Category: Events

26th of March at 16h00, Sadaf Azimi and Iury Araujo  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1Online: https://videoconf-colibri.zoom.us/j/97404078835?pwd=7iIG7YqLwXgZU5g7QHZKFbuAMyInqb.1

Sadaf Azimi – “A Systematic Review on Smart Contracts Security Design Patterns”

Bio
Sadaf Azimi is an IT professional with Over 11 years of experience as an IT Lecturer and as an analyst and developer of medium-scale projects in the area of IT Systems, such as marketing software and warehouse management. She graduated with a bachelor’s degree in Computer Engineering (Software) from the Islamic Azad University of Tuyserkan in February 2008 in Iran. Later, she got her two-year master‘s degree in Knowledge Management from Malaysia Multimedia University in June 2012 in Malaysia.She continued her academic journey in 2022, enrolling in the doctoral program in Informatics Engineering at the University of Coimbra. Her research for her Ph.D. focuses on addressing the security in smart contracts by conducting a thorough analysis of the known security vulnerabilities, identifying design patterns that can mitigate these risks, proposing new security design patterns to fill gaps, and using software metrics as an indicator of software quality to help developers implement more secure smart contracts. Furthermore, her research aims to evaluate and benchmark the effectiveness of existing static vulnerability detection tools. She seeks to contribute to the field of blockchain and smart contract security, ultimately enhancing the security and reliability of smart contracts in real-world applications.

Abstract
Smart contracts have accelerated the adoption of blockchain technology across various domains by enabling coded agreements between transaction participants. However, increased software defects and vulnerabilities in smart contracts, driven by developer inexperience with languages like Solidity and a lack of effective detection tools, pose significant risks. Given the high value of assets managed on blockchain, these vulnerabilities can lead to severe consequences.Researchers and practitioners have proposed numerous smart contract design patterns to mitigate certain faults or vulnerabilities. Despite these efforts, it remains unclear which types of defects these patterns target and how effectively they address the wide range of existing smart contract security vulnerabilities. In this paper, we review the state of the art in smart contract design patterns, categorizing them and analyzing their effectiveness in mitigating known security vulnerabilities. Our findings reveal that only five patterns directly aim to prevent security vulnerabilities, collectively addressing just 6 out of 94 security issues identified by OpenSCV, highlighting the need for further research on smart contract security design patterns.

Iury Araujo – “Enhancing Intrusion Detection in Containerized Services: Assessing Machine Learning Models and an Advanced Representation for System Call Data”

Bio
Iury holds a BSc degree in Computer Science and a MSc in Informatics from the Federal University of Paraíba, Brazil. He is pursuing a PhD in Informatics Engineering at the University of Coimbra, Portugal, focusing on intrusion detection in containerized services based on machine learning.

Abstract
Security is a fundamental requirement for modern digital systems, particularly in environments such as cloud computing, IoT, and microservices. Intrusion Detection Systems play a crucial role in identifying and mitigating threats, yet securing containerized services remains a significant challenge due to their architecture and shared resource dependencies. This presentation will explore a machine learning-based approach to enhance intrusion detection in containerized environments. We introduce a novel graph-based representation of system calls to preserve contextual relationships, improving detection performance while maintaining low false alarm rates. Additionally, a sliding window-based post-processing phase further refines detection.

• 

• 

• 

12th of March at 16h00, Carlos Baquero (FEUP) will give a presentation entitled“CRDTs: State-based approaches and efficient remote state synchronisation” 
Location: G4.1

Abstract
In primary-secondary replication, updating an outdated secondary replica when the primary changes is inefficient due to sizeable state and bandwidth constraints. The RSync algorithm, introduced in the nineties for file systems, solves this problem by partitioning file data, using hash functions to compare files, and transferring only the necessary data. However, RSync requires users to know which file has the most recent state and which needs updating. Like a file copy command, it has a source and a target, making synchronisation fail if either (i) here is no knowledge of which file was updated; or (ii) both files are updated.We will present ConflictSync, a solution that leverages the properties of Conflict-free Replicated Data Files (CRDTs). While RSync can handle arbitrary file data, it interprets files as byte sequences. To reconcile divergent states, we need more information on the data interpreted as a CRDT. Our solution works on any state-based CRDT and uses join decompositions, cryptographic hash functions, and Bloom filters. 

