Title: Sanare – Pluggable Intrusion Recovery for Web Applications
Speaker: David Matos, LASIGE – DI/FCUL
When: April 28, 14h00
Abstract: In this talk I present Sanare, a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses Matchare, a new deep learning scheme we introduce to learn the matches between the HTTP requests and the database statements, file system operations and web services requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments Matchare achieved precision and recall higher than 97.5%.
Bio: David is a postdoctoral researcher at LaSIGE since March 2021, currently working at the SEAL project researching novel security techniques for web applications. He has a BSc and a MSc in Informatics Engineering from Faculdade de Ciências da Universidade de Lisboa and a PhD in Computer Sciences and Engineering from Instituto Superior Técnico. He has participated in more than three research projects.
As a researcher he worked at LaSIGE with the Navigators research group (2012-2014) and at INESC-ID with the Distributed Systems Group (GSD) (2015-2021). He participated in the following projects: PATI, SITAN, SafeCloud and SEAL. His research interests are related with distributed systems, cybersecurity and cloud. More specifically, he has been researching novel intrusion recovery methods for applications and systems running in the cloud environment. In the industry he has worked at Coriant, Portugal Telecom and Caixa Geral de Depósitos as a Software Engineer, Cloud Engineer, Solutions Architect and Data Scientist.