Software and Systems Engineering (SSE)
Centre for Informatics and Systems (CISUC)
CISUC congratulates and wishes all the success to Matheus Torquato for completing his PhD Thesis “Models for Availability and Security Evaluation of Time-based Virtual Machine Migration as Moving Target Defense”.
24th of July at 16h00, Paulo Carvalho will give a presentation entitled“Dependability Challenges in Digital Health”
Location: G4.1
Bio
Paulo de Carvalho holds a PhD in Informatics Engineering (2002) and a Full Professor position at the University of Coimbra. He is a co-founder of the Health Informatics Lab at CISUC. His main research interests are bio-signal processing, feature engineering and intelligent algorithms for medical applications. He has published approx. 300 papers in scientific journals and conferences with over 4000 known citations. He was the coordinator for several national and EU projects in Digital Health. He currently is the coordinator of the Digital Health Division of the International Federation of Medical and Biological Engineering, an Associate Editor of the IEEE International Journal on Biomedical and Health Informatics and the Vice-President of the Ethics Committee at the University of Coimbra.
Abstract
The broad scope of digital health includes categories such as mobile health (mHealth), health information technology (IT), wearable devices, telehealth and telemedicine, and personalized medicine. These tools are absolutely instrumental in order to provide the much-needed support in today’s social challenges related to chronic diseases and population ageing. In this talk we will discuss some dependability related challenges in digital health as well as some ideas how digital health technology might assist research in dependability. We will start with a short overview of the social and medical context faced in today’s societies as well as an overview of some of the solutions developed inside the Health Informatics Lab. This will serve as the context to introduce and discuss some relevant dependability issues raised by big data/open data spaces requirements, intelligent systems where the human is part of the loop and certification processes.
3rd of July at 16h30, Diego Gomes and Eduardo Felix will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1
Diego Gomes – “Vulnerabilities Detection in IoT Gateways Source Code”
Bio
Diego Ribeiro Gomes is a Ph.D. student in the Department of Informatics Engineering at the University of Coimbra. He holds a Bachelor’s degree in Computer Networks and a Master’s degree in Applied Informatics from UFRPE, with a focus on evaluating security requirements in the Internet of Things (IoT). Currently, he is involved in a project on static analysis in IoT, aiming to identify vulnerabilities and enhance the security of IoT systems. His research interests include Information Security, Cybersecurity, and the Internet of Things (IoT).
Abstract
The growth of the Internet of Things (IoT) has brought significant advancements across various industry sectors. Simultaneously, security concerns have also escalated due to the IoT expansion. Cyber-attacks target numerous IoT devices due to firmware, source code, and software vulnerabilities. In this context, static analysis integrates techniques such as taint, syntax, flow, semantics, and graph analysis to detect vulnerabilities without executing the code. However, studies indicate that these techniques have specific limitations in identifying vulnerabilities highlighted by OWASP, a recognized authority for its expertise in identifying significant threats in the community. This project aims to propose a solution based on static analysis techniques to enhance the detection of vulnerabilities highlighted in OWASP’s Top 10 in the source code of IoT gateways.
Eduardo Felix – “Dynamic Security Evaluation of Smart Home Devices”
Bio
Eduardo Ferreira Felix holds a bachelor’s degree in Computer Science from the Federal Rural University of Pernambuco (UFRPE – Academic Unit of Garanhuns), completing his undergraduate studies in 2018. Subsequently, he obtained a Master’s degree in Applied Informatics from the same institution in Recife, completing his master’s degree in 2022. He is pursuing his Ph.D. and is a researcher at the Department of Informatics Engineering at the University of Coimbra, Portugal. His main research interests include topics such as information security, cybersecurity, and the Internet of Things.
Abstract
The continuous advancement of the Internet of Things (IoT) brings substantial security challenges, demanding approaches that ensure the integrity and confidentiality of interconnected devices. However, safeguarding these devices becomes a challenging task, calling for adaptable security solutions tailored to the distinctive attributes of these devices and the environments in which they operate. This project aims to propose a solution for the dynamic analysis of IoT device security in the context of smart homes, aiming to identify and analyze vulnerabilities listed in the OWASP Top 10 IoT reference. To accomplish this, we will explore techniques, methods, and approaches based on dynamic analysis for vulnerability detection.Our goal is to consider the distinctive characteristics of smart homes and the diversity of IoT devices, ensuring effectiveness in vulnerabilitydetection.
