publications | Mafalda Ferreira

2023

ToR

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

Brito, Tiago, Ferreira, Mafalda, Monteiro, Miguel, Lopes, Pedro and 3 more authors

In IEEE Transactions on Reliability 2023

Bib PDF Website

@inproceedings{vulcan_tor,
  author = {Brito, Tiago and Ferreira, Mafalda and Monteiro, Miguel and Lopes, Pedro and Barros, Miguel and Santos, José Fragoso and Santos, Nuno},
  booktitle = {IEEE Transactions on Reliability},
  title = {Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages},
  year = {2023},
  volume = {},
  number = {},
  pages = {1-16},
  doi = {10.1109/TR.2023.3286301},
}

S&P

RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks

Ferreira, Mafalda, Brito, Tiago, Santos, José Fragoso, and Santos, Nuno

In Proceedings of 44th IEEE Symposium on Security and Privacy (S&P’23) May 2023

Bib PDF Website

@inproceedings{ferreira_sp23,
  author = {Ferreira, Mafalda and Brito, Tiago and Santos, José Fragoso and Santos, Nuno},
  title = {RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks},
  booktitle = {Proceedings of 44th IEEE Symposium on Security and Privacy (S&P'23)},
  year = {2023},
  doi = {10.1109/SP46215.2023.00058},
  pages = {1014-1031},
  publisher = {IEEE Computer Society},
  address = {Los Alamitos, CA, USA},
}

2022

CCS

Poster: A Systems Approach to GDPR Compliance-by-Design in Web Development Stacks

Ferreira, Mafalda, Brito, Tiago, Santos, José Fragoso, and Santos, Nuno

In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS’22) Nov 2022

Bib PDF Website

@inproceedings{ferreira_ccs22,
  author = {Ferreira, Mafalda and Brito, Tiago and Santos, José Fragoso and Santos, Nuno},
  title = {Poster: A Systems Approach to GDPR Compliance-by-Design in Web Development Stacks},
  booktitle = {Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS'22)},
  year = {2022},
  isbn = {9781450394505},
  doi = {10.1145/3548606.3563521},
}

2021

Master Thesis

Building GDPR-Compliant Web Applications with RuleKeeper

Ferreira, Mafalda, and Santos, Nuno

Instituto Superior Técnico, Nov 2021

Abs HTML PDF

Modern web applications provide many useful services to end-users but require them to share their data, sometimes publicly and globally. In 2018, the European Union issued a comprehensive legislation - the General Data Protection Regulation (GDPR) - that defines a system of laws aimed at promoting the deployment of extensive security mechanisms for the protection of users’ data and prevention of privacy breaches. Unfortunately, most modern systems tend to be optimized for performance, cost, and reliability, leaving security as a secondary goal and failing to provide adequate support for the development of GDPR-aware web applications. As a result, not only the web users remain prone to numerous risks, including the exposure of sensitive data, but the organizations themselves may incur high fees in the case of non-compliance with the GDPR. Moreover, due to the limitations of existing web frameworks, application developers face numerous challenges in building their applications in adherence to the strict GDPR data protection policies. Considering these challenges, this thesis studies the implications that GDPR holds in web applications and clarifies the requirements organizations need to follow when managing their information systems. Particularly, it proposes RuleKeeper, a novel web application framework, tailored to provide data security and privacy protections according to GDPR-compliant policies. Additionally, this thesis presents Purposeful Data Objects, a new abstraction for building secure-by-design GDPR-compliant web applications, and GPSL, a policy language for specifying GDPR policies in such a way that the requirements expressed above can be laid out rigorously and interpreted automatically.