Nuno Antunes - Server eden.dei.uc.ptnmsa/nmsa-curriculum-vitae.pdf · Nuno Antunes Curriculum Vitae...
Transcript of Nuno Antunes - Server eden.dei.uc.ptnmsa/nmsa-curriculum-vitae.pdf · Nuno Antunes Curriculum Vitae...
Curriculum Vitae NunoAntunes
01October2016
NunoAntunes CurriculumVitae
3
TableofContents
1. Summary........................................................................................................................................42. PersonalInformation.................................................................................................................63. EducationandAcademicDegrees..........................................................................................64. ProfessionalExperience............................................................................................................75. ScientificActivity.........................................................................................................................85.1. Publications...................................................................................................................................85.1.1. JournalPapers..............................................................................................................................................................85.1.2. BookChapters..............................................................................................................................................................95.1.3. PapersinInternationalConferences..............................................................................................................105.1.4. PapersinInternationalWorkshops................................................................................................................125.1.5. Shortpapers...............................................................................................................................................................135.1.6. Technicalreports.....................................................................................................................................................135.1.7. Projectdeliverables................................................................................................................................................135.1.8. Posterpresentations..............................................................................................................................................145.1.9. Theses...........................................................................................................................................................................145.1.10. Scientifictoolsandprototypes....................................................................................................................145.1.11. Presentationsandscientificmeetingsattended..................................................................................15
5.2. Scientificrecognition...............................................................................................................205.2.1. Awards.........................................................................................................................................................................205.2.2. TutorialsinInternationalConferences..........................................................................................................215.2.3. Citationsknownintheliterature.....................................................................................................................21
5.3. Researchprojects.....................................................................................................................225.4. InterventionontheScientificCommunity.......................................................................265.4.1. ParticipationinEvaluationPanels...................................................................................................................265.4.2. Organizationofscientificevents.......................................................................................................................265.4.3. Participationinscientificcommittees............................................................................................................275.4.4. Participationininternationalorganizations...............................................................................................275.4.5. Sessionchairing.......................................................................................................................................................295.4.6. Serviceasreferee....................................................................................................................................................295.4.7. Invitedtalks...............................................................................................................................................................32
6. PedagogicActivity....................................................................................................................336.1. TeachingService.......................................................................................................................336.2. Supervisedstudents................................................................................................................336.2.1. M.Sc.Students..........................................................................................................................................................346.2.2. Studentsininternationalcooperationprograms......................................................................................34
6.3. Pedagogicmaterial...................................................................................................................356.4. KnowledgeTransfer................................................................................................................35
7. Additionalinformation...........................................................................................................377.1. Technicalskills..........................................................................................................................377.2. Othercompetencesandactivities.......................................................................................38
NunoAntunes CurriculumVitae
4
1. SummaryNunoManueldosSantosAntunes,sonofJoséAlmeidaAntunesandMariadoCarmodosSantos,wasborninFreguesiadeVilaNova,CouncilofMirandadoCorvoandDistrictofCoimbraonthe18thofOctober1985.
ContactInformationE-mail: [email protected]
Academicdegree: PhDinInformationScienceandTechnology,obtainedattheFacultyofSciencesandTechnologyoftheUniversityofCoimbra,March20,2014.
Fiveselectedpublications:
• NunoAntunesandMarcoVieira,“AssessingandComparingVulnerabilityDetectionToolsforWebServices:BenchmarkingApproachandExamples”,IEEETransactionsonServicesComputing,vol.8,no.2,2015.(impactfactor:3.049)In thiswork,published inoneof the top journals in theServicesarea,weproposeacompleteandmaturedapproachtodefinebenchmarksforvulnerabilitydetectiontools forwebservices.Theap-proachisinstantiatedintwodifferentbenchmarks,whichwereusedintwocampaignstoassessandcompareseveralvulnerabilitydetectiontools.
• Nuno Antunes and Marco Vieira, “On the Metrics forBenchmarkingVulnerabilityDetectionTools”,The45thAnnualIEEE/IFIPInterna-tional Conference on Dependable Systems and Networks (DSN 2015), Rio deJaneiro,Brazil,June22-25,2015.(acceptancerate:21.8%)ThispaperwaspublishedinthepremierconferenceintheDependabilityAreaandpresentsadiscus-siononthemetricsthatcanbeusedinbenchmarksforvulnerabilitydetectiontool.Theanalysisre-vealedthatthemetricsusuallyusedarenotalwaysthebestalternativeandtheselectionofthemetricsdependsontheusagescenario.
• NunoAntunesandMarcoVieira,“PenetrationTestinginWebServices”,IEEECom-puter, vol. 47, no. 02, ISSN: 0018-9162, IEEE, pp. 30-36, Feb. 2014,DOI:10.1109/MC.2013.409.(impactfactor:1.443)Inthiswork,publishedinatopIEEEmagazine,wepresenttheproblemofpenetrationtestinginwebservicesand thediscuss the lessons learned fromusingwellknowncommercialautomated testingtoolsthroughmorethan5years,withfocusontheirrealeffectivenessandwhatcanbedonetoim-proveit.
• NunoAntunesandMarcoVieira,“EnhancingPenetrationTestingwithAttackSig-natures and InterfaceMonitoring for theDetection of Injection Vulnerabilities inWeb Services”, IEEE 8th International Conference on Services Computing (SCC2011), Washington, D.C., USA: IEEE Press, ISBN: 978-1-4577-0863-3, July 4-9,2011,DOI:10.1109/SCC.2011.67.(acceptancerate:15.9%) Inthiswork,publishedinoneofthetopconferencesintheServicesarea,weproposeanewtechniquetodetectinjectionvulnerabilitiesinwebservices.Theinnovationsintroducedallowtheapproachtoperformmuchbetterthanstateofthearttoolswhilebeingavailabletobeusedinmostofthescenar-ios.
NunoAntunes CurriculumVitae
5
• NunoAntunesandMarcoVieira,“BenchmarkingVulnerabilityDetectionToolsforWebServices”,IEEE8thInternationalConferenceonWebServices(ICWS2010),Miami,Florida,USA:IEEEComputerSociety,ISBN:978-1-4244-8146-0,July5-10,2010,DOI:10.1109/ICWS.2010.76.(acceptancerate:17.6%)Inthiswork,publishedinoneofthetopconferencesintheWebServicesarea,weproposethefirst complete approach to benchmark vulnerability detection tools forweb services. Theworkwasdistinguishedwiththebestpaperawardoftheconference.
NunoAntunesisanAssistantProfessorattheDepartmentofInformaticsEngineer-ingoftheUniversityofCoimbrasinceSeptember2016.Since2008hehasbeenwiththeCentreforInformaticsandSystemsoftheUniversityofCoimbra(CISUC).Hisresearchfocusesonthedevelopmentofsecureanddependablesoftwareforapplicationsandser-vices,clouds,datamanagementsystemsandvirtualizedenvironments.
NunoAntunessubmittedhisPhDthesisinSeptember2013andobtainedhisPhDdegreeinMarch2014.Hehasauthoredatotalof38publications,inparticular:4journalpapers;6bookchapters;17internationalconferencepapers(11intierA1conferencesandtheremaining6inconferenceswithpeer-reviewingprocessesandwithacceptancerates,ingeneral,closeto35%);4workshoppapers;3fast–abstracts;2theses;2technicalreportsand5posters.Thesepublicationshavebeencitedatleast289times.Heparticipatedin10researchprojects(7international),including2H2020and3FP7projects,iscur-rentlyinvolvedinaCOSTActionandismemberoftheSPECResearchGroup.NunoAn-tunesisco-authorof3scientificprototypesandparticipatedin12internationalconfer-enceswherehepresented2tutorials,8papersand2shortpapers.Hecontributedtotheorganizationof3scientificevents,andwasmemberoftheprogramcommitteeof5internationalconferences(4tierA)and2internationalworkshops,andservedasrefereeforother26conferencesand8journals.
Atpedagogiclevel,NunoAntuneswas,asinvitedassistant,responsibleforteachingthetheoretical-practicalclassesoftheDatabasescourseattheDepartmentofInformaticsEn-gineeringoftheUniversityofCoimbrainthe2014/2015and2015/2016academicyears.In2015/2016,hewasalsolecturingpracticalclassesofSoftwareEngineering.AsvisitingprofessorattheFederalUniversityofAlagoas(UFAL)hecoordinatedthesecondhalfofclassesofthecourseonSoftwareEngineeringinthecontextoftheMasterinInformaticsprogram.HehassuccessfullysupervisedoneMScstudentandcurrentlysupervises2MScresearchstudentsattheCISUC-SSEand3MScstudentsinthecontextofinternationalcollaborations.Hewasinvitedtopresent10seminarsandworkshops,9ofwhichtarget-inganaudienceoutsidehishostinstitution,including8outsidePortugal.
Thetextincolorinthedigitalversionofthisdocumentisareferencetoaresource.Allre-sourcescanbefoundunderthe‘resources’directoryinthedigitalversionofthisdocument.
1TheconferencerankingfollowedbythisdocumentistheComputingResearchandEducationAssociationofAustral-asia(CORE2014)–ExcellenceinResearchforAustralia(ERA),availableathttp://core.edu.au
NunoAntunes CurriculumVitae
6
2. PersonalInformationName: NunoManueldosSantosAntunes
Address: DepartamentodeEngenhariaInformática
PoloII-PinhaldeMarrocos3030-290Coimbra–Portugal
E-mail: [email protected]: http://eden.dei.uc.pt/~nmsa
3. EducationandAcademicDegrees[Sep2009–Mar2014]PhDinInformationScienceandTechnology,Universityof
Coimbra–Portugal.Thethesis,entitled“SoftwareVulnerabilityDetection inService-BasedInfrastruc-tures:TechniquesandTools”,wasdefendedinMarch20,2014,withthefinalclas-sificationof“AprovadocomDistinçãoeLouvor”.Theworkhasbeenconductedun-dersupervisionofProf.MarcoVieira.WorkfundedbythePhDindividualscholarshipSFRH/BD/65117/2009,grantedbythePortugueseFoundationforScienceandTechnology fromMinistryofSci-ence,TechnologyandHigherEducation(FCT-MCTES).
[Sep 2007 – Jul 2009]MSc in Informatics Engineering, University of Coimbra –Portugal.Thethesis,entitled“EvaluatingWebServicesSecurity”,wasdefendedontheJuly23,2009,withthefinalthesisclassificationof19(outof20).MScconcludedwithafinalgradeof17(outof20).TheworkhasbeenconductedundersupervisionofProf.MarcoVieira.
[Sep 2003 – Jul 2007] BSc in Informatics Engineering, University of Coimbra –Portugal.Thebachelor program consists on a three years engineeringdegree, concludedwithafinalclassificationof14(outof20).
NunoAntunes CurriculumVitae
7
4. ProfessionalExperience[Sep2016–Now]AssistantProfessor,DepartmentofInformaticsEngineering,Uni-
versityofCoimbraLecturingPractical(P)classeson‘OperatingSystems’and‘Databases’oftheBach-elor’sdegreeinInformaticsEngineering.
[Jan2016–Aug2016]PostdoctoralResearchFellow,UniversityofCoimbra
[Sep2015–Feb2016]TeachingAssistant,DepartmentofInformaticsEngineering,UniversityofCoimbraLecturingPractical(P)classeson‘SoftwareEngineering’andTheoretical-Practical(TP)classeson‘Databases’oftheBachelor’sdegreeinInformaticsEngineering.
[May2015–Aug2015]VisitingProfessor,InstituteofComputingoftheFederalUni-versityofAlagoasResponsibleforthesecondpartofthedisciplineon‘SoftwareEngineering’intheUFAL’sMasterinInformaticsprogram,coveringtopicsofSecureandDependabledevelopmentofsystems.
[Sep2014–Feb2015]TeachingAssistant,DepartmentofInformaticsEngineering,UniversityofCoimbraLecturing theTheoretical-Practical (TP) classeson ‘Databases’ of theBachelor’sdegreeinInformaticsEngineering.
[Jun2014–Jun2015]PostdoctoralResearchFellow,UniversityofCoimbraInthecontextoftheproject"V-SIS:ValidationofCriticalSystems".
[May2014– Jul2014]VisitingResearcher, InstituteofComputingof theFederalUniversityofAlagoas
[Oct2013–Dec2013]VisitingResearcher,CoordinatedScienceLaboratoryoftheUniversityofIllinoisatUrbana-ChampaignDuringhisPhDwasvisitingresearcherintheCoordinatedScienceLaboftheUIUCworkingundersupervisionoftheProf.RavishankarK.Iyer.
