Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Interest
Topics
Details

Details

  • Name

    Alexandra Sofia Mendes
  • Cluster

    Computer Science
  • Role

    Senior Researcher
  • Since

    15th February 2018
001
Publications

2021

Exploring Usable Security to Improve the Impact of Formal Verification: A Research Agenda

Authors
Carreira, C; Ferreira, JF; Mendes, A; Christin, N;

Publication
Proceedings First Workshop on Applicable Formal Methods, AppFM@FM 2021, virtual, 23rd November 2021.

Abstract
As software becomes more complex and assumes an even greater role in our lives, formal verification is set to become the gold standard in securing software systems into the future, since it can guarantee the absence of errors and entire classes of attack. Recent advances in formal verification are being used to secure everything from unmanned drones to the internet. At the same time, the usable security research community has made huge progress in improving the usability of security products and end-users comprehension of security issues. However, there have been no human-centered studies focused on the impact of formal verification on the use and adoption of formally verified software products. We propose a research agenda to fill this gap and to contribute with the first collection of studies on people's mental models on formal verification and associated security and privacy guarantees and threats. The proposed research has the potential to increase the adoption of more secure products and it can be directly used by the security and formal methods communities to create more effective and secure software tools. © C. Carreira et al.

2021

Formal Methods Teaching - 4th International Workshop and Tutorial, FMTea 2021, Virtual Event, November 21, 2021, Proceedings

Authors
Ferreira, JF; Mendes, A; Menghi, C;

Publication
FMTea

Abstract

2021

Automatic Repair of Java Code with Timing Side-Channel Vulnerabilities

Authors
Lima, R; Ferreira, JF; Mendes, A;

Publication
2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW)

Abstract

2020

Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection

Authors
Johnson, SA; Ferreira, JF; Mendes, A; Cordry, J;

Publication
CoRR

Abstract

2020

Evaluating the Accuracy of Password Strength Meters using Off-The-Shelf Guessing Attacks

Authors
Pereira, D; Ferreira, JF; Mendes, A;

Publication
2020 IEEE International Symposium on Software Reliability Engineering Workshops, ISSRE Workshops, Coimbra, Portugal, October 12-15, 2020

Abstract
In this paper we measure the accuracy of password strength meters (PSMs) using password guessing resistance against off-the-shelf guessing attacks. We consider 13 PSMs, 5 different attack tools, and a random selection of 60,000 passwords extracted from three different datasets of real-world password leaks. Our results show that a significant percentage of passwords classified as strong were cracked, thus suggesting that current password strength estimation methods can be improved. © 2020 IEEE.