Pedro Miguel Sousa Bernardo
MSc
Hello! My research focuses on web security and how to apply formal methods to reason about the security of the web platform at its core. I am also interested in side-channel attacks and their impact on client-side web security.
Outside of my research, I play CTF competitions with STT and w0y, where I explore my passion for the low-level aspects of computer security. Additionally, I participated in the ENISA European Cyber Security Challenge 2021 as a player for Team Portugal.
Roles
- PreDoc Researcher
Publications (created while at TU Wien)
-
2024
-
Web Platform Threats: Automated Detection of Web Security Issues With WPT
Bernardo, P., Veronese, L., DALLA VALLE, V., Calzavara, S., Squarcina, M., Adão, P., & Maffei, M. (2024). Web Platform Threats: Automated Detection of Web Security Issues With WPT. In Proceedings of the 33rd USENIX Security Symposium (pp. 757–774).
MetadataAbstract
Client-side security mechanisms implemented by Web browsers, such as cookie security attributes and the Mixed Content policy, are of paramount importance to protect Web applications. Unfortunately, the design and implementation of such mechanisms are complicated and error-prone, potentially exposing Web applications to security vulnerabilities. In this paper, we present a practical framework to formally and automatically detect security flaws in client-side security mechanisms. In particular, we leverage Web Platform Tests (WPT), a popular cross-browser test suite, to automatically collect browser execution traces and match them against Web invariants, i.e., intended security properties of Web mechanisms expressed in first-order logic. We demonstrate the effectiveness of our approach by validating 9 invariants against the WPT test suite, discovering violations with clear security implications in 104 tests for Firefox, Chromium and Safari. We disclosed the root causes of these violations to browser vendors and standard bodies, which resulted in 8 individual reports and one CVE on Safari. -
WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms
Veronese, L., Farinier, B., Bernardo, P., Tempesta, M., Squarcina, M., & Maffei, M. (2023). WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 2761–2779). IEEE.
DOI: 10.1109/SP46215.2023.10179465 MetadataAbstract
The complexity of browsers has steadily increased over the years, driven by the continuous introduction and update of Web platform components, such as novel Web APIs and security mechanisms. Their specifications are manually reviewed by experts to identify potential security issues. However, this process has proved to be error-prone due to the extensiveness of modern browser specifications and the interplay between new and existing Web platform components. To tackle this problem, we developed WebSpec, the first formal security framework for the analysis of browser security mechanisms, which enables both the automatic discovery of logical flaws and the development of machine-checked security proofs. WebSpec, in particular, includes a comprehensive semantic model of the browser in the Coq proof assistant, a formalization in this model of ten Web security invariants, and a toolchain turning the Coq model and the Web invariants into SMT-lib formulas to enable model checking with the Z3 theorem prover. If a violation is found, the toolchain automatically generates executable tests corresponding to the discovered attack trace, which is validated across major browsers.We showcase the effectiveness of WebSpec by discovering two new logical flaws caused by the interaction of different browser mechanisms and by identifying three previously discovered logical flaws in the current Web platform, as well as five in old versions. Finally, we show how WebSpec can aid the verification of our proposed changes to amend the reported inconsistencies affecting the current Web platform. -
Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks
Naseredini, A., Gast, S., Schwarzl, M., Sousa Bernardo, P. M., Smajic, A., Canella, C., Berger, M., & Gruss, D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. In P. Mori, G. Lenzini, & S. Furnell (Eds.), Proceedings of the 8th International Conference on Information Systems Security and Privacy (pp. 48–59). SciTePress.
Metadata ⯈Fulltext (preprint)Abstract
In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.