SEAL: SEcurity progrAmming of web appLications
- Research Line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
- Sponsor: FCT
- Project Number: 029058
- Total award amount: 240K Euros
- Coordinator: Ibéria Medeiros
- Partners: FCUL, INESC-ID, Maxdata
- Start Date: Aug. 2018
- Duration: 36 months
- Keywords: Software security, Vulnerabilities, Web applications, Secure programming
- Team at FCUL: Researchers including Ibéria Medeiros, Nuno Ferreira Neves, Paulo Antunes, Ricardo Morgado, Miguel Moreira, Francisco Araujo, Ana Fidalgo, Diogo Sousa
The SEAL project aims to make significant advances in security of web applications, developing the SEAL platform containing tools that implement secure programming in applications written in server-side programming languages (e.g., PHP and .NET). The platform will be constituted by three layers, namely, code representation, vulnerability detection, and code correction, where: an intermediate language able to represent server-side languages and secure code features will be defined; on this language, tools to perform code analysis to detect and identify vulnerabilities will be developed, employing code analysis and machine learning techniques; and a secure code layer to remove the vulnerabilities found automatically will be created. The SEAL platform, during its development and evaluation, will resort to use cases defined with the Maxdata enterprise, the market leader in software solutions to health services.
- Paulo Antunes, “Monitoring Web Applications for Vulnerability Discovery and Removal under Attack”, Master’s thesis, Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Oct. 2018.
- Paulo Antunes, Ibéria Medeiros, Nuno Ferreira Neves, “Remoção Automática de Vulnerabilidades usando Análise Estática de Código Direcionada”, in Proceedings of the 10th Simpósio de Informática (INForum 2018), Coimbra, Portugal, Sept. 2018.
BibTeXNavigators - SEAL project
|Current projects:||DiSIEM, SEAL, AQUAMON, UPVN, IRCoC, NORTH, Abyss, COST Action IC1402|
|Past projects:||TCLOUDS, MASSIF, MAFTIA, RESIST NoE, KARYON, HIDENETS, CORTEX, CRUTIAL, TRONE, SITAN, ReD, DIVERSE, CloudFIT, READAPT, REGENESYS, RC-Clouds, TACID, DARIO, RITAS, AJECT, MICRA, DEAR-COTS, COPE, DEFEATS, MOOSCO, TOPCOM, SUPERCLOUD, SEGRID, BioBankCloud, PROPHECY, SAPIENT, SecFuNet, FTH-Grid, AIR-II, AIR, ESFORS, CaberNet, GODC, BROADCAST, CoDiCom, Delta-4, RAPTOR|