NavTalks

From Navigators

(Difference between revisions)
Jump to: navigation, search
 
(12 intermediate revisions not shown)
Line 3: Line 3:
<p><i>Leave mouse over title's presentation to read the abstract.</i></p>
<p><i>Leave mouse over title's presentation to read the abstract.</i></p>
<!--<span style="border-bottom: dashed 1px #000" title="">Title Here</span>-->
<!--<span style="border-bottom: dashed 1px #000" title="">Title Here</span>-->
 +
 +
 +
 +
 +
<div style="background:#FFFFFF; border:1px solid #FFFFFF; padding:5px 10px">
 +
<h2><strong>Upcoming  presentations</strong></h2>
 +
 +
 +
 +
 +
 +
 +
 +
 +
<h3><strong>July 2021</strong></h3>
 +
<table border="0.5" cellspacing="0" style="background:#89B085">
 +
<tr>
 +
            <td align="center" style="width:100px">14</td>
 +
            <td style="width:300px">André Gil</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Tools used to assess energy utilization in buildings are inadequate. Real-life energy consumption often exceeds design expectations. The SATO platform aims to reduce this gap by allowing efficient management of buildings energy resources.
 +
In this talk we will describe our approach in creating an event-driven system in the context of the world of IoT, we will also describe the way to deploy and manage these complex systems, while also going into detail in some of their components.">Platform Architecture and data management for cloud-based buildings energy self-assessment and optimization</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
        <tr>
 +
            <td align="center" style="width:100px">28</td>
 +
            <td style="width:300px">João Valente</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="">TBD</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
</table>
 +
 +
</div>
 +
 +
<!--  
<!--  
Line 304: Line 338:
</table>
</table>
-
</div>
 