[Sep2009–Mar2014]PhDStudent,UniversityofCoimbraUndersupervisionofProf.MarcoVieira.
[Aug2008–Now]Researcher,SoftwareandSystemsEngineeringGroupoftheCen-treforInformaticsandSystemsoftheUniversityofCoimbra
[Nov2007–Jul2008]JuniorSoftwareEngineer,CriticalSoftware,S.A.DuringhisMScinInformaticsEngineeringheaccumulatedafull-timeinternshipasajuniorsoftwareengineerworkingontheresearchanddevelopmentprojectADW.
NunoAntunes CurriculumVitae
8
5. ScientificActivityThissectionpresentsNunoAntunes’scientificactivity,withemphasistopublishedwork,indicatorsofscientificrecognition,participation inresearchprojects,and intervention inthescientificcommunity.NunoAntuneshadhis firstcontactwithresearchin2007withtheparticipationinthedevelopmentteamofaResearch&Developmentproject.HiseffectiveresearchactivitystartedinSeptember2008,inthecontextoftheworkforhisMScthesis.SincethisdatehehasbeenamemberoftheSoftwareandSystemsEngi-neeringGroup(SSE)oftheCentreforInformaticsandSystemsoftheUniversityofCoim-bra(CISUC).Hisresearchactivitiestargetthedependabilityandsecurityofsystemswithfocusonwebservices,SOAsandvirtualizedenvironments.Hecollaboratedinseveralna-tionalandinternationalresearchprojects.
5.1. PublicationsNunoAntuneshasauthoredorco-authoredatotalof44publications.Thissectionpre-sentsallpublications,including:journalpapers(JP),bookchapters(BC),conferencepa-pers(CP),workshoppapers(WP),shortpaper(SP),technicalreports(TR),projectdeliv-erables(PD),posters(PO),andtheses(TH).
5.1.1. JournalPapers
JP4 Nuno Antunes andMarco Vieira, “Designing Vulnerability Testing Tools forWebServices: Approach, Components, andTools”, International Journal of InformationSecurity,ISSN:1615-5262,Springer;JCRImpactfactor:0.963
JP3 NunoAntunesandMarcoVieira,“AssessingandComparingVulnerabilityDetectionToolsforWebServices:BenchmarkingApproachandExamples”,IEEETransactionsonServicesComputing,vol.8,no.2,pp.269–283,2015.JCRImpactfactor:3.049 Citedby(2)
JP2 Nuno Antunes and Marco Vieira, “Penetration Testing in Web Services”, IEEEComputer,ISSN:0018-9162,IEEE,Feb.2014,DOI:10.1109/MC.2013.409.JCRImpactfactor:1.443 Citedby(5)
JP1 Nuno Antunes and Marco Vieira, “Defending against Web ApplicationVulnerabilities”, IEEEComputer,vol.45,no.2, ISSN:0018-9162, IEEE,pp.66-72,Feb.2012,DOI:10.1109/MC.2011.259.JCRImpactfactor:1.443 Citedby(29)Selected by IEEE Computer Society to appear in InfoQ: infoq.com/articles/defending-against-web-application-vulnerabilities
NunoAntunes CurriculumVitae
9
5.1.2. BookChapters
BC6 NunoAntunesandMarcoVieira,“SecurityTestinginSOAs:TechniquesandTools”,inInnovativetechnologiesfordependableOTS-basedcriticalsystems,SpringerMilan,(Eds. Domenico Cotroneo), 2013, pp. 159-174, DOI:10.1007/978-88-470-2772-5_12.Citedby(2)
BC5 AnielloNapolitano (SESMS.c.a.r.l., Italy),GabriellaCarrozza (SESM, Italy),NunoAntunesandJoãoDurães,“SurveyonsoftwarefaultsinjectioninJavaapplications”,inInnovativetechnologiesfordependableOTS-basedcriticalsystems,SpringerMilan,(Eds. Domenico Cotroneo), 2013, pp. 101–114, DOI:10.1007/978-88-470-2772-5_8.Citedby(1)
BC4 MarcoVieiraandNunoAntunes,“IntroductiontoSoftwareSecurityConcepts”,inInnovativetechnologiesfordependableOTS-basedcriticalsystems,SpringerMilan,(Eds.DomenicoCotroneo),2013,pp.29-38,DOI:10.1007/978-88-470-2772-5_3.Citedby(0)
BC3 Zoltán Micskei (Budapest University of Technology and Economics (BME),Hungary), Henrique Madeira, István Majzik (BME, Hungary), Alberto Avritzer(Siemens Corporate Research, EUA) Marco Vieira and Nuno Antunes,“Robustness Testing Techniques and Tools”, in Resilience Assessment andEvaluation: Past, Current and Future Trends, Springer-Verlag Berlin Heidelberg,(Eds.KatinkaWolter,AlbertoAvritzer,MarcoVieira,AadvanMoorsel),2012,pp.323–339,DOI:10.1007/978-3-642-29032-9_16.Citedby(1)
BC2 NunoAntunesandMarcoVieira, “DetectingVulnerabilities inWebServices:CanDevelopersRelyonExistingTools?”, inPerformanceandDependability inServiceComputing:Concepts,TechniquesandResearchDirections,ISBN:978-1-609-60794-4,(Eds.ValeriaCardellini,EmilianoCasalicchio,KalinkaC.Branco,JulioC.Estrella,andFranciscoJ.Monaco),IGIGlobal,June2011,pp.402–426,DOI:10.4018/978-1-60960-794-4.ch018.Citedby(1)
BC1 Douglas Rodrigues (University of São Paulo - São Carlos (USP), Brasil), JúlioEstrella (USP, Brasil), Nuno Antunes, Francisco Mónaco (USP, Brasil), KalinkaBranco (USP, Brasil), Marco Vieira, “Engineering Secure Web Services”, inPerformance and Dependability in Service Computing: Concepts, Techniques andResearchDirections, ISBN: 978-1-609-60794-4, (Eds. Valeria Cardellini, EmilianoCasalicchio,KalinkaC.Branco,JulioC.Estrella,andFranciscoJ.Monaco),IGIGlobal,June2011,pp.360-380,DOI:10.4018/978-1-60960-794-4.ch016.Citedby(6)
NunoAntunes CurriculumVitae
10
5.1.3. PapersinInternationalConferences
Thepaperspresentedinthissectionwherepublishedintheproceedingsofinternationalconferencesthatfollowarigorouspeerreviewingprocess.Itincludespaperspublishedinthemostimportantconferencesinthedependability,servicesandsoftwarereliabilityareas, namely DSN (IEEE/IFIP Dependable Systems and Networks Conference), ICWS(IEEEInternationalConferenceonWebServices)andSCC(IEEEInternationalConferenceonServicesComputing),andtheInternationalSymposiumonSoftwareReliabilityEngi-neering(ISSRE).Theseconferencesarethemostselectiveontheirareas(DSNandISSREhaverejectionratestypicallyabove75%,ICWSandSCCrejecttypicallymorethan80%ofthesubmittedpapers).
CP17AleksandarMilenkoski(UniversityofWürzburg,Germany),K.R. Jayaram(IBMResearch, USA), Nuno Antunes, Marco Vieira, Samuel Kounev (University ofWürzburg, Germany), “Quantifying the Attack Detection Accuracy of IntrusionDetection Systems in Virtualized Environments”, The 27th IEEE InternationalSymposium on Software Reliability Engineering (ISSRE 2016), October 23-27,2016,Ottawa,Canada.AcceptanceRate:34.6%(45/130) Citedby(0) CORERank:A
CP16Ana Paula Sayuri Matsunaga (Centro de Pesquisa e Desenvolvimento emTelecomunicaes (CPqD), Brazil), Regina Moraes (University of Campinas(Unicamp), Brazil), Nuno Antunes, “Coverage Metrics and Detection of InjectionVulnerabilities: An Experimental Study”, 12th European Dependable ComputingConference(EDCC2016),Gothenburg,Sweden,September5-9,2016.AcceptanceRate:??%(??/??) Citedby(0) CORERank:N/A
CP15Luis Ventura, Nuno Antunes “Experimental Assessment of NoSQL EnginesDependability”, 12thEuropeanDependableComputingConference (EDCC2016),Gothenburg,Sweden,September5-9,2016.AcceptanceRate:??%(??/??) Citedby(0) CORERank:N/A
CP14HenriqueAlves(FederalUniversityofAlagoas(UFAL),Brazil),BaldoinoFonseca(UFAL,Brazil),NunoAntunes“SoftwareMetricsandSecurityVulnerabilities:DatasetandExploratoryStudy”,12thEuropeanDependableComputingConference(EDCC2016),Gothenburg,Sweden,September5-9,2016.AcceptanceRate:??%(??/??) Citedby(0) CORERank:N/A
CP13Aleksandar Milenkoski (University of Würzburg, Germany), Bryan D. Payne(Netflix Inc., USA), Nuno Antunes, Marco Vieira, Samuel Kounev (University ofWürzburg,Germany),AlbertoAvritzer(SiemensCorporateResearch,USA)andMatthias Luft (EnnoReyNetzwerkeGmbH, Germany), “Evaluation of IntrusionDetection Systems in Virtualized Environments Using Attack Injection”, The 18thInternationalSymposiumonResearch inAttacks, IntrusionsandDefenses(RAID2015),Kyoto,Japan,November2-4,2015.AcceptanceRate:??%(??/??) Citedby(0) CORERank:A
CP12LucasAmorim(FederalUniversityofAlagoas(UFAL),Brazil),BaldoinoFonseca(UFAL,Brazil),NunoAntunes,MárcioRibeiro(UFAL,Brazil),EvandroCosta(UFAL,Brazil), “Experience Report: Evaluating the Effectiveness of Decision Trees for
NunoAntunes CurriculumVitae
11
Detecting Code Smells”, The 26th IEEE International Symposium on SoftwareReliabilityEngineering(ISSRE2015),Gaithersburg,MD,USA,November2-5,2015.AcceptanceRate:29.5%(49/166) Citedby(0) CORERank:A
CP11Nuno Antunes and Marco Vieira, “On the Metrics forBenchmarking Vulnerability Detection Tools”, The 45th Annual IEEE/IFIPInternationalConferenceonDependableSystemsandNetworks(DSN2015),RiodeJaneiro,Brazil,June22-25,2015.AcceptanceRate:21.8%(50/229) Citedby(0) CORERank:A
CP10Aleksandar Milenkoski (Karlsruhe Institute of Technology (KIT), Germany),BryanD.Payne(NebulaInc.,USA),NunoAntunes,MarcoVieira,SamuelKounev(KIT,Germany),"AnAnalysisofHypercallHandlerVulnerabilities",The25thIEEEInternational Symposium on Software Reliability Engineering (ISSRE 2014),Naples,Italy,November3-6,2014.AcceptanceRate:25.0%(31/124) Citedby(1) CORERank:A
CP9 TâniaBasso(UniversityofCampinas(Unicamp),Brazil),NunoAntunes,ReginaMoraes(Unicamp,Brazil),andMarcoVieira,”AnXML-basedPolicyModelforAccessControlinWebApplications”,24thInternationalConferenceonDatabaseandExpertSystems Applications, Prague, Czech Republic, August 26-29, 2013,DOI:10.1007/978-3-642-40173-2_23.AcceptanceRate:??.?%(?/?) Citedby(0) CORERank:B
CP8 Nuno Antunes and Marco Vieira, “SOA-Scanner: An Integrated Tool to DetectVulnerabilities in Service-Based Infrastructures”,10th International Conference onServices Computing (SCC 2013), Santa Clara, CA, USA, June 27-July 2, 2013,DOI:10.1109/SCC.2013.28.AcceptanceRate:18%(?/?) Citedby(2) CORERank:A
CP7 NunoAntunesandMarcoVieira,“EvaluatingandImprovingPenetrationTestinginWeb Services”, 23rd IEEE International Symposium on Software ReliabilityEngineering (ISSRE 2012), Dallas, TX, USA, November 27-30, 2012,DOI:10.1109/ISSRE.2012.26.AcceptanceRate:30.4%(38/125) Citedby(3) CORERank:A
CP6 Nuno Antunes and Marco Vieira, “Enhancing Penetration Testing with AttackSignaturesandInterfaceMonitoringfortheDetectionofInjectionVulnerabilitiesinWeb Services”, IEEE 8th International Conference on Services Computing (SCC2011),Washington,D.C.,USA:IEEEPress,ISBN:978-1-4577-0863-3,July4-9,2011,DOI:10.1109/SCC.2011.67.AcceptanceRate:15.9%(27/170) Citedby(11) CORERank:A
CP5 NunoAntunesandMarcoVieira,“BenchmarkingVulnerabilityDetectionTools forWebServices”, IEEE8th InternationalConferenceonWebServices (ICWS2010),Miami,Florida,USA:IEEEComputerSociety,ISBN:978-1-4244-8146-0,July5-10,2010,DOI:10.1109/ICWS.2010.76.AcceptanceRate:17.6%(39/222) Citedby(22) CORERank:A
CP4 NunoAntunesandMarcoVieira,“ComparingtheEffectivenessofPenetrationTestingand Static Code Analysis on the Detection of SQL Injection Vulnerabilities inWeb
NunoAntunes CurriculumVitae
12
Services”, IEEE 15th Pacific Rim International Symposium on DependableComputing (PRDC’09), Shanghai, China: IEEE Press, ISBN: 978-0-7695-3849-5,November16-18,2009,DOI:10.1109/PRDC.2009.54.AcceptanceRate:?%(?/?) Citedby(38) CORERank:B
CP3 Nuno Antunes, Nuno Laranjeiro,Marco Vieira, and HenriqueMadeira, “EffectiveDetectionofSQL/XPathInjectionVulnerabilitiesinWebServices,”IEEEInternationalConference on Services Computing (SCC 2009), 260-267, Bangalore, India: IEEEComputer Society, ISBN: 978-0-7695-3811-2, September 21-25, 2009,DOI:10.1109/SCC.2009.23.AcceptanceRate:18.5%(35/189) Citedby(42) CORERank:A
CP2 Nuno Antunes andMarco Vieira, “Detecting SQL Injection Vulnerabilities inWebServices”, Fourth Latin-American Symposium on Dependable Computing (LADC2009), João Pessoa, Paraíba, Brazil: IEEE Press, ISBN: 978-1-4244-4678-0,September1-4,2009,DOI:10.1109/LADC.2009.21.AcceptanceRate:39.0%(17/43) Citedby(36) CORERank:N/A
CP1 MarcoVieira,NunoAntunesandHenriqueMadeira,“UsingWebSecurityScannersto Detect Vulnerabilities in Web Services”, 39th Annual IEEE/IFIP InternationalConference on Dependable Systems and Networks (DSN 2009), Estoril, Lisbon,Portugal: IEEE Press, ISBN: 978-1-4244-4422-9, June 29-July 2, 2009,DOI:10.1109/DSN.2009.5270294.AcceptanceRate:24.2%(63/260) Citedby(84) CORERank:A
5.1.4. PapersinInternationalWorkshops
WP4 Tania Basso (University of Campinas (Unicamp), Brazil), Leandro Piardi(Unicamp,Brazil),ReginaMoraes(Unicamp,Brazil),MarioJino(Unicamp,Brazil),NunoAntunes,MarcoVieira,"ADatabaseFrameworkforExpressingandEnforcingPersonal Privacy Preferences",Workshop Paper, XVI Workshop de Testes eTolerânciaaFalhas(WTF2015)co-locatedwiththeXXXIIISimpósioBrasileirodeRedesdeComputadoreseSistemasDistribuídos(SBRC2015),18May,2015.
