To appear

Towards Quantum-Based Detection of Data Tampering Attacks

Authors: Beatrice Casey, and Joanna C. S. Santos

In: QCE'27 Poster IEEE International Conference on Quantum Computing and Engineering. 2027.

To appear

Cyber-AI Supply Chain Vulnerabilities

Authors: and Joanna C. S. Santos

In: Book Chapter AI for Cybersecurity: Research and Practice. 2026.

To appear

Multi-Sallm: A Multilingual Security Assessment of Generated Code

Authors: Mohammed Latif Siddiq, Noshin Ulfat, Nishat Raihan, Joanna C. S. Santos, and Marcos Zampieri

In: ASE Journal Automated Software Engineering. 2026.

To appear 10.21203/rs.3.rs-7745381/v1

To appear

TriVul: Improving Precision of Static Vulnerability Detection through Multi-Agent Reasoning

Authors: X. Zhao, and Joanna C. S. Santos

In: SAS'26 33rd Static Analysis Symposium. 2026.

To appear

To appear

An Empirical Study of Security Calibration in Large Language Models for Code

Authors: Mohammed Latif Siddiq, Md. Nafiu Rahman, and Joanna C. S. Santos

In: ICSME'26 42nd IEEE International Conference on Software Maintenance and Evolution. Benevento, Italy. 2026.

To appear

To appear

Automated Detection of Configuration-Specific Security Vulnerabilities via Patch Analysis

Authors: Felipe Paixão, Eduardo Santana de Almeida, Joanna C. S. Santos, Paulo Anselmo da Mota Silveira Neto, Daniel Sadoc Menasche, and Gustavo Bittencourt Figueiredo

In: FSE'26 ACM International Conference on the Foundations of Software Engineering. 2026.

To appear

CodeGuard: Improving LLM Guardrails in CS Education

Authors: Nishat Raihan, Noah Erdachew, Jayoti Devi, Joanna C. S. Santos, and Marcos Zampieri

In: EACL'26 Findings Findings of the Association for Computational Linguistics: EACL 2026. 2026.

10.18653/v1/2026.findings-eacl.48

InstruMate: A Systematic Framework for Assessing Android App Repackaging Resilience

Authors: Leandro de Souza Oliveira, Rodrigo Bonifácio, Joanna C. S. Santos, and Rui Rua

In: SANER'26 33rd IEEE International Conference on Software Analysis, Evolution and Reengineering. Limassol, Cyprus. 2026.

To appear

Characterizing and Modeling the GitHub Security Advisories Review Pipeline

Authors: Claudio Segal, Paulo Segal, Carlos Eduardo de Schuller Banjar, Felipe Paixão, Hudson Silva Borges, Paulo Silveira Neto, Eduardo Santana de Almeida, Joanna C. S. Santos, Anton Kocheturov, Gaurav Kumar Srivastava, and Daniel Sadoc Menasché

In: MSR'26 23rd International Conference on Mining Software Repositories. 2026.

To appear

AdvChar: Attacking Interpretable NLP Systems

Authors: Eldor Abdukhamidov, Tamer Abuhmed, Joanna C. S. Santos, and Mohammed Abuhamad

In: TIFS IEEE Transactions on Information Forensics and Security. 2025.

Preprint 10.1109/TIFS.2025.3622073

Challenges to Using Large Language Models in Code Generation and Repair

Authors: Luigi Pasquale, Antonino Sabetta, Marcelo d’Amorim, Péter Hegedűs, Mehdi Mirakhorli, Hamed Okhravi, Mathias Payer, Awais Rashid, Joanna C. S. Santos, Jonathan M. Spring, Lin Tan, and Katja Tuma

In: IEEE S&P IEEE Security & Privacy. Volume 23, Issue 2, pages 81–88. 2025.

10.1109/MSEC.2025.3530488

On the performance of large language models on introductory programming assignments

Authors: Nishat Raihan, Dhiman Goswami, Sadiya Sayara Chowdhury Puspo, Mohammed Latif Siddiq, Christian Newman, Tharindu Ranasinghe, Joanna C. S. Santos, and Marcos Zampieri

In: JIIS Journal of Intelligent Information Systems. 2025.

