About me

I am Software Engineering & Security Researcher at the Institute for Software Research (SCS) at Carnegie Mellon University.

My research focuses on Software Engineering, specifically on topics such as package management security, security automation, and evidence-based security assurance. My long-term goal is to bridge the gap between software engineering and security by designing social-technical solutions that reduce the costs of building more secure software. I am advised by Christian Kästner.

Currently, I am working on containing malicious package updates on the Node.js/npm ecosystem with a lightweight permission system that reduces applications' attack surface and an anomaly detection approach that reduces developers' review effort by focusing on suspicious updates. Here is short (10 min) presentation of my paper @ ICSE 2021.


Resume

Education

Ph.D in Software Engineering

2014 -- Current

Carnegie Mellon University, USA

  • Thesis: "Towards Practical and Trustworthy Package Management"
  • Advisor: Christian Kästner

Masters of Science in Computer Science

2000 -- 2012

Federal University of Uberlandia, Brazil

Bachelors of Science in Computer Science

2005 -- 2009

Federal University of Uberlandia, Brazil

Awards

Scholarship for Ph.D Program in Software Engineering / CAPES / 2014--2018
Scholarship for Masters Program in Computer Science / CNPq / 2010--2011
Scholarship for Undergrad. Research Program in CS / FAPEMIG / 2007--2008

Professional Experience

Software Engineer

2012 - 2014

Federal University of Uberlandia, Brazil

  • Designed and developed a microservices platform to reduce maintenance efforts on University-wide systems.

Software Engineer

2011 - 2012

Zup IT Innovation, Brazil

  • Team Leader: Designed and developed a microservices-based sales platform for a telecommunications company.

Software Engineer

2008 - 2010

Technology and Quality on Information, Brazil

  • Developed information software systems using Java technologies.

Teaching Experience

Temporary Lecturer

2012 - 2013

Federal University of Uberlandia, Brazil

  • Subjects taught: Software Modeling, Information Retrieval, Database Systems, Logic Programming.

Publications

Journals & Book Chapters



JSEP 2018 - Goyal, R., Ferreira, G., Kaestner, C., Herbsleb, J. Identifying Unusual Commits on GitHub. Journal of Software Evolution and Process, Vol. 30, Issue 1, 2018. [doi]

SCP 2014 - Gaia, F. N., Ferreira, G. C. S., Figueiredo, E., Maia, M. A Quantitative Assessment of Aspectual Feature Modules for Evolving Software Product Lines. Science of Computer Programming, Vol. 96, Part 2, 2014, pp. 230-253 [doi]

SCP 2014 - Ferreira, G. C. S., Gaia, F. N., Figueiredo, E., Maia, M. On the Use of Feature- Oriented Programming for Evolving Software Product Lines – A Comparative Study. Science of Computer Programming, Vol. 93, Part A, 2014, pp. 65-85 [doi]

LNCS 2012 - Gaia, F. N., Ferreira, G. C. S., Figueiredo, E., Maia, M. A Quantitative Assessment of Aspectual Feature Modules for Evolving Software Product Lines. Programming Languages: 16th Brazilian Symposium, SBLP 2012, Natal, Brazil, September 23-28, 2012, Proceedings (LNCS), Book 7554, pp. 134-149. [doi]

Conferences



ICSE 2021 - Ferreira, G., Jia, L., Sunshine, J., Kaestner, C. Containing Malicious Package Updates in npm with a Lightweight Permission System. Proc. of ICSE (2021). [to appear]. [pre-print]

ICSE-NIER 2019 - Garret, K., Ferreira, G., Jia, L., Sunshine, J., Kaestner, C. Detecting Suspicious Package Updates. Proc. of ICSE-NIER (2019). [pre-print]

SPLC 2016 - Ferreira, G., Malik. M, Kaestner, C., Pfeffer, J., Apel, S. Do #ifdefs Influence the Occurrence of Vulnerabilities? An Empirical Study of the Linux Kernel. Proc. of SPLC (2016). Distinguished Paper [doi]

HotSoS 2015 - Ferreira, G., Kaestner, C., Pfeffer, J., Apel, S. Characterizing Configuration Complexity in Highly-Configurable Systems with Variational Call Graphs (poster abstract). Proc. of HotSoS: Article 17 (2015).[doi]

SBLP 2011 - Ferreira, G. C. S., Gaia, F. N., Figueiredo, E., Maia, M. On the Use of Feature- Oriented Programming for Evolving Software Product Lines: A Comparative Study. Proc. of SBLP: 1-15 (2011).[doi]

AOSD 2011 - Figueiredo, E., Garcia, A., Maia, M., Ferreira, G., Nunes, C., Whittle, J. On the Impact of Crosscutting Concern Projection on Code Measurement. Proc. of AOSD: 81-92 (2011) .[doi]