Titulo Estágio
Cognitive Mechanisms Analysis for Security Vulnerabilities
Áreas de especialidade
Engenharia de Software
Engenharia de Software
Local do Estágio
SSE-CISUC
Enquadramento
Security vulnerabilities are typically caused by a lack of security controls during system operation or missing precautions early during software development. It is significant to understand the cognitive mechanisms behind the introduction of vulnerabilities, so we could further design preventive strategies at early stages of software development.
Objetivo
This project aims to investigate how security vulnerabilities are introduced by software developers, so as to design cognitive strategies to proactively preventing vulnerabilities at the beginning of software development. The approach will include human error theories and software design cognition. The students will learn an interdisciplinary set of knowledge on how developers design software, how they makes errors and using the learnt knowledge to perform root cause analysis on vulnerabilities. The student will develop a prototype and possibly apply the developed method and database in industrial contexts.
Plano de Trabalhos - Semestre 1
T1. [Month 1] Learning software design cognition models and Human error theories
T2.[M2] Literature review, developing a vulnerability taxonomy, with typical examples for each category
T3. [M3] Root cause analysis, building a causal mechanism model for each on each category of vulnerabilities
T4. [M4] Write the Dissertation Plan
Plano de Trabalhos - Semestre 2
T5. [M1] Prototype Requirement analysis and Architecture design.
T6. [M2] Prototype implementation.
T7. [M3] Case Study.
T8. [M4] Write the thesis.
Condições
The candidate will be co-advised by Dr. Fuqun Huang and Dr. Nuno Antunes. The candidate should read, write and speak English well. The proposed work will be funded by a 3-months internal grant. The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group. A work place will be provided as well as the required computational resources.
Observações
the work is part of the contribution of “Human Errors in Software Engineering” Interdisciplinary Research Group of the University of Coimbra. Co-authorizing a scientific paper with the supervisors is highly likely.
About the advisers:
Fuqun Huang is currently a FCT Researcher and Invited Assistant Professor at Centre for Informatics and Systems of University of Coimbra, where she leads the research group on “Human Errors in Software Engineering” (HESE) and gives the first university course in HESE to master students in the University of Coimbra. Dr. Huang is the Founder for Institute of Interdisciplinary Scientists, a Federal 501(c)(3) non-profit research institute located at Seattle, where she initiated the “Software Engineering & Psychology” Interdisciplinary Research Program (since 2016), dedicated to defend against software defects through a deep understanding of the psychological mechanisms of how software practitioners commit human errors. She received her PhD (in 2013)on Systems Engineering and B.S.E (2006) on Aerospace Systems Engineering from Beihang University, a top research university (undergraduate acceptance rate 0.3%) located in Beijing, China, known for Engineering programs. Dr. Huang was a Postdoctoral Researcher with The Ohio State University from 2014 to 2016, working on software dependability assessment and robust software design funded by the U.S. Department of Energy and U.S. Air Force Office of Scientific Research. She has regularly served as a reviewer for journals such as Reliability Engineering and Systems Safety, IEEE Transactions on Reliability, Software Testing, Verification and Reliability, and U.S. Office of Nuclear Energy, U.S. Department of Energy. She is a member of IEEE Standards, Program Committee for conferences such as the Annual conference on Innovation and Technology in Computer Science Education (ITiCSE 2022, CORE A), the IEEE International Conference on Software Quality, Reliability and Security (QRS 2021, CORE B) and IEEE International Workshop on Software Certification (2015-2021). Dr. Huang is a founder member of the interdisciplinary area “Human Errors in Software Engineering”. She was included in Marquis Who's Who in America for Leadership in Science.
Selected relevant publications:
1. F. Huang* and L. Strigini. “HEDF: A New Method for Early Forecasting Software Defects based on Human Error Mechanisms.” arXiv:2110.06758, to appear in IEEE Access 2022 (CORE A Journal) (*Corresponding author)
2. F. Huang and H. Madeira, "Targeted Code Inspection based on Human Errors,” The 32nd International Symposium on Software Reliability Engineering (ISSRE 2021) (CORE A in SE)
3. F. Huang* and B. Liu. “Software Defect Prevention based on Human Error Theories.” Chinese Journal of Aeronautics 30, no.3 (2017):1054-1070 (Top Q1 journal, 6/20 top publications in Aerospace by Google)
4. F. Huang* and C. Smidts. “Causal Mechanism Graph: a New Notation System to Capture Cause-effect Knowledge in Software Dependability.” Reliability Engineering & System Safety 158 (2017): 196-212. (Top Q1 journal, 6/1080 Scimago, 2/20 Top Publications by Google Scholar)
5. F. Huang*, B. Liu, Y. Song, and S. Keyal. "The links between human error diversity and software diversity: Implications for fault diversity seeking." Science of Computer Programming 89 (2014): 350-373. (CORE A journal)
Dr. Nuno Antunes is an Assistant Professor at CISUC. His research interests include testing, fault injection, vulnerability injection and benchmarking, which are applied in the assessment of the dependability and security of cloud applications, intelligent systems, virtualized environments, web services, web and mobile applications, and data management systems. Dr. Antunes has managed and/or participated over 20 National and international research projects. He has served as program committee member for the prestigious conference ISSRE since 2015, and was PC chair for ISSRE 2020.
Orientador
Fuqun Huang
huangfuqun@dei.uc.pt 📩