miguel pupo correia           

bio and contacts

Miguel Correia is a Full Professor (Professor Catedrático) at the Computer Science and Engineering Department (DEI), Instituto Superior Técnico (IST), Universidade de Lisboa (ULisboa), in Lisboa, Portugal. He is vice-president for faculty at DEI. He is coordinator of the Doctoral Program in Information Security at IST. He is a member of the Board and senior researcher at INESC-ID, as well as member of the Distributed Systems Group (GSD). He is national representative at the European Blockchain Partnership that is designing the European Blockchain Services Infrastructure (EBSI). He is a member of the Board of Técnico+ and a non-executive member of the Board of Associação .PT. He is Associate Editor for IEEE Transactions on Computers. He has a PhD in Computer Science from the Universidade de Lisboa Faculdade de Ciências. He has been involved in several international and national research projects related to cybersecurity, including the TRUSTyFOOD, DE4A, BIG, QualiChain, SPARTA, SafeCloud, PCAS, TCLOUDS, ReSIST, CRUTIAL, and MAFTIA European projects. He has more than 200 publications and is Senior Member of the IEEE. His research focuses on cybersecurity and dependability (aka fault tolerance), typically in distributed systems, in the context of different applications (blockchain, cloud, mobile). He is particularly interested in the fault/intrusion tolerance approach, in which systems have to continue to operate correctly irrespectively of the occurrence of faults, attacks, and intrusions.

email: miguel.p.correia_AT_tecnico.ulisboa.pt


research topics

1. Blockchain and Byzantine Consensus
2. Cloud Security and Dependability
3. Trusted Computing
4. Software Security
5. Security Analytics and Intrusion Detection
Other topics


A Survey on Blockchain Interoperability: Past, Present, and Future Trends, ACM CSUR 2022
SRX - Secure Data Backup and Recovery for SGX Applications, IEEE Access 2022
MIRES: Intrusion Recovery for Applications based on Backend-as-a-Service, IEEE TCC 2022
Sanare: Pluggable Intrusion Recovery for Web Applications, IEEE TDSC 2022
Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Languages, IEEE Trans. Reliability 2022
Omega: a Secure Event Ordering Service for for the Edge, IEEE TDSC, 2021
Fireplug: Efficient and Robust Geo-Replication of Graph Databases, IEEE TPDS 2020
SEPTIC: Detecting Injection Attacks and Vulnerabilities Inside the DBMS, IEEE Trans. Reliability 2019
BlockSim: Blockchain Simulator, IEEE Blockchain 2019
Benchmarking Static Analysis Tools for Web Security, IEEE Trans. Reliability 2018
State machine replication in containers managed by Kubernetes, Journal of Systems Architecture 2017
Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining, IEEE Trans. Reliability 2015
SCFS: a Shared Cloud-backed File System, Usenix ATC 2014
DepSky: Dependable and Secure Storage in a Cloud-of-Clouds. ACM Trans. Storage 2013.
Efficient Byzantine Fault Tolerance, IEEE Trans. Computers 2013.


• TRUSTyFOOD - Stakeholders-driven pathways for blockchain implementation in the agri-food sector (EC)
DE4A - Digital Europe For All (EC)
BIG - Enhancing the research and innovation potential of Tecnico through Blockchain technologies and design Innovation for social Good (EC)
SPARTA - Special projects for advanced research and technology in Europe (EC)
SEAL - SEcurity progrAmming of web appLications (FCT)


WAP - automatic Web Application Protection (21,400 downloads!) (also a OWASP project) - static analysis tool for PHP web applications
C2BID and DynIDS cluster-based network intrusion detection schemes
SRX - SGX Recovery Extension - Intel SGX extensions for securely moving data between enclaves
TRX - TrustZone Recovery eXtension - ARM TrustZone extensions for securely moving data between TEEs
Qualichain consortium of organizations management with Ethereum-based smart contracts
BlockSim - a discrete event Blockchain simulator
GT - Virtual Static Security Analyzer for Web Applications - static analysis tool for web applications extensible for several languages
MERLIN - Multi-Language Web Vulnerability Detection - static analysis tool for web applications in several languages
PSMA - Programmable Sandbox for Malware Analysis - malware dynamic analysis system for programmable and repeatable experiments
SafeCloudFS / RockFS - single cloud and cloud-of-clouds file system resilient to client side attacks
MIRES - intrusion recovery system for Backed-as-a-Service / mobile applications
Rectify - black-box intrusion recovery system for PaaS clouds
PREMIUM - Private REactive MultIpath commUnication Middleware - secure communications using multiple communication paths
DepSky cloud-of-clouds storage - secure and dependable cloud storage using a set of clouds
MinBFT, MinZyzzyna, Spinning and EBAWA; MinBFT now being implemented by the Hyperledger project! - Byzatine fault-tolerant replication libraries
Randomized Intrusion-Tolerant Asynchronous Services (RITAS) - randomized BFT library


53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - DSN 2023, PC member and Mentoring Program
3rd Blockchain Software Engineering Workshop 2022, co-chair
11th IEEE/IFIP Latin-American Symposium on Dependable Computing - LADC 2022
4th Workshop on Machine Learning for CyberSecurity - MLCS 2022
52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - DSN 2022
16th ACM International Conference on Distributed and Event-based Systems - DEBS 2022
37th International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2022
5th IEEE International Conference on Blockchain - Blockchain 2022
4th DSN Workshop on Data-Centric Dependability and Security - DCDS 2022

teaching (grad./undergrad.)

teaching (professionals)

Blockchain e Smartcontracts
Proteção e Segurança de Dados para Profissionais não Tecnológicos
Cibersegurança para Empresas


My profile at Google Scholar, Microsoft Academic, ACM, DBLP, Scopus, ORCID, LinkedIn, Ciência Vitae

home | last update: 16-06-2022