzzo Pereira is a Ph.D. student in Informatics Engineering at the University of Coimbra (UC) and a member of the Software and System Engineering (SSE) group at CISUC. His research interests include security and vulnerability detection, static code analysis, software project management, software quality, and self-adaptive systems. He received a MSc in Information Technology and Software Engineering from the University of Coimbra and Carnegie Mellon University and a BSc. in Computer Science from the State University of Campinas – Brazil (Unicamp). He is also acting as a professor in the Specialization in Software Engineering at the State University of Campinas – Brazil (Unicamp) and as an Invited Assistant Professor at the University of Coimbra.

Abstract
Software vulnerabilities are a problem in most software systems. If left unchecked, they can be exploited by malicious third parties to compromise the system, which can result in hazardous consequences. Over the years, several techniques have been proposed to tackle the problem of automatically detecting vulnerabilities. However, despite the efforts, they usually issue many false alarms, which create a large overhead for the development team to analyze them. In this work, we study the viability of using a static technique (developed initially to classify classes of malware) to detect vulnerable C functions. This technique uses the Control Flow Graph (CFG) of the functions, features related to the structure of the graph, and the code sequence. Different from the malware classification problem, we also extract memory management-related features. A Deep Graph Convolutional Neural Network (DGCNN) processes all of the features. To do that, we use vulnerable and non-vulnerable functions of the open-source Linux Kernel project. Results show that a high recall can be obtained using this approach at the cost of low precision. At this point, a new prioritization mechanism is under development, and it uses Quality Models (QMs) to rank the functions. In addition, a security expert classification will help validate the prioritization mechanism.

22nd of February, at 16h00, Henrique Madeira will give a presentation entitled“How neuroscience and artificial intelligence are radically changing the software engineering field: two examples of new tools” 
Location: G4.1

Bio
Henrique Madeira is full professor at the University of Coimbra, where he has been involved in the research on dependable computing since 1989. His main research interests focus on experimental evaluation of dependable computing systems, including security evaluation and benchmarking, fault injection techniques and error detection mechanisms. His recent research projects involve two research directions: a) Assured AI, focusing on providing safety and security guaranties in critical applications that use AI and b) human factors in software engineering, particularly on the use of biometrics to improve software quality. He has coordinated or participated in dozens of projects and was the Vice-Chair of the IFIP Working Group 10.4 Special Interest Group (SIG) on Dependability Benchmarking. Henrique Madeira has served as Head of the Department of Informatics Engineering at University of Coimbra from 2002-2004, President of the Centre for Informatics and Systems of University of Coimbra from 2006-2008, and Head of the Scientific Council of the Department of Informatics Engineering at University of Coimbra from 2005-2006. Henrique Madeira was a founding member of the spin-off company Critical Software SA.

Abstract
Software development is an intellectually demanding task. The high complexity of software, particularly code complexity, is traditionally considered the main contributing factor to software reliability issues. Complex code is hard to test, difficult to comprehend by programmers, and hence difficult to maintain. The result is that software defects (i.e., bugs) persist a the most enduring and hard to solve problem of the software industry. Unreliable software represents a huge cost for the society.
Since software bugs are the result of human errors, a recent research trend has emerged using neuroscience to identify the brain mechanisms involved in software error making/discovery, and the correlated psychophysiological manifestations that can be captured by wearable and non-intrusive devices (e.g., bracelets and smart watches). This has the potential to create a radically new neuroscience-enabled technology to assist software developers with the identification of conditions that may cause programmers making software faults or bugs escaping to human attention. Although this research line is relatively new, the number of works in recent year has exploded.
This talk addresses the recent advances in this interdisciplinary area and describes some of the most recent experimental results and corresponding neuroscience-enabled tools that can help software programmers to reduce the number of bugs in software products.

8th of February at 16h00, Horácio França and Iury Araujo  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Horácio França – “Using Machine Learning to Identify Security Bugs in Issue Reports” 

Bio
Horácio has a bachelor’s degree in Computer Science and a master’s degree in Systems and Computer Engineering from the Federal University of Rio de Janeiro. His research interests include Artificial Intelligence, Cyber Security and the intersection of those subjects.

Abstract
Bug trackers are useful tools for developers to identify issues in their software, however, depending on how many reports are being submitted it may become hard to prioritize what to tackle first. Security issues being reported in this manner need to be identified rapidly for two reasons: Firstly, they need to be addressed in the software as quickly as possible, and secondly because a public issue report about a security bug could inform malicious actors of the existence of an exploitable vulnerability. We are currently developing Machine Learning models to identify issue reports containing security bugs and comparing the effects of dataset rebalancing strategies in their training.

Iury Araujo – “Improving System Call Representation for Cybersecurity Models” 

Bio
Iury Araujo has been a PhD student in Informatics Engineering at the University of Coimbra since 2020. He completed his Master’s degree in Informatics in 2019 and his Bachelor in Computer Science in 2016 at the Federal University of Paraíba. His expertise includes machine learning, internet of things focusing on social objects and intelligent transportation systems, security systems, and intrusion detection. His PhD thesis is focused on detecting intrusions in microservice-based systems using machine learning techniques.

Abstract
Many cybersecurity researchers use system calls as data to evaluate any harmful actions towards the normal execution of systems caused by internal or external factors. As methods evolve is necessary to improve how system calls and their interactions can be represented. Simple numeric representations or dictionaries cannot convey relationships between system calls. This work presents a study to improve the system call representation in three steps. First, proposing the classification of system calls into classes and subclasses. Followed by creating a graph representation for the classified system calls as nodes and establishing relationships as edges. Finally, we performed two validations to verify our propositions and minimize the effects of the subjectivity of researchers.