miguel pupo correia           
 

Software Security

The (in)security of software is not only a research topic, but a societal challenge. I created and starting teaching a course in the area in 2004 and doing research a few years later, with special emphasis on web application security.

Current students: Tatjana Lide, Roberto Ponte, Diogo Pereira, Anabela Borges

Software prototypes: WAP

Selected publications:

Ibéria Medeiros, Miguel Beatriz, Nuno Neves and Miguel Correia. Hacking the DBMS to Prevent Injection Attacks. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy, March 2016. (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining. IEEE Transactions on Reliability, 65(1):54–69, March 2016. (pdf)

I. Medeiros, N. F. Neves, M. Correia. Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. In Proceedings of 23rd International World Wide Web Conference, 2014. (pdf)

J. Antunes and N. F. Neves and M. Correia and P. Veríssimo and R. Neves. Vulnerability Removal with Attack Injection. IEEE Transactions on Software Engineering, vol. 36, n. 3, pp. 357–370, March 2010. (pdf)

Miguel Pupo Correia e Paulo Jorge Sousa. Segurança no Software (Software Security, in Portuguese), FCA editores. 2a Edição Atualizada e Aumentada, Set. 2017.

Other publications:

Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Neves, Miguel Correia and Marco Vieira. On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study. In Proceedings of the 13th European Dependable Computing Conference (EDCC 2017), Sep. 2017. (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. Demonstrating a Tool for Injection Attack Prevention in MySQL. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun. 2017. (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities. In Proceedings of the IEEE International Symposium on Software Testing and Analysis (ISSTA), Jul. 2016. (pdf)

Christine Blakemore, João Redol, Miguel Correia. Fingerprinting for Web Applications: from Devices to Related Groups. In Proceedings of the 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Aug. 2016. (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. Equipping WAP with WEAPONS to Detect Vulnerabilities. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun. 2016. (pdf)

I. Medeiros, N. F. Neves, M. Correia. Securing Energy Metering Software with Automatic Source Code Correction. In Proceedings of the 11th IEEE International Conference on Industrial Informatics (INDIN), Jul. 2013 (pdf)

S. Nunes, M. Correia. Web Application Risk Awareness with High Interaction Honeypots. In Actas do INForum – Simpósio de Informática 2010. Braga, Setembro de 2010. (pdf)

Ibéria Medeiros, Miguel Correia. Finding Vulnerabilities in Software Ported from 32 to 64-bit CPUs. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), (fast abstract) Jun-Jul 2009. (pdf)

N. F. Neves and J. Antunes and M. Correia and P. Veríssimo and R. Neves. Using Attack Injection to Discover New Vulnerabilities. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), pages 457-466, June 2006. (pdf)

Miguel Pupo Correia e Paulo Jorge Sousa. Segurança no Software (Software Security, in Portuguese), FCA editores. Set. 2010.

copyright notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders: IEEE, ACM, Springer-Verlag, Elsevier, Oxford University Press. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.


home | last update: 11-11-2017