La Caixa Scholarship
Doctoral Fellowships “la Caixa” INPhINIT
The doctoral fellowship programme INPhINIT “la Caixa” is devoted to attracting talented Early-Stage Researchers—of any nationality—who wish to pursue doctoral studies in Portuguese and Spanish territory. They are sponsored by ”la Caixa” Foundation, it is aimed at supporting the best scientific talent and fostering innovative and high-quality research in Portugal and Spain by recruiting outstanding international students and offering them an attractive and competitive environment for conducting research of excellence.
35 PhD fellowships for early-stage researchers of any nationality to pursue their PhD studies in Portuguese research units like LASIGE, accredited as “excellent” according to the evaluation of the Fundação de Ciência e Tecnologia, and research centres accredited with the Spanish Seal of Excellence Severo Ochoa, María de Maeztu or Health Institute Carlos III. This frame is addressed exclusively to PhD research projects on STEM disciplines, which includes Computer Science and Engineering.
You can get more detailed information about the programme here.
The Navigators Group of LASIGE has three open projects that you can apply to, while submitting your proposal to the INPhINIT “la Caixa” programme.
Deep learning for vulnerability discovery in web applications represented in intermediate languages
Web applications are the most common vehicle for accessing services and resources in enterprises. However, they often contain vulnerabilities that can be exploited remotely, causing serious damage to organizations and allowing private user information retrieval. Essential services, such as banking and healthcare, demand trustworthy applications, and so it is crucial that they are programmed with security in mind, preventing successful attacks that can disturb and/or interrupt their operation.
Despite the advances made in web application security, companies have not been able to decrease substantially the number of vulnerabilities reported annually. A key factor that explains this observation is the growth in complexity leveraged by semantic aspects of different languages that can integrate an application, which complicate the analysis of tools that inspect the programs while searching for flaws. A way to circumvent such complexity is to perform the analysis in an intermediate language representation of the web application.
In the project, we investigate techniques for analyzing the source code of web applications represented in an intermediate language with the goal of discovering vulnerabilities and then remove automatically the errors found by applying patches to the source code, i.e., performing code correction. This way, we plan to use techniques from the code analysis area, such as static and dynamic analysis, and from the artificial intelligence area, focusing on deep learning and natural language processing (NLP). Recently, we have applied a few of these techniques to specific scenarios with promising results, but in the project, we intend to extend them to build tools that are highly accurate and scalable to large code-bases, with the final aim of improving the security of the web. These tools will englobe both identification and correction of vulnerabilities, being the correction a promising and challenging research area.
Job position description:
The student will be involved in the various tasks required for building a successful tool for the discovery and correction of vulnerabilities, from the design of the solution until its evaluation with real web applications. In more detail:
- Investigate different classes of flaws that might affect web applications
- Build a dataset of applications that contain representative vulnerabilities, either on a programming language and an intermediate language representation
- Research alternative techniques that could be employed to locate the flaws
- Study machine learning methods that could be used to find the vulnerabilities
- Research methods that could be applied to correct the code for removing flaws
- Build a tool based on the investigated techniques
- Test and evaluate the tool with relevant web applications and report discovered vulnerabilities to developers, giving to them a possible correction of their code
The project is developed with members of the Navigators group of the LASIGE research lab. Several members of the group (and lab) are involved in research activities that aim to enhance the correctness of applications in general, with fruitful and outstanding results in the past. The work is defined in the context of several European consortia and collaborations with other teams are envisioned.
Advisors: Professors Nuno Ferreira Neves (email@example.com) and Ibéria Medeiros (firstname.lastname@example.org)
- (1/Oct/2018) The (FCT-funded) research project AQUAMON -- Dependable Monitoring with Wireless Sensor Networks in Water Environments -- started today. During the next 3 years we will develop a dependable monitoring platform for application in aquatic environments using wireless sensor networks.
- (1/Oct/2018) The (FCT-funded) research project uPVN -- User-centric Programmable Virtual Networks -- started today. During the next 3 years we aim to build the next generation of virtual networks: VNets that are fully programmable.
- (20/Sept/2018) The NavTalks seminars have started for a new year of research presentations and useful discussions.
- (1/Aug/2018) The (FCT-funded) research project SEAL-- SEcurity progrAmming of web appLications -- started today. During the next 3 years we will design and build tools to make your web applications more secure!
- (11/Apr/2018) Based on the final demonstration of the Supercloud project last month, here is a video about Sirius, the multi-cloud network virtualization platform.
- Apply for Scholarships
- Brief Resume: The Navigators team today
- Fact Sheet
- Messages from distinguished ex-Navigators
- October 2005: It was twenty years ago today
- The Navigators Research Book of Style
- Hotels near FCUL
Quinta is the Navigators' processor farm.
It is a computational cluster dedicated to large-scale experiments of distributed systems.
It is currently comprised of 42 physical machines, which compose a test bed with more than 300 processing cores, 1.3 TB of RAM and 33 TB of storage.
- Using Quinta
- Basic Quinta usage (Navtalk presented on September 28, 2010)
- Advanced Quinta usage (Navtalk presented on November 1st, 2013)