Bio
Carlos Baquero is a Professor in the Department of Informatics Engineering at FEUP. Research interests cover data management in eventual consistent settings, distributed data aggregation and causality tracking. In the last years, he has collaborated with co-authors in the development of data summary mechanisms such as Scalable Bloom Filters, causality tracking for dynamic settings with Interval Tree Clocks and Dotted Version Vectors and in predictable eventual consistency with Conflict-Free Replicated Data Types. My work has been applied in several systems, including the Riak distributed database, Redis CRDBs, Akka distributed data, and Microsoft Azure Cosmos DB.

• 

• 

• 

• 

• 

• 

26th of February at 16h00, Lino Santos (head of National Cybersecurity Center – NCSC/CNCS) will give a presentation entitled“Cybersecurity in Portugal: Challenges and Opportunities” 
Location: G4.1

Bio
Lino Santos has a master’s degree in Law and Security from the Faculty of Law of Universidade Nova de Lisboa and a Computer Science degree from Universidade do Minho. He is head of the Portuguese National Cybersecurity Center (CNCS) and an appointed member to the board of directors of the European Agency for Cybersecurity (ENISA).He previously was Director for security and users’ services at the National Foundation for Scientific Computing. He was appointed member for the CNCS installation commission. He has also a certification in Managing Computer Security Incident Response Teams, from Carnegie Mellon University, and from the Program on Cyber Security Studies, George C. Marshall Center.

• 

• 

12th of February at 16h00, Sara Santos (Critical Software) will give a presentation entitled“Behaviour-Driven Development and the Role of Communication” 
Location: G4.1

Abstract
Behaviour-Driven Development is a software development methodology that extends Test-Driven Development by emphasizing collaboration among developers, testers, and business stakeholders. The core principle of BDD is defining system behaviour in a human-readable format using structured natural language, enabling a shared understanding of requirements. Communication is the key factor in BDD, as it fosters clear alignment between technical implementation and business expectations. By encouraging early discussions and continuous feedback, BDD ensures that software is developed with a focus on user needs, reducing misunderstandings and costly rework. This approach strengthens cross-functional collaboration, enhances requirement clarity, and improves overall software quality.

Bio
Sara Santos started with a degree in psychology, and decided to transition into software development. Currently, I am a Solutions Architect with 7 years of experience in software engineering, and have been working in Critical Software, mainly in projects focused on the energy sector. As a Solutions Architect, I am often involved in discussions with stakeholders where BDD plays a crucial role in aligning technical solutions with business requirements.

• 

• 

8th of January at 16h00, Rafael Pereira (Critical Software) and Francisco Giro (Critical Software)  will give a presentation entitled“Retrieval Augmented Generation for Private Data” 
Location: G4.1

Abstract
Critical Software provides third-line support for major projects, requiring access to data from sources like Confluence, JIRA, and documentation. Locating relevant information is difficult, especially as team members change over time. To address this, we developed a virtual assistant with a Large Language Model (LLM) using Retrieval Augmented Generation (RAG). The assistant integrates diverse data sources, ensures data confidentiality, and adapts to different projects. It combines VectorRAG and GraphRAG for accurate and contextual responses. Our work also includes Open-Source Software contributions to LangChain, enhancing tools for building LLM-powered applications.

Bio
Rafael Pereira is a passionate software engineer with a Master’s degree in Computer Science from Polytechnic University of Leiria. His research focuses on emotion detection through computer vision, with several published scientific papers exploring innovative approaches such as deep learning and pose estimation for real-time emotion analysis. At Critical Software, he is actively involved in different initiatives aimed at promoting the adoption and integration of AI within the company.
Francisco Giro is a Software Engineer with a Master’s degree in Computer Science from Instituto Superior Técnico (IST), Lisbon. With nearly two years of experience at Critical Software, he specializes in Java development and collaborated on an AI initiative within the company, applying innovative approaches to research and development.

• 

• 

18th of December at 16h00, Jessica Maciel and Horácio França  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Jessica Maciel – “Developing Attack Detection Models for Microservice Applications”

Bio
Jessica holds a BSc degree in Computer Science and a MSc in Informatics from the Federal University of Paraíba, Brazil. She is currently pursuing a PhD in Informatics Engineering at the University of Coimbra, Portugal, with a focus on runtime security for microservice applications.
Abstract
Microservice architectures provide scalability and flexibility, but their distributed nature and complex service structures introduce new security challenges, especially in detecting cyberattacks. In this talk, we will present our work on developing attack detection models for microservice applications, including a framework designed to generate realistic attack data and develop detection models with illustrations in the context of DDoS attacks.

