José Fragoso Santos (1319-F56C-0E1E)

Curriculum Vitae

José Fragoso Santos

The main goal of my research is the verification, specification, and testing of JavaScript applications with a particular focus on client-side Web applications that interact with the DOM API. I am primarily interested in the enforcement of security properties (such as secure information flow) and the automated verification of functional correctness properties of critical JavaScript code. To achieve these goals, I make use of program analyses and instrumentation techniques well established for static languages, advancing them to the setting of a highly complex, dynamic language, such as JavaScript. My research goes from theory to practice delivering industrial-strength tools that enable JavaScript programmers to better test, verify, and understand their code. As JavaScript is the key element of the internet of today, these tools can significantly impact the quality of current web applications, potentially improving the experience of users on a global scale.

Read full resume ↓

Identification

Personal identification

Full name: José Fragoso Santos

Citation names

José Fragoso Santos

Author identifiers

Ciência ID: 1319-F56C-0E1E
ORCID iD: 0000-0001-5077-300X

Knowledge fields

Exact Sciences - Computer and Information Sciences

Languages

Language	Speaking	Reading	Writing	Listening	Peer-review
French	Upper intermediate (B2)	Upper intermediate (B2)	Upper intermediate (B2)	Upper intermediate (B2)
English	Advanced (C1)	Advanced (C1)	Advanced (C1)	Advanced (C1)

Education

	Degree	Classification
2014 Concluded	Doctorat en Informatique (Doutoramento) Université de Nice Sophia Antipolis, France "Enforcing Secure Information Flow in Client-Side Web Applications" (THESIS/DISSERTATION)	Mention Très Honorable
2008 Concluded	Mestrado em Engenharia Informática e de Computadores (Mestrado) Universidade de Lisboa Instituto Superior Técnico, Portugal "Learning Techniques: From SAT to Pseudo-Boolean Optimization" (THESIS/DISSERTATION)	18
2006 Concluded	Licenciatura em Ciências da Engenharia Informática e de Computadores (Licenciatura) Universidade de Lisboa Instituto Superior Técnico, Portugal "Learning Techniques: From SAT to Pseudo-Boolean Optimization" (THESIS/DISSERTATION)	16

Affiliation

Science

	Category Host institution	Employer
2019/09/01 - Current	Researcher (Research)	Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa, Portugal

2015/03/01 - 2019/08/31	Postdoc (Research)	Imperial College London, United Kingdom

2009/08/01 - 2010/08/01	Research Trainee (Research)	Instituto de Telecomunicações, Portugal

2009/01/01 - 2009/06/30	Research Trainee (Research)	Laboratório de Robótica e Sistemas de Engenharia, Portugal

2007/10/01 - 2008/10/31	Research Trainee (Research)	Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa, Portugal

Teaching in Higher Education

	Category Host institution	Employer
2019/09/01 - Current	Assistant Professor (University Teacher)	Universidade de Lisboa Instituto Superior Técnico, Portugal

Projects

Contract

	Designation	Funders
2021/01/01 - 2025/12/31	Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento em Lisboa LA/P/0078/2020 10.54499/LA/P/0078/2020 Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa, Portugal	Fundação para a Ciência e a Tecnologia Ongoing
2022/03/27 - 2023/06/26	DIVINA: Detecting Injection Vulnerabilities In Node.js Applications CMU/TIC/0053/2021 Principal investigator Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa, Portugal	Concluded
2020/01/01 - 2022/12/31	LAIfeBlood - Inteligência Artificial para a Gestão do Sangue DSAIPA/AI/0033/2019 Associação do Instituto Superior Técnico para a Investigação e Desenvolvimento, Portugal Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa, Portugal	Fundação para a Ciência e a Tecnologia Ongoing
2020/09/30 - 2022/09/30	INFOCOS: Intelligent Feedback for Content Students PTDC/CCI-COM/32378/2017 Principal investigator	Concluded
2019/01/01 - 2021/12/31	Data2Help: Ciência de Dados para Optimização de Serviços de Emergência Médica DSAIPA/AI/0044/2018 Instituto Nacional de Emergência Médica IP, Portugal Associação do Instituto Superior Técnico para a Investigação e Desenvolvimento, Portugal Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa, Portugal	Fundação para a Ciência e a Tecnologia Ongoing
2017/01/01 - 2019/08/31	REMS: Rigorous Engineering for Mainstream Systems EP/K008528/1 Researcher
2013/09/30 - 2016/12	Certified Verification of Client-Side Web Programs EP/K032089/1	UK Research and Innovation
2009/08/01 - 2010/08/01	KLog - Logics for Security PTDC/MAT/68723/2006 Master Student Fellow
2009/01/01 - 2009/07/31	BIO-LOOK - Biomimetic Oculomotor Control for Humanoid Robots PTDC/EEA-ACR/71032/2006
2007/09/01 - 2008/09/01	BSOLO - Boolean constraint SOLving and Optimization PTDC/EIA/76572/2006 Scientific Initiation Fellow

