Repositório Comunidade:http://hdl.handle.net/10071/150792026-05-19T10:18:22Z2026-05-19T10:18:22ZDevelopment of a cybersecurity framework for cloud environments adapted to the retail sectorIsidoro, T.Coutinho, C.Serrão, C.http://hdl.handle.net/10071/373032026-05-19T09:46:54Z2025-01-01T00:00:00ZTítulo próprio: Development of a cybersecurity framework for cloud environments adapted to the retail sector
Autoria: Isidoro, T.; Coutinho, C.; Serrão, C.
Resumo: Retail companies are increasingly targeted by cyber threats that are becoming more complex and difficult to deal with as technologies evolve, particularly due to the complexity and volume of information involved in this type of business. Traditional solutions such as antivirus/antimalware are becoming insufficient to deal with mass attacks that are increasingly sophisticated given current computing power. The retail business, due to its characteristics, is becoming a greater target, due to the large number of transactions and potential points of intrusion, from employees to partners. This article proposes a cybersecurity framework to support the migration of on-premises systems to the cloud. This framework consists of controls aimed at increasing confidence in migration, which have been defined through the analysis of internationally recognized frameworks and the author's practical experience. The focus of this document is mainly on the retail sector and data protection.2025-01-01T00:00:00ZEnabling secure coding: Exploring GenAI for developer training and educationSathwik A.Gasiba, T.Lechner, U.Pinto-Albuquerque, M.http://hdl.handle.net/10071/373022026-05-19T09:11:34Z2025-01-01T00:00:00ZTítulo próprio: Enabling secure coding: Exploring GenAI for developer training and education
Autoria: Sathwik A.; Gasiba, T.; Lechner, U.; Pinto-Albuquerque, M.
Editor: Queirós, Ricardo; Pinto, Mário; Portela, Filipe; Simões, Alberto
Resumo: The rapid adoption of GenAI for code generation presents unprecedented opportunities and significant security challenges. Raising awareness about secure coding is critical for preventing software vulnerabilities. To investigate how Generative AI can best support secure coding, we built an AI Secure Coding platform, an interactive training environment that embeds a GPT-4 based chatbot directly into a structured challenge workflow. The platform comprises a landing page, a challenges page with three AI-generated tasks, and a challenge page where participants work with code snippets. In each challenge, developers (1) identify vulnerabilities by reviewing code and adding comments, (2) ask the AI for help via a chat based interface, (3) review and refine comments based on AI feedback, and (4) fix vulnerabilities by submitting secure patches. The study involved 18 industry developers tackling three challenges. Participants used the AI Secure Coding Platform to detect and remediate vulnerabilities and then completed a survey to capture their opinions and comfort level with AI assisted platform for secure coding. Results show that AI assistance can boost productivity, reduce errors, and uncover more defects when treated as a "second pair of eyes," but it can also foster over-reliance. This study introduces the AI Secure Coding platform, presents preliminary results from a initial study, and shows that embedding GenAI into a structured secure-coding workflow can both enable and challenge developers. This work also opens the door to a new research field: leveraging GenAI to enable secure software development.2025-01-01T00:00:00ZCan open large language models catch vulnerabilities?Lopes, D. G.Gasiba, T.Sathwik, A.Pinto-Albuquerque, M.http://hdl.handle.net/10071/373002026-05-19T08:53:59Z2025-01-01T00:00:00ZTítulo próprio: Can open large language models catch vulnerabilities?
Autoria: Lopes, D. G.; Gasiba, T.; Sathwik, A.; Pinto-Albuquerque, M.
Editor: Queirós, Ricardo; Pinto, Mário; Portela, Filipe; Simões, Alberto
Resumo: As Large Language Models (LLMs) become increasingly integrated into secure software development workflows, a critical question remains unanswered: can these models not only detect insecure code but also reliably classify vulnerabilities according to standardized taxonomies? In this work, we conduct a systematic evaluation of three state-of-the-art LLMs - Llama3, Codestral, and Deepseek R1 - using a carefully filtered subset of the Big-Vul dataset annotated with eight representative Common Weakness Enumeration categories. Adopting a closed-world classification setup, we assess each model's performance in both identifying the presence of vulnerabilities and mapping them to the correct CWE label. Our findings reveal a sharp contrast between high detection rates and markedly poor classification accuracy, with frequent overgeneralization and misclassification. Moreover, we analyze model-specific biases and common failure modes, shedding light on the limitations of current LLMs in performing fine-grained security reasoning.These insights are especially relevant in educational contexts, where LLMs are being adopted as learning aids despite their limitations. A nuanced understanding of their behaviour is essential to prevent the propagation of misconceptions among students. Our results expose key challenges that must be addressed before LLMs can be reliably deployed in security-sensitive environments.2025-01-01T00:00:00ZAre we there yet?: On security vulnerabilities produced by open source generative AI models and Its Implications for security educationGaleano, M. C.Gasiba, T.Amburi, S.Pinto-Albuquerque, M.http://hdl.handle.net/10071/372872026-05-18T10:48:25Z2025-01-01T00:00:00ZTítulo próprio: Are we there yet?: On security vulnerabilities produced by open source generative AI models and Its Implications for security education
Autoria: Galeano, M. C.; Gasiba, T.; Amburi, S.; Pinto-Albuquerque, M.
Editor: Queirós, Ricardo; Pinto, Mário; Portela, Filipe; Simões, Alberto
Resumo: With the increasing integration of large language models (LLMs) into software development and programming education, concerns have emerged about the security of AI-generated code. This study investigates the security of three open source code generation models. Codestral, DeepSeek R1, and LLaMA 3.3 70B using structured prompts in Python, C, and Java. Some prompts were designed to explicitly trigger known vulnerability patterns, such as unsanitized input handling or unsafe memory operations, in order to assess how each model responds to security-sensitive tasks. The findings reveal recurring issues, including command execution vulnerabilities, insecure memory handling, and insufficient input validation. In response, we propose a set of recommendations for integrating secure prompt design and code auditing practices into developer training. These guidelines aim to help future developers generate safer code and better identify flaws in GenAIgenerated output. This work offers an initial analysis of the limitations of GenAI-assisted code generation and provides actionable strategies to support the more secure and responsible use of these tools in professional and educational contexts.2025-01-01T00:00:00Z