Details
Name
Alexandra Sofia MendesRole
Senior ResearcherSince
15th February 2018
Nationality
PortugalCentre
High-Assurance SoftwareContacts
+351253604440
alexandra.s.mendes@inesctec.pt
2024
Authors
Lima, R; Ferreira, JF; Mendes, A; Carreira, C;
Publication
AUTOMATED SOFTWARE ENGINEERING
Abstract
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.
2024
Authors
Silva, A; Mendes, A; Ferreira, JF;
Publication
CoRR
Abstract
2024
Authors
Ferreira, DR; Mendes, A; Ferreira, JF;
Publication
CoRR
Abstract
2023
Authors
Dunne, S; Ferreira, JF; Mendes, A; Ritchie, C; Stoddart, B; Zeyda, F;
Publication
JOURNAL OF LOGICAL AND ALGEBRAIC METHODS IN PROGRAMMING
Abstract
We present an imperative refinement language for the development of backtracking programs and discuss its semantic foundations. For expressivity, our language includes prospective values and preference - the latter being a variant of Nelson's biased choice that backtracks from infeasibility of a continuation. Our key contribution is to examine feasibility-preserving refinement as a basis for developing backtracking programs, and several key refinement laws that enable compositional refinement in the presence of non -monotonic program combinators.
2023
Authors
Saavedra, N; Gonçalves, J; Henriques, M; Ferreira, JF; Mendes, A;
Publication
CoRR
Abstract
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.