Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Interest
Topics
Details

Details

  • Name

    Alexandra Sofia Mendes
  • Role

    Senior Researcher
  • Since

    15th February 2018
002
Publications

2024

Patient-Centric Health Data Sovereignty: An Approach Using Proxy Re-Encryption

Authors
Rodrigues, B; Amorim, I; Silva, I; Mendes, A;

Publication
COMPUTER SECURITY. ESORICS 2023 INTERNATIONAL WORKSHOPS, PT I

Abstract
The exponential growth in the digitisation of services implies the handling and storage of large volumes of data. Businesses and services see data sharing and crossing as an opportunity to improve and produce new business opportunities. The health sector is one area where this proves to be true, enabling better and more innovative treatments. Notwithstanding, this raises concerns regarding personal data being treated and processed. In this paper, we present a patient-centric platform for the secure sharing of health records by shifting the control over the data to the patient, therefore, providing a step further towards data sovereignty. Data sharing is performed only with the consent of the patient, allowing it to revoke access at any given time. Furthermore, we also provide a break-glass approach, resorting to Proxy Re-encryption (PRE) and the concept of a centralised trusted entity that possesses instant access to patients' medical records. Lastly, an analysis is made to assess the performance of the platform's key operations, and the impact that a PRE scheme has on those operations.

2024

DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring

Authors
Lima, R; Ferreira, JF; Mendes, A; Carreira, C;

Publication
AUTOMATED SOFTWARE ENGINEERING

Abstract
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.

2024

Leveraging Large Language Models to Boost Dafny's Developers Productivity

Authors
Silva, A; Mendes, A; Ferreira, JF;

Publication
CoRR

Abstract

2024

Contract Usage and Evolution in Android Mobile Applications

Authors
Ferreira, DR; Mendes, A; Ferreira, JF;

Publication
CoRR

Abstract

2024

How are Contracts Used in Android Mobile Applications?

Authors
Ferreira, DR; Mendes, A; Ferreira, JF;

Publication
Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings, ICSE Companion 2024, Lisbon, Portugal, April 14-20, 2024

Abstract