Seminario: Detection of Business Logical Vulnerabilities Attacks against REST APIs using Colored Petri Nets
Día y hora: martes 19 de octubre, 12.00 a 13.00
- Lugar: Seminario del DIIS, EINA
- Title: Detection of Business Logical Vulnerabilities Attacks against REST APIs using Colored Petri Nets
- Speaker: Ailton dos Santos
- Abstract: Web APIs are becoming ubiquitous in applications that require some kind of communication between the client and the server. This increase in popularity and the complexity of the applications that use them have brought new security challenges, such as the appearance of specific attacks against web APIs and the increase of attack surfaces for business logic vulnerabilities. The detection of logical vulnerabilities poses a challenge for security professionals because they are inherent to the application, requiring context of the purpose of the system and business rules (functionalities and execution flows, for example), making it difficult to use automated methods, such as vulnerability scanners. An example of this type of vulnerability is the top leader in the OWASP API Security Top 10, known as Broken Object Level Authorization. This work aims to provide an approach to detect attempts to exploit parameter manipulation and workflow vulnerabilities in REST APIs, based on the modeling the expected behavior of the application (extracted from the API specifications in the OpenAPI standard), the analysis of the data flow and control flow at execution time of requests and responses, and the identification of deviations between observed and expected behavior.

- Short bio: Ailton dos Santos is a Ph.D. student in Computer Science at the Federal University of Amazonas and holds an M.Sc. degree in Computer Science at the same institution. Currently, his research addresses the detection of malicious behaviors in Web APIs, mainly related to authorization flaws. Additionally, he acts as a senior cybersecurity engineer to a few Brazilian companies.
“Estamos disparando al coronavirus con un ordenador”
Jorge Júlvez, investigador del Grupo, diseña modelos dinámicos, basados en Redes de Petri, de la interacción entre la célula y el coronavirus, en colaboración con la Universidad de Cambridge.
- “Un investigador zaragozano trata de ‘cazar’ al coronavirus con modelos matemáticos”, Heraldo de Aragón, 29-06-2020.
- “Estamos disparando al coronavirus con un ordenador”, Heraldo de Aragón, 12-07-2020.
Seminario: Stability Analysis of Switching Positive Linear Systems
Title: Stability Analysis of Switching Positive Linear Systems
Speaker: Mihaela Matcovschi
Date: Jueves, 19 de septiembre a las 12:00, Seminario del Departamento de Informática e Ingeniería de Sistemas
The presentation focuses on stability analysis based on copositive Lyapunov functions (CLFs) for arbitrary switching positive linear systems with discrete-time or continuous-time dynamics. The techniques for constructing linear, max-type or quadratic-diagonal CLFs rely on the properties of row and column representatives associated with the set of matrices corresponding to all the subsystems. Using comparison theory, these techniques may be extended to arbitrary switching linear systems which are not necessarily positive.
Short biography:
Mihaela Matcovschi received M.Sc. degree in Mathematics (1986) from the “Alexandru Ioan Cuza” University of Iasi, and M.Eng. degree in Automatic Control (1999) and Ph.D. in Industrial Engineering (2001) from the “Gheorghe Asachi” Technical University of Iasi, Romania. Since 2008 she is a Professor at the Department of Automatic Control and Applied Informatics from the “Gheorghe Asachi” Technical University of Iasi. Her research interests in the field of Systems Engineering include qualitative analysis of dynamic systems based on flow-invariance theory, and also modelling, simulation and analysis of discrete event dynamic systems based on Petri nets theory and queueing systems.
XXVI Jornadas de Concurrencia y Sistemas Distribuidos
Las XXVI Jornadas de Concurrencia y Sistemas Distribuidos, organizadas por el grupo, tendrán lugar en Zaragoza, del 19 al 21 de junio de 2019.
Web de las Jornadas:
24th IEEE Conference on Emerging Technologies and Factory Automation
La 24th IEEE Conference on Emerging Technologies and Factory Automation, organizada por el grupo, tendrá lugar en Zaragoza, del 10 al 13 de septiembre de 2019.
Web de la conferencia:
Llamada para artículos y propuestas de workshops:
Premio al Mejor Hospital Digital
CIPLAN, una herramienta informática para la programación quirúrgica de pacientes en lista de espera, desarrollada en un proyecto en el que participan investigadores de nuestro grupo, ha obtenido el Premio al Mejor Hospital Digital en la tercera edición de los Premios eSalud – eHealth Awards 2018, que se han entregado en la clausura del III Congreso de eSalud, que se ha celebrado en el Hospital de La Princesa (Madrid), organizado por la Asociación de Investigadores en eSalud AIES y la agencia de comunicación COM Salud.
Más información: aquí.
Artículo: aquí.
Nueva web
Estamos trabajando en la creación de esta web.