Nicolás E. Díaz FerreyraHamburg University of Technology | TUHH · Institute of Software Security
Nicolás E. Díaz Ferreyra
Doktor der Ingenieurwissenschaften (Dr.-Ing)
About
64
Publications
12,571
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
272
Citations
Introduction
My research stands at the intersection of HCI and privacy engineering. I am passionate about people’s privacy practices in networked environments, their associated risks, and developing technologies to support information disclosure. For this, I analyse empirical data extracted from software repositories, conduct studies with human participants, and elaborate on machine learning models. I am especially interested in digital nudging applications for privacy and usable security technologies.
Additional affiliations
March 2019 - August 2020
March 2010 - December 2013
Centre for Research and Development in Information Systems Engineering (CIDISI). Universidad Tecnológica Nacional
Position
- Student Fellow
Description
- Research and development applied to the analysis and verification of Software Product Lines (SPL) using Petri nets.
Education
November 2015 - November 2018
March 2007 - December 2013
Universidad Tecnológica Nacional
Field of study
- Computer Science
March 2001 - December 2006
Escuela Industrial Superior (EIS-UNL)
Field of study
- Construction Management
Publications
Publications (64)
Like in the real world, perceptions of risk can influence the behaviour and decisions that people make in online platforms. Users of Social Network Sites (SNSs) like Facebook make continuous decisions about their privacy since these are spaces designed to share private information with large and diverse audiences. Particularly, deciding whether or...
Online self-disclosure is perhaps one of the last decade’s most studied communication processes, thanks to the introduction of Online Social Networks (OSNs) like Facebook. Self-disclosure research has contributed significantly to the design of preventative nudges seeking to support and guide users when revealing private information in OSNs. Still,...
Social Coding Platforms (SCPs) like GitHub have become central to modern software engineering thanks to their collaborative and version-control features. Like in mainstream Online Social Networks (OSNs) such as Facebook, users of SCPs are subjected to privacy attacks and threats given the high amounts of personal and project-related data available...
Self-Admitted Technical Debt (SATD) encompasses a wide array of sub-optimal design and implementation choices reported in software artefacts (e.g., code comments and commit messages) by developers themselves. Such reports have been central to the study of software maintenance and evolution over the last decades. However , they can also be deemed as...
Stack Overflow (SO) is a popular platform among developers seeking advice on various software-related topics, including privacy and security. As for many knowledge-sharing websites, the value of SO depends largely on users’ engagement, namely their willingness to answer, comment or post technical questions. Still, many of these questions (including...
Infrastructure as Code (IaC) automates IT infrastructure deployment, which is particularly beneficial for continuous releases, for instance, in the context of microservices and cloud systems. Despite its flexibility in application architecture, neglecting security can lead to vulnerabilities. The lack of comprehensive architectural security guideli...
In this paper, we present MADE-WIC, a large dataset of functions and their comments with multiple annotations for technical debt and code weaknesses leveraging different state-of-the-art approaches. It contains about 860K code functions and more than 2.7M related comments from 12 open-source projects. To the best of our knowledge, no such dataset i...
Large Language Models (LLMs) are gaining momentum in software development with prompt-driven programming enabling developers to create code from natural language (NL) instructions. However, studies have questioned their ability to produce secure code and, thereby, the quality of prompt-generated software. Alongside, various prompting techniques tha...
Insecure coding practices are a known, long-standing problem in open-source development, which takes on a new dimension with the current capabilities for mining open-source software repositories through version control systems. Although most insecure practices require a sequence of interlinked behaviour, prior work also determined that simpler, one...
During the outbreak of the COVID-19 pandemic, many people shared their symptoms across Online Social Networks (OSNs) like Twitter, hoping for others' advice or moral support. Prior studies have shown that those who disclose health-related information across OSNs often tend to regret it and delete their publications afterwards. Hence, deleted posts...
Large Language Models (LLMs) like Codex are powerful tools for performing code completion and code generation tasks as they are trained on billions of lines of code from publicly available sources. Moreover, these models are capable of generating code snippets from Natural Language (NL) descriptions by learning languages and programming practices f...
The 1st edition of the workshop on Mining Software Repositories for Privacy and Security (MSR4P&S 2022) was held virtually on November 18th, 2022, co-located with the 30th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022), which took place in Singapore. MSR4P&S rec...
GitHub is a popular data repository for code examples. It is being continuously used to train several AI-based tools to automatically generate code. However, the effectiveness of such tools in correctly demonstrating the usage of cryptographic APIs has not been thoroughly assessed. In this paper, we investigate the extent and severity of misuses, s...
Online self-disclosure is perhaps one of the last decade's most studied communication processes, thanks to the introduction of Online Social Networks (OSNs) like Facebook. Self-disclosure research has contributed significantly to the design of preventative nudges seeking to support and guide users when revealing private information in OSNs. Still,...
