Category: Events

8th of February at 16h00, Horácio França and Iury Araujo  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Horácio França – “Using Machine Learning to Identify Security Bugs in Issue Reports” 

Bio
Horácio has a bachelor’s degree in Computer Science and a master’s degree in Systems and Computer Engineering from the Federal University of Rio de Janeiro. His research interests include Artificial Intelligence, Cyber Security and the intersection of those subjects.

Abstract
Bug trackers are useful tools for developers to identify issues in their software, however, depending on how many reports are being submitted it may become hard to prioritize what to tackle first. Security issues being reported in this manner need to be identified rapidly for two reasons: Firstly, they need to be addressed in the software as quickly as possible, and secondly because a public issue report about a security bug could inform malicious actors of the existence of an exploitable vulnerability. We are currently developing Machine Learning models to identify issue reports containing security bugs and comparing the effects of dataset rebalancing strategies in their training.

Iury Araujo – “Improving System Call Representation for Cybersecurity Models” 

Bio
Iury Araujo has been a PhD student in Informatics Engineering at the University of Coimbra since 2020. He completed his Master’s degree in Informatics in 2019 and his Bachelor in Computer Science in 2016 at the Federal University of Paraíba. His expertise includes machine learning, internet of things focusing on social objects and intelligent transportation systems, security systems, and intrusion detection. His PhD thesis is focused on detecting intrusions in microservice-based systems using machine learning techniques.

Abstract
Many cybersecurity researchers use system calls as data to evaluate any harmful actions towards the normal execution of systems caused by internal or external factors. As methods evolve is necessary to improve how system calls and their interactions can be represented. Simple numeric representations or dictionaries cannot convey relationships between system calls. This work presents a study to improve the system call representation in three steps. First, proposing the classification of system calls into classes and subclasses. Followed by creating a graph representation for the classified system calls as nodes and establishing relationships as edges. Finally, we performed two validations to verify our propositions and minimize the effects of the subjectivity of researchers.

25th of January, at 15h00, Tiago Cruz will give a presentation entitled“The Enemy Within: Covert Data Exfiltration for Fun and Profit” 
Location: G4.1

Bio
Tiago Cruz is Associate Professor at the Department of Informatics Engineering of the University of Coimbra (UC), where he obtained his PhD in Computer Science, in 2012. He is a Senior Researcher at the Center for Informatics and Systems of the UC (CISUC), having started his research activity in 2001. His research interests include (but are not restricted to) topics such as management systems for communication infrastructures and services (operator and data center environments), embedded computing, critical infrastructure security, IT security and data privacy, broadband access network device and infrastructure management, 5G, IoT and SDN/NFV, among others. He has been actively involved in several national and international projects within his scope of interests, involving both academic and industrial partners, as well as in pedagogical innovation activities

Abstract
When it comes to protecting confidential and/or sensitive information, organizations have a plethora of recommendations, standards, policies and security controls at their disposal, conceived to deal with a variety of threats.  However, most of them share the same fundamental premise: that weaknesses are inline by nature, as a consequence of infrastructure, social and/or technological gaps that can be controlled, mitigated or constrained. Thus, air-gapping (i.e., ensuring that systems have no connectivity means of any sort) is often regarded as a sound strategy to increase security, preserve sensitive data, and safeguard critical information. But then there’s the question: is air-gapping that good?
This talk will discuss how exfiltration can take place in supposedly air-gapped environments, by abusing one specific kind of infrastructure that is often forgotten.

11th of January at 16h00, José Flora and Nuno Seixas  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

José Flora – “Dataset for Intrusion Detection in Container-based Microservice Systems” 

Bio
José Flora is a PhD student of the PhD in Informatics Engineering at the University of Coimbra where he is, since 2017, a researcher with the Centre for Informatics and Systems. He has completed his Masters in Informatics Security in 2019 and his Bachelor’s degree in Informatics Engineering in 2017 at the University of Coimbra. He has participated as Student Researcher in 4 projects, namely H2020: ATMOSPHERE; METRICS and TalkConnect; and CMU-PT AIDA. His expertise includes testing techniques, fault injection, vulnerability injection and benchmarking, applied in the context of multi-tenant cloud and virtualized environments, containers platforms and micro service architectures. His PhD thesis is focused on the security of microservice-based systems, with emphasis on intrusion detection and intrusion tolerance.

