Detalhes
Nome
Alexandra Sofia MendesCargo
Investigador SéniorDesde
15 fevereiro 2018
Nacionalidade
PortugalCentro
Laboratório de Software ConfiávelContactos
+351253604440
alexandra.s.mendes@inesctec.pt
2024
Autores
Lima, R; Ferreira, JF; Mendes, A; Carreira, C;
Publicação
AUTOMATED SOFTWARE ENGINEERING
Abstract
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.
2024
Autores
Silva, A; Mendes, A; Ferreira, JF;
Publicação
CoRR
Abstract
2024
Autores
Ferreira, DR; Mendes, A; Ferreira, JF;
Publicação
CoRR
Abstract
2023
Autores
Dunne, S; Ferreira, JF; Mendes, A; Ritchie, C; Stoddart, B; Zeyda, F;
Publicação
JOURNAL OF LOGICAL AND ALGEBRAIC METHODS IN PROGRAMMING
Abstract
We present an imperative refinement language for the development of backtracking programs and discuss its semantic foundations. For expressivity, our language includes prospective values and preference - the latter being a variant of Nelson's biased choice that backtracks from infeasibility of a continuation. Our key contribution is to examine feasibility-preserving refinement as a basis for developing backtracking programs, and several key refinement laws that enable compositional refinement in the presence of non -monotonic program combinators.
2023
Autores
Saavedra, N; Gonçalves, J; Henriques, M; Ferreira, JF; Mendes, A;
Publicação
CoRR
Abstract
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.