WP3 CristianaAreias,NunoAntunes,JoãoCunha“OnApplyingFMEAtoSOAs:AProposalandOpenChallenges”,WorkshopPaper,6thInternationalWorkshoponSoftwareEngineeringforResilientSystems(SERENE'14),Budapest,Hungary,October15-16,2014.
WP2 FabioDuchi(ResiltechS.r.l.,Italy),NunoAntunes,AndreaCeccarelli(Universityof Florence, Italy), GiuseppeVella (Engineering Ing. Informatica S.p.A., Italy),FrancescoRossi(ResiltechS.r.l.,Italy),AndreaBondavalli(UniversityofFlorence,Italy)“Cost-EffectiveTestingforCriticalOff-The-ShelfServices”,WorkshopPaper,1st International Workshop on DEvelopment, Verification and VAlidation ofcRiTical Systems (DEVVARTS2014) co-located with the 33rd InternationalConference on Computer Safety, Reliability and Security (SafeComp 2014),Florence,Italy,Septembre10-12,2014.
WP1 Nuno Antunes, Francesco Brancati (Resiltech S.r.l., Italy), Andrea Ceccarelli(UniversityofFlorence,Italy),AndreaBondavalli(UniversityofFlorence,Italy),Marco Vieira “A Monitoring and Testing Framework for Critical Off-The-ShelfApplicationsandServices”,WorkshopPaper,3rdIEEEInternationalWorkshoponSoftwareCertification(WoSoCer2013)co-locatedwiththe24rdIEEEInternational
NunoAntunes CurriculumVitae
13
SymposiumonSoftwareReliabilityEngineering(ISSRE2013),Pasadena,CA,USA,November18-21,2013.
5.1.5. Shortpapers
SP3 DiogoCarvalho,NunoAntunes,MarcoVieira,AleksandarMilenkoski(Universityof Würzburg, Germany), Samuel Kounev (University of Würzburg, Germany),“ChallengesofAssessingtheHypercallInterfaceRobustness”,FastAbstract,The45th Annual IEEE/IFIP International Conference on Dependable Systems andNetworks(DSN2015),RiodeJaneiro,Brazil,June22-25,2015.
SP2 CristianaAreias,NunoAntunes, JoãoCunhaandMarcoVieira “TowardsRuntimeV&V for Service Oriented Architectures”, Fast Abstract, Sixth Latin-AmericanSymposiumonDependableComputing(LADC2013),RiodeJaneiro,Brazil,April1-5,2013.
SP1 Nuno Antunes and Marco Vieira “Detecting Vulnerabilities in Service OrientedArchitectures”,StudentForum,23rdIEEEInternationalSymposiumonSoftwareReliabilityEngineering(ISSRE2012),Dallas,TX,USA,November27-30,2012.
5.1.6. Technicalreports
TR2 Aleksandar Milenkoski (Karlsruhe Institute of Technology (KIT), Germany),MarcoVieira,BryanD.Payne(NebulaInc.,USA),NunoAntunes,SamuelKounev(KIT, Germany) “Technical Information on Vulnerabilities of Hypercall Handlers”,Technical Report SPEC-RG-2014-001 v.1.0, SPEC Research Group - IDSBenchmarking Working Group, Standard Performance Evaluation Corporation(SPEC),August2014.
TR1 Aleksandar Milenkoski (Karlsruhe Institute of Technology (KIT), Germany),SamuelKounev(KIT,Germany),AlbertoAvritzer(SiemensCorporateResearch,USA),NunoAntunes,MarcoVieira“OnBenchmarkingIntrusionDetectionSystemsforVirtualized(Cloud)Environments”,TechnicalReportSPEC-RG-2013-002v.1.0,SPECResearchGroup-IDSBenchmarkingWorkingGroup,StandardPerformanceEvaluationCorporation(SPEC),June2013.Citedby(2)
5.1.7. Projectdeliverables
DEsign,VerificationandVAlidationoflargescale,dynamicServiceSystEmS–RP6
PD6 Andrea Ceccarelli, AndreaBondavalli, Ariadne Carvalho, CristianaAreias, DanielVecchiato, Eliane Martins, Enrico Schiavone, Lucas Carvalho Leal, Marco Vieira,Nuno Antunes, Tommaso Zoppi. “Prototype checker component scenarios &requirements”,DEVASSESDeliverable3.1.
PD5 NunoLaranjeiro,AndreaCeccarelli,CeciliaRubira,CristianaAreias,ElianeMartins,LeonardoMontechi,NunoAntunes,ReginaMoraes,RômuloCarvalho,“Stateoftheart,scenariosandrequirements”,DEVASSESDeliverable1.1.
PD4 NunoAntunes,“WebsiteDescription”,DEVASSESDeliverable6.2.
NunoAntunes CurriculumVitae
14
CertificationofCriticalSystems–RP5
PD3 “Analysisoftheinteractionbetweensafetyandsecurityconcerningcertifiedsystems”,CECRISDeliverable1.2.
CriticalSoftwareTechnologyforanEvolutionaryPartnership–RP2
PD2 JoãoCunha,MarcoVieira,HenriqueMadeira,NunoLaranjeiro,JoséFonseca,NunoAntunes,“QuantitativemethodsandproceduresforassessmentofOTSbasedsoftwaresystems”,CriticalSTEPDeliverable3.2.
PD1 MarcoVieira,HenriqueMadeira,NunoAntunes,NunoLaranjeiro,JoãoDurães,JoséFonseca,JoãoCunhaandNunoSilva,“QuantitativemethodsforassessmentofOTSsoftwarecomponents”,CriticalSTEPDeliverable3.1.
5.1.8. Posterpresentations
PO5 Nuno Antunes and Marco Vieira, “SOA-Scanner: An Integrated Tool to DetectVulnerabilitiesinService-BasedInfrastructures”,CISUCWorkshop2014–“CISUC2015–2020”Coimbra,Portugal,September23-24,2014.
PO4 Aleksandar Milenkoski (Karlsruhe Institute of Technology (KIT), Germany),BryanD.Payne(NebulaInc.,USA),NunoAntunes,MarcoVieira,SamuelKounev(KarlsruheInstituteofTechnology(KIT),Germany),"HInjector:InjectingHypercallAttacks for Evaluating VMI-based Intrusion Detection Systems", 2013 AnnualComputerSecurityApplicationsConference(ACSAC2013),NewOrleans,Louisiana,USA,December9-13,2013.(poster)Citedby(1)
PO3 Nuno Antunes and Marco Vieira, “SOA-Scanner: An Integrated Tool to DetectVulnerabilitiesinService-BasedInfrastructures”,10thInternationalConferenceonServicesComputing(SCC2013),SantaClara,CA,USA,June27-July2,2013.
PO2 NunoAntunes,“MethodologiesandToolsfortheDevelopmentofNon-vulnerableWebServices”,NationalWeekofScienceandTechnology,FacultyofSciencesandTechnologyoftheUniversityofCoimbra,Coimbra,Portugal,November23,2010.
PO1 Nuno Antunes, Nuno Laranjeiro, Marco Vieira, and HenriqueMadeira, "CanWeTrust Vulnerability Detection Tools for Web Services?" Innovation Forum onSecurity and Critical Infrastructure Protection (NET-SCIP), Information andCommunication Technologies, Carnegie Mellon|Portugal – An InternationalPartnership,Coimbra,Portugal,February22,2010.
5.1.9. Theses
TH2 NunoAntunes, “SoftwareVulnerabilityDetection in Service-Based Infrastructures:TechniquesandTools”,MScThesis,UniversityofCoimbra,Portugal,March2009.(SubmittedinSeptember2013)
TH1 Nuno Antunes, “Evaluating Web Services Security”, MSc Thesis, University ofCoimbra,Portugal,July2009.
5.1.10. Scientifictoolsandprototypes
NunoAntunes CurriculumVitae
15
TO3 Sign-WS: a tool “Attack Signatures and InterfaceMonitoring for the Detection ofInjectionVulnerabilitiesinWebServices”,ThepaperpresentingitwaspublishedintheIEEE8thInternationalConferenceonServicesComputing(SCC2011),Washington,D.C.,USA,July4-9,2011.Publiclyavailablefordownload:http://eden.dei.uc.pt/~mvieira/signws.zip
TO2 RAD-WS:atoolforthedetectionofinjectionvulnerabilitiesbasedonanomaliesintheinternalbehavioroftheapplicationsundertest.The paper presenting itwas published in the IEEE International Conference onServicesComputing(SCC2009),260-267,Bangalore,India,September21-25,2009.Publiclyavailablefordownload:http://eden.dei.uc.pt/~mvieira/civs-ws.zip
TO1 IPT-WS: an improved penetration testing tool to detect SQL injectionvulnerabilitiesinwebservices.ThepaperpresentingitwaspublishedintheFourthLatin-AmericanSymposiumonDependableComputing(LADC2009),JoãoPessoa,Paraíba,Brazil,September1-4,2009.Publiclyavailablefordownload:http://eden.dei.uc.pt/~mvieira/vs_ws.zip
5.1.11. Presentationsandscientificmeetingsattended
InternationalConferencesProgramCommitteeMeetings
• RemoteParticipation, July14-15,2016.ProgramCommitteeMeeting toselectthepaperstoappearinthe27thIEEEInternationalSymposiumonSoftwareRelia-bilityEngineering(ISSRE2016).