Abstract
Microservices are nowadays the predominant architecture for cloud-based applications. Serving millions of customers daily, it is of utmost importance to secure these systems. Intrusion detection is a widely used technique that is now being used in microservices to build behavior profiles and report anomalies during runtime as possible attacks. However, its effectiveness is far from clear, as existing evaluations use datasets reduced in size and limited in representativeness, mainly due to the special nature of microservices, which are ephemeral and highly scalable. We present a comprehensive dataset for microservices intrusion detection based on host data. We use two different well-accepted and representative microservice-based applications, subjected to rich and diverse workloads. We use representative attacks that target real vulnerabilities across different layers of the infrastructure: the web server supporting the service, the container engine, and the host machine OS. The applications are deployed into a Kubernetes cluster,  currently an industry de facto standard. During runtime, we collect for each microservice the system calls and their parameters. The datasets will be available to the community both to use and to contribute: source code and close to 5TB of data.

Nuno Seixas – “An Integrated Maturity Model for modern software development: addressing Security, Artificial Intelligence and Governance in DevOps” 

Bio
Nuno Seixas has been working in the software engineering industry since 2004. Having started his career as a researcher in CISUC, part of Medical Informatics research team, moved to commercial software development teams, where he took different roles, from software engineer to project manager. Lately, has been working in optimizing software development operations, introducing consistent processes that would improve the organization’s performance.Has a Master degree in Software Engineering from Carnegie Mellon University and University of Coimbra and has been also involved in teaching Software Engineering classes for both undergraduate and graduate courses, as an Invited Professor at University of Coimbra.

Abstract
While software is becoming more present in every business area, new technologies and needs are being added. In these new trends, we can identify three that have a relevant importance. First, the introduction of Artificial Intelligence techniques, second, the growing importance of cybersecurity and third, the need for assuring compliance for using software in highly regulated environments. The introduction of these new trends demands support from software engineering methods, making sure that organizations are able to produce software in a consistent and solid way. For that, we believe that there should be an integrated maturity model that can help to identify the current state but also, to help define the next steps. Therefore, we propose to produce an integrated maturity model that can address cybersecurity and Artificial Intelligence on software created for regulated environments.

14th of November at 16h00, André Bento and Paulo Gonçalves  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

André Bento – “Improving Availability of Microservices” 

Bio
André Bento is a PhD student at the University of Coimbra, Portugal. He received his MSc in 2019 from the University of Coimbra, Portugal, with a thesis on Observing and Controlling Performance in Microservices. His main research topics are anomaly detection, observability, and optimization of resources for cloud services. His research interests include cloud computing, microservices, monitoring, and other distributed systems topics.

Abstract
Microservices, a trend in the industry, is an architectural style to build highly dynamic, scalable and heterogeneous systems composed by many inter-connected and functionally independent components. As these systems grow in size, complexity increases and can easily outgrow the cognitive capacity of human operators, producing difficult challenges for operators to properly monitor running services, and keep them available. Availability is a critical non-functional requirement in distributed systems, essential to ensure quality of service. Operators usually rely on observability data, e.g., metrics, and distributed tracing, which hold meaningful information about performance and request paths through operational services to detect anomalous conditions and seek to improve their systems. To address this issue, we propose to use modern tracing analysis techniques to microservice-based systems, performing automatic analysis of workflow subtleties, in order to identify anomalies and suggest actions. Ultimately, our target is to make use of observability to detect anomalies in service operations, making easier to automate maintenance and operation tasks, and consequently improving availability and reliability of microservices.

Paulo Gonçalves – “Intrusion Detection Across Multiple Microservices” 

Bio
Paulo Gonçalves is a Software Developer at Probely, with a background researching host-based intrusion detection in microservices, at CISUC. He took his Computer Science Bachelors and Masters at University of Coimbra, where he wrote his thesis titled “Detecting Intrusions in Microservice Architectures. During this time he was also involved in both the ATMOSPHERE and AIDA projects. His interests include intrusion detection, vulnerability research and machine learning.

Abstract
Microservice architectures have been on the rise in recent years, as they favor loosely coupled services with specialized goals. The use of microservices eases development and maintainability, reducing overall development costs. To take full advantage, each service is deployed in a container, as they are lightweight and creation and destruction is cheap and efficient. However, when systems are split into multiple small components, the number of communication links grows extensively, increasing the possibility of attacks. Software will always have unknown vulnerabilities that attackers can exploit, therefore it is indispensable to apply security measures. Anomaly-based intrusion detection could be an effective approach, but it needs to deal with large amounts of data and services, and adapt to the dynamic number of service instances. Therefore, the available solutions must become lightweight and scalable. Past work has demonstrated the usefulness of data processing techniques to deal with scalability. Four different techniques based on a classifier fusion procedure are proposed to deal with multiple services. These techniques were evaluated using two representative microservice testbeds, Sockshop and TeaStore, with 10 different attack scenarios based on 12 different exploits. Not all attacks were successful, and some were only done to gather information; therefore, evaluating the effectiveness of techniques in intrusion attempts. The results show that only one technique was capable of detecting attacks without a high number of false positives, achieving a much better F-Measure and Precision. However, there is still room for improvement.

