CPS and RDNS meetup: Rodrigo Simões & Paulo Antunes

Speakers: Rodrigo Simões (LASIGE, DI/FCUL) & Paulo Antunes (LASIGE, DI/FCUL)
Date: June 21, 2023, 12h00
Where: C6.3.27

Talk 1: FADO: A Federated Learning Attack and Defense Orchestrator
Abstract: Federated Learning (FL) is a distributed machine learning approach allowing multiple parties to train a model collaboratively without sharing sensitive data. It has gained widespread popularity recently due to its ability to preserve data privacy. However, FL also poses novel security challenges since training relies on data and computations from many entities that a malicious actor might have compromised, as they are usually geographically dispersed and independently managed.
Evaluations of current FL security mechanisms in the literature are often based on simplistic testing environments and demand complex programming to integrate new attacks/defenses. Therefore, this work presents an accessible platform that leverages a realistic environment to facilitate the experimentation and evaluation of new solutions in relevant FL scenarios. Comparison with already proposed approaches is also expedited since FADO provides a few out-of-the-box implementations. To demonstrate the platform’s utility, we develop a use case based on a recently published network attack.
Short bio: Rodrigo Simões is a Master’s student at FCUL. He is currently working on his thesis research under the supervision of Professor Nuno Neves toward network-resilient federated machine learning.

Talk 2: Towards PHP Vulnerability Detection at an Intermediate Language Level
Abstract: Web applications are a prime target for malicious actors to obtain private user information, such as credit card numbers and other sensitive details. Over the years, the number of vulnerabilities and attacks has increased, demonstrating that current solutions have shortcomings. For example, they can be prone to error or require too much resources/time from developers (or security analysts) to deliver results. This paper presents a new approach to detect vulnerabilities in web applications written in PHP by analyzing their representation in an Intermediate Language (IL) and simulating the execution through a new data structure.
Short bio: Paulo Antunes is a 3rd year PhD student, his main interests are vulnerability detection. He is working with Ibéria Medeiros and Nuno Neves to develop a new data structure and method to detect web vulnerabilities by analyzing the Intermediate Language instead of high-level programming languages.