miguel pupo correia           
 

Software Security

The (in)security of software is not only a research topic, but a societal challenge. I created and starting teaching a course in the area in 2004 and doing research a few years later, with special emphasis on web application security.

Funded projects: SEAL

Current team: David R. Matos, Tatjana Lide

Software prototypes: WAP, MERLIN, AJECT

Selected publications:

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Languages. IEEE Transactions on Reliability, volume 71, issue 2, pp 1033-1056, June 2022 (pdf)

Ibéria Medeiros, Miguel Beatriz, Nuno Neves and Miguel Correia. SEPTIC: Detecting Injection Attacks and Vulnerabilities Inside the DBMS. IEEE Transactions on Reliability, 68(3): 1168-1188, 2019 (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining. IEEE Transactions on Reliability, 65(1):54-69, March 2016. (pdf, software)

I. Medeiros, N. F. Neves, M. Correia. Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives. In Proceedings of 23rd International World Wide Web Conference, 2014. (pdf, software)

J. Antunes and N. F. Neves and M. Correia and P. Veríssimo and R. Neves. Vulnerability Detection with Attack Injection. IEEE Transactions on Software Engineering, vol. 36, n. 3, pp. 357–370, March 2010. (pdf, software)

Miguel Pupo Correia e Paulo Jorge Sousa. Segurança no Software (Software Security, in Portuguese), FCA editores. 2a Edição Atualizada e Aumentada, Set. 2017.

Other publications:

Mihail Brinza, Miguel Correia, João Pereira. Virtual Static Security Analyzer for Web Applications. In Proceedings of Trustcom 2021, August 2021 (pdf, software).

Alexandra Figueiredo, Tatjana Lide, David Matos and Miguel Correia. MERLIN: Multi-Language Web Vulnerability Detection. In Proceedings of the 19th IEEE International Symposium on Network Computing and Applications (NCA), Nov. 2020 (pdf, software).

Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Neves, Miguel Correia, and Marco Vieira. An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios. Computing, 101(2): 161-185, February 2019 (pdf)

Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Neves, Miguel Correia, and Marco Vieira. Benchmarking Static Analysis Tools for Web Security. IEEE Transactions on Reliability, 67(3): 1159-1175, 2018 (pdf)

Roberto Ponte, Ibéria Medeiros, and Miguel Correia. Fuzzing Ethereum Smart Contracts (research statement). DSN Workshop on Byzantine Consensus and Resilient Blockchains (BCRB ’18), June 2018

Paulo Nunes, Ibéria Medeiros, José Fonseca, Nuno Neves, Miguel Correia and Marco Vieira. On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study. In Proceedings of the 13th European Dependable Computing Conference (EDCC 2017), Sep. 2017. (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. Demonstrating a Tool for Injection Attack Prevention in MySQL. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun. 2017. (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities. In Proceedings of the IEEE International Symposium on Software Testing and Analysis (ISSTA), Jul. 2016. (pdf)

Ibéria Medeiros, Miguel Beatriz, Nuno Neves and Miguel Correia. Hacking the DBMS to Prevent Injection Attacks. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy, March 2016. (pdf)

Christine Blakemore, João Redol, Miguel Correia. Fingerprinting for Web Applications: from Devices to Related Groups. In Proceedings of the 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Aug. 2016. (pdf)

Ibéria Medeiros, Nuno F. Neves, Miguel Correia. Equipping WAP with WEAPONS to Detect Vulnerabilities. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun. 2016. (pdf)

I. Medeiros, N. F. Neves, M. Correia. Securing Energy Metering Software with Automatic Source Code Correction. In Proceedings of the 11th IEEE International Conference on Industrial Informatics (INDIN), Jul. 2013 (pdf)

S. Nunes, M. Correia. Web Application Risk Awareness with High Interaction Honeypots. In Actas do INForum – Simpósio de Informática 2010. Braga, Setembro de 2010. (pdf)

Ibéria Medeiros, Miguel Correia. Finding Vulnerabilities in Software Ported from 32 to 64-bit CPUs. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), (fast abstract) Jun-Jul 2009. (pdf)

N. F. Neves and J. Antunes and M. Correia and P. Veríssimo and R. Neves. Using Attack Injection to Discover New Vulnerabilities. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), pages 457-466, June 2006. (pdf, software)

Miguel Pupo Correia e Paulo Jorge Sousa. Segurança no Software (Software Security, in Portuguese), FCA editores. Set. 2010.

copyright notice

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders: IEEE, ACM, Springer-Verlag, Elsevier, Oxford University Press. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.


home | last update: 02-11-2020