NavTalks

From Navigators

(Difference between revisions)
Jump to: navigation, search
Line 13: Line 13:
-
<h3><strong>May 2021</strong></h3>
+
 
-
<table border="0.5" cellspacing="0" style="background:#89B085">
+
-
<tr>
+
-
            <td align="center" style="width:100px">5</td>
+
-
            <td style="width:300px">Paulo Antunes</td>
+
-
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Web applications play a pivotal role in modern society. They have become a prime target for attackers, who exploit a variety of vulnerabilities to access private data and corrupt systems. This work aims to develop novel approaches to detect and remove vulnerabilities in PHP programs. Instead of processing PHP code directly and analyzing the full application at once, we leverage an intermediate language representation of the code and use a guided analysis to find bugs with increased precision. The guided analysis will avoid common approximations of traditional static analysis, resulting in a more accurate emulation of program states.">Web Vulnerability Discovery at an Intermediate Language Level</span></td>
+
-
            <td style="width:30px">&nbsp;</td>
+
-
</tr>
+
-
        <tr>
+
-
            <td align="center" style="width:100px">19</td>
+
-
            <td style="width:300px">Frederico Apolónia</td>
+
-
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="">TBD</span></td>
+
-
            <td style="width:30px">&nbsp;</td>
+
-
</tr>
+
-
</table>
+
<h3><strong>June 2021</strong></h3>
<h3><strong>June 2021</strong></h3>
Line 33: Line 19:
<tr>
<tr>
             <td align="center" style="width:100px">2</td>
             <td align="center" style="width:100px">2</td>
-
             <td style="width:300px">Bernardo Ferreira</td>  
+
             <td style="width:300px">Bernardo Portela</td>  
-
             <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="">TBD</span></td>  
+
             <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Conflict-free Replicated Data Types (CRDTs) are abstract data types that support developers when designing and reasoning about distributed systems with eventual consistency guarantees. In their core they solve the problem of how to deal with concurrent operations, in a way that is transparent for developers. However in the real world, distributed systems also suffer from other relevant problems, including security and privacy issues and especially when participants can be untrusted. In this paper we present the first formal cryptographic treatment of CRDTs, as well as proposals for secure implementations. We start by presenting a security notion that is compatible with standard definitions in cryptography. We then describe new privacy-preserving CRDT protocols that can be used to help secure distributed cloud-backed applications, including NoSQL geo-replicated databases. Our proposals are based on standard CRDTs, such as sets and counters, augmented with cryptographic mechanisms that allow operations to be performed on encrypted data. Our proposals are accompanied with formal security proofs and implement and integrate them in AntidoteDB, a geo-replicated NoSQL database that leverages CRDTs for its operations. Experimental evaluations based on the Danish Shared Medication Record dataset (FMK) exhibit the tradeoffs that our different proposals make and show that they are ready to be used in practical applications.">Secure Conflict-free Replicated Data Types</span></td>  
             <td style="width:30px">&nbsp;</td>
             <td style="width:30px">&nbsp;</td>
</tr>
</tr>
Line 399: Line 385:
             <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Fuzzing is a software testing technique to find vulnerabilities by providing invalid and unexpected inputs to a target and monitoring exceptions such as crashes, memory leaks or information disclosure.
             <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Fuzzing is a software testing technique to find vulnerabilities by providing invalid and unexpected inputs to a target and monitoring exceptions such as crashes, memory leaks or information disclosure.
This talk aims to present an ensemble fuzzing approach that checks the correctness of web applications by combining multiple web application fuzzers, improving the coverage and precision in detecting the vulnerabilities and performing better than the fuzzers individually.">Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing</span></td>  
This talk aims to present an ensemble fuzzing approach that checks the correctness of web applications by combining multiple web application fuzzers, improving the coverage and precision in detecting the vulnerabilities and performing better than the fuzzers individually.">Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing</span></td>  
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
</table>
 +
 +
 +
<h3><strong>May 2021</strong></h3>
 +
<table border="0.5" cellspacing="0" style="background:#89B085">
 +
<tr>
 +
            <td align="center" style="width:100px">5</td>
 +
            <td style="width:300px">Paulo Antunes</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Web applications play a pivotal role in modern society. They have become a prime target for attackers, who exploit a variety of vulnerabilities to access private data and corrupt systems. This work aims to develop novel approaches to detect and remove vulnerabilities in PHP programs. Instead of processing PHP code directly and analyzing the full application at once, we leverage an intermediate language representation of the code and use a guided analysis to find bugs with increased precision. The guided analysis will avoid common approximations of traditional static analysis, resulting in a more accurate emulation of program states.">Web Vulnerability Discovery at an Intermediate Language Level</span></td>
 +
            <td style="width:30px">&nbsp;</td>
 +
</tr>
 +
        <tr>
 +
            <td align="center" style="width:100px">19</td>
 +
            <td style="width:300px">Frederico Apolónia</td>
 +
            <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="The levels of energy consumption in the European Union continues to grow above the expected values and buildings are one of the largest consumers, in front of the sectors of industry and transportation. Since buildings can be used for different goals with different requirements, in order to do an appropriate control, it is necessary to design and develop approaches for real-time assessment. In this talk we will present the concept of indoor location using Bluetooth and WiFi scanners to monitor surrounding devices. This information will be used to determine the number of different users inside a building/space, which is later used by control systems in order to improve the efficiency of buildings, keeping certain levels of comfort for the users.">Building Occupancy Assessment</span></td>
             <td style="width:30px">&nbsp;</td>
             <td style="width:30px">&nbsp;</td>
</tr>
</tr>

