1. FCTUC Presentation Henrique Madeira University of Coimbra henrique@dei.uc.pt Naples, 20th December 2011

2. N APLES, 20 TH D ECEMBER 2011 ::.. Research Team VER – Henrique MadeiraVER – Marco Viera VER – João Durães ER - Nuno Laranjeiro ER – Nuno Antunes VER – João Cunha ER – José Fonseca

3. N APLES, 20 TH D ECEMBER 2011 ::.. FCTUC Secondments: first half of the project FCTUC secondments towards SESM17.25 mm FCTUC secondments towards CSW1.50 mm Total FCTUC secondments18.75 mm VERs FCTUC secondments10.25 mm ERs FCTUC secondments8.75 mm

4. N APLES, 20 TH D ECEMBER 2011 ::.. FCTUC Secondments: first half of the project Total FCTUC secondments18.75 mm FCTUC has spent all the planned budget for the first half od the project.

5. N APLES, 20 TH D ECEMBER 2011 ::.. Past/Current Activities Activities supported by Critical STEP and conducted by FCTUC involving CSW and SESM.

6. N APLES, 20 TH D ECEMBER 2011 ::.. Past/Current Activities Analysis of system wide failure cases and definition of appropriate fault models to induce such failure cases in recent board technology. Preparation for developing JTAG driven fault injection taking advantage of the recent developments of microprocessor and board technology (e.g., Intel Core i7 or Octeon microprocessors and boards ) as well as JTAG and boundary scan features. Activities supported by Critical STEP and conducted by FCTUC involving CSW and SESM.

7. N APLES, 20 TH D ECEMBER 2011 ::.. Past/Current Activities Identification of failure cases in different domains. Analysis and selection of representative cases and definition of a set of failures cases and fault emulation approaches. Definition of system wide realistic fault models for application in industrial cases. Extraction of knowledge of the market and identification of industrial needs in the fault injection field. Activities supported by Critical STEP and conducted by FCTUC involving CSW and SESM.

8. N APLES, 20 TH D ECEMBER 2011 ::.. Past/Current Activities Activities supported by Critical STEP and conducted by FCTUC involving CSW and SESM. Analysis of security threats in different contexts. Modelling of threats and definition of requirements of an intrusion detection system. Study of possible approach for the definition of a security maturity model.

9. N APLES, 20 TH D ECEMBER 2011 ::.. Past/Current Activities Study and development of a tool able to carry out fault injection in application developed in java language. Evolution of SWIFT tool features meant for the C language to OO language features (i.e., JSWIFT tool). Analysis of JSWIFT and identification of limitations in the generation and injection of the faults in the java byte code and identification of possible solutions. Activities supported by Critical STEP and conducted by FCTUC involving CSW and SESM.

10. N APLES, 20 TH D ECEMBER 2011 ::.. Past/Current Activities Study of enhanced web services robustness testing approach: −Recognize customized and complex WS parameters from the description provided in the WSDL file. −Manage WS parameters that are XML-formatted. Development of a proper tool based on identified of an Air Traffic Control (ATC) applications and able to carry out automatic robustness testing on web services used in critical application. Activities supported by Critical STEP and conducted by FCTUC involving CSW and SESM.