Horácio França – “Using Generative Pre-trained Transformers to Identify Security Bugs among Bug Reports”

Bio
Horácio is currently a PhD student at the University of Coimbra. He has a bachelor’s degree in Computer Science and a master’s degree in Systems and Computer Engineering from the Federal University of Rio de Janeiro. His research interests include Artificial Intelligence, Cyber Security and the intersection of those subjects.
Abstract
Bug trackers are useful tools for developers to identify issues in their software, however, depending on how many reports are being submitted it may become hard to prioritize what to tackle first. Security issues being reported in this manner need to be identified rapidly for two reasons: Firstly, they need to be addressed in the software as quickly as possible, and secondly because a public issue report about a security bug could inform malicious actors of the existence of an exploitable vulnerability. With the increased use of GPTs across industry and academia, this problem seemed like a good application of this technology. In this presentation, we expound on the results obtained from testing 4 different GPT models on 7 different security bug report datasets.

• 

• 

• 

27th of November at 16h00, Nuno Lourenço (bAI)  will give a presentation entitled“Smart, Sustainable, and Evolved AI” 
Location: G4.1Online: https://meet.google.com/rqf-xofk-dck

Abstract
In this talk, we will present and discuss how nature-inspired approaches, namely evolutionary algorithms (EAs) can address sustainability and robustness challenges in AI, namely in Deep Artificial Neural Networks (ANNs).

Bio
Nuno Lourenço is an Associate Professor at the Department of Informatics Engineering of the University of Coimbra, where he obtained his PhD in Information Science and Technology in 2016. He is the current coordinator of the bio-Inspired Artificial Intelligence (bAI) group and is a member of the Centre for Informatics and Systems of the University of Coimbra (CISUC) since 2009. His main research interests are in the areas of Bio-Inspired Algorithms, Optimisation and Machine Learning. He is the co-creator of Structured Grammatical Evolution, Probabilistic Grammatical Evolution, and DENSER, a novel approach to automatically design Deep Artificial Neural Networks using Evolutionary Computation. He served as chair in the main conferences of the Evolutionary Computation field, namely EuroGP 2020 and 2021 as program chair, and PPSN 2018 and EuroGP 2019 as publication chair. He is a member of the Programme Committee of GECCO, PPSN, and EuroGP; a member of the Steering Committee of EuroGP; and an executive board member of SPECIES.

20th of November at 16h15, Leonardo Montecchi (NTNU)  will give a presentation entitled“Model-Driven Engineering for System Verification: Overview and Portugal-Norway Collaboration Opportunities” 
This sessions happens within the context of “Science and Technology Week” of Ciência Viva: https://www.cienciaviva.pt/semanact/2024/eventos.php?accao=showactivities&id_activity=7041
Location: G4.1Online: https://videoconf-colibri.zoom.us/j/96201340056?pwd=0GRZ5FoE2dyiAZo1G6sm20N30ZZCq2.1

Abstract
Model-Driven Engineering is a software development technique that advocates the use of models (e.g., UML models) as primary artifacts in the development process. Following this phylosophy, developers “program” using models, and source code is automatically generated from such abstract representations of the intended product. This approach is based on ad-hoc languages that are able to describe concepts of the involved domain, that is, domain-specific languages (DSLs). While MDE originated for software development, it has expanded beyond its initial software-centered focus, and it is applied to formalize and automate worflows in different domains. This talk gives an overview of the application of MDE concepts for verification of systems, and sketches possible collaboration opportunities between the University of Coimbra and NTNU.

Bio
Leonardo Montecchi is Associate Professor with the Norwegian University of Science and Technology (NTNU) in Trondheim, Norway. From 2017 to 2021, he was Assistant Professor with the University of Campinas (Unicamp), Brazil. He received his PhD from the University of Firenze, Italy, in 2014, with the Resilient Computing Lab (RCL). His expertise revolves around the modeling of complex systems, including formal models, probabilistic models, and model-driven engineering. His research interests include modeling as a support to the verification and validation of safety-critical and mission-critical systems. He is regularly serving as reviewer for journals and conferences in the areas of dependability and software engineering. Leonardo has been Vice-Coordinator of the Brazilian Committee on Fault Tolerance, and Program Co-Chair of the 9th Latin-American Symposium on Dependable Computing (LADC 2019). He is Conference Chair for the 2025 edition ACM SIGSOFT FSE (Foundations of Sofware Engineering), which will be held in Trondheim on 23-27 June 2025.

• 

•