 +
 +
<h3><strong>March 2021</strong></h3>
 +
<table border="0.5" cellspacing="0" style="background:#89B085">
 +
<tr>
 +
            <td align="center" style="width:100px">24</td>
 +
            <td style="width:300px">Ana Fidalgo</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Machine Learning approaches on vulnerability detection have been gaining popularity due to their capability to predict and/or detect an attack in early stages, without the laborous human effort of other techniques. However, there is not a public dataset for web vulnerabilities based on real web applications, which would help the research community to improve their knowledge and algorithms. This talk aims to present the initial work done on such a dataset, and how it will address the common issues, such as integrating the labelling of opensource tools with the labelling of human experts.">Machine Learning approaches for vulnerability detection</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
</table>
 +
 +
<h3><strong>April 2021</strong></h3>
 +
<table border="0.5" cellspacing="0" style="background:#89B085">
 +
<tr>
 +
            <td align="center" style="width:100px">7</td>
 +
            <td style="width:300px">Vasco Leitão</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Industrial products integrate highly configurable safety-critical systems which must be intensively tested before being delivered to customers. This process is highly time-consuming and may require associations between product features and requirements demanded by customers. Machine Learning (ML) has proven to help engineers in this task, through automation of associations between features and requirements, where the latter are prioritized first.
 +
 +
However, ML application can be more difficult when requirements are written in natural language (NL), and if it does not exist a ground truth dataset with them. This work presents SRXCRM, a Natural Language Processing-based model able to extract and associate components from product design specifications and customer requirements, written in NL, of safety-critical systems. The model has a Weight Association Rule Mining framework that defines associations between components, generating visualizations that can help engineers in prioritization of the most impactful features. Preliminary results of the use of SRXCRM show that it can extract such associations and visualizations.">Discovering Association Rules Between Software System Requirements and Product Specifications</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
        <tr>
 +
            <td align="center" style="width:100px">21</td>
 +
            <td style="width:300px">João Caseirito</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Fuzzing is a software testing technique to find vulnerabilities by providing invalid and unexpected inputs to a target and monitoring exceptions such as crashes, memory leaks or information disclosure.
 +
This talk aims to present an ensemble fuzzing approach that checks the correctness of web applications by combining multiple web application fuzzers, improving the coverage and precision in detecting the vulnerabilities and performing better than the fuzzers individually.">Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
</table>
 +
 +
 +
<h3><strong>May 2021</strong></h3>
 +
<table border="0.5" cellspacing="0" style="background:#89B085">
 +
<tr>
 +
            <td align="center" style="width:100px">5</td>
 +
            <td style="width:300px">Paulo Antunes</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Web applications play a pivotal role in modern society. They have become a prime target for attackers, who exploit a variety of vulnerabilities to access private data and corrupt systems. This work aims to develop novel approaches to detect and remove vulnerabilities in PHP programs. Instead of processing PHP code directly and analyzing the full application at once, we leverage an intermediate language representation of the code and use a guided analysis to find bugs with increased precision. The guided analysis will avoid common approximations of traditional static analysis, resulting in a more accurate emulation of program states.">Web Vulnerability Discovery at an Intermediate Language Level</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
        <tr>
 +
            <td align="center" style="width:100px">19</td>
 +
            <td style="width:300px">Frederico Apolónia</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="The levels of energy consumption in the European Union continues to grow above the expected values and buildings are one of the largest consumers, in front of the sectors of industry and transportation. Since buildings can be used for different goals with different requirements, in order to do an appropriate control, it is necessary to design and develop approaches for real-time assessment. In this talk we will present the concept of indoor location using Bluetooth and WiFi scanners to monitor surrounding devices. This information will be used to determine the number of different users inside a building/space, which is later used by control systems in order to improve the efficiency of buildings, keeping certain levels of comfort for the users.">Building Occupancy Assessment</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
</table>
 +
 +
<h3><strong>June 2021</strong></h3>
 +
<table border="0.5" cellspacing="0" style="background:#89B085">
 +
<tr>
 +
            <td align="center" style="width:100px">2</td>
 +
            <td style="width:300px">Bernardo Portela</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Conflict-free Replicated Data Types (CRDTs) are abstract data types that support developers when designing and reasoning about distributed systems with eventual consistency guarantees. In their core they solve the problem of how to deal with concurrent operations, in a way that is transparent for developers. However in the real world, distributed systems also suffer from other relevant problems, including security and privacy issues and especially when participants can be untrusted. In this paper we present the first formal cryptographic treatment of CRDTs, as well as proposals for secure implementations. We start by presenting a security notion that is compatible with standard definitions in cryptography. We then describe new privacy-preserving CRDT protocols that can be used to help secure distributed cloud-backed applications, including NoSQL geo-replicated databases. Our proposals are based on standard CRDTs, such as sets and counters, augmented with cryptographic mechanisms that allow operations to be performed on encrypted data. Our proposals are accompanied with formal security proofs and implement and integrate them in AntidoteDB, a geo-replicated NoSQL database that leverages CRDTs for its operations. Experimental evaluations based on the Danish Shared Medication Record dataset (FMK) exhibit the tradeoffs that our different proposals make and show that they are ready to be used in practical applications.">Secure Conflict-free Replicated Data Types</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
        <tr>
 +
            <td align="center" style="width:100px">16</td>
 +
            <td style="width:300px">Žygimantas Jasiūnas and Vasco Ferreira</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Nowadays there is a focus on energy efficiency and flexible energy where IoT devices can introduce some advantages due to their monitoring and remote control capabilities. There are multiple IoT platforms and systems developed allowing the integration of multiple devices offering monitoring and remote control capabilities and even the usage of triggers, where if something is reached then some action will be performed. However, a simple integration of IoT devices in current solutions is not enough to achieve the levels of desired efficiency, for that, new solutions that integrates legacy appliances with new ones are needed. In order to achieve this goal the SATO (Self Assessment Towards Optimization) platform was designed. The SATO platform aims to integrate existing IoT energy focused platforms (e.g., EDP re:dy and Siemens Navigator) with existing IoT smart systems, such as Google Nest. Supported by Machine Learning algorithms and IoT capabilities, the SATO platform wants to be an autonomous management system for buildings where energy efficiency is a priority. However, the integration of different parts of building management systems is a common issue due to the existence of diverse appliances, devices and technologies that must be integrated. The most common solution to solve this problem is based on middleware solutions, which allows to hide platform specification. In this thesis we will design, implement and test a middleware component that abstracts the specification of different components and exposes generic APIs to deal with a large number of appliances. Supported by the proposed set of API, the services available can easily be used without the complexity of knowing each of the underlying details.">Monitoring and Integration of heterogeneous building IoT platforms and smart systems</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
        <tr>
 +
            <td align="center" style="width:100px">30</td>
 +
            <td style="width:300px">João Inácio</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Currently, embedded systems are present in a myriad of devices, such as IoT, drones, cyberphysical systems. The security these devices can be critical, depending the context they are integrated and the role they play (e.g., water plant, car). C is the main language used to develop the software for these devices and is known for missing the bounds of its data types, which lead to vulnerabilities, like buffer and integer overflows. These flaws when exploited cause severe damage and can put human life in dangerous. Therefore, it is important the software of these devices be secure.
 +
One of the utmost importance with C programs is how to fix its code automatically, employing the right secure code that can remove the existent vulnerabilities and avoid attacks. However, such task faces some challenges. For example, how to remove vulnerabilities, what is the right secure code needed to remove them, and where to insert this code. Another challenge is how to maintain the correct behavior of the application, after applying the code correction.">Automatic Removal of Flaws in Embedded System Software</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
</table>
 +
 +
 +
</div>
<!--
<!--

Latest revision as of 15:49, 27 July 2021

The NavTalks is a series of informal talks given by Navigators members or some special guests about every two-weeks at Ciências, ULisboa.

