PhD Students
Faculty
Ongoing Projects
Network Security
- Vulnerability assessment of tools for censorship-resistant communication over media streaming applications like Skype using machine learning techniques. [Diogo Barradas, PhD Student]
- Traffic analysis system for covert channel detection, botnet chatter identification, and website fingerprinting performed at line-speed on P4-compatible switches. [Diogo Barradas, PhD Student]
- Distributed system that allows for deanoymization of individual Tor circuits leveraging the international cooperation of network providers for crime investigation purposes. [Pedro Medeiros, MSc Student]
- New variant of the Tor system which aims at increasing its resilience against traffic correlation attacks by introducing K-anonymous circuits. [Vitor Nunes, MSc Student]
Web Security
- Automatic detection and mitigation of security vulnerabilities in the APIs of widely used JavaScript-based Web application frameworks such as Django and AngularJS. [Tiago Brito, PhD Student]
- Web application framework that enforces end-to-end protection of sensitive data (e.g., in accordance with the GDPR) through information flow control mechanisms. [Mafalda Ferreira, MSc Student]
- Extension to the Chrome web browser for tracking sensitive data usage by WASM-powered web pages, e.g., to detect malicious data exfiltration attempts. [Carolina Costa, MSc Student]
- Tools for detection and mitigation of vulnerabilities in client-side Web applications caused by potentially insecure interactions between JavaScript and WebAssembly code. [Pedro Lopes, MSc Student]
Mobile Security
- Study of the prevailing security vulnerabilities in trusted execution environments based on Arm TrustZone deployed today in millions of devices running Android. [David Cerdeira, PhD Student]
- Cryptographic key store for Android aimed at providing strong protection of key material using hardware-enforced isolation and a type-safe programming language. [Luís Tonicha, MSc Student]
- Extension to the Chrome browser for securing privacy-sensitive WebAssembly code on mobile devices through hardware-enforced trusted execution environments. [Francisco Canana, MSc Student]
IoT Security
- Clean-slate smart home platform akin to Samsung's SmartThings that provides end-to-end privacy protection of end-users' data leveraging SGX and model checking. [Igor Zavalyshyn, PhD Student]
- Middleware for Android smartphones to prevent mobile apps from using personally-sensitive sensor data, e.g., from fitbit wristbands, in privacy-abusive ways for end-users. [Eduardo Gomes, MSc Student]