• Raleigh,NC,USA,August4-5,2015.ProgramCommitteeMeeting toselectthepaperstoappearinthe26thIEEEInternationalSymposiumonSoftwareReliabilityEngineering(ISSRE2015).
ScientificgroupsmeetingsAsinvitedparticipant:
• “68thIFIPWG10.4Meeting”,IFIPWorkingGroup10.4onDependableComputingandFaultTolerance,June26-27,Buzios,Brazil.
AsaMemberofCOSTActionIC1402-ARVI(seeSection5.4.4):
• “ConsolidationMeeting”,Tallinn,Estonia,December10-11,2015.
• “ARVI@RV”,Vienna,Austria,September21,2015.
• “ARVIKick-offMeeting”,Valleta,Malta,April9-10,2015.AsaMemberofSPECResearchGroup(seeSection5.4.4):
• “IDSBenchmarkingWorkingGroupFace-to-FaceMeeting”,atthesixthSPECRe-searchGroupAnnualMeeting,Delft,March13,2016.
• “IDSBenchmarkingWorkingGroupFace-to-FaceMeeting”,atthefourthSPECRe-searchGroupAnnualMeeting,Dublin,March27,2014.
• “CloudWorkingGroupFace-to-FaceMeeting”,atthefourthSPECResearchGroupAnnualMeeting,Dublin,March27,2014.
NunoAntunes CurriculumVitae
16
• “FourthSPECResearchGroupAnnualMeeting”,Dublin,March26-27,2014.Over30memberrepresentativesfromindustryandacademiaaswellasadditionalin-terestedICPEparticipantsattendedtheface-to-facemeetinginIreland.Presentedthetalk“BenchmarkingVulnerabilityDetectionToolsforWebServices”.
• “IDSBenchmarkingWorkingGroupFace-to-FaceMeeting”,atthethirdSPECRe-searchGroupAnnualMeeting,Prague,April25,2013.
• “CloudWorkingGroupFace-to-FaceMeeting”,atthethirdSPECResearchGroupAnnualMeeting,Prague,April24,2013.
• “ThirdSPECResearchGroupAnnualMeeting”,Prague,April24-25,2013.Over30member representatives from industry and academia attended the face-to-facemeetinginPrague.Themeetingincludedalookbackontheachievementsofthepastyear.Furthermore,severalissuesincludingproposalsfornewresearchpro-jects,workinggroups,researchtoolsandbenchmarkswerediscussedvividly.
Internationalconferences
• 26th IEEE International Symposium on Software Reliability Engineering (ISSRE2015),Gaithersburg,MD,USA,November2-5,2015.Presentedthepaper“Experi-ence Report: Evaluating the Effectiveness of Decision Trees for Detecting CodeSmells”andservedaschairinonesession.
• The45rdAnnual IEEE/IFIP InternationalConferenceonDependableSystemsandNetworks(DSN2015),RiodeJaneiro,Brazil,June22-25,2015.Presentedthepa-per“OntheMetricsforBenchmarkingVulnerabilityDetectionTool”,thetutorial“TechniquesandTools toDefendagainstWebApplication’s SoftwareVulnerabili-ties”,andthefastabstract“ChallengesofAssessingtheHypercallInterfaceRobust-ness”;
• 25th IEEE International Symposium on Software Reliability Engineering (ISSRE2014),Nov3-6,2014,Naples,Italy;
• The33rd InternationalConferenceonComputerSafety,ReliabilityandSecurity(SAFECOMP2014),September10-12,2014,Florence,Italy;
• BuenosAiresConcurrencyandDependabilityWeek2013,BuenosAires,August26-30,2013.PresentedthetutorialMarcoVieira,NunoAntunes,“BenchmarkingtheDependabilityofComputerSystems”in10thInternationalConferenceonQuan-titativeEvaluationofSysTems(QEST2013).Theeventalsoincludedthe24thIn-ternationalConferenceonConcurrencyTheory(CONCUR2013);
• IEEE9thWorldCongressonServices(SERVICES2013),SantaClara,CA,USA,June27-July2,2013.SponsoredbyIEEEComputerSociety'sTC-SVC,thecongressaimstoserveasafederationofconferencestoexplorethedeepknowledgespaceofSer-vicesComputing.Presentedthepaper“SOA-Scanner:AnIntegratedTooltoDe-tectVulnerabilitiesinService-BasedInfrastructures”in10thInternationalConfer-enceonServicesComputing(SCC2013);
• The43rdAnnual IEEE/IFIP InternationalConferenceonDependableSystemsandNetworks(DSN2013),Budapest,Hungary,June24-27,2013;
NunoAntunes CurriculumVitae
17
• SixthLatin-AmericanSymposiumonDependableComputing (LADC2013),RiodeJaneiro,Brazil,April1-5,2013.Presentedthefastabstract “TowardsRuntimeV&VforServiceOrientedArchitectures”;
• 23rd IEEE International Symposium on Software Reliability Engineering (ISSRE2012),Nov27-30,2012,Dallas,TX,USA.Presentedthepaper “EvaluatingandImprovingPenetrationTestinginWebServices”andthestudentpaper:“Detect-ingVulnerabilitiesinServiceOrientedArchitectures”;
• IEEE7thWorldCongressonServices(SERVICES2011),Washington,D.C.,USA,July4-9,2011.Presentedthepaper“EnhancingPenetrationTestingwithAttackSig-naturesandInterfaceMonitoringfortheDetectionofInjectionVulnerabilitiesinWebServices”andthepaper:RuiOliveira,NunoLaranjeiro,MarcoVieira,“ACom-posedApproachforAutomaticClassificationofWebServicesRobustness”bothinthe8thInternationalConferenceonServices(SCC2011);
• IEEE6thWorldCongressonServices(SERVICES2010),Miami,Florida,USA,July5-10,2010.Presentedthepaper“BenchmarkingVulnerabilityDetectionToolsforWebServices”inthe8thInternationalConferenceonWebServices(ICWS2010);
• The39thAnnual IEEE/IFIPInternationalConferenceonDependableSystemsandNetworks(DSN2009),Lisbon,Portugal,June29–July2,2009.Presentedthepa-per“UsingWebSecurityScannerstoDetectVulnerabilitiesinWebServices”.
Internationalworkshops&seminars
• 5thInternationalWorkshoponSoftwareCertification(WoSoCER)at26thIEEEIn-ternational Symposium on Software Reliability Engineering (ISSRE 2015),Gaithersburg,MD,USA,November2-5,2015.
• 3rd IEEE InternationalWorkshoponMeasurementandNetworking (M&N2015),Coimbra,Portugal,October12-13,2015.
• 4thInternationalWorkshoponSoftwareCertification(WoSoCER)at25thIEEEIn-ternationalSymposiumonSoftwareReliabilityEngineering(ISSRE2014),Naples,Italy,November3,2014.
• 6th International Workshop on Software Engineering for Resilient Systems(SERENE'14),Budapest,Hungary,October15-16,2014.
• 1stInternationalWorkshoponDEvelopment,VerificationandVAlidationofcRiTicalSystems(DEVVARTS2014),September8,2014,Florence,Italy.
• Workshop on Reliability and Security Data Analysis (RSDA 2013), at the 43thIEEE/IFIPInternationalConferenceonDependableSystemsandNetworks(DSN2013),Budapest,Hungary,June24-27,2013.
• 14thEuropeanWorkshopOnDependableComputing(EWDC2013),Coimbra,Por-tugal,May15-16,2013.
• 2ndInternationalWorkshoponSoftwareCertification(WoSoCER)at23rdIEEEIn-ternationalSymposiumonSoftwareReliabilityEngineering(ISSRE2012),Dallas,TX,USA,November27-30,2012.
NunoAntunes CurriculumVitae
18
• CriticalSoftwareWorkshoponDependabilityandCertification,Coimbra,Portugal,September28-29,2011.
InternationalprojectsmeetingsandworkshopsRP10EUBra-BIGSEA
• EUBra-BIGSEAKick-OffMeeting,UPV,February22-24,2016,Valencia,Spain.Par-ticipatedasUCresearcher;
RP9EUBrasilCloudFORUM
• EUBrasilCloudFORUMKick-OffMeeting,UC,January28-29,2016,Coimbra,Portu-gal.ParticipatedasUCresearcher;
RP8TEMPUSIVCABRIOLET
• TEMPUSCABRIOLETWorkshop:TheEcosystemforEntrepreneurshipandTransferofTechnologybetweenAcademiaandIndustryinCoimbra,UniversityofCoimbra,September29–October1,2014,Coimbra,Portugal.
RP7ValidationofCriticalSystems–V-SIS
• V-SISFinalReviewMeeting,CriticalSoftware,November27,2015,Coimbra,Portu-gal.
RP6DEsign,VerificationandVAlidationoflargescaledynamicServiceSystEmS
• DEVASSESFace-to-FaceMeetingandToKWorkshop#5,UC,February1-2,2016,Coimbra, Portugal. Participated asUC researcherpresenting the talk “Europe-BrazilCollaborationofBIGDataScientificResearchthroughCloud-CentricApplica-tions”andatalkpromotingthedisseminationoftheRADIANCE2016workshop.
• DEVASSESFace-to-FaceMeetingandToKWorkshop#4,UNICAMP,June30-July1,2015, Campinas-SP, Brazil. Participated as UC researcher presenting the talk“Evaluation of Intrusion Detection Systems in Virtualization EnvironmentsUsingAttackInjection”,andasUFALsecondedresearcherpresentingthetalk“OntheRelevanceofCodeComplexityandChangeHistoryforRecognizingSoftwareVul-nerability”.
• DEVASSES Face-to-Face Meeting and ToK Workshop #3, UNIFI, January 27-28,2015, Florence, Italy.ParticipatedasUCresearcherpresenting the talk “UsingCodeCoverageAnalysistoEstimatetheQualityofVulnerabilityDetectionTests”andatalkpromotingthedisseminationoftheRADIANCEworkshop.
• DEVASSESToKWorkshop#2:“DesignandV&VMethodologiesforDynamicSystems”,IC-UNICAMP, August 21-22, 2014, Campinas-SP, Brazil. Participated as UC re-searcherpresentingthetalk“AnAnalysisofHypercallHandlerVulnerabilities”attheTestingandAnalysissession.
• DEVASSESFace-to-FaceMeeting,IC-UNICAMP,August21,2014,Campinas-SP,Bra-zil.ParticipatedasUCresearcherandUNICAMPsecondedresearcher.
• IIWorkshopDEVASSES@FT,FT-UNICAMP,July24,2014,Limeira-SP,Brazil.Par-ticipated asUC researcher andUNICAMPseconded researcher,presenting thetalk “Detecting Injection Vulnerabilities inWeb Services: state-of-the-art and re-searchopportunities”;
NunoAntunes CurriculumVitae
19
• DEVASSESToKWorkshop#1: “Start-UpTOK”,UNIFI, January21-22,2014, Flor-ence, Italy.ParticipatedasUCresearcherpresenting the talk “RuntimeV&V inBusiness-CriticalServiceOrientedArchitectures”.
• DEVASSESKick-OffMeeting,UNIFI,January20,2014,Florence,Italy.ParticipatedasUCresearcher;
RP5CertificationofCriticalSystems
• CECRISMidTermReviewmeetingreview,September9,2014,Florence,Italy.Par-ticipatedasUCresearcherandpresentedhissecondmentsatProlanZrt.andRe-siltechSrl.
• CECRISSeminarSeries1,ProlanZrt.,June18-23,2013,Budapest,Hungary.Partic-ipatedasUCresearcherandProlansecondedresearcher.
• CECRISMeeting2,May29,2013,Pontedera,Italy.AseriesofpresentationsbyUCresearcherspresentingtheirresearchinterestsandactivitiestopromoteTransferofKnowledgecollaborations.ParticipatedasUCresearcherpresentingthetalk“Detecting vulnerabilities in Service Oriented Architectures” and ResilTech se-condedresearcher.
• ADVISE,ResilTech,May22,2013,Pontedera,Italy.ASeminarpresentedbyUNIFIresearchers Leonardo Montecchi and Marco Casciaro introducing the ADVISEmethodandseveralcasestudies.ParticipatedasUCresearcherandResilTechse-condedresearcher.
