Abstract
As software becomes more complex and assumes an even greater role in our lives, formal verification is set to become the gold standard in securing software systems into the future, since it can guarantee the absence of errors and entire classes of attack. Recent advances in formal verification are being used to secure everything from unmanned drones to the internet. At the same time, the usable security research community has made huge progress in improving the usability of security products and end-users comprehension of security issues. However, there have been no human-centered studies focused on the impact of formal verification on the use and adoption of formally verified software products. We propose a research agenda to fill this gap and to contribute with the first collection of studies on people's mental models on formal verification and associated security and privacy guarantees and threats. The proposed research has the potential to increase the adoption of more secure products and it can be directly used by the security and formal methods communities to create more effective and secure software tools. © C. Carreira et al.

Abstract

Abstract
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a new tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can indeed automatically correct timing side-channel vulnerabilities, being more effective with those that are controlflow based.

Abstract
Mobile devices have become indispensable in our daily life and reducing the energy consumed by them has become essential. However, developing energy-efficient mobile applications is not a trivial task. To address this problem, we present EcoAndroid, an Android Studio plugin that automatically applies energy patterns to Java source code. It currently supports ten different cases of energy-related refactorings, divided over five energy patterns taken from the literature. We used EcoAndroid to analyze 100 Java mobile applications (approximate to 1.5M LOC) and we found that 35 of the projects had a total of 95 energy code smells. EcoAndroid was able to automatically refactor all the code smells identified.

Abstract

Abstract
As quantum computing approaches its first commercial implementations, quantum simulation emerges as a potentially ground-breaking technology for several domains, including biology and chemistry. However, taking advantage of quantum algorithms in quantum chemistry raises a number of theoretical and practical challenges at different levels, from the conception to its actual execution. We go through such challenges in a case study of a quantum simulation for the hydrogen (H-2) and lithium hydride (LiH) molecules, at an actual commercially available quantum computer, the IBM Q. The former molecule has always been a playground for testing approximate calculation methods in quantum chemistry, while the latter is just a little bit more complex, lacking the mirror symmetry of the former. Using the variational quantum eigensolver method, we study the molecule's ground state energy versus interatomic distance, under the action of stationary electric fields (Stark effect). Additionally, we review the necessary calculations of the matrix elements of the second quantization Hamiltonian encompassing the extra terms concerning the action of electric fields, using STO-LG-type atomic orbitals to build the minimal basis sets.