9th of November at 16h00, Jomar Domingos and Filipa Nogueira  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Jomar Domingos – “Online Failure Prediction for cloud Applications in a Multi-level Approach” 

Bio
Jomar Domingos is a Ph.D. candidate in Informatics Engineering at the University of Coimbra, Portugal, where he also received his MSc in 2019. His current research is related to the online failure prediction for cloud applications through multi-level ensemble learning, i.e., considering cloud computing abstraction layers in the process of online failure prediction.

Abstract
Cloud computing assumes a crucial role in the current technological landscape (mainly in the internet technology industry), as it increasingly becomes the de facto approach to deploy applications and provide services through internet. Due to its complexity and heterogeneity, application failures occurrences are not uncommon, given its wide fault presence surface (from application/service to other cloud stack layers), and reactive approaches are becoming insufficient to handle failures. In some scenarios (such as business ans mission critical), dealing with failure after they happen can be very costly, being necessary to find another paradigms to deal with failures. Online failure prediction aims to deal with failures before they really happen, allowing to take measures to reduce their impact or completely avoid failures, increasing application/services dependability (improving the availability and reliability attributes).

Although previous works on this topic have already been presented, failure prediction for cloud application remains a open topic, where concrete implementations are rarely adopted and implemented. Conventional online failure prediction are focused on the prediction target, observing and modeling the its behaviour (form metric and produced logs), without considering the environment where it resides and operates (although some works considered the spatial information, it was limited to location and resource sharing information). Our focus is to investigate and explore online failure prediction for cloud applications as a multi-level problem, where prediction should be made considering every cloud abstraction layer, i.e., predict application failures on every relevant cloud platform abstraction layer.

Filipa Nogueira – “Process Mining Software Engineering Practices: A Case Study for Deployment Pipelines” 

Bio
Filipa Nogueira is a PhD candidate for the Doctoral Program in Information Science and Technology at the University of Coimbra and a member of the SSE research group. Her current main research interest focuses on the concepts related to Process Mining applied to the Software Engineering field and topics that concern improving the quality of software products and processes. She is also an Engineering Team Lead in an e-commerce company where her tasks include team and project management while ensuring software delivery with speed and quality.

Abstract
In mature software development, the deployment pipeline is the only route to deploy software into production, comprising different cycles: commit, acceptance and production. This means that DevOps teams should be able to develop, integrate and test features quickly and thoroughly via continuous practices. Even though the description of this process seems straightforward, the reality is quite different since exceptions are commonplace in actual industry practice. Process Mining provides tools to discover and check the compliance of DevOps processes while uncovering the bottlenecks and improvement areas.

This talk aims to present a case study on the adoption of Process Mining techniques in the deployment pipeline process (CI/CD) of a large European e-commerce company. The research focuses on the visibility provided by Process Discovery techniques in the DevOps workflow, namely in the process and time perspectives.

26th of October, at 16h00, Haytham Hijazi will give a presentation entitled“Cognitive Load Monitoring Through wearables: A Machine Learning Perspective” 
Location: G4.1

Bio
A Ph.D. research fellow, Centre of Informatics and Systems, University of Coimbra (CISUC), Coimbra, Portugal. Haytham Hijazi received a B.Eng. degree in Computer Systems Engineering from Palestine Polytechnic University with an excellent grade and an M.Sc. degree in Information Technology Engineering from the University of Stuttgart, Germany, in 2012 (a DAAD scholarship holder).

From 2012 to 2019, he worked with Palestine Ahliya University, Bethlehem, as a Lecturer, researcher, Data Centre Director, and Quality Assurance Manager.

Since 2019, Hijazi has been a Ph.D. Research Fellow with the Center for Informatics and Systems, University of Coimbra (CISUC). During this time, Hijazi published his work in top journals and conferences and translated one of his works into an internationally published patent application by WIPO.

Hijaz’s research interests include Explainable Machine Learning, Wearable Data Analysis, and Neuro Software Engineering (NeuroSE). His current thesis work focuses on developing intelligent biofeedback systems for augmenting content comprehension, including software engineering applications. Hijazi has broad managerial skills, including project management, academic quality assurance, and curriculum development.

Abstract
Although we are witnessing enormous growth in wearables technology (e.g., smart watches), which enables us to extract physiological measures daily, monitoring individuals’ cognitive load while performing a mental task (e.g., content comprehension) through these measures remains challenging.