• CECRISWorkshop1Meeting,April22-23,2013,Pontedera,Italy.ParticipatedasUCresearcherpresentingthetalk“RobustnessandVulnerabilityTestinginServices”intheMonitoringandTestingsession.
• CECRISKick-OffMeeting,January14-15,2013,Florence,Italy.ParticipatedasUCresearcherandmemberoftheproject’sDisseminationBoard;
RP4IntelligentComputingintheInternetofServices
• iCISTask1.23rdMeeting,Coimbra,Portugal,19thJuly2013.Themeetingservedtofinalizethediscussionabouttherelationsbetweenthetopicsoftheproject.
• iCISTask1.22ndMeeting,Coimbra,Portugal,17thJune2013.ThemeetingservedtopresentanddiscussthetopicsthatbelongtothescopeoftheTask1.2.Itwasdis-cussedalsotherelationsandlinksbetweentopics.
• iCISTask1.21stMeeting,Coimbra,Portugal,31stMay2013.ThemeetingservedasKick-OffofTask1.2,withthemainobjectiveofdefiningconcretelythescopeofthetask.
RP3MethodologiesfordevelopmentofNon-VulnerableWebServices
• Wasasvisitingresearcherduring1weekinUniversityofCampinas,Campinas–SP,BrazilinAugust2011.Duringthisperiodhasdevelopedseveralresearchactiv-itiesaspresentingtothestudentsandattendingtotalkspresentedbythestudentsoftheInstituteofComputingandFacultyofTechnology.HasalsoparticipatedinmultiplemeetingswiththeProfessorsElianeMartins,ReginaMoraesandCeciliaRubira,andtheirstudents(MarceloPalma,Juliana,AlanBraz,GizelleS.Lemos),inordertoknowtheirworkandplanfuturecollaborations.
NunoAntunes CurriculumVitae
20
• Wasasvisitingresearcherduring2weeksinUniversityofCampinas,Campinas–SP,BrazilinAugust2011.Duringthisperiodhasdevelopedseveralresearchac-tivitiesaspresentingtothestudentsandattendingtomultipletalkspresentedbythestudentsoftheInstituteofComputingandFacultyofTechnology.Hasalsopar-ticipated in multiple meetings with the Professors Eliane Martins and ReginaMoraes,andtheirstudents(TâniaBasso,MarceloPalma,GizelleS.Lemos),inordertoknowtheirworkandplanfuturecollaborations.
RP2CriticalSoftwareTechnologyforanEvolutionaryPartnership
• Critical-STEPWorkshopheldtogetherwiththe2ndCriticalSoftwareWorkshoponDependabilityandCertification,Coimbra,Portugal,20th-21stFebruary2013.Partic-ipatedasUCresearcherpresentingthetalk“Defendingagainstwebapplicationvulnerabilities”intheSecuritytrack.
• 2ndInternationalWorkshoponSoftwareCertification(WoSoCER),Dallas,TX,USA,27th-30thNovember2012.Withabalancedcommitteeofindustrialpractitioners,certificationauthoritiesandresearchers,theworkshopaimstodiscussthethemeofcertificationofsoftwaresystemsusedinsafetydomainssuchasavionics,rail-way,automotive,nuclearandmedical.ParticipatedasUCresearcher.
• WhatcanwedowithRobustnessTesting?GiuglianoinCampania,Italy,24thNovem-ber2011.SeminarorganizedatSESMpremisesontheuseofRobustnessTesting.ParticipatedasUCresearcherandSESMsecondedresearcher,andpresentedthetalk“PenetrationTestinginWebServices:LimitationsandNewApproaches”.
• TransferofKnowledgeMeetingIV,Coimbra,Portugal,24thNovember2011.TOKIVmeetinghasbeenplannedtoanalyzerequirementsfortooldevelopmentandsys-temreconfiguration.
• TransferofKnowledgeMeeting III, Coimbra,Portugal,7thOctober2011.TOK IIImeetinghadthepurposeofcheckingintegrationandsynergiesamongfaultinjec-tion,dependabilityandrobustnessandfaultcharacterizationandtodiscussabouttheStateoftheartontheexistingfaultdiagnosistechniques.
• CriticalSoftwareWorkshoponDependabilityandCertification,Coimbra,Portugal,28th-29thSeptember2011.ParticipatedasUCresearcher.
• TransferofKnowledgeMeetingII,Naples,Italy,25thJanuary2011.TOKIImeetingistocheckthecurrentstateofprojectactivities,todealwithfaultinjectiontoolsandtoargueonthegoalofsecondmentsplans.
5.2. Scientificrecognition
5.2.1. Awards
ThirdmostdownloadedarticlefromtheComputerSociety'sDigitalLibraryduring2014:“PenetrationTesting inWeb Services”, byNunoAntunes andMarcoVieira, IEEEComputer,ISSN:0018-9162,IEEE,Feb.2014.AccordingtoinformationreceivedfromMarkGallaher,StaffEditorofComputer
NunoAntunes CurriculumVitae
21
ICWS2010BestPaperAward:“BenchmarkingVulnerabilityDetectionToolsforWebServices”,byNunoAntunesandMarcoVieira,The8thIEEEInternationalConferenceonWebServices,ICWS2010,Miami,FL,EUA,5-10deJulyde2010.(AcceptanceRate:17.6%:39de222)
5.2.2. TutorialsinInternationalConferences
• NunoAntunes,MarcoVieira,“TechniquesandToolstoDefendagainstWebApplica-tion’sSoftwareVulnerabilities”,The45thAnnualIEEE/IFIPInternationalConfer-enceonDependable Systems andNetworks (DSN2015),Riode Janeiro,Brazil,June22-25,2015.
• MarcoVieira,NunoAntunes, “Benchmarking theDependability of Computer Sys-tems”,10thInternationalConferenceonQuantitativeEvaluationofSysTems(QEST2013),BuenosAires,Argentina,August27,2013.
5.2.3. Citationsknownintheliterature
Atotalof289citationsreferringpublicationsauthored/co-authoredbyNunoAntunesareknowncurrently.Thesecitationsdonotincludethecitationsfromauthorsthataredirectlyorindirectlyconnecttohisresearchgrouporthatareco-authorsofthecitedpa-pers.
NunoAntunes CurriculumVitae
22
5.3. ResearchprojectsRP10 [Jan2016–Dec2017]EUBra-BIGSEA–Europe-BrazilCollaborationofBIG
DataScientificResearchthroughCloud-CentricApplicationsTheEUBra-BIGSEAisacollaborativeprojectundertheEUB-1-2015topic“CloudComputing,includingsecurityaspects”,whosemaingoalistocreateasustainableinternational (EuropeanandBrazilian)cooperationactivity in theareaofcloudservicesforBigDataanalytics.In24monthstheprojectaimsatprovidinganab-stractframeworkforthedevelopmentofdistributeddataanalyticsapplications.Multipledatamodelswillbesupported(datastreams,multidimensionaldata,etc.)andefficientmechanismswillensureprivacy,ontopofalayerforthesmartandrapidprovisioningofresources.EUBra-BIGSEA starts from the requirements of a scenariowith high social andbusinessrelevance: theprocessingandanalysisofhugequantitiesofdata frommassivelyconnectedsocieties.ServicesinthecloudwilladdresstheneedsofaBigData scenario butmultiple challenges, dealingwith resource provision, perfor-mance,QoSandprivacy,areyettobeovercome.Theprojectcapitalizesontheex-pertiseandknowledgeofthepartnersoftheconsortiumincloudcomputing,mas-sivedataanalytics,securityandsoftware-definedservicestofulfilltheobjectivesoftheproposal.Theconsortium includes:UniversitatPolitècnicadeValència,BarcelonaSuper-computingCentre,CentroEuro-MediterraneosuiCambiamentiClimatici,Trust-ITServicesLtd.,UniversidadedeCoimbra,PolitecnicodiMilano(Europeanpartners)and Universidade Federal de Minas Gerais, Universidade Federal de CampinaGrande,UniversidadeTecnológicaFederaldoParaná,IBMResearch,UniversidadeEstadualdeCampinas(Brazilianpartners).
RP9[Jan2016–Dec2017]EUBrasilCloudFORUM–FosteringanInternationaldia-loguebetweenEurope&BrazilTheEUBrasilCloudFORUM,a24monthCoordinationandSupportAction(CSA),istheconsolidatedresultoftheeffortspooledtogetherbyrepresentativesoftheEU-BrazilWorkingGroupsetupattheEU-BrazilworkshopheldinJuly2014,inBra-silia.ThegroupwasformedtocreateareportfortheEuropeanCommission(EC)andfortheBrazilianMinistryofScience,Technology,andInnovation(MCTI)onthefutureofEU-Brazilcalls.ThefindingslistanumberofICTrelatedtopicsthatcouldbeconsideredinfuturecallsthathavebeenselectedtakingintoaccounttheirexpectedsocietalimportanceandthecapabilitiesandexpertiseofbothEuropeanand Brazilian research communities. Based on interactions with a stakeholdergroup,thefindingsalsopresentedaproposaltotunetheexistingEU-BRcollabo-rationmodelbyaddressingaspectssuchas funding, technicalandbureaucraticsupport,andprocedures.TheshapingoftheDigitalSingleMarket(DSM)requiresrevitalizingopenexchangewithstakeholdersiscriticalforbuildingconsensusbetweentheregionsanddeliv-eringpracticalguidesonhowCloudServicescanhelpbusinessandresearchactiv-ity.The consortium includes: Universidade de Coimbra, Trust-IT Services Ltd.(TRUST-IT),WaterfordInstituteofTechnology (Europeanpartners)andUniver-sidadedeBrasilia,UniversidadedeSaoPaulo,UniversidadeFederaldeSantaCa-tarina(Brazilianpartners)
NunoAntunes CurriculumVitae
23
RP8[Jan2014–Dec2016]CABRIOLET–Model-OrientedApproachandIntelligentKnowledge-BasedSystem forEvolvableAcademia-IndustryCooperation inElectronicandComputerEngineeringProjectfoundedbytheEuropeanCommissionwithinthecontextoftheTEMPUSIVProgramme.TheprojectaimsthecurriculardevelopmentofcoursesintheareasofelectricalandcomputerengineeringinUkrainethrough:theintroductionofanapproachthatallowsanhighercooperationbetweenacademiaandtheindustry,thedevelopmentofaknowledge-basedsystem,thedevelopmentofawebportalasamechanismforcommunicationandimplementationofcapacitycreationac-tionsbasedonmultipleblocksofeducationandtraining.Theconsortiumincludes:UniversityofNewcastle(UnitedKingdom),RoyalInsti-tuteofTechnology(Sweden),UniversityofCoimbra,CritiwareS.r.l.(Italy),InerciaDigital S.L. (Spain), Ukraine partners: National Aerospace University "KhAI",OdessaNationalPolytechnicUniversity,ChernihivStateTechnologicalUniversity,PetroMohylaBlackSeaStateUniversity,ChernivtsiNationalUniversity,Sevasto-polNationalTechnicalUniversity,InstituteofCyberneticsofNationalAcademyofScienceofUA,AssociationofInformationTechnologyEnterprisesofUkraine,Seal-PointLTD,MinistryofEducationandScienceofUkraine.
RP7[Jan2014–Jun2015]ValidationofCriticalSystems–V-SISTheV-SISprojectaimsatprovidingservicesforthevalidationofcriticalsystemsthroughtheimprovementoftheV&VandRAMSprocessesfocusingonfunctionalsecurityandthevalidationofcriticalelectronicsystems.Theprojectwilltakead-vantageofthecontextofchange,uncertaintyandneedcreatedbyrecentregula-tionchangesastheintroductionofthestandardISO26262(automotive)andtheevolutionofthestandardDO-178C(aeronautics).Theworktobeperformedisorganizedin(i)processlevel innovations–RAMS,model-basedV&V,multiplecriticalitysystemsandinjectionofsecurityfaults;and(ii)developmentofvalidationsystems.Mainresponsibilityintheproject:
- Research,proposeanddeveloprepresentativefaultmodelsforsupportingtheassessmentofsecurityattributesanddependabilityofcriticalsystems.