Preprint 10.1007/s10844-025-00968-y

Quantum-Based SMT Solving for String Theory

Authors: Beatrice Casey, Joanna C. S. Santos, and Andrew Hennessee

In: QUASAR 2nd Workshop on Quantum Algorithms, Software and Applied Research. 2025.

Preprint 10.1145/3731545.3744151

A Survey of Source Code Representations for Machine Learning-Based Cybersecurity Tasks

Authors: Beatrice Casey, Joanna C. S. Santos, and George Perry

In: ACM CSUR ACM Computing Surveys. 2025.

Preprint 10.1145/3721977

MojoBench: Language Modeling and Benchmarks for Mojo

Authors: Nishat Raihan, Joanna C. S. Santos, and Marcos Zampieri

In: NAACL'25 Findings Findings of the Association for Computational Linguistics: NAACL 2025. Albuquerque, New Mexico, United States. 2025.

Preprint

Large Language Models in Computer Science Education: A Systematic Literature Review

Authors: Nishat Raihan, Mohammed Latif Siddiq, Joanna C. S. Santos, and Marcos Zampieri

In: SIGCSE'25 56th ACM Technical Symposium on Computer Science Education. Pittsburgh, Pennsylvania, United States. 2025.

Preprint GitHub 10.1016/j.chbr.2025.100642

SALLM: Security Assessment of Generated Code

Authors: Mohammed Latif Siddiq, Joanna C. S. Santos, Sajith Devareddy, and Anna Muller

In: ASYDE'24 6th International Workshop on Automated and verifiable Software sYstem Development. Sacramento, CA, USA. 2024.

Preprint GitHub 10.1145/3691621.3694934

FRANC: A Lightweight Framework for High-Quality Code Generation

Authors: Mohammed Latif Siddiq, Beatrice Casey, and Joanna C. S. Santos

In: SCAM'24 24th IEEE International Conference on Source Code Analysis and Manipulation (SCAM). Flagstaff, AZ, USA. 2024.

Preprint 10.1109/SCAM63643.2024.00020

The Fault in our Stars: Quality Assessment of Code Generation Benchmarks

Authors: Mohammed Latif Siddiq, Simantika Bhattacharjee Dristi, Joy Saha, and Joanna C. S. Santos

In: SCAM'24 24th IEEE International Conference on Source Code Analysis and Manipulation (SCAM). Flagstaff, AZ, USA. 2024.

Preprint 10.1109/SCAM63643.2024.00028

Using Large Language Models to Generate JUnit Tests: An Empirical Study

Authors: Mohammed Latif Siddiq, Joanna C. S. Santos, Ridwanul Hasan Tanvir, Noshin Ulfat, Fahmid Al Rifat, and Vinicius Carvalho Lopes

In: EASE'24 28th International Conference on Evaluation and Assessment in Software Engineering (EASE). Salerno, Italy. 2024.

Preprint 10.1145/3661167.3661216

Understanding Regular Expression Denial of Service (ReDoS): Insights from LLM-Generated Regexes and Developer Forums

Authors: Mohammed Latif Siddiq, Jiahao Zhang, and Joanna C. S. Santos

In: ICPC'24 32nd IEEE/ACM International Conference on Program Comprehension (ICPC). Lisbon, Portugal. 2024.

Preprint GitHub 10.1145/3643916.3644424

Seneca: Taint-Based Call Graph Construction for Java Object Deserialization

Authors: Joanna C. S. Santos, Mehdi Mirakhorli, and Ali Shokri

In: OOPSLA ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA). 2024.

Preprint 10.1145/3649851

Re(gEx|DoS)Eval: Evaluating Generated Regular Expressions and their Proneness to DoS Attacks

Authors: Mohammed Latif Siddiq, Jiahao Zhang, Lindsay Roney, and Joanna C. S. Santos

In: ICSE NIER 46th International Conference on Software Engineering - New Ideas and Emerging Results Track (ICSE-NIER). 2024.