Leave mouse over title's presentation to read the abstract.



Contents

Upcoming presentations





July 2021

14 André Gil Platform Architecture and data management for cloud-based buildings energy self-assessment and optimization  
28 João Valente TBD  



Past presentations

September 2018

20 Alysson Bessani SMaRtChain: A Principled Design for a New Generation of Blockchains  
20 Rui Miguel Named Data Networking with Programmable Switches  

October 2018

4 Bruno Vavala (Research Scientist in Intel Labs) Private Data Objects  
4 Marcus Völp (Research Scientist, CritiX, SnT, Univ. of Luxembourg) Reflective Consensus  
18 Yair Amir (Professor, Johns Hopkins University) Timely, Reliable, and Cost-Effective Internet Transport Service using Structured Overlay Networks  

November 2018

13 Salvatore Signorello The Past, the Present and some Future of Interest Flooding Attacks in Named-Data Networking  
13 Tiago Oliveira Vawlt - Privacy-Centered Cloud Storage  
27 Nuno Neves Segurança de Software - Como Encontrar uma Agulha num Palheiro?  
27 Ricardo Mendes Vawlt - The Zero-knowledge End-to-end Encryption Protocol  

December 2018

11/12 António Casimiro AQUAMON: Dependable Monitoring with Wireless Sensor Networks in Water Environments  
11/12 Carlos Nascimento Review of wireless technology for AQUAMON: Lora, sigfox, nb-iot  

January 2019

15/01 Fernando Alves A comparison between vulnerability publishing in OSINT and Vulnerability Databases  
15/01 Ibéria Medeiros SEAL: SEcurity progrAmming of web appLications  
29/01 Fernando Ramos Networks that drive themselves…of the cliff  
29/01 Miguel Garcia Some tips before rushing into LaTeX (adapted from: How (and How Not) to Write a Good Systems Paper)  

February 2019

19/02 Ana Fidalgo Conditional Random Fields and Vulnerability Detection in Web Applications  
19/02 João Sousa Towards BFT-SMaRt v2: Blockchains and Flow Control  

March 2019

13/03 Fernando Ramos How to give a great -- OK, at least a good -- research talk  
13/03 Ricardo Morgado Automatically correcting PHP web applications  


March 2019

27/03 Nuno Dionísio Cyberthreat Detection from Twitter using Deep Neural Networks  
27/03 Fernando Ramos My network protocol is better than yours!  


April 2019

10/04 Adriano Serckumecka SIEMs  
10/04 Tulio Ribeiro BFT Consensus & PoW Consensus (blockchain).  


May 2019

08/05 Miguel Garcia Diverse Intrusion-tolerant Systems  
29/05 Pedro Ferreira The concept of the next navigators cybersecurity H2020 project  
29/05 Vinicius Cogo Auditable Register Emulations  


June 2019

05/06 Diogo Gonçalves Network coding switch  
05/06 Francisco Araújo Generating Software Tests To Check For Flaws and Functionalities  
26/06 Joao Pinto Implementation of a Protocol for Safe Cooperation Between Autonomous Vehicles  
26/06 Tiago Correia Design and Implementation of a Cloud-based Membership System for Vehicular Cooperation  
26/06 Robin Vassantlal Confidential BFT State Machine Replication  


March 2021

24 Ana Fidalgo Machine Learning approaches for vulnerability detection  

April 2021

7 Vasco Leitão Discovering Association Rules Between Software System Requirements and Product Specifications  
21 João Caseirito Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing  


May 2021

5 Paulo Antunes Web Vulnerability Discovery at an Intermediate Language Level  
19 Frederico Apolónia Building Occupancy Assessment  

June 2021

2 Bernardo Portela Secure Conflict-free Replicated Data Types  
16 Žygimantas Jasiūnas and Vasco Ferreira Monitoring and Integration of heterogeneous building IoT platforms and smart systems  
30 João Inácio Automatic Removal of Flaws in Embedded System Software  





Personal tools
Navigators toolbox