Tânia Calçada and Hélder Fontes, Carlos Moreira and Margarida Gonçalves

Free Nonsense

"I never imagined that at the institute (INESC TEC) I would have the opportunity to get to know and talk to the people whose articles I had read and admired...", Paola Soto Rojas (UESP)

Have your say

"My story in Portugal begins on a sunny day in February 2011. I can still remember the last moments of that freaky flight from Tehran (Iran) to Lisbon. When the plane landed, I had no idea of what was awaiting me." Samaneh Khoshrou (UTM)

Gallery of the Uncommon

It was in INESC TEC’s canteen that an impressive fire would reveal a well hidden secret. Eye witnesses reveal an incredible story: a super hero, whose identity remains hidden (or is it?)...

Jobs 4 the Boys & Girls

In this section, the reader may find reference to public announcements made by INESC Porto offering grants, contracts and other opportunities of the same kind.

Where are you now?

Every month INESC TEC sends highly qualified individuals into the market...


More scenes of how life goes merrily on...

Subscribe to the BIP

University of Bristol puts HASLab/INESC TEC work in the limelight

In a press release the University of Bristol in the UK highlighted work by the High Assurance Software Laboratory (HASLab), an INESC TEC Privileged Partner and three foreign researchers (from Finland, Belgium and the UK) for its contribution to high assurance software.

The title of the work is “Practical Realisation and Elimination of an ECC-Related Software Bug Attack and it focuses on the cryptographic components that play a fundamental role in protecting information in IT systems. Correctly implementing these cryptographic components in both hardware and software is a critical factor in maintaining information secure. Since 2008 the potential impact that even a subtle implementation error can have on the security of cryptographic algorithms used in IT systems has been known. This type of attack is typically known as a “bug attack”.

According to Manual Barbosa, the project leader at HASLab, “until recently, there had been no known attack of this type on a real system, there had been no actual “bug attacks” and the emphasis was generally on the risks associated with malicious implementation attempts on hardware where an implementation error could be purposely included by the manufacturer”, he explains.

In this article the authors changed the perspective on “bug attacks”. They demonstrated the first attack on an actual system and explored the implementation error using a version of the openSSL library. At the same time, the fact that this error is accidental and resides in software implementation shows the need to adopt rigorous approaches to correct implementations in the development processes of critical components. This area is HASLab’s main area of study.

The work by these researchers was also recently presented at the RSA Conference, one of the largest and most important events for IT security in the world.