NavTalks
From Navigators
(Difference between revisions)
Line 13: | Line 13: | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
<h3><strong>June 2021</strong></h3> | <h3><strong>June 2021</strong></h3> | ||
Line 33: | Line 19: | ||
<tr> | <tr> | ||
<td align="center" style="width:100px">2</td> | <td align="center" style="width:100px">2</td> | ||
- | <td style="width:300px">Bernardo | + | <td style="width:300px">Bernardo Portela</td> |
- | <td style="width:600px"><span style="border-bottom: dashed 1px #000" title=""> | + | <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Conflict-free Replicated Data Types (CRDTs) are abstract data types that support developers when designing and reasoning about distributed systems with eventual consistency guarantees. In their core they solve the problem of how to deal with concurrent operations, in a way that is transparent for developers. However in the real world, distributed systems also suffer from other relevant problems, including security and privacy issues and especially when participants can be untrusted. In this paper we present the first formal cryptographic treatment of CRDTs, as well as proposals for secure implementations. We start by presenting a security notion that is compatible with standard definitions in cryptography. We then describe new privacy-preserving CRDT protocols that can be used to help secure distributed cloud-backed applications, including NoSQL geo-replicated databases. Our proposals are based on standard CRDTs, such as sets and counters, augmented with cryptographic mechanisms that allow operations to be performed on encrypted data. Our proposals are accompanied with formal security proofs and implement and integrate them in AntidoteDB, a geo-replicated NoSQL database that leverages CRDTs for its operations. Experimental evaluations based on the Danish Shared Medication Record dataset (FMK) exhibit the tradeoffs that our different proposals make and show that they are ready to be used in practical applications.">Secure Conflict-free Replicated Data Types</span></td> |
<td style="width:30px"> </td> | <td style="width:30px"> </td> | ||
</tr> | </tr> | ||
Line 399: | Line 385: | ||
<td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Fuzzing is a software testing technique to find vulnerabilities by providing invalid and unexpected inputs to a target and monitoring exceptions such as crashes, memory leaks or information disclosure. | <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Fuzzing is a software testing technique to find vulnerabilities by providing invalid and unexpected inputs to a target and monitoring exceptions such as crashes, memory leaks or information disclosure. | ||
This talk aims to present an ensemble fuzzing approach that checks the correctness of web applications by combining multiple web application fuzzers, improving the coverage and precision in detecting the vulnerabilities and performing better than the fuzzers individually.">Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing</span></td> | This talk aims to present an ensemble fuzzing approach that checks the correctness of web applications by combining multiple web application fuzzers, improving the coverage and precision in detecting the vulnerabilities and performing better than the fuzzers individually.">Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing</span></td> | ||
+ | <td style="width:30px"> </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | |||
+ | |||
+ | <h3><strong>May 2021</strong></h3> | ||
+ | <table border="0.5" cellspacing="0" style="background:#89B085"> | ||
+ | <tr> | ||
+ | <td align="center" style="width:100px">5</td> | ||
+ | <td style="width:300px">Paulo Antunes</td> | ||
+ | <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="Web applications play a pivotal role in modern society. They have become a prime target for attackers, who exploit a variety of vulnerabilities to access private data and corrupt systems. This work aims to develop novel approaches to detect and remove vulnerabilities in PHP programs. Instead of processing PHP code directly and analyzing the full application at once, we leverage an intermediate language representation of the code and use a guided analysis to find bugs with increased precision. The guided analysis will avoid common approximations of traditional static analysis, resulting in a more accurate emulation of program states.">Web Vulnerability Discovery at an Intermediate Language Level</span></td> | ||
+ | <td style="width:30px"> </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td align="center" style="width:100px">19</td> | ||
+ | <td style="width:300px">Frederico Apolónia</td> | ||
+ | <td style="width:600px"><span style="border-bottom: dashed 1px #000" title="The levels of energy consumption in the European Union continues to grow above the expected values and buildings are one of the largest consumers, in front of the sectors of industry and transportation. Since buildings can be used for different goals with different requirements, in order to do an appropriate control, it is necessary to design and develop approaches for real-time assessment. In this talk we will present the concept of indoor location using Bluetooth and WiFi scanners to monitor surrounding devices. This information will be used to determine the number of different users inside a building/space, which is later used by control systems in order to improve the efficiency of buildings, keeping certain levels of comfort for the users.">Building Occupancy Assessment</span></td> | ||
<td style="width:30px"> </td> | <td style="width:30px"> </td> | ||
</tr> | </tr> |
Revision as of 21:10, 1 June 2021
The NavTalks is a series of informal talks given by Navigators members or some special guests about every two-weeks at Ciências, ULisboa.