RP6[Jan2014–Dec2017]DEsign,VerificationandVAlidationoflargescale,dy-namicServiceSystEmS–DEVASSESTheDEVASSESprojectaimsattakingastepforwardinthedesignanddeploymentoflarge-scale,dynamicservice-basedsoftwaresystemsbysupportingthetransferofknowledgeonnovelstateoftheartmethods,techniques,andtoolsforbothde-signtimeandruntimeverificationandvalidation.Thegoalistoreinforceexistingpartners’cooperationthroughacoordinatedprogramofexchangeofresearchers,takingascontextacommonresearchproblem,whichprovidestheframefortheprojectscientificactivitiesandcannotcurrentlybetackledbyanyofthepartnersindividually.Theprojectincludesjointresearchactivities,focusedtrainingactivi-ties,andjointworkshops,designedtoexploitcomplementaryexpertiseandtocre-atesynergiesamongthepartners,establishingthebasisforsustainablefutureco-operationatdifferentlevels,including:co-advisingofPhDcandidates,jointorgan-ization of international events (workshops, conferences, summer schools, etc.),
NunoAntunes CurriculumVitae
24
participation in bilateral project proposals, participation in large-scale interna-tionalprojectproposals,etc.Theconsortiumincludes:UniversityofCoimbra(Portugal),UniversityofFlorence(Italy),Unicamp-UniversityofCampinas(Brazil),FederalUniversityofAlagoas(Brazil).Mainactivities/responsibilitiesintheproject:
- Secretaryoftheproject;- ManageroftheProjectwebsite(www.devasses.eu);- Secondedresearcher8weeksatUnicamp,Campinas,Brazilin2014;- Secondedresearcher12weeksatUFAL,Maceió,Brazilin2015;- Secondedresearcher4weeksatUnicamp,Campinas,Brazilin2016;- Secondedresearcher4weeksatUFAL,Maceió,Brazilin2016;
RP5[Jan2013–Dec2016]CertificationofCriticalSystems–CECRISTheCECRISproject is aMarie-Curie Industry-AcademiaPartnerships andPath-ways(IAPP)belongingtocallFP7-PEOPLE-2012-IAPP.Theprojectaimsattakingastepforwardindevelopment,verificationandvalidationandcertificationofcrit-icalsystemsbysupportingtheintroductionofnovelstate-of-theartmethodswithaspecialemphasisontechnologyandhumanskilldevelopmentatSMEsResearch-ers.The consortium includes: ResilTech S.R.L. (Italy), Consorzio InteruniversitarioNazionale per l'Informatica (Italy), University of Coimbra (Portugal), BudapestiMuszakiesGazdasagtudomanyiEgyetem(Hungary),ProlanZrt.(Hungary),Criti-calSoftwareSA(Portugal).Mainactivities/responsibilitiesintheproject:
- RepresenttheUniversityofCoimbraintheDisseminationBoard;- Secondedresearcher14weeksatResilTechS.R.L.,Pisa,Italyin2013;- Secondedresearcher4weeksatProlanZrt.,Budapest,Hungaryin2013;- Secondedresearcher4weeksatResilTechS.R.L.,Pisa,Italyin2014;- Secondedresearcher8weeksatProlanZrt.,Budapest,Hungaryin2014;- Secondedresearcher8weeksatResilTechS.R.L.,Pisa,Italyin2016;
RP4[Apr2013–Oct2015]IntelligentComputingintheInternetofServices–iCISThegoalofiCISistoperformworldclassresearchinintelligentcomputingfortheInternetofServicesandThings,andtoachieveacontinuumandanincreasedmo-mentuminnationalandinternationalcooperationonthesescientificchallenges,sustainable increaseincriticalmassandinternational impact,aswellasa long-termfinancialsustainabilityof theconsortiumbypreparing it fornational(e.g.,QREN)andinternational(FP7,FP8)frameworkprogrammesandfortechnologytransferandstart-uppromotion.ResearchiniCISwillbefocusedintwocomple-mentary,yetinterrelated,directions:advancedalgorithmsandinfrastructuresforinformationcaptureandmanagementintheInternet,andintelligentalgorithmsfordataanalysisandknowledgeextractionforsmartInternetservices.Theformerwillinvestigatekeysolutionsforthefutureinternetrelatedmainlytocloudcom-puting, internetofservicesandthings, internetsecurity,andadvancedsoftwareengineering,whereasthelatterwillconcentrateonintelligentalgorithmsfordataanalysisandknowledgeextractionoverInternet-basedsolutionsfocusingonrele-vantscientificandsocio-economicproblemsinvolvingcomplex,multi-parametric
NunoAntunes CurriculumVitae
25
andhighvolumesofdata.More specifically, the consortiumwill focuson threemainapplicationareaswhereconsiderableexpertiseexistsintheteam:computa-tionalintelligenceforpersonalhealthsystems(PHS)directedtochroniccardio-vascularandneurologicaldiseasemanagement,intelligenttransportationsystems(ITS)andinformationretrievalsystems.Toachievethestrategicgoalsofthere-searchlinewithiniCIS,atwofoldstrategyshallbefollowed:first,existingnetworksandinternationalresearchprojectsshallbeusedasanchors,i.e.researchwheretheteamhasprovenexcellence(e.g.,innextgenerationnetworkstechnology,sen-sornetworksolutions,inPHSforcardiovascularandneurologicaldiseases,inITS,insecurityanddependabilityoflargescalecomputersystems)willbepursuedbytacklingcentralresearchquestionsinthefieldandwithahighdegreeofalignmentwithFP7andFP8challenges.Second,throughouttheproject,projectconceptswillbedefinedanddeveloped.Conceptdefinitionaimsatidentifyingthescientific,so-cial andeconomic requirementsof relevantproject ideas, key technologiesandknow-howfrominsidetheconsortiumtosolvetheproblem,butalsoexpertiseout-sidetheconsortium(eitherusingexistingnetworksorseekingnewpartners).ParticipationoniCISWorkPackage1:
- Task1.2–CloudComputing,InternetofServicesandAdvancedS/WEngi-neering
- Task1.4–TrustworthyICT
RP3[Jan2011–Dez2012]MethodologiesfordevelopmentofNon-VulnerableWebServices-Menon@WSMenon@WSisaFCT/CAPESPartnershipbetweenUniversityofCoimbraandUni-camp(UniversityofCampinas).Themaingoalof theproject is to integrate theknowledgeandworkofbothpartnersinordertovalidateWebServicebasedap-plicationsinthepresenceofsecurityattacks.TheprojectincludedvisitstoUnicampinthefollowingperiods:
- 1weekinAugust2011;- 2weeksinAugust2012;
RP2[Oct2010–Mar2013]CriticalSoftwareTechnologyforanEvolutionaryPart-nership–CRITICALSTEPTheCRITICALSTEP isaMarie-Curie Industry-AcademiaPartnershipsandPath-ways(IAPP)belongingtocallFP7-PEOPLE-2008-IAPP.Itaimsatestablishingthebasisforalongtermstrategicresearchcollaborationbetweenpartnersinvolvedinthisprojectinthegrowingandchallengingdomainofsoftwareforlarge-scaleSafety-CriticalSystems(SCSs)basedon theuseofOff-The-Shelf (OTS)softwarecomponentsforthecontrolofcomplexdistributedinfrastructuressuchasAirTraf-ficManagement(ATM)systems,complexindustrialplants,etc.Partnersfeeltheyareinneedofsharingandcombiningtheirknowledgeandusetheexistingsyner-gies/complementaritiestosetlongtermstrategicbasestodealwiththecomplex-ityofthenextgenerationSCSs,resistmarketcompetitionandwinthechallengeofdeveloping new safe technologies and standards. The consortium includes:CINI/UoNLaboratory"CarloSavy"oftheCINIConsortiumandtheUniversityofNaples, Italy; Faculty of Sciences andTechnologyof theUniversity of Coimbra(FCTUC):CentreforInformaticsandSystemsoftheUniversityofCoimbra(CISUC);CriticalSoftwareS.A.,Portugal;SESMS.c.a.r.l.:Surveillance&SupervisionSystemUnit,Italy.
NunoAntunes CurriculumVitae
26
Mainactivities/responsibilitiesintheproject:- Secondedresearcher14weeksatSESMS.c.a.r.l.,GiuglianoinCampania,
Italyin2011;- Secondedresearcher10weeksatSESMS.c.a.r.l.,GiuglianoinCampania,
Italyin2012;
RP1[Nov2007–July2008]AffordableDataWarehouses–ADWADWwasaresearchanddevelopmentpartnershipbetweenCriticalSoftwareS.A.andtheUniversityofCoimbrafundedbythePortugueseInnovationAgency(ADI).Themaingoaloftheprojectwastodevelopatechnologythatallowsadramaticreductionofthehardware,software,andadministrationcostwhencomparedtotraditionaldatawarehouses.Mainactivities/responsibilitiesintheproject:
- Memberofthedevelopmentteam;- Developmentoftoolstoinstall,monitorandmanagetheclusterofnodes
andtoimplementthedatadistributionandre-distributionalgorithms.
5.4. InterventionontheScientificCommunity
5.4.1. ParticipationinEvaluationPanels
PA01 H2020-MSCA-ITN-2016–InnovativeTrainingNetworksSelectedbyEuropeanCommissionResearchExecutiveAgency (EC-REA) toactasevaluatorintheframeoftheITN2016Evaluation–ENGPanel.9projectproposalsreviewed(3ofwhichasrapporteur).
5.4.2. Organizationofscientificevents
WO3RADIANCE2016–InternationalWorkshoponRecentAdvancesintheDependabIlityAssessmeNtofComplexsystEmsCo-locatedwiththeDSN2016,Toulouse,France
MemberoftheOrganizationCommitteeWithAriadneCarvalho,UNICAMP,AndreaCeccarelli,CINI/UNIFI,andAndrásZentai,Prolan
WO2M&N2015–IEEEInternationalWorkshoponMeasurements&Networking2015PublicationChair
WO1RADIANCE2015–InternationalWorkshoponRecentAdvancesintheDependabIlityAssessmeNtofComplexsystEmsCo-locatedwiththeDSN2015,RiodeJaneiro,Brazil
MemberoftheOrganizationCommitteeWithAriadneCarvalho,UNICAMP,AndreaCeccarelli,CINI/UNIFI,andAndrásZentai,Prolan
NunoAntunes CurriculumVitae
27
5.4.3. Participationinscientificcommittees
MemberofProgramCommitteeinConferences
CC7 ISSRE 2016 – The 27th IEEE International Symposium on Software ReliabilityEngineering,October23-27,2016,Ottawa,Canada.RankedAinCORE2014
CC6 EDCC2016 – 12th EuropeanDependable Computing Conference, September 5-9,2016,Gothenburg,Sweden.
CC5 SIN'16–9thInternationalConferenceonSecurityofInformationandNetworks,July
20-22,2016,RutgersUniversity,NewJersey,USARankedCinCORE2014
CC4 SCC2016–12thIEEEInternationalConferenceonServicesComputing,June27-July2,2016,SanFrancisco,USARankedAinCORE2014
CC3 ISSRE 2015 – The 26th IEEE International Symposium on Software ReliabilityEngineering,November2–5,2015,Gaithersburg,MD,USARankedAinCORE2014
CC2 SIN'15 – 8th International Conference on Security of Information and Networks,September8-10,2015Sochi,RussiaRankedCinCORE2014
CC1 SCC2015–12thIEEEInternationalConferenceonServicesComputing,June27-July2,2015,NewYork,USARankedAinCORE2014
MemberofProgramCommitteeinWorkshops
WC4 WoSoCer2016–The6thIEEEInternationalWorkshoponSoftwareCertificationCo-locatedwithISSRE2016
WC3 SQAMIA2016–5thWorkshoponSoftwareQualityAnalysis,MonitoringAugust29-31,2016,Budapest,Hungary.