19th of June at 16h00, Ibéria Medeiros will give a presentation entitled“Software inSecurity: Attack, Detection and Correction of Vulnerabilities”
Location: G4.1
Bio
Ibéria Medeiros is an Associate Professor in the Department of Informatics, at the Faculty of Sciences of the University of Lisboa, and an integrated researcher of LASIGE. She holds a PhD degree in Computer Science and a MSc degree in Informatics both at the Faculty of Sciences of the University of Lisboa. She has been involved in international and national research projects related to cybersecurity, among them SEAL, XIVT, DiSIEM, SEGRID, and she has more than 50 publications. Her main research focuses on software security, including detection and correction of vulnerabilities, in the context of web and stand-alone applications, and machine learning applied for cybersecurity. More information about her at http://www.di.fc.ul.pt/~imedeiros/
Abstract
The growing use of the web and embedded system products has led to a rise in cyber attacks exploiting software vulnerabilities, thereby causing significant damage to companies and individuals. Although there are many mechanisms to protect network infrastructures and computer systems, such as firewalls, intrusion detection and prevention systems (IDS and IPS), malicious threats are still a constant concern, which a significant amount of malicious activities is caused by vulnerabilities existent in software.
In this talk, I will present an overview of the causes of the appearance and persistence of software vulnerabilities, the work I have been done to detect and correct them and the challenges that have arisen.
22nd of May at 16h00, Frederico Cerveira will give a presentation entitled“Virtualization and the future”
Location: G4.1
Bio
Frederico Cerveira is an invited Assistant Professor at University of Coimbra, where he teaches the Compilers, Operating Systems and Software Quality courses. Frederico’s PhD thesis dealt with cloud computing, virtualization and fault tolerance approaches for virtualized systems. He is also interested in fault injection, software testing, dependable automotive systems and failure prediction.
Abstract
Virtualization is now an established technology with prominent use in cloud computing and a few other smaller fields. The ability to consolidate multiple software applications over a single piece of hardware is raising interest in a number of fields, where adoption can be expected in the near to medium future. This talk addresses the areas where virtualization can prove to be useful, lists the challenges behind ensuring resilient virtualization and proposes possible approaches to address these challenges.
8th of May at 16h00, Fatima Mattiello will give a presentation entitled“Space system engineering challenges and research contributions to the ADVANCE project”
Bio
Fatima Mattiello has a PhD in Electronics and Computer Engineering – ITA, Master Science in Electronics and Telecommunication – INPE, and Bachelor in Computer Science – ICMC/USP. Space system engineer at the Brazilian Institute for Space Research (INPE), with more than 25-years experience in space projects – small satellites and Cubesat-based nanosatellites. Docent at INPE´s Graduate Program in Space Engineering and Technology, her research topics of interest are model-based system engineering, verification, validation and testing of software-intensive space systems and concept of operation of space systems. Head of INPE´s Teaching, Research and Capacity Building Coordination (COEPE). Currently, senior researcher on mission at University of Coimbra for the ADVANCE (Addressing Verification and Validation Challenges in Future Cyber-Physical Systems) project, EU-call H2020-MSCA-RISE-2018.
24th of April at 16h00, José D’Abruzzo Pereira will give a presentation entitled“A Model-Driven Approach for the Management and Enforcement of Coding Conventions”
Bio
José D’Abruzzo Pereira holds a Ph.D. in Informatics Engineering from the University of Coimbra (UC), is currently an Invited Assistant Professor at the University of Coimbra, and a member of the Software and System Engineering (SSE) group at CISUC. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, and self-adaptive systems. He received a MSc in Information Technology and Software Engineering from the University of Coimbra and Carnegie Mellon University and a BSc. in Computer Science from the State University of Campinas – Brazil (Unicamp). He is also acting as a professor in the Specialization in Software Engineering at the State University of Campinas – Brazil (Unicamp).
Abstract
Coding conventions are a means to improve the reliability of software systems, and they are especially useful to avoid the introduction of known bugs or security flaws. However, coding rules typically come in the form of text written in natural language, which makes them hard to manage and to enforce. Furthermore, relevant rules may depend from the context in which a certain software is deployed, and they may also evolve over time following the discovery of new vulnerabilities or the introduction of new language features. In this talk, we present an approach for the management and enforcement of coding conventions using structured models. We define the Coding Conventions Specification Language (CCSL), a language to define coding rules as structured specifications, from which checkers are derived automatically by code generation. To evaluate our approach, we run a thorough experiment on 8 real open-source projects and 77 coding rules for the Java language, comparing the violations identified by our checkers with those reported by the PMD static analysis tool. The obtained results are promising and confirm the feasibility of the approach. The experiment also revealed that textual coding rules rarely document all the necessary information to write a reliable checker.