Revision as of 21:10, 1 June 2021

The NavTalks is a series of informal talks given by Navigators members or some special guests about every two-weeks at Ciências, ULisboa.

Leave mouse over title's presentation to read the abstract.



Contents

Upcoming presentations




June 2021

2 Bernardo Portela Secure Conflict-free Replicated Data Types  
16 Žygimantas Jasiūnas and Vasco Ferreira Monitoring and Integration of heterogeneous building IoT platforms and smart systems  
30 João Inácio Automatic Removal of Flaws in Embedded System Software  

July 2021

14 André Gil TBD  
28 João Valente TBD  



Past presentations

September 2018

20 Alysson Bessani SMaRtChain: A Principled Design for a New Generation of Blockchains  
20 Rui Miguel Named Data Networking with Programmable Switches  

October 2018

4 Bruno Vavala (Research Scientist in Intel Labs) Private Data Objects  
4 Marcus Völp (Research Scientist, CritiX, SnT, Univ. of Luxembourg) Reflective Consensus  
18 Yair Amir (Professor, Johns Hopkins University) Timely, Reliable, and Cost-Effective Internet Transport Service using Structured Overlay Networks  

November 2018

13 Salvatore Signorello The Past, the Present and some Future of Interest Flooding Attacks in Named-Data Networking  
13 Tiago Oliveira Vawlt - Privacy-Centered Cloud Storage  
27 Nuno Neves Segurança de Software - Como Encontrar uma Agulha num Palheiro?  
27 Ricardo Mendes Vawlt - The Zero-knowledge End-to-end Encryption Protocol  

December 2018

11/12 António Casimiro AQUAMON: Dependable Monitoring with Wireless Sensor Networks in Water Environments  
11/12 Carlos Nascimento Review of wireless technology for AQUAMON: Lora, sigfox, nb-iot  

January 2019

15/01 Fernando Alves A comparison between vulnerability publishing in OSINT and Vulnerability Databases  
15/01 Ibéria Medeiros SEAL: SEcurity progrAmming of web appLications  
29/01 Fernando Ramos Networks that drive themselves…of the cliff  
29/01 Miguel Garcia Some tips before rushing into LaTeX (adapted from: How (and How Not) to Write a Good Systems Paper)  

February 2019

19/02 Ana Fidalgo Conditional Random Fields and Vulnerability Detection in Web Applications  
19/02 João Sousa Towards BFT-SMaRt v2: Blockchains and Flow Control  

March 2019

13/03 Fernando Ramos How to give a great -- OK, at least a good -- research talk  
13/03 Ricardo Morgado Automatically correcting PHP web applications  


March 2019

27/03 Nuno Dionísio Cyberthreat Detection from Twitter using Deep Neural Networks  
27/03 Fernando Ramos My network protocol is better than yours!  


April 2019

10/04 Adriano Serckumecka SIEMs  
10/04 Tulio Ribeiro BFT Consensus & PoW Consensus (blockchain).  


May 2019

08/05 Miguel Garcia Diverse Intrusion-tolerant Systems  
29/05 Pedro Ferreira The concept of the next navigators cybersecurity H2020 project  
29/05 Vinicius Cogo Auditable Register Emulations  


June 2019

05/06 Diogo Gonçalves Network coding switch  
05/06 Francisco Araújo Generating Software Tests To Check For Flaws and Functionalities  
26/06 Joao Pinto Implementation of a Protocol for Safe Cooperation Between Autonomous Vehicles  
26/06 Tiago Correia Design and Implementation of a Cloud-based Membership System for Vehicular Cooperation  
26/06 Robin Vassantlal Confidential BFT State Machine Replication  


March 2021

24 Ana Fidalgo Machine Learning approaches for vulnerability detection  

April 2021

7 Vasco Leitão Discovering Association Rules Between Software System Requirements and Product Specifications  
21 João Caseirito Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing  


May 2021

5 Paulo Antunes Web Vulnerability Discovery at an Intermediate Language Level  
19 Frederico Apolónia Building Occupancy Assessment  





Personal tools
Navigators toolbox