Mafalda Ferreira

Welcome! I’m a 4th year PhD student in Computer Science and Engineering at Instituto Superior Técnico (IST), University of Lisbon, being kindly advised by professor Nuno Santos and professor José Fragoso Santos. I am a junior researcher at INESC-ID Lisbon and member of the Distributed, Parallel and Secure Systems Group (DPSS), as part of the SysSec team.

I’m interested in Web security and privacy. My research focuses on developing systems based on static analysis techniques to identify security vulnerabilities and privacy violations in JavaScript.

Previously, I received my MSc in Computer Science and Engineering at IST in 2021, under the guidance of professor Nuno Santos. My dissertation, entitled Building GDPR-Compliant Web Applications with RuleKeeper is available in the Publications section.

I have been a teaching assistant at IST, University of Lisbon since 2019. To learn more about my teaching activities, check my Teaching section.

News

Apr 3, 2025	Our paper on automated exploit generation for Node.js packages was accepted at PLDI’25!
Feb 28, 2025	Joined Cogna as Research Engineering Intern during the Fall.
Sep 14, 2024	Joined Amazon Web Services as an Applied Scientist Intern during the Summer, as part of the Automated Reasoning Group.
Jul 31, 2024	I was awarded the DPSS Best PhD Student Award 2023!

Selected Publications

PLDI

Automated Exploit Generation for Node.js Packages

Filipe Marques, Mafalda Ferreira, André Nascimento, Miguel Coimbra and 3 more authors

Proc. ACM Program. Lang. Jun 2025

PDF
PLDI

Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs

Mafalda Ferreira, Miguel Monteiro, Tiago Brito, Miguel E. Coimbra and 3 more authors

Proc. ACM Program. Lang. Jun 2024

PDF

ToR

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

Tiago Brito, Mafalda Ferreira, Miguel Monteiro, Pedro Lopes and 3 more authors

In IEEE Transactions on Reliability Jun 2023

Bib PDF Website

@inproceedings{vulcan_tor,
  author = {Brito, Tiago and Ferreira, Mafalda and Monteiro, Miguel and Lopes, Pedro and Barros, Miguel and Santos, José Fragoso and Santos, Nuno},
  booktitle = {IEEE Transactions on Reliability},
  title = {Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages},
  year = {2023},
  volume = {},
  number = {},
  pages = {1-16},
  doi = {10.1109/TR.2023.3286301},
}

S&P

RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks

Mafalda Ferreira, Tiago Brito, José Fragoso Santos, and Nuno Santos

In Proceedings of 44th IEEE Symposium on Security and Privacy (S&P’23) May 2023

Bib PDF Website

@inproceedings{ferreira_sp23,
  author = {Ferreira, Mafalda and Brito, Tiago and Santos, José Fragoso and Santos, Nuno},
  title = {RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks},
  booktitle = {Proceedings of 44th IEEE Symposium on Security and Privacy (S&P'23)},
  year = {2023},
  doi = {10.1109/SP46215.2023.00058},
  pages = {1014-1031},
  publisher = {IEEE Computer Society},
  address = {Los Alamitos, CA, USA},
}

CCS

Poster: A Systems Approach to GDPR Compliance-by-Design in Web Development Stacks

Mafalda Ferreira, Tiago Brito, José Fragoso Santos, and Nuno Santos

In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS’22) Nov 2022

Bib PDF Website

@inproceedings{ferreira_ccs22,
  author = {Ferreira, Mafalda and Brito, Tiago and Santos, José Fragoso and Santos, Nuno},
  title = {Poster: A Systems Approach to GDPR Compliance-by-Design in Web Development Stacks},
  booktitle = {Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS'22)},
  year = {2022},
  isbn = {9781450394505},
  doi = {10.1145/3548606.3563521},
}

Contact

E-mail: mafalda.baptista@tecnico.ulisboa.pt

Address:
Room 501, INESC-ID
Rua Alves Redol 9
1000-029 Lisbon, Portugal