Rafael Ramires, Bernardo Ferreira, and Ibéria Medeiros, LASIGE researchers, and the former LASIGE researchers Jorge Martins and David Dantas, published a paper titled “Detecting Vulnerabilities in Encrypted Software Code while Ensuring Code Privacy”, in the IEEE Transactions on Dependable and Secure Computing , a top-ranked journal (impact factor 7.5 and H-index 117).

The paper presents CoCoA, a novel approach to Software Quality and Privacy that enables authorised users to analyse source code in a protected manner, preserving its privacy while preventing attacks and intellectual property violations. CoCoA combines Static Analysis with Searchable Symmetric Encryption (SSE) for confidential vulnerability detection, enabling data and dependency tracking for data flow analysis over encrypted source code. The solution represents the code’s data and control flows as an Encrypted Inverted Index, in a connected way that enables SSE’s queries for vulnerability discovery.

With this novel approach, the paper also defines a new research field – Confidential Code Analysis –, from which other types of code analysis tasks and approaches can be derived.

The paper is available: here.