Preprint GitHub 10.1145/3639476.3639757

Quality Assessment of ChatGPT Generated Code and their Use by Developers

Authors: Mohammed Latif Siddiq, Lindsay Roney, Jiahao Zhang, and Joanna C. S. Santos

In: MSR MINING CHALLENGE 21st International Conference on Mining Software Repositories, Mining Challenge Track (MSR 2024). 2024.

Preprint GitHub 10.1145/3643991.3645071

Empirical Validation of Automated Vulnerability Curation and Characterization

Authors: Ahmet Okutan, Peter Mell, Mehdi Mirakhorli, Igor Khokholov, Joanna C. S. Santos, Danielle Gonzalez, and Steven Simmons

In: TSE IEEE Transactions on Software Engineering. 2023.

Preprint 10.1109/TSE.2023.3250479

Zero-shot Prompting for Code Complexity Prediction Using GitHub Copilot

Authors: Mohammed Latif Siddiq, Abdus Samee, Sk Ruhul Azgor, Md. Asif Haider, Shehabul Islam Sawraz, and Joanna C. S. Santos

In: NLBSE'23 2nd International Workshop on Natural Language-based Software Engineering (co-located with ICSE'23). Melbourne, Australia. 2023.

Preprint 10.1109/NLBSE59153.2023.00018

An Empirical Study of Code Smells in Transformer-based Code Generation Techniques

Authors: Mohammed Latif Siddiq, Shafayat Hossain Majumder, Maisha Rahman Mim, Sourov Jajodia, and Joanna C. S. Santos

In: SCAM'22 22nd IEEE International Working Conference on Source Code Analysis and Manipulation. Limassol, Cyprus. 2022.

Preprint GitHub 10.1109/SCAM55253.2022.00014

SecurityEval Dataset: Mining Vulnerability Examples to Evaluate Machine Learning-Based Code Generation Techniques

Authors: Mohammed Latif Siddiq, and Joanna C. S. Santos

In: MSR4P&S'22 1st International Workshop on Mining Software Repositories Applications for Privacy and Security (co-located with ESEC/FSE'22). Singapore. 2022.

Preprint Video GitHub 10.1145/3549035.3561184

Counterfeit Object-Oriented Programming Vulnerabilities: An Empirical Study in Java

Authors: Joanna C. S. Santos, Xueling Zhang, and Mehdi Mirakhorli

In: MSR4P&S'22 1st International Workshop on Mining Software Repositories Applications for Privacy and Security (co-located with ESEC/FSE'22). Singapore. 2022.

Preprint 10.1145/3549035.3561184

BERT-Based GitHub Issue Report Classification

Authors: Mohammed Latif Siddiq, and Joanna C. S. Santos

In: NLBSE'22 The 1st International Workshop on Natural Language-based Software Engineering (co-located with ICSE'22). Pittsburgh, PA, USA. 2022.

Preprint GitHub

A Methodological Approach to Verify Architecture Resiliency

Authors: Joanna C. S. Santos, Selma Suloglu, Nestor Catano, and Mehdi Mirakhorli

In: DeMeSSA'22 2nd International Workshop on Designing and Measuring Security in Software Architecture (co-located with ECSA'22). Prague, Czech Republic. 2022.

Preprint 10.1007/978-3-031-36889-9_22

Serialization-Aware Call Graph Construction

Authors: Joanna C. S. Santos, Reese A. Jones, Chinomso Ashiogwu, and Mehdi Mirakhorli

In: SOAP'21 10th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis. Virtual Conference. 2021.

Preprint GitHub 10.1145/3460946.3464319

ArCode: Facilitating the Use of Application Frameworks to Implement Tactics and Patterns

Authors: Ali Shokri, Joanna C. S. Santos, and Mehdi Mirakhorli

In: ICSA'21 2021 IEEE International Conference on Software Architecture. Stuttgart, Germany (Virtual due to COVID-19). 2021.