Outputs

Publications

Book	Santos, J.F.; Gardner, P.; Maksimovic, P.; Naudžiuniene, D.. Towards logic-based verification of javascript programs. 2017. 10.1007/978-3-319-63046-5_2 Santos, J.F.; Rezk, T.; Matos, A.A.. Modular monitor extensions for information flow security in javascript. 2016. 10.1007/978-3-319-28766-9_4 Fragoso Santos, J.; Jensen, T.; Rezk, T.; Schmitt, A.. Hybrid typing of secure information flow in a JavaScript-like language. 2016. 10.1007/978-3-319-28766-9_5 Raad, A.; Santos, J.F.; Gardner, P.. DOM: Specification and client reasoning. 2016. 10.1007/978-3-319-47958-3_21 Fragoso Santos, J.; Rezk, T.. An information flow monitor-inlining compiler for securing a core of Javascript. 2014. Almeida-Matos, A.; Santos, J.F.; Rezk, T.. An information flow monitor for a core of DOM: Introducing references and live primitives. 2014. 10.1007/978-3-662-45917-1_1
Book chapter	Filipe Marques; António Morgado; José Fragoso Santos; Mikoláš Janota. "TestSelector: Automatic Test Suite Selection for Student Projects". 2022. 10.1007/978-3-031-17196-3_17 "Hybrid Information Flow Control for Low-Level Code". 141-159. Springer International Publishing, 2021. 10.1007/978-3-030-92124-8_9
Conference paper	Mafalda Ferreira; Miguel Monteiro; Tiago Brito; Miguel Coimbra; Nuno Santos; Limin Jia; José Fragoso Santos. "Efficient Static Vulnerability Analysis for JavaScript with Multiversion Dependency Graphs". Paper presented in Programming Language Design and Implementation (PLDI), 2024. Frederico Ramos; Diogo Costa Reis; Miguel Trigo; António Morgado; José Fragoso Santos. "MetaData262: Automatic Test Suite Selection for Partial JavaScript Implementations". 2023. 10.1145/3597926.3604923 Luís Almeida; Miguel Gonzaga; José Fragoso Santos; Rui Abreu. "Rexstepper: a Reference Debugger for JavaScript Regular Expressions". 2023. 10.1109/icse-companion58688.2023.00021 Mafalda Ferreira; Tiago Brito; José Fragoso Santos; Nuno Santos. "RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks". 2023. 10.1109/sp46215.2023.10179395 Frederico Ramos; Nuno Sabino; Pedro Adão; David A. Naumann; José Fragoso Santos. "Toward Tool-Independent Summaries for Symbolic Execution". 2023. 10.4230/LIPICS.ECOOP.2023.24 Filipe Marques; José Fragoso Santos; Nuno Santos; Pedro Adão. "Concolic Execution for WebAssembly". 2022. 10.4230/LIPICS.ECOOP.2022.11 Petar Maksimovic; Sacha Elie Ayoun; José Fragoso Santos; Philippa Gardner. "Gillian, Part II: Real-World Verification for JavaScript and C". Paper presented in Computer Aided Verification-33rd International Conference, CAV, 2021. Accepted Gabriela Sampaio; José Fragoso Santos; Petar Maksimovic; Philippa Gardner. "A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications". Paper presented in European Conference on Object Oriented Programming (ECOOP), 2020. José Fragoso Santos; Petar Maksimovic; Sacha Elie Ayoun; Philippa Gardner. "Gillian, Part I: A Multi-language Platform for Symbolic Execution". Paper presented in Programming Language Design and Implementation (PLDI), London, 2020. Santos, José. "Symbolic Execution for JavaScript". 2018. 10.1145/3236950.3236956 Matos, A.A.; Santos, J.F.. "Typing illegal information flows as program effects". 2012. 10.1145/2336717.2336718 Santos, J.; Bernardino, A.; Santos-Victor, J.. "Sensor-based self-calibration of the iCub's head". 2010. 10.1109/IROS.2010.5651275 Santos, J.; Manquinho, V.. "Learning techniques for pseudo-boolean solving". 2008.
Journal article	Tiago Brito; Mafalda Ferreira; Miguel Monteiro; Pedro Lopes; Miguel Barros; Jose Fragoso Santos; Nuno Santos. "Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages". IEEE Transactions on Reliability (2023): http://dx.doi.org/10.1109/tr.2023.3286301. 10.1109/tr.2023.3286301 Tiago Brito; Pedro Lopes; Nuno Santos; José Fragoso Santos. "Wasmati: An efficient static vulnerability scanner for WebAssembly". Computers & Security (2022): http://dx.doi.org/10.1016/j.cose.2022.102745. 10.1016/j.cose.2022.102745 "The Seesaw Algorithm: Function Optimization Using Implicit Hitting Sets". Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2021): https://drops.dagstuhl.de/opus/volltexte/2021/15322/. 10.4230/LIPICS.CP.2021.31 Fragoso Santos, José (1319-F56C-0E1E). "JaVerT 2.0: Compositional Symbolic Execution for JavaScript". Proc. ACM Program. Lang. 3 POPL (2019): 66:1-66:31. http://doi.acm.org/10.1145/3290379. 10.1145/3290379 Santos, José. "JaVerT: JavaScript Verification Toolchain". Proc. ACM Program. Lang. 2 POPL (2017): 50:1-50:33. http://doi.acm.org/10.1145/3158138. 10.1145/3158138 Luo, Z.; Santos, J.F.; Matos, A.A.; Rezk, T.. "Mashic compiler: Mashup sandboxing based on inter-frame communication". Journal of Computer Security 24 1 (2016): 91-136. http://www.scopus.com/inward/record.url?eid=2-s2.0-84960408868&partnerID=MN8TOARS. 10.3233/JCS-160542

Distinctions

Award

2018	Research Award on Continuous Reasoning Research (USD 50K) Facebook Inc, United States