Getting to know new people online to later meet them offline for neighbourhood help, carpooling, or online dating has never been as easy as nowadays by social media performing computer-mediated introductions (CMIs). Unfortunately, interacting with strangers poses high risks such as unfulfilled expectations, fraud, or assaults. People most often tol...
Stack Overflow (SO) is a popular platform among developers seeking advice on various software-related topics, including privacy and security. As for many knowledge-sharing websites, the value of SO depends largely on users' engagement, namely their willingness to answer, comment or post technical questions. Still, many of these questions (including...
Conversational agents or chatbots are widely investigated and used across different fields including healthcare, education, and marketing. Still, the development of chatbots for assisting secure coding practices is in its infancy. In this paper, we present the results of an empirical study on SKF chatbot, a software-development bot (DevBot) designe...
Access-Control Lists (ACLs) (a.k.a. “friend lists”) are one of the most important privacy features of Online Social Networks (OSNs) as they allow users to restrict the audience of their publications. Nevertheless, creating and maintaining custom ACLs can introduce a high cognitive burden on average OSNs users since it normally requires assessing th...
Mining Software Repositories (MSRs) is an evidence-based methodology that cross-links data to uncover actionable information about software systems. Empirical studies in software engineering often leverage MSR techniques as they allow researchers to unveil issues and flaws in software development so as to analyse the different factors contributing...
Cloud-based application deployment is becoming increasingly popular among businesses, thanks to the emergence of microservices. However, securing such architectures is a challenging task since traditional security concepts cannot be directly applied to microservice architectures due to their distributed nature. The situation is exacerbated by the s...
This document describes a method for the elicitation of privacy requirements in systems and
software projects. Such method takes into account the legal obligations introduced by the EU
General Data Protection Regulation (GDPR) and seeks to incorporate them into the project in the
early stages of its development. This approach is initially inspired...
Access-Control Lists (ACLs) (a.k.a. friend lists) are one of the most important privacy features of Online Social Networks (OSNs) as they allow users to restrict the audience of their publications. Nevertheless, creating and maintaining custom ACLs can introduce a high cognitive burden on average OSNs users since it normally requires assessing the...
This document provides a representative view of the final implementation of the PDP4E-Req tool specified in deliverables D4.2 and D4.3. The PDP4E-Req tool is a support to the methodology defined in deliverable D4.4 and D4.5. Overall, two generic categories of functions are supported by the tool. On the one hand, functions to specify the conventiona...
With the introduction of the EU General Data Protection Regulation (GDPR), concerns about compliance started to arise among software companies inside and outside Europe. In order to achieve high compliance, software developers must consider those privacy and data protection goals defined across the different legal provisions in the GDPR. Prior work...
ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Paper
Privacy in Social Network Sites (SNSs) like Facebook or Instagram is closely related to people's self-disclosure decisions and their ability to foresee the consequences of sharing personal information with large and diverse audiences. Nonetheless, online privacy decisions are often based on spurious risk judgements that make people liable to reveal...
Privacy in Social Network Sites (SNSs) like Facebook or Instagram is closely related to people's self-disclosure decisions and their ability to foresee the consequences of sharing personal information with large and diverse audiences. Nonetheless, online privacy decisions are often based on spurious risk judgements that make people liable to reveal...
With the introduction of the EU General Data Protection Regulation (GDPR), concerns about compliance started to arise among software companies inside and outside Europe. In order to achieve high compliance, software developers must consider those privacy and data protection goals defined across the different legal provisions in the GDPR. Prior work...
In requirements elicitation methods, it is not unusual that conflicts between software requirements or between software goals and requirements can be detected. It is efficient to deal with those conflicts before further costs are invested to implement a solution and select insufficient software features. This work proposes risk as a determinant to...
Social Network Sites (SNSs) like Facebook or Instagram are spaces where people expose their lives to wide and diverse audiences. This practice can lead to unwanted incidents such as reputation damage, job loss or harassment when pieces of private information reach unintended recipients. As a consequence, users often regret to have posted private in...
Computer-Mediated Introduction (CMI) can be seen as the process in which users with compatible purposes interact with each other through social media platforms to meet afterwards in the physical world. CMI covers purposes, such as arranging joint car rides, lodging or dating (e.g. Uber, Airbnb and Tinder). In this context, trust plays a critical ro...
Computer-Mediated Introduction (CMI) describes the process in which individuals with compatible intentions get to know each other through social media platforms to eventually meet afterwards in the physical world (i.e. sharing economy and online dating). This process involves risks such as data misuse, self-esteem damage, fraud or violence. Therefo...