Preprint Video 10.1109/ICSA51549.2021.00021

Looking for Software Defects? First Find the Nonconformists - An Outlier-Based Defect Prediction Approach

Authors: Sara Moshtari, Joanna C. S. Santos, Mehdi Mirakhorli, and Ahmet Okutan

In: SCAM'20 20th IEEE International Working Conference on Source Code Analysis and Manipulation. Adelaide, Australia (Virtual due to COVID-19). 2020.

Preprint Video 10.1109/SCAM51674.2020.00014

Salsa: Static Analysis of Serialization Features

Authors: Joanna C. S. Santos, Reese A. Jones, and Mehdi Mirakhorli

In: FTfJP'20 22th ACM SIGPLAN International Workshop on Formal Techniques for Java-Like Programs. Berlin, Germany (Virtual due to COVID-19). 2020.

Preprint GitHub 10.1145/3427761.3428343

Towards Automated Evidence Generation for Rapid and Continuous Software Certification

Authors: Joanna C. S. Santos, Ali Shokri, and Mehdi Mirakhorli

In: WoSoCer'20 10th IEEE International Workshop on Software Certification. Coimbra, Portugal (Virtual due to COVID-19). 2020.

Preprint Video 10.1109/ISSREW51248.2020.00087

Towards an Automated Approach for Detecting Architectural Weaknesses in Critical Systems

Authors: Joanna C. S. Santos, Selma Suloglu, Joanna Ye, and Mehdi Mirakhorli

In: EnCyCriS'20 1st International Workshop on Engineering and Cybersecurity of Critical Systems. Seoul, South Korea (Virtual due to COVID-19). 2020.

Preprint Video 10.1145/3387940.3392222

An Automated Approach to Recover the Use-case View of an Architecture

Authors: Joanna C. S. Santos, Sara Moshtari, and Mehdi Mirakhorli

In: ICSA-NEMI Track 2020 IEEE International Conference on Software Architecture - New and Emerging Ideas. 2020.

Preprint Video 10.1109/ICSA-C50368.2020.00020

Achilles’ Heel of Plug-and-Play Software Architectures: A Grounded Theory Based Approach

Authors: Joanna C. S. Santos, Adriana Sejfia, Taylor Corrello, Smruthi Gadenkanahalli, and Mehdi Mirakhorli

In: ESEC/FSE'19 2019 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Tallinn, Estonia. 2019.

Preprint GitHub 10.1145/3338906.3338969

An Empirical Study of Tactical Vulnerabilities

Authors: Joanna C. S. Santos, Katy Tarrit, Adriana Sejfia, Mehdi Mirakhorli, and Matthias Galster

In: JSS Journal of Systems and Software. Volume 149. 2019.

Preprint 10.1016/j.jss.2018.10.030

Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird

Authors: Joanna C. S. Santos, Anthony Peruma, Mehdi Mirakhorli, Matthias Galster, Jairo Veloz Vidal, and Adriana Sejfia

In: ICSA'17 2017 IEEE International Conference on Software Architecture. Gothenburg, Sweden. 2017.

Preprint 10.1109/ICSA.2017.39 Best paper award

A Catalog of Security Architecture Weaknesses

Authors: Joanna C. S. Santos, Katy Tarrit, and Mehdi Mirakhorli

In: ICSAW'17 2017 IEEE International Conference on Software Architecture Workshops. Gothenburg, Sweden. 2017.

Preprint URL 10.1109/ICSAW.2017.25

A Large-Scale Study on the Usage of Testing Patterns That Address Maintainability Attributes (Patterns for Ease of Modification, Diagnoses, and Comprehension)

Authors: Danielle Gonzalez, Joanna C. S. Santos, Andrew Popovich, Mehdi Mirakhorli, and Meiyappan Nagappan

In: MSR'17 Proceedings of the 14th International Conference on Mining Software Repositories. Buenos Aires, Argentina. 2017.

10.1109/MSR.2017.8

A search engine for finding and reusing architecturally significant code

Authors: Ibrahim Mujhid, Joanna C. S. Santos, Raghuram Gopalakrishnan, and Mehdi Mirakhorli

In: JSS Journal of Systems and Software. Volume 130. 2016.