WC2 WoSoCer2015–The5thIEEEInternationalWorkshoponSoftwareCertificationCo-locatedwithISSRE2015
WC1 DSS2015–IEEEServices2015VisionaryTrack:DependableandSecureServicesCo-locatedwithIEEESERVICES2015
5.4.4. Participationininternationalorganizations
COSTActionIC1402–RuntimeVerificationbeyondMonitoring(ARVI)
NunoAntunes CurriculumVitae
28
NominatedasMCSubstitute [IC1402PT] toCOSTAction IC1402byDr.PaulaMesquita(COSTNationalCoordinator[PT]). Runtimeverification(RV)isacomputinganalysisparadigmbasedonobservingasystematruntimetocheckitsexpectedbehavior.RVhasemergedinrecentyearsasapracticalapplicationofformalverification,andalessad-hocapproachtocon-ventionaltestingbybuildingmonitorsfromformalspecifications.ThereisagreatpotentialapplicabilityofRVbeyondsoftwarereliability,ifoneal-lowsmonitorstointeractbackwiththeobservedsystem,andgeneralizestonewdomainsbeyondcomputersprograms(likehardware,devices,cloudcomputingandevenhumancentric systems).Given theEuropean leadership in computer-basedindustries,novelapplicationsofRVtotheseareascanhaveanenormousimpactintermsofthenewclassofdesignsenabledandtheirreliabilityandcosteffectiveness.ThisActionaimstobuildexpertisebyputtingtogetheractiveresearchersindiffer-entaspectsofruntimeverification,andmeetingwithexpertsfrompotentialappli-cationdisciplines.ThemaingoalistoovercomethefragmentationofRVresearchby1)thedesignofcommoninputformatsfortoolcooperationandcomparison;2)theevaluationofdifferenttools,buildingagrowingsetsbenchmarksandrunningtoolcompetitions;and3)bydesigningaroad-mapandgrandchallengesextractedfromapplicationdomains.
StandardPerformanceEvaluationCorporation(SPEC)–ResearchGroupTheSPECRG(http://research.spec.org/) isanewgroupwithintheSPECestab-lishedtoserveasaplatformforcollaborativeresearcheffortsintheareaofquan-titativesystemevaluationandanalysis,fosteringtheinteractionbetweenindustryandacademiainthefield.Thegroupincludesrepresentativesofmultiplecompa-niesandorganizations.Thescopeofthegroupincludescomputerbenchmarking,performanceevaluation,andexperimentalsystemanalysisingeneral,consideringbothclassicalperformancemetricssuchasresponsetime,throughput,scalabilityandefficiency,aswellasothernon-functionalsystempropertiesincludedunderthetermdependability,e.g.,availability,reliability,andsecurity.
SPECRGIDSBenchmarkingWorkingGroup–MembersinceFebruary2013Given that securityconcernsareoneof thegreatest showstoppers for thewideadoption of cloud computing, many academic and industrial organizations arenowadays conducting extensive research on novel intrusion detection systems(IDSes)specificallydesignedtooperateinvirtualizedcloudenvironments.AstheamountandthepopularityofsuchIDSesincrease,benchmarkingIDSesforcloudenvironments becomes imperative since it provides insight and deeper under-standingoftheirbehaviorandperformance.Thegroupaimstocontributetowardsaddressing the increasing demand for representative and rigorous IDS bench-marksforcloudplatforms.Thegoalistofosterandfacilitateinnovativeresearchthroughexchangeofideasandexperiences.Itsmembershipbodyincludesrepre-sentativesofSiemensCorporateResearch(USA),UniversityofCoimbra(Portugal),andKarlsruheInstituteofTechnology(Germany).TheactivitiesincludetheparticipationinthegroupmeetingsandthecontributiontotheoutputsofthegroupincludingtheSPECtechnicalreports(seeTR1,TR2inSection5.1.6)andjointpublications(seeCP10andCP13inSection5.1.3,SP7inSection5.1.4,andtheposterinSection5.1.8).
NunoAntunes CurriculumVitae
29
5.4.5. Sessionchairing
InInternationalConferences:
- 12thEuropeanDependableComputingConference(EDCC2016).ResearchsessionTS5:Testing
- 46thAnnualIEEE/IFIPInternationalConferenceonDependableSystemsandNet-works(DSN2016).ResearchsessionMT6A:Clouds&Networks
- The26thIEEEInternationalSymposiumonSoftwareReliabilityEngineering(ISSRE2015).Researchsession:MobileGUI
InInternationalWorkshops:
- Int.WorkshoponRecentAdvancesintheDependabIlityAssessmeNtofComplexsys-tEms(RADIANCE2016).Session#3:AnalysisandModel-basedtechniques
- 1stInternationalWorkshoponDEvelopment,VerificationandVAlidationofcRiTicalSystems(DEVVARTS2014).Session#3:Systemandtoolassessment
- DEVASSESToKWorkshop#2,Campinas-SP,Brazil,August21-22,2014.Session#6:ClusteringandAnomalyDetection.
5.4.6. Serviceasreferee
Reviewerforthefollowinginternationaljournals:IEEETransactionsonServicesComputing(JCRIF:3.049)
o 4papersreviewedin2016o 3papersreviewedin2015
ElsevierReliabilityEngineering&SystemSafety(JCRIF:2.410)o 1papersreviewedin2016
IEEETransactionsonReliability(JCRIF:1.934)o 1paperreviewedin2016o 1paperreviewedin2015
IEEEComputer(JCRIF:1.443)o 1paperreviewedin2013
ElsevierJSS(JCRIF:1.424)o 3paperreviewedin2016
IEEESoftware(JCRIF:1.053)o 1paperreviewedin2016o 1paperreviewedin2015
ACMTAASo 1paperreviewedin2016
NunoAntunes CurriculumVitae
30
IETSoftware(JCRIF:0.595)o 2papersreviewedin2015o 3paperreviewedin2014
Computing(Springer)(JCRIF:0.593)o 1paperreviewedin2015
IJCCBS-InternationalJournalofCriticalComputer-BasedSystems(JCRn/a)o 2paperreviewedin2016o 1paperreviewedin2015o 1paperreviewedin2014
JECE-JournalofElectricalandComputerEngineering(JCRn/a)o 1paperreviewedin2016
Reviewerforthefollowinginternationalconferences:
• The27thIEEEInternationalSymposiumonSoftwareReliabilityEngineering,Oc-tober23-27,2016,Ottawa,Canada.(7papersreviewed,memberofPC)
• 12thEuropeanDependableComputingConference,September5-9,2016,Gothen-burg,Sweden.(4paperreviewed,memberofPC)
• 9thInternationalConferenceonSecurityofInformationandNetworks,July20-22,2016,RutgersUniversity,NewJersey,USA.(1papersreviewed,memberofPC)
• 13thIEEEInternationalConf.onServicesComputing(SCC2016),June27-July2,2016,SanFrancisco,USA.(4papersreviewed,areaco-chair,memberofPC)
• 46thAnnualIEEE/IFIPInternationalConferenceonDependableSystemsandNet-works(DSN2016),Toulouse,France,June28-July1,2016.(2papersreviewed)
• 7th ACM/SPEC International Conference on Performance Engineering (ICPE2016),Delft,Netherlands,March12-18,2016.(1paperreviewed)
• IEEEHighAssuranceSystemsEngineeringSymposium(HASE2016),January7-9,2016,Orlando,Florida,USA.(1paperreviewed)
• The26thIEEEInternationalSymposiumonSoftwareReliabilityEngineering,No-vember2–5,2015,Gaithersburg,MD,USA.(11papersreviewed,memberofPC)
• The8thInternationalConferenceonSecurityofInformationandNetworks,Sep-tember8-10,2015,Sochi,Russia.(5papersreviewed,memberofPC)
• 11thEuropeanDependableComputingConference,September7-11,Paris,France.(1paperreviewed)
• 26thInternationalConferenceonDatabaseandExpertSystemsApplications,Sep-tember1-4,2015,Valencia,Spain.(1paperreviewed)
• 12th IEEEInternationalConferenceonServicesComputingSCC2015, June27 -July2,2015,NewYork,USA.(4papersreviewed,memberofPC)
NunoAntunes CurriculumVitae
31
• 45thAnnualIEEE/IFIPInternationalConferenceonDependableSystemsandNet-works(DSN2015),RiodeJaneiro,Brazil,June22-25,2015.(2papersreviewed)
• 6th ACM/SPEC International Conference on Performance Engineering (ICPE2015),Austin,TX,USA,Jan31-Feb4,2015.(1paperreviewed)
• TheSixthTPCTechnologyConferenceonPerformanceEvaluation&Benchmark-ing(TPCTC2014),Hangzhou,China,29August2014.(1paperreviewed)
• INFORUM2014-SimpósiodeInformática,Porto,Portugal,4-5September2014.(1paperreviewed)
• 11thIEEEInternationalConferenceonServicesComputing(SCC2014),Anchor-age,Alaska,USA,June27-July22014.(1paperreviewed)
• The44thAnnualIEEE/IFIPInternationalConferenceonDependableSystemsandNetworks (DSN 2014), Atlanta, Georgia, USA, 23-26th June 2014 (1 paper re-viewed)
• The43rdAnnualIEEE/IFIPInternationalConferenceonDependableSystemsandNetworks(DSN2013),Budapest,Hungary,24-27thJune2013.(1paperreviewed)
• SixthLatin-AmericanSymposiumonDependableComputing(LADC2013),RiodeJaneiro,Brazil,1-5April2013.(1paperreviewed)
• 23rd IEEE InternationalSymposiumonSoftwareReliabilityEngineering (ISSRE2012),Dallas,TX,USA,27-30November2012.(1paperreviewed)
• IEEE19thInternationalConferenceonWebServices(ICWS2012),Honolulu,Ha-waii,USA,24-29June2012.(1paperreviewed)
• The42ndAnnualIEEE/IFIPInternationalConferenceonDependableSystemsandNetworks(DSN2012),Boston,Massachusetts,USA,25-28June2012.(1paperre-viewed)
• The13thInternationalConferenceonInformationIntegrationandWeb-basedAp-plications&Services(iiWAS2011),HoChiMinhCity,Vietnam,5-7December2011.(1paperreviewed)
• The30th IEEE International SymposiumonReliableDistributed Systems (SRDS2011),Madrid,Spain,4-7October2011.(1paperreviewed)
• INFORUM 2011 - Simpósio de Informática, Coimbra, Portugal, 8-9 September2011.(1paperreviewed)
• The3rdTPCTechnologyConferenceonPerformanceEvaluation&Benchmarking(TPCTC2011),Seattle,Washington,USA,29August2011.(1paperreviewed)
• TheIEEE9thInternationalConferenceonWebServices(ICWS2011),Washington,D.C.,USA,4-9July2011.(2papersreviewed)
• TheIEEE8thInternationalConferenceonWebServices(ICWS2010),Miami,Flor-ida,USA,5-10July2010.(1paperreviewed)
Reviewerforthefollowinginternationalworkshops:
NunoAntunes CurriculumVitae
32
- The6thInternationalWorkshoponSoftwareCertification(WoSoCER)(co-locatedwithISSRE2016).1paperreviewed,memberofPC
- 5thWorkshoponSoftwareQualityAnalysis,Monitoring(SQAMIA2016),August29-31,2016,Budapest,Hungary.3paperreviewed,memberofPC
- InternationalWorkshop on Recent Advances in the DependabIlity AssessmeNt ofComplex systEms (RADIANCE 2016) (co-located with DSN 2016). 1 paper re-viewed,memberoforganization
- The5thInternationalWorkshoponSoftwareCertification(WoSoCER)(co-locatedwithISSRE2015).1paperreviewed,memberofPC
- IEEEServices2015VisionaryTrack:DependableandSecureServices (DSS2015)(co-locatedwithSERVICES2015).1paperreviewed,memberofPC
- The2ndInternationalWorkshoponSoftwareCertification(WoSoCER)(co-locatedwithISSRE2012).1paperreviewed
5.4.7. Invitedtalks
Wasinvitedtopresentthefollowingtalks:
• “Detecting InjectionVulnerabilities inWebServices: state-of-the-art and researchopportunities”,invitedbyProf.ElianeMartinstopresentthetalktothestudentsoftheInstituteofComputing-UNICAMP,Campinas-SP,Brasil,31July,2014;
• “SoftwareVulnerabilityDetectioninService-BasedInfrastructuresTechniquesandTools”,invitedbyProf.PatrickBritopresentthetalktotheresearchersandstu-dentsoftheIC,IC-UFAL,Maceió-AL,Brasil,3June,2014;
• “SOA-ScannerAn IntegratedTool toDetectVulnerabilities inService-Based Infra-structures?”,invitedbyProf.ElianeMartinspresentthetalktothestudentsoftheIC,IC-Unicamp,Campinas,19August,2013;
• “TheDevilsBehindWebApplicationVulnerabilities”,invitedbyProf.ElianeMartinstopresentthetalkinInstituteofComputingofUnicamp(UniversityofCampinas),IC-Unicamp,Campinas,24August,2012;
• OSMOSISSecuritywebinar“Opportunities,IdeasandCollaborationsfortheFP7Se-curityCallforProposals”,July26,2011.Presentedthetalk“DetectingVulnera-bilitiesinWebServices:CanDevelopersRelyonExistingTools?”;
• “DevelopingNon-VulnerableWebServices”,invitedbyProf.DomenicoCotroneotopresentthetalkinCINIMobiLab,UniversityofNaplesFedericoII,Naples,Italy,4May2011.