In the real world, the disclosure of private information to others often occurs after a trustworthy relationship has been established. Conversely, users of Social Network Sites (SNSs) like Facebook or Instagram often disclose large amounts of personal information prematurely to individuals which are not necessarily trustworthy. Such a low privacy-p...
Social Network Sites (SNSs) like Facebook or Instagram are spaces where people expose their lives to wide and diverse audiences. This practice can lead to unwanted incidents such as reputation damage, job loss or harassment when pieces of private information reach unintended recipients. As a consequence, users often regret to have posted private in...
Often, users of Social Network Sites (SNSs) like Facebook or Twitter find hard to foresee the negative consequences of sharing private information on the Internet. Hence, many users suffer unwanted incidents such as identity theft, reputation damage, or harassment after their private information reaches an unintended audience. Many efforts have bee...
Often, users of Social Network Sites (SNSs) like Facebook or Twitter have issues when controlling the access to their content. Access-control predictive models are used to recommend access-control configurations which are aligned with the users' individual privacy preferences. One basic strategy for the prediction of access-control configurations i...
Often, users of Social Network Sites (SNSs) like Facebook or Twitter have issues when controlling the access to their content. Access-control predictive models are used to recommend access-control configurations which are aligned with the users’ individual privacy preferences. One basic strategy for the prediction of access-control configurations i...
Revealing private and sensitive information on Social Network Sites (SNSs) like Facebook is a common practice which sometimes results in unwanted incidents for the users. One approach for helping users to avoid regrettable scenarios is through awareness mechanisms which inform a priori about the potential privacy risks of a self-disclosure act. Pri...
Disclosing private information in Social Network Sites (SNSs) often results in unwanted incidents for the users (such as bad image, identity theft, or unjustified discrimination), along with a feeling of regret and repentance. Regrettable online self-disclosure experiences can be seen as sources of privacy heuristics (best practices) that can help...
Social Network Sites (SNSs) like Facebook or Twitter have radically redefined the mechanisms for social interaction. One of the main aspects of these platforms are their information sharing features which allow user-generated content to reach wide and diverse audiences within a few seconds. Whereas the spectrum of shared content is large and varied...
Disclosing private information in Social Network Sites (SNSs) often derives in unwanted incidents for the users (such as bad image, identity theft or unjustified discrimination), along with a feeling of regret and repentance. Regrettable online self-disclosure experiences can be seen as sources of privacy heuristics (best practices) that can help s...
Unlike the offline world, the online world is devoid of well-evolved norms of interaction which guide socialization and self-disclosure. Therefore, it is difficult for members of online communities like Social Network Sites (SNSs) to control the scope of their actions and predict others' reactions to them. Consequently users might not always antici...
Nowadays the information flowing across the different Social Network Sites (SNSs) like Facebook is highly diverse and rich in its content. It is precisely the diversity of the users' contributions to SNSs that makes these platforms attractive and interesting to engage with. Nevertheless, there is a high amount of private and sensitive information b...
Users of Social Network Sites (SNSs) spend considerable amounts of hours per day exchanging (consuming or sharing) information and using services provided by such platforms. However, nothing comes for free. SNSs survive at the expense of the information that users' upload to their profiles, and the knowledge derived from their on-line behavior. Dis...
Variability is defined as the possibility that a system has to be ex-tended, changed, localized or configured in order to be used in a particular con-text. Variability specification in a software product line (SPL) is a main activity where product families are specified in terms of variants and dependencies. One way of defining the variability of a...
El presente trabajo fue desarrollado en el marco de la asignatura Inteligencia Computacional de la UTN-FRSF a lo largo del 2º cuatrimestre del ciclo lectivo 2012. Presenta la implementación de un aplicativo llamado Vail, el cual sirve como plataforma para modelar soluciones basadas en el uso de Redes Neuronales Artificiales. Los fundamentos teórico...
El presente trabajo fue desarrollado en el marco de la asignatura Inteligencia Computacional de la UTN-FRSF a lo largo del 2º cuatrimestre del ciclo lectivo 2012. Presenta una solución al problema del reconocimiento de caracteres Morse mediante la utilización de un modelo de redes neuronales artificiales. Plantea y analiza dos topologías estándares...
Nowadays, the software product lines (SPLs) are one of the production paradigm to improve the performance of the software companies. Nevertheless, SPLs have some complexity issues like the verification of product feasibility that have to be address. SPLs frequently use Orthogonal Variability Models (OVMs) to express variability in their portfolio o...
Se presenta la implementación de un agente conversacional desarrollado en el marco de la asignatura Inteligencia Artificial; el cual es capaz de mantener un diálogo con un estudiante sobre temas inherentes a la organización de la materia. El vocabulario, los mecanismos de búsqueda y el sistema de re-glas de producción se detallan teniendo en cuenta...