Preprint 10.1016/j.jss.2016.11.034

Automated training-set creation for software architecture traceability problem

Authors: Waleed Zogaan, Ibrahim Mujhid, Joanna C. S. Santos, Danielle Gonzalez, and Mehdi Mirakhorli

In: EMSE Empirical Software Engineering. Volume 22, Issue 3. 2016.

Preprint 10.1007/s10664-016-9476-y

BUDGET: a Tool for Supporting Software Architecture Traceability Research

Authors: Joanna C. S. Santos, Mehdi Mirakhorli, Ibrahim Mujhid, and Waleed Zogaan

In: WICSA'16 Proceedings of the 13th Working IEEE/IFIP Conference on Software Architecture. Venice, Italy. 2016.

Preprint Video 10.1109/WICSA.2016.47

A Model-Driven Solution for Automatic Software Deployment in the Cloud

Authors: Franklin Magalhães Ribeiro Jr, Tarcísio da Rocha, Joanna C. S. Santos, and Edward David Moreno

In: ITNG'15 Proceedings of the 13th International Conference on Information Technology: New Generations. 2015.

Preprint 10.1007/978-3-319-32467-8_52

ERLab: a middleware for remote access electronic laboratories

Authors: Admilson R. L. Ribeiro, Marco T. Chella, Luiz M. M. A. Santos, Joanna C. S. Santos, and Wedla R. Melo

In: EATIS'12 Proceedings of the 6th Euro American Conference on Telematics and Information Systems. Valencia, Spain. 2012.

Preprint 10.1145/2261605.2261635

Publications in Brazilian Venues

A Location Service using the HTML5 Geolocation API (Serviço de localização utilizando a API de geolocalização do HTML5)

Authors: Joanna C. S. Santos, Sandra C. P. Hoentsch, Rafael A. Nascimento, and Admilson R. L. Ribeiro

In: ERBASE 2013 - WTICG 13th Regional School of Computing of the States of Bahia, Alagoas and Sergipe - Scientific Initiation and Undergraduate Works Workshop (XIII Escola Regional de Computação dos Estados da Bahia, Alagoas e Sergipe - Workshop de Trabalhos de IC e de Graduação - ERBASE 2013 - WTICG). Aracaju, Sergipe. 2013.

Preprint 🥉 Paper Award (3rd place)

Uma Proposta de Site de Rede Social Móvel para Pesquisa e Educação.

Authors: Sandra C. P. Hoentsch, Admilson R. L. Ribeiro, Joanna C. S. Santos, and Lucas L. B. Menezes

In: ERBASE 2012 - X WEIBASE XII Escola Regional de Computação dos Estados da Bahia, Alagoas e Sergipe - X Workshop de Educação e Informática Bahia-Alagoas-Sergipe. Juazeiro, Bahia. 2012.

Preprint

JOnline: Proposta preliminar de um juiz online didático para o ensino de programação

Authors: Joanna C. S. Santos, and Admilson R. L. Ribeiro

In: XXII SBIE - XVII WIE 22º Simpósio Brasileiro de Informática na Educação (SBIE) e 17º Workshop de Informática na Escola. Aracaju, Sergipe. 2011.

Preprint

Uma proposta de um juiz online didático para o ensino de programação

Authors: Joanna C. S. Santos, and Admilson R. L. Ribeiro

In: II ENINED II Encontro Nacional de Informática e Educação. Cascavel, Paraná. 2011.

Preprint

LEW: Laboratório de Engenharia Web para ensino, pesquisa e extensão

Authors: Admilson R. L. Ribeiro, Marco T. Chella, Luiz M. M. A. Santos, Joanna C. S. Santos, and Wedla R. Melo

In: II ENINED II Encontro Nacional de Informática e Educação. Cascavel, Paraná. 2011.

Preprint

SocialNetLab - Uma Proposta de Site de Rede Social para Educação

Authors: Sandra C. P. Hoentsch, Admilson R. L. Ribeiro, and Joanna C. S. Santos

In: II ENINED II Encontro Nacional de Informática e Educação. Cascavel, Paraná. 2011.

Preprint