Among those challenges are the inter- and intra-variability of individuals in exhibiting responses to mentally demanding tasks, models overfitting, and explainability issues.

This talk aims to introduce the results of the machine learning pipeline used in our work to predict comprehension difficulty in reading digital content using the Emaptica E4 wearable and a desktop eye-tracker. While showing the results, this talk will highlight the main challenges encountered and the measures to mitigate them.

12th of October at 16h00, Inês Valentim and Vittorio Orbinato  will give two short presentations, to promote discussion on two relevant ongoing or disruptive topics. Afterwards, there will be a social gathering where everyone can talk freely on whatever subjects they like.
Location: G4.1

Inês Valentim – “NeuroEvolution meets Adversarial Robustness” 

Bio
Inês Valentim is a Ph.D. candidate in Informatics Engineering at the University of Coimbra, Portugal, where she also received her BS and MSc in 2016 and 2019, respectively. Her current research is on the intersection of Artificial Neural Networks (ANNs), Evolutionary Computation, and Adversarial Machine Learning. In particular, she is investigating how NeuroEvolution can be leveraged to design ANNs that are more robust to adversarial examples.

Abstract
Artificial Neural Networks (ANNs) have achieved remarkable results in several domains, but their widespread adoption means that concerns other than predictive performance must be addressed. One of these concerns is their vulnerability to adversarial examples, which are carefully perturbed inputs that cause these models to produce erroneous outputs.
Manually designing and configuring ANNs becomes even more difficult under such adversarial settings. Evolution-based approaches have designed ANNs with competitive performance in the past, but the adversarial robustness of the evolved models was mostly overlooked.

In this presentation, we will overview how we plan on tackling these gaps in the literature during the Ph.D., namely by using NeuroEvolution to improve the adversarial robustness of ANNs.

Vittorio Orbinato – “Automating Adversary Emulation: a new approach to Offensive Security” 

Bio
Vittorio Orbinato is a PhD student in Information Technology and Electrical Engineering (ITEE) at Università degli Studi di Napoli Federico II, Italy.  He got his master degree at Università degli Studi di Napoli Federico II, Italy, and is currently working at the Department of Informatics Engineering (DEI), Portugal. His research interests concern Cybersecurity, Adversary Emulation and Virtualization.

Abstract
The security of software platforms and applications depends on effective techniques to detect vulnerabilities exploited by malicious attackers. To achieve this goal, the Offensive Security paradigm is becoming increasingly popular: the idea behind this approach is to test software security from an adversary perspective. Despite the advantages provided by such a paradigm, there are still many challenges related to the feasibility and costs of all the related activities.

28th of September at 16h00,  Rodrigo Ronner Tertulino da Silva will give a presentation entitled “How to ensure the privacy and security of data shared between electronic health record systems – ERH”
Location: G4.1

Bio
Rodrigo Ronner Tertulino da Silva is a professor at the Federal Institute of Education, Science, and Technology of Rio Grande do Norte (IFRN), Brazil. He got his master’s degree at the State University of Rio Grande do Norte (UERN), Brazil, and is working at the Department of Informatics Engineering (DEI), Portugal.He works in the following lines of research: Networks and Distributed Systems, performance evaluation of networked systems, network management. Software Engineering: Agile methods and integration with traditional approaches, object-oriented software development, including refactorings and frameworks. Security: Security in Web and PenTest applications. He is currently developing research on privacy and security in Healthcare (EHR) systems.CV (In Portuguese): http://lattes.cnpq.br/5863705420808941

Abstract
The Federal Institute of Education, Science and Technology of Rio Grande do Norte (IFRN) is a public higher education institution established in 1909. Nowadays, IFRN is composed of 22 campuses strategically located in all the mesoregions of Rio Grande do Norte. It holds 40,000 students enrolled in 36 undergraduate programs, 29 graduate programs (lato sensu, masters and doctorate).
The doctoral work aims to enhance privacy issues aligned with data privacy laws and regulations in Electronic Health Record Systems (EHRs), making these systems more trustworthy for users and developers. To carry out our study and propose the development of an architectural reference for the development of EHR systems, we will also propose privacy level agreements according to essential requirements according to our research that was carried out. To evaluate our work, we will analyze systems already well known in Brazil, such as E-SUSAPS and AGHUSE, which the Brazilian government uses in public hospitals. Therefore, this doctoral work aims to propose a privacy-aware reference architecture that can guide the development of EHR systems. Security and privacy aspects are issues throughout the development cycle of these systems. Hence, allowing developers to analyze more focused aspects such as privacy and security.