11. N APLES, 20 TH D ECEMBER 2011 ::.. Obtained Results (1/3) Conducted activities allowed FCTUC to publish the following scientific papers: Nuno Laranjeiro, Marco Vieira, “Adapting Test-Driven Development to Build Robust Web Services”, Agile and Lean Service-Oriented Development: Foundations, Theory and Practice, IGI-Global, (Eds. Xiaofeng Wang, Nour Ali, Isidro Ramos, Richard Vidgen), 2011. Raul Barbosa, Johan Karlsson (Chalmers University of Technology, Suécia), Henrique Madeira, Philipp Reinecke (Freie Universitat Berlin, Alemanha), Marco Vieira, “Fault Injection”, Resilience Assessment and Evaluation: Past, Current and Future Trends”, Springer, (Eds. Katinka Wolter, Alberto Avritzer, Marco Vieira, Aad van Moorsel), 2011. Zoltán Micskei (Budapest University of Technology and Economics, Hungria), István Majzik (Budapest University of Technology and Economics, Hungria), Henrique Madeira, Marco Vieira, Nuno Antunes, Alberto Avritzer (Siemens Corporate Research, EUA), “Robustness Testing Techniques and Tools”, Resilience Assessment and Evaluation: Past, Current and Future Trends”, Springer, (Eds. Katinka Wolter, Alberto Avritzer, Marco Vieira, Aad van Moorsel), 2011. Joao Duraes, José Fonseca, Henrique Madeira, Marco Vieira, “Field Studies on Resilience: Measurements and Repositories”, Resilience Assessment and Evaluation: Past, Current and Future Trends”, Springer, (Eds. Katinka Wolter, Alberto Avritzer, Marco Vieira, Aad van Moorsel), 2011. Nuno Antunes, Marco Vieira, “Detecting Vulnerabilities in Web Services: Can Developers Rely on Existing Tools?”, Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions, ISBN: 978-1-609-60794-4, IGI-Global, (Eds. Valeria Cardellini, Emiliano Casalicchio, Kalinka Castelo Branco, Julio Cezar Estrella, Francisco Jose Monaco), 2011.

12. N APLES, 20 TH D ECEMBER 2011 ::.. Obtained Results (2/3) Nuno Antunes, Marco Vieira, “The Devils Behind Web Application Vulnerabilities”, IEEE Computer, ISSN: 0018-9162, IEEE, 2011. (a aparecer em 2011; Factor de Impacto ISI: 2.205) Nuno Laranjeiro, Henrique Madeira, Marco Vieira, “Robustness Testing of Web Services”, Journal of Internet Services and Applications (JISA), ISSN: 1867-4828, Springer, 2011. Nuno Antunes, Marco Vieira, “Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services”, The 8th International Conference on Services Computing, SCC 2011, IEEE Press, Washington D.C., EUA, 4 a 9 de Julho de 2011. Rui Oliveira, Nuno Laranjeiro, Marco Vieira, “A Composed Approach for Automatic Classification of Web Services Robustness”, The 8th International Conference on Services Computing, SCC 2011, IEEE Press, Washington D.C., EUA, 4 a 9 de Julho de 2011. Gabriella Carrozza (SESM Scarl, Itália), Nuno Laranjeiro, Aniello Napolitano (SESM Scarl, Itália), “WSRTesting: Hands-on Solution to Improve Web Services Robustness Testing”, Fifth Latin-American Symposium on Dependable Computing – Industry Track, LADC 2011, São José dos Campos, Brasil, 25 a 29 de Abril de 2011. Nuno Laranjeiro, Marco Vieira, Henrique Madeira, "A Learning-Based Approach to Secure Web Services from SQL/XPath Injection Attacks", The 16th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2010, IEEE Press, Tokyo, Japão, Dezembro de 2010.

13. N APLES, 20 TH D ECEMBER 2011 ::.. Obtained Results (2/3) Ivano Irrera, João Duraes, Marco Vieira, Henrique Madeira, "Towards Identifying the Best Variables for Failure Prediction using Injection of Realistic Software Faults", The 16th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2010, IEEE Press, Tokyo, Japão, Dezembro de 2010. Ivano Elia (University of Naples ‘Parthenope’, Itália), José Fonseca, Marco Vieira, “Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study”, 21st IEEE International Symposium on Software Reliability Engineering, ISSRE 2010, IEEE Press, San Jose, CA, EUA, 1 a 4 de Novembro de 2010. Nuno Laranjeiro, Rui Oliveira, Marco Vieira, “Applying Text Classification Algorithms in Web Services Robustness Testing”, 29th IEEE International Symposium on Reliable Distributed Systems, SRDS 2010, IEEE Press, Delhi, India, 1 a 3 de Novembro de 2010. Nuno Antunes, Marco Vieira, “Benchmarking Vulnerability Detection Tools for Web Services”, The 8th IEEE International Conference on Web Services, ICWS 2010, IEEE Press, Miami, FL, EUA, 5 a 10 de Julho de 2010. ICWS 2010 Best Paper Award.

14. Thank you for your attention N APLES, 20 TH D ECEMBER 2011