LASIGE Talks are fortnightly/monthly events to publicize recently distinguished publications or ongoing cutting-edge work by researchers from the research centre, consolidating the scientific culture of the LASIGE community.
Speakers: Andreia Sofia Teixeira and Cláudia Mamede
Date: April 29th, 2026, Wednesday, 12:00
Where: C6.3.27
12:00 Break for snacks & coffee
13:00 Talk by Andreia Sofia Teixeira
13:30 Talk by Cláudia Mamede (remote)
14:00 Q&A
Title1: Dynamics of defensive and malicious worm co-propagation across networked systems
Speaker: Andreia Sofia Teixeira
Summary: The proliferation of Internet of Things (IoT) devices has greatly enhanced global connectivity but has also amplified cybersecurity risks, particularly from self-propagating malware or black worms. As a countermeasure, some researchers have proposed white worms: benign, self-replicating agents designed to autonomously patch vulnerable systems. Yet, their autonomous behavior raises complex ethical and legal concerns. In this paper, we develop a dynamical model of interacting black and white worms using tools from network epidemiology to explore their co-propagation and emergent behavior across IoT networks. We investigate how parameters related to user response, worm aggressiveness, and network topology shape the system’s stability and their dynamics. Our results show that ethical restrictions, such as reduced autonomy or shorter activity, significantly limit the ability of white worms to suppress botnets. Moreover, network structure plays a decisive role in shaping these outcomes. Overall, the study highlights a fundamental tension between ethical design and practical efficacy: to be truly effective, a white worm must behave in ways that challenge its ethical intent.
Paper: https://doi.org/10.1016/j.chaos.2025.117589
Title2: Interpretable Vulnerability Detection Reports
Speaker: Cláudia Mamede
Summary: Static analysis tools detect vulnerabilities effectively, but their technical outputs remain inaccessible to most developers, forcing reliance on security specialists and creating remediation bottlenecks. We propose an interpretability convention and modular workflow that transforms raw analyzer outputs into clear, actionable reports for all developers. We instantiate this in SECGen, which parses analyzer outputs, restructures them per our convention, and enforces compliance via automated validation. In a user study with 25 developers comparing our reports to state-of-the-art outputs, participants detected, understood, and fixed vulnerabilities more effectively, using only 67% of the time required with traditional reports while producing more correct fixes.
Paper: https://doi.org/10.1109/ASE63991.2025.00168