Horário: 14h
Palestrante: Luis Henrique Vieira Amaral (doutorado)
Orientador: Prof Rodrigo Bonifácio
Title: Detecting Cryptographic-API misuses with Static Analysis: the Developers Perceptions
Abstract: It is becoming increasingly indispensable for developers to rely on cryptography to protect data since software applications are collecting more and more sensitive information. Nevertheless, application developers are not necessarily cryptography experts and the offered cryptography Application Programming Interfaces (APIs) are often relatively complex and not straightforward to use. The misuse of cryptography APIs has already been established as a common cause of many security vulnerabilities [egele2013empirical], [fahl2012eve], [georgiev2012most], [nadi2016jumping]. According to the 2021 Veracode State of Software Security Report [veracode2021], Static Analysis Security Testing (SAST) reported cryptographic issues in 60.4\% of the analyzed Applications, which correspond to the top three software weaknesses reported by Static Analysis. Automatic Static Analysis Tools (ASATs) have been proven effective in uncovering security-related bugs early enough in the software development process~\cite{chess2004static}. Their main characteristic is that they are applied directly to the source or compiled code of the system, without requiring its execution [mcgraw2004software]. Since their results comprise long lists of raw warnings (i.e., alerts) or absolute values of software metrics, they might not provide real insight to the stakeholders of the software products [siavvas2018static]. Previous studies have mostly focused on quantitative methods to evaluate the performance of the SASTs, often considering the precision and recall of these tools [kruger2019crysl, rahaman2019cryptoguard, afrose2019cryptoapi, afrose2021evaluation, trautsch2021automated]. Besides, qualitative studies were conducted to evaluate why software developers do not use static analysis tools [johnson2013don]. Nonetheless, little is known about how developers react to the warnings reported by SASTs and how these tools could be more effective in helping them to use crypto-APIs correctly. Hence, appropriate knowledge extraction studies are needed on top of the raw results produced by SASTs for facilitating the production of secure software. In this exploratory study, we are interested in evaluating the developers' perceptions of the crypto-APIs misuses reported by Static Analysis Security Testing (SAST). In particular, we use the state-of-the-art CogniCrypt [kruger2019crysl] and CryptoGuard [rahaman2019cryptoguard] to analyze and collect incorrect usage of crypto-APIs on Java projects and open-source Android applications. In addition, we contacted the maintainers of these projects to get their perceptions about the warnings reported by the SASTs.
Horário: 14h20
Palestrante: Lucas Ângelo Silveira (doutorado)
Orientador: Prof Mauricio Ayala
Title: Reconfigurable Heterogeneous Parallel Island Models
Abstract: Heterogeneous Parallel Island Models (HePIMs) run different bio-inspired algorithms (BAs) in their islands. From a variety of communication topologies and migration policies fine-tuned for homogeneous PIMs (HoPIMs), which run the same BA in all their islands, previous work introduced HePIMs that provided competitive quality solutions regarding the best-adapted BA in HoPIMs. This work goes a step forward, maintaining the population diversity provided by HePIMs, and increasing their flexibility, allowing BA reconfiguration on islands during execution: according to their performance, islands may substitute their BAs dynamically during the evolutionary process. Experiments with the introduced architectures were applied to a NP-hard problem, using four different BAs, namely, simple Genetic Algorithm, Double-point crossover Genetic Algorithm, Differential Evolution, and self-adjusting Particle Swarm Optimization. The results showed that the novel reconfigurable heterogeneous models compute better quality solutions than the HePIMs closing the gap with the HoPIM running the best-adapted BA.
Horário: 14h40
Palestrante: Beatriz Fragnan Pimento de Oliveira (mestrado)
Orientadora: Profa Maristela Holanda
Título: a definir
Resumo: a definir
Horário: 15h
Palestrante: Thiago Mendonça Ferreira Ramos (doutorado)
Orientador: Prof Mauricio Ayala
Title: Formalization of a Computational Theory
Abstract: Formalization of a Computational Theory
Horário: 15h20
Palestrante: Lucas Maciel Vieira (doutorado)
Orientadora: Profa Maria Emilia M. T. Walter
Title: Competing Endogenous RNA in Colorectal Cancer: An Analysis for Colon, Rectum, and Rectosigmoid Junction
Abstract: Colorectal cancer (CRC) is a heterogeneous cancer. Its treatment depends on its anatomical site and distinguishes between colon, rectum, and rectosigmoid junction cancer. This study aimed to identify diagnostic and prognostic biomarkers using patent's biological and clinical features.
Horário: 15h40
Palestrante: Alessandro Rodrigues e Silva (doutorado)
Orientadora: Profa Mylène Farias
Title: Quality of User Experience for advanced multimedia services
Abstract: In the last decade, several types of multimedia services have been emerged, virtual reality, augmented/mixed reality, 360 videos, all of them may use 3D content to enhance the experience. Still, the level of acceptability and popularity these applications are strongly correlated to the quality of User Experience (QuX), i.e. the user's opinion should be taken into consideration when designing and testing his applications. Since research in this area depends heavily on data acquired in psychophysical experiments, a platform, and databases, that takes in to account the user, and the content, are considered important tools to researchers and developers of these technologies. In this work, our first goal is to build a platform and databases of 3D-enabled technologies, that contains a set of typical stereoscopic distortions. Our second goal is to understand how these stereoscopic degradations are perceived by viewers and how it influences the Quality of User Experience.