NunoAntunes CurriculumVitae
33
6. PedagogicActivityThissectionpresentsthepedagogicactivities,inparticular,teachingservice,post-gradu-ateactivity,pedagogicmaterialproduced,andknowledgetransfer.
6.1. TeachingServiceAsVisitingProfessor,IC–FederalUniversityofAlagoas
SoftwareEngineering–MastersinInformatics[2015Semester1]Coordinator(regente)forthesecondhalfofthecourse
Thispartofthecoursewasmodifiedtointroducethestudentsintheconceptsofdependableandsecuredevelopmentof thesystems,whichhadneverbeen lec-turedinthedegree.Thegoaloftheclassesistocoverthedevelopmentofsecureanddependablesys-tems,discussthesetechniquesinthecontextofthedevelopmententerpriseappli-cationsandapplythisknowledgeinpractice.Hoursofcontact:40(4p/week)Students:15StudentSurvey:Notapplicable
AsTeachingAssistant,DEI–UniversityofCoimbra
2015/16Sem.1
SoftwareEngineering–BScinInformaticsLecturingthePractical(P)classes
Contact:32h
Databases–BScinInformaticsLecturingtheTheoretical-Practical(TP)classes
Contact:16h
2014/15Sem.1
Databases–BScinInformaticsLecturingtheTheoretical-Practical(TP)classes
Contact:15hStudents:64StudentSurvey:3.6
6.2. SupervisedstudentsThissectionpresentstheworkassupervisor,includingsupervisionsofM.Sc.thesisstu-dentsthatfinishedorarecurrentlyenrolledinaM.Sc.Programandalsotemporarysu-pervisionactivityofstudentsfromforeignuniversitiesduringtheirvisitstotheUniversityofCoimbraorduringNuno’svisitstoforeignuniversities.
NunoAntunes CurriculumVitae
34
6.2.1. M.Sc.Students
HenriqueFerreiraAlves,M.Sc.studentattheFederalUniversityofAlagoas(UFAL)Co-SupervisedwithProf.BaldoinoFonseca(UFAL),formMarch2015tothepre-sent.Histhesisworkisontheanalysisofthesoftwaremodificationpatterns,soft-waremetricsandcodesmellsforthepredictionofsoftwarevulnerabilities.
MarcusPiancó,M.Sc.studentattheFederalUniversityofAlagoas(UFAL)Co-SupervisedwithProf.BaldoinoFonseca(UFAL),formMarch2015tothepre-sent.Histhesisworkisonthepredictionofsoftwarevulnerabilitiesbasedontheinformationofchangehistoryofsoftwareprojects.
DiogoCarvalho,M.Sc.StudentattheDEI/UniversityofCoimbra“RobustnessAssessmentofVirtualizedenvironments”Thegoalistouserobustnesstestingtechniquestoevaluatetherobustnessofthehypercall interfaces invirtualization infrastructures.The ideasand theprelimi-naryresultsarepresentedinthefastabstractSP3(seeSection5.1.5.).M.Sc.thesisworksstartinSeptember.
LuísVentura,M.Sc.StudentattheDEI/UniversityofCoimbra“DependabilityEvaluationinNoSQLengines”ThegoalistodefinefaultmodelsforthedomainandtoexperimentallyevaluatethebehaviorofNoSQLenginesinthecontextofthesefaults.M.Sc.thesisworksstartinSeptember.
RafaelVentura,M.Sc.StudentattheDEI/UniversityofCoimbra“AnIntegratedTooltoDetectVulnerabilitiesinService-BasedInfrastructures”,Co-AdvisedwithMarcoVieira,2014.TheresultwastheimplementationofamodulartoolformonitoringandtestingofSOAs,copingwiththeirdynamicityandcapacitytoevolve.
6.2.2. Studentsininternationalcooperationprograms
AnaPaulaMatsunaga,M.Sc.studentattheUniversityofCampinas(Unicamp),Bra-zilSupervisedbyReginaMoraes(Unicamp),fromMaytoJune2015inthecontextoftheprojectDEVASSES(seeRP6inSection0).TheworkfocusedtheuseofcoverageanalysistechniquestothevulnerabilitydetectiontoolsproposedbytheUniversityofCoimbra.
TâniaBasso,Ph.D.studentattheUniversityofCampinas(Unicamp),BrazilSupervisedbyMarioJino,ReginaMoraes(Unicamp)andMarcoVieira,fromAugusttoDecember2012inthecontextoftheprojectMenon-WS(seeRP3inSection0).Thiscollaborationcontributedtothepublicationof“AnXML-basedPolicyModelforAccessControlinWebApplications”(DEXA2013,seeCP9inSection5.1.3.).
NunoAntunes CurriculumVitae
35
6.3. Pedagogicmaterial[2015]SoftwareEngineering–IC-UFAL
PM3 PracticalAssignmentWrote thepracticalassignment thatserved for theevaluationof thecourse.Thegoal of the assignment is that the students apply inpractice the techniques andpatterns that guide the development of dependable and secure enterpriseapplications.
PM2 TheoreticalSlides Asthispartofthecoursewasnever lecturedintheIC-UFAL,awholenewsetof
materialwasnecessarytoproduce.Inthecaseofsometopics(markedwith*),notthemainauthorof theslides,but formatchanges inallmaterialsavailable frompreviouseditions.Contentandscopeadjustmentswerealsomadeaccordingtothedirectionandthegoalsofthecourse.Coveredtopics:WebServices*,SOAs*,DependableSystems*,Tests*,DependabilityinSOAs,SecureDevelopmentofSystemsandSecurityinSOAs.
[2014-2015]Databases–DEI-UC
PM1 Theoretical-PracticalslidesAsthiswasthefirstyearthatthedatabasescoursehadTPclasses,itwasnecessarytoproduceanewslideofslidesincludingexercises,resolutionsandsomeauxiliarytheoreticalmaterial.TheslidesaboutrelationaloperationsandPL/SQLwherebasedonthetheoreticalslidesfrompreviouseditionsofthecourse.
6.4. KnowledgeTransferWasinvitedtolecturethefollowingseminarsorworkshopstostudentsandworkersofUniversitiesandcompanies:
• “EvaluatingIntrusionDetectionSystemsinVirtualizationEnvironments”,invitedbyProf.BaldoinoFonsecatopresentthetalktothestudentsoftheUFAL,IC-UFAL,Maceio-AL,Brasil,7July,2015;
• “SoftwareVulnerabilityDetectioninService-BasedInfrastructuresTechniquesandTools”,invitedbyProf.PatrickBritotopresentthetalktothestudentsoftheAra-piracaCampus,IC-UFAL,Arapiraca-AL,Brasil,4June,2014;
• “DefendingagainstWebApplicationVulnerabilities”, invitedbyCsabaKaptanytopresenttheseminarintotheworkersofProlan.TheseminarwasrealizedintheProlanfacilitiesinBudakalasz,Budapest,Hungary,19June2013;
• “SecurityassessmentforWebServices”,invitedbyDr.GabriellaCarrozzatopresenttheseminarinUniversityofNaplesFedericoII,Naples,Italy,10June2013;
NunoAntunes CurriculumVitae
36
• OSMOSISSecuritywebinar“WebServicesSecurityAssessment:theResearchandtheIndustryPerspectives”,May27,2011.Presentedtheseminar“DetectingVul-nerabilitiesinWebServices:CanDevelopersRelyonExistingTools?”;
• “DetectingVulnerabilitiesinWebServices:CanDevelopersRelyonExistingTools?”invitedbyProf.ReginaMoraes,FacultyofTechnologyofUnicamp(UniversityofCampinas) topresent the seminar to the studentsof the faculty, FT-Unicamp,Limeira,22August2011;
• “DetectingVulnerabilitiesinWebServices:CanDevelopersRelyonExistingTools?”,invitedbyProf.ElianeMartins,InstituteofComputingofUnicamp(UniversityofCampinas)topresenttheseminarin“SériedeSeminários2011daPós-Gradu-ação”,IC-Unicamp,Campinas,19August,2011;
• “Developing Non-VulnerableWeb Services”, invited by Dr. Gabriella Carrozza topresenttheseminartotheworkersoftheSESMS.c.a.r.l.andSELEX,GiuglianoinCampania,Italy,24May2011;
• “AttackingWebApplications”,invitedbyorganizationtopresenttheworkshopatSummerSchooloftheDepartmentofInformaticsEngineering,UniversityofCoim-bra,CoimbraInstituteofEngineering,Coimbra,Portugal,24March2010;
• “AttackingWebApplications”,[email protected],DepartmentofInformaticsandSystemEngineering,Polytech-nicInstituteofCoimbra,CoimbraInstituteofEngineering,Coimbra,Portugal,24March2010.
NunoAntunes CurriculumVitae
37
7. AdditionalinformationThissectiondescribestechnicalandpersonalskills,competencesandinterests.
7.1. TechnicalskillsJava™Technologies
- ExtensivedevelopmentexperiencewithJavaSEincludingmulti-threaded/concur-rentapplications,andnetworkbasedapplications(usingSockets,RMIandNIO)andtheuseofJavaSwingapplications;
- ExtensiveprogrammingexperienceinJ2EEandJavaEE5environments;- ExperienceddeveloperofJavadata-centricapplicationsusingofJDBC,JavaPersis-
tenceAPI(JPA2.0)and/orHibernate.ContactwithoftheSpringframework;- Experience in configuring andusing application servers and servlet containers,
namelyJBoss,Glasshfish,Tomcat;- UserofJavaAspectOrientedProgramming(AOP)since2008,AspectJspecifically;- ExperiencedindevelopingJavaWebServicesandrespectiveSOAPstacksandas-
sociatedtechnologies,namelyJAX-WSandAxis.
DataManagementSystems- ExtensiveexperiencewithtraditionalDatabaseManagementSystemsasOracle®,
Microsoft®SQLServer,PostgreSQLeMySQL™;- ExperienceduserofSQLandPL/SQL;- ExperienceduserofEmbeddeddatabasemanagementsystems,namelySQLiteand
BerkleyDB;- SolidknowledgeofDataWarehousingandDataMiningandrespectiveprocesses,
includingexperiencewithrelatedtoolsasOracleWarehouseBuilderandOracleDiscoverer;
- ExperiencewithObject-relationalmapping(ORM)librariesasHibernateorOra-cle®TopLink;
- ExperiencewithNon-SQLenginessuchasMongoDB,RedisandCassandra.
Web,XMLand.NETTechnologies- ExperiencewithWebdevelopmenttechnologiesasJSP,ServletsASP.NET,XHMTL,
php,JavaScriptandCSS;- StrongknowledgeinServiceOrientedArchitectures(SOA)andrelatedtechnolo-
gies(XML,WebServices,BPEL);- UseofseveralXMLtechnologies(DTD,XSD,XSLT,XPATH)andAJAX;- ContactwithoftheExtensibleMessagingandPresenceProtocol(XMPP);- ExperiencedindevelopingwithprogramminglanguagesC,C++,C#;- ExperiencedindevelopingWindowsFormsApplications.
NunoAntunes CurriculumVitae
38
Developmentprocess
- Extensiveexperiencewithseveralversioncontrolsystems(e.g.Subversion,CVS,Git,andMercurial);
- ExperienceduserofbuildingautomationtoolsasApacheAnt™andsoftwarepro-jectmanagementtoolsasApacheMaven;
- ExtensiveexperiencewithseveralIDEs(e.g.NetBeans,Eclipse,IntelliJIDEAandMicrosoftVisualStudio®);
- KnowledgeofSoftwareDesignPatterns;
- KnowledgeofCodesmells;
- ExperiencewithWaterfalldevelopmentmodelandcontactwithAgilesoftwarede-velopmentmethodologies.
Othercomputingskills
- ContactwithofPython;
- KnowledgeofANSICommonLisp;
- KnowledgeofOpenGL®;
- ProficientuserofMicrosoftWindows,AppleMacOSXandUnix/Linuxoperatingsystemsanditsapplications;
- ExperiencewithbuildingwebsitesusingJoomla.
7.2. Othercompetencesandactivities- MemberofIEEEComputerSocietysince2009;
- Experience in tutoring high school students in programming,mathematics andphysicstopics.
Coimbra,01October2016
NunoManueldosSantosAntunes