12th of April at 16h00, Patrizio Pelliccione will give an extra presentation entitled“Democratizing the use of robots”
Location: G4.1
Bio
Patrizio Pelliccione is a Professor in Computer Science at Gran Sasso Science Institute (GSSI, Italy). Patrizio is also adjunct professor at the University of Bergen in Norway. His research topics are mainly in software engineering, software architecture modeling and verification, autonomous systems, and formal methods. He received his PhD in computer science from the University of L’Aquila (Italy). Thereafter, he worked as a senior researcher at the University of Luxembourg in Luxembourg, then assistant professor at the University of L’Aquila in Italy, then Associate Professor at both Chalmers | University of Gothenburg in Sweden and University of L’Aquila.He has been on the organization and program committees for several top conferences and he is a reviewer for top journals in the software engineering domain. He is very active in European and National projects. In his research activity, he has collaborated with several companies. More information is available at http://patriziopelliccione.com.
Abstract
Autonomous systems and robots promise to facilitate a myriad of tasks of everyday life. Software engineering is called to play a key role in making robotic research pervasive and ubiquitous and in democratizing the use of robots in everyday-life scenarios. There is the need of rethinking the development processes, as well as the architecting, designing and integration of robotic software. In this talk, I will describe our experience in making robots accessible to people with expertise neither in ICT nor in robotics. Specifically, I will describe our solutions to enable the specification of complex missions for multi-robots in a user-friendly but still accurate and unambiguous way. I will close the talk with a view of future research and development directions.
10th of April at 16h00, Omid Asghari and Jiawei Wang will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1
Omid Asghari – “Sensitivity Analysis of Safety Metrics for Monitoring UAV Operations in U-Space”
Bio
Omid is a third-year Ph.D. candidate at the University of Coimbra. He earned his Bachelor’s degree in Computer Engineering – Software from the University of Kurdistan and his master’s degree from the Islamic Azad University, Science and Research Branch in Tehran. During his master’s program, he gained practical experience in the industry as a software developer and application security specialist for six years. Omid’s research interests primarily focus on U-Space safety assessment and the integration of analytical safety assessments with experimentation.
Abstract
In recent years, UAVs have increasingly been utilized in urban environments due to their agility in movement, mechanical simplicity, affordability, and capacity to access locations that are challenging or impossible for humans to reach. With a significant number of drones expected to operate in urban airspace soon, enhancing safety through monitoring drone operations in U-space is essential. To achieve this monitoring, several safety metrics need to be calculated as measurement units.The goal of this research is to monitor drone operations in U-space and calculate UAV operation risks by conducting sensitivity analyses on various safety metrics. This involves assessing the impact of different parameters on these metrics.
Jiawei Wang – “AI-based Safety-critical Components”
Bio
Jiawei Wang is a Ph.D. student at CISUC, University of Coimbra. She received her master’s degree in Software Engineering from Beijing Institute of Technology, China, in 2020, with a specialization in Machine Learning applied to perception tasks. Under the supervision of Prof. João Campos, her current research is centered on characterizing and improving safety of AI-based components by addressing biases between data in training and deployment phases.
Abstract
Artificial intelligence (AI) has become indispensable in safety-critical applications because of its exceptional performance. However, the inherent “black-box” nature often leads to incidents resulting in loss of property and lives. While AI’s capability to autonomously learn from big data surpasses traditional algorithms, the quality of the dataset sets the upper limit on model performance. Dataset bias has remained a persistent challenge in machine learning (ML) since its start. Contemporary approaches such as data augmentation offer some mitigation against bias effects. While achieving comparable performance on data distinct from the training set remains challenging. In our work, we aim to enhance AI safety by identifying, transferring, and mitigating dataset-related biases. In particular, we will consider AI used in the perception components. Our preliminary results reveal there exist distinct dataset-related patterns across various image datasets for pedestrian classification task. Our next step is designing experiments to overcome the influence caused by dataset bias using the ideas from Generative Adversarial Networks (GANs).
13th of March at 15h30, Gloria-Cerasela Crişan (Vasile Alecsandri University of Bacău, Romania) will give a presentation entitled “Heterogeneous transportation systems: truck-and-drone for efficient deliveries”. Afterwards, (with a short coffee break 🙂) Bruno Jesus and André Bento will give two short presentations, to promote discussion on two ongoing research topics.