Leave mouse over title's presentation to read the abstract.
Contents |
Upcoming presentations
June 2021
2 | Bernardo Portela | Secure Conflict-free Replicated Data Types | |
16 | Žygimantas Jasiūnas and Vasco Ferreira | Monitoring and Integration of heterogeneous building IoT platforms and smart systems | |
30 | João Inácio | Automatic Removal of Flaws in Embedded System Software |
July 2021
14 | André Gil | TBD | |
28 | João Valente | TBD |
Past presentations
September 2018
20 | Alysson Bessani | SMaRtChain: A Principled Design for a New Generation of Blockchains | |
20 | Rui Miguel | Named Data Networking with Programmable Switches |
October 2018
4 | Bruno Vavala (Research Scientist in Intel Labs) | Private Data Objects | |
4 | Marcus Völp (Research Scientist, CritiX, SnT, Univ. of Luxembourg) | Reflective Consensus | |
18 | Yair Amir (Professor, Johns Hopkins University) | Timely, Reliable, and Cost-Effective Internet Transport Service using Structured Overlay Networks |
November 2018
13 | Salvatore Signorello | The Past, the Present and some Future of Interest Flooding Attacks in Named-Data Networking | |
13 | Tiago Oliveira | Vawlt - Privacy-Centered Cloud Storage | |
27 | Nuno Neves | Segurança de Software - Como Encontrar uma Agulha num Palheiro? | |
27 | Ricardo Mendes | Vawlt - The Zero-knowledge End-to-end Encryption Protocol |
December 2018
11/12 | António Casimiro | AQUAMON: Dependable Monitoring with Wireless Sensor Networks in Water Environments | |
11/12 | Carlos Nascimento | Review of wireless technology for AQUAMON: Lora, sigfox, nb-iot |
January 2019
15/01 | Fernando Alves | A comparison between vulnerability publishing in OSINT and Vulnerability Databases | |
15/01 | Ibéria Medeiros | SEAL: SEcurity progrAmming of web appLications | |
29/01 | Fernando Ramos | Networks that drive themselves…of the cliff | |
29/01 | Miguel Garcia | Some tips before rushing into LaTeX (adapted from: How (and How Not) to Write a Good Systems Paper) |
February 2019
19/02 | Ana Fidalgo | Conditional Random Fields and Vulnerability Detection in Web Applications | |
19/02 | João Sousa | Towards BFT-SMaRt v2: Blockchains and Flow Control |
March 2019
13/03 | Fernando Ramos | How to give a great -- OK, at least a good -- research talk | |
13/03 | Ricardo Morgado | Automatically correcting PHP web applications |
March 2019
27/03 | Nuno Dionísio | Cyberthreat Detection from Twitter using Deep Neural Networks | |
27/03 | Fernando Ramos | My network protocol is better than yours! |
April 2019
10/04 | Adriano Serckumecka | SIEMs | |
10/04 | Tulio Ribeiro | BFT Consensus & PoW Consensus (blockchain). |
May 2019
08/05 | Miguel Garcia | Diverse Intrusion-tolerant Systems | |
29/05 | Pedro Ferreira | The concept of the next navigators cybersecurity H2020 project | |
29/05 | Vinicius Cogo | Auditable Register Emulations |
June 2019
05/06 | Diogo Gonçalves | Network coding switch | |
05/06 | Francisco Araújo | Generating Software Tests To Check For Flaws and Functionalities | |
26/06 | Joao Pinto | Implementation of a Protocol for Safe Cooperation Between Autonomous Vehicles | |
26/06 | Tiago Correia | Design and Implementation of a Cloud-based Membership System for Vehicular Cooperation | |
26/06 | Robin Vassantlal | Confidential BFT State Machine Replication |
March 2021
24 | Ana Fidalgo | Machine Learning approaches for vulnerability detection |
April 2021
7 | Vasco Leitão | Discovering Association Rules Between Software System Requirements and Product Specifications | |
21 | João Caseirito | Improving Web Application Vulnerability Detection Leveraging Ensemble Fuzzing |
May 2021
5 | Paulo Antunes | Web Vulnerability Discovery at an Intermediate Language Level | |
19 | Frederico Apolónia | Building Occupancy Assessment |