Gloria-Cerasela Crişan – “Heterogeneous transportation systems: truck-and-drone for efficient deliveries”
NOTE: this speaker/presentation is made within the context of the ALGO Lab (Adaptive Computation group)
Bio
Gloria Cerasela Crişan received the degree in informatics from the University of Bucharest, Romania, in 1986, and the Ph.D. degree in informatics from the Alexandru Ioan Cuza University of Iaşi, Romania, in 2008.,Since 2016, she has been an Associate Professor with the Department of Mathematics and Informatics, Faculty of Sciences, Vasile Alecsandri University of Bacău, Romania. Her research interests include combinatorial optimization problems, metaheuristics, transportation and logistics problems, and GIS.
Abstract
Last-mile delivery (in fact, the last leg of the parcel journey) is generally estimated as having complex logistic aspects and important impact on customer satisfaction. Traditionally, getting a parcel from the last hub to the customer is done using a motor vehicle (car, truck, boat) or a bicycle. Drones (or Unmanned Aerial Vehicles – UAVs) do not need roads, and differentiate their service from the traditional transportation modes in multiple ways: light weight, small consumption, high speed, small capacity, short range, weather vulnerability (vs. heavy weight, high consumption, small speed, big capacity, wide range, weather resilience – for trucks, for example). Truck-and-drone cooperative transportation systems are used for about ten years, with major results in customer satisfaction, cost reduction and environmental impact (therefore at the individual, businesses, and societal levels). This presentation aims to describe some theoretical approaches and practical results of such mixed parcel delivery networks.
Bruno Jesus – “Security and Robustness of Gateways on IoT Systems”
Bio
PhD student at the Faculdade de Ciências e Tecnologia da Universidade de Coimbra, currently a researcher in the Software and Systems Engineering group at the Center for Informatics and Systems (CISUC), where he conducts research related to IoT systems, security, and privacy. Holds a master’s degree in Computer Science from the Postgraduate Program at the Centro de Informática (CIn) of the Universidade Federal de Pernambuco (2010), with a research focus on RFID technology and anti-collision protocols. Graduated in Computer Science from the Universidade Federal de Alagoas (2006). Has teaching experience in the field of Computer Science, with emphasis on Introduction to Programming and Computer Networks, as well as in Distance Education. Holds a technical degree in informatics from the Instituto Federal de Alagoas (2004) with a specialization in Systems Analysis and Network Administration.
Abstract
Internet-based systems are present in people’s daily lives, helping to perform various activities and providing greater comfort and ease in communication. In this context of diversification, every day more devices have access to the network, further increasing the reach and distribution of information worldwide. According to the Internet Society, “extending network connectivity and computing power to objects, devices, sensors, and other artifacts that are not normally considered computers” is called the Internet of Things (IoT). Some of the devices, in the IoT systems, are critical devices. In our work, we focus on gateways responsible for collecting and sending data from sensors to an application or the cloud. Because of this, they are the most vulnerable device to be attacked and need maximum security. In our work we intend to identify the main issues related to the robustness and security of integration frameworks used in IoT gateways, by testing the robustness of these components, creating a test case methodology, and performing many test cases for each endpoint. Finally, we will check the behavior of the frameworks in the presence of errors and problems with the data sent.
André Bento – “Towards Optimal Scaling of Cloud Services”
Bio
André Bento is a PhD student at the University of Coimbra, Portugal. He received his MSc in 2019 from the University of Coimbra, Portugal, with a thesis on Observing and Controlling Performance in Microservices. His main research topics are anomaly detection, observability, and optimization of resources for cloud services. His research interests include cloud computing, microservices, monitoring, and other distributed systems topics.
Abstract
Cloud services have become increasingly popular for developing large-scale applications due to the abundance of resources they offer. The scalability and accessibility of these resources have made it easier for organizations of all sizes to develop and implement sophisticated and demanding applications to meet demand instantly. As monetary fees are involved in the use of the cloud, one of the challenges for application developers and operators is to balance their budget constraints with crucial quality attributes, such as availability. Industry standards usually default to solutions that cannot simultaneously consider competing objectives. Our research addresses this challenge by proposing a Cost-Availability Aware Scaling (CAAS) approach that uses multi-objective optimization of availability and cost. We evaluate CAAS using two open-source microservices applications, yielding improved results compared to the industry standard CPU-based Autoscaler (AS). CAAS can find optimal system configurations with higher availability, between 1 and 2 nines on average, and reduced costs, 6% on average, with the first application, and 1 nine of availability on average, and reduced costs up to 18% on average, with the second application. The gap in the results between our model and the default AS suggests that operators can significantly improve the operation of their applications.
