Antonio Muñoz

AWeb of Science ResearcherID H-3758-2011

Orcid https://orcid.org/0000-0002-6751-0625

Domain of interest and research

• Secure Elements and Trusted Computing system design
• Security Engineering (Security Patterns)
• Monitoring of Security properties in Clouds

Education

• Ph.D. in Computer Science (with European Doctorate mention), University of Malaga, in 2010.
• M.Sc. in Computer Science 2005 from the University of Malaga, Spain, in 2005.
• Master in Education from the University of Malaga, Spain, in 2018.

Relevant Publications

Antonio Muñoz, Ruben Rios, Rodrigo Roman, Javier Lopez

A survey on the (in)security of Trusted Execution Environments

In: Computers & Security, pp. 103-180, 2023, ISSN: 0167-4048.

Abstract | BibTeX | Links:

@article{MUNOZ2023103180,

title = {A survey on the (in)security of Trusted Execution Environments},

author = {Antonio Mu\~{n}oz and Ruben Rios and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/MUNOZ2023103180.pdf

https://www.sciencedirect.com/science/article/pii/S0167404823000901},

doi = {10.1016/j.cose.2023.103180},

issn = {0167-4048},

year  = {2023},

date = {2023-01-01},

urldate = {2023-01-01},

journal = {Computers \& Security},

pages = {103-180},

publisher = {Elsevier},

address = {In Press},

abstract = {As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close

As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.

Close

Manuel Ruiz, Ruben Rios, Rodrigo Roman, Antonio Muñoz, Juan Manuel Martínez, Jorge Wallace

AndroCIES: Automatización de la certificación de seguridad para aplicaciones Android

In: XVII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2022), pp. 192-197, Ediciones Universidad Cantabria Ediciones Universidad Cantabria, Santander, Spain, 2022.

Abstract | BibTeX | Links:

@inproceedings{2016,

title = {AndroCIES: Automatizaci\'{o}n de la certificaci\'{o}n de seguridad para aplicaciones Android},

author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Antonio Mu\~{n}oz and Juan Manuel Mart\'{i}nez and Jorge Wallace},

url = {/wp-content/papers/2016.pdf},

year  = {2022},

date = {2022-10-01},

urldate = {2022-10-01},

booktitle = {XVII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2022)},

volume = {265},

pages = {192-197},

publisher = {Ediciones Universidad Cantabria},

address = {Santander, Spain},

organization = {Ediciones Universidad Cantabria},

abstract = {El auge de las plataformas m\'{o}viles est\'{a} impulsando el desarrollo de un gran n\'{u}mero de aplicaciones, muchas de las cuales salen al mercado sin las convenientes comprobaciones de seguridad. Recientemente, Google est\'{a} apostando por hacer este problema m\'{a}s visible y concienciar a los usuarios de la necesidad de instalar aplicaciones verificadas por laboratorios independientes. Sin embargo, la certificaci\'{o}n de aplicaciones suele ser una tarea ardua y no exenta de errores. Por ello, en este trabajo, presentamos la herramienta AndroCIES, que es capaz de automatizar en gran medida las evaluaciones necesarias para la certificaci\'{o}n de aplicaciones m\'{o}viles, reduciendo en torno a un 20% el tiempo empleado en este proceso.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close

El auge de las plataformas móviles está impulsando el desarrollo de un gran número de aplicaciones, muchas de las cuales salen al mercado sin las convenientes comprobaciones de seguridad. Recientemente, Google está apostando por hacer este problema más visible y concienciar a los usuarios de la necesidad de instalar aplicaciones verificadas por laboratorios independientes. Sin embargo, la certificación de aplicaciones suele ser una tarea ardua y no exenta de errores. Por ello, en este trabajo, presentamos la herramienta AndroCIES, que es capaz de automatizar en gran medida las evaluaciones necesarias para la certificación de aplicaciones móviles, reduciendo en torno a un 20% el tiempo empleado en este proceso.

Close

Antonio Muñoz, Carmen Fernandez-Gago, Roberto Lopez-Villa

A Test Environment for Wireless Hacking in Domestic IoT Scenarios

In: Mobile Networks and Applications, 2022, ISSN: 1383-469X.

BibTeX | Links:

@article{munoz2022,

title = {A Test Environment for Wireless Hacking in Domestic IoT Scenarios},

author = {Antonio Mu\~{n}oz and Carmen Fernandez-Gago and Roberto Lopez-Villa},

url = {/wp-content/papers/munoz2022.pdf},

doi = {10.1007/s11036-022-02046-x},

issn = {1383-469X},

year  = {2022},

date = {2022-10-01},

urldate = {2022-10-01},

journal = {Mobile Networks and Applications},

publisher = {Springer},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close

George Suciu, Aristeidis Farao, Giorgio Bernardinetti, Ivan Palamá, Mari-Anais Sachian, Alexandru Vulpe, Marius-Constantin Vochin, Pavel Muresan, Michail Bampatsikos, Antonio Muñoz, Christos Xenakis

SAMGRID: Security Authorization and Monitoring Module Based on SealedGRID Platform

In: SENSORS, vol. 22, iss. 6527, no. 17, 2022, ISSN: 1424-8220.

Abstract | BibTeX | Links:

@article{suciu2022samgrid,

title = {SAMGRID: Security Authorization and Monitoring Module Based on SealedGRID Platform},

author = {George Suciu and Aristeidis Farao and Giorgio Bernardinetti and Ivan Palam\'{a} and Mari-Anais Sachian and Alexandru Vulpe and Marius-Constantin Vochin and Pavel Muresan and Michail Bampatsikos and Antonio Mu\~{n}oz and Christos Xenakis},

url = {/wp-content/papers/suciu2022samgrid.pdf

https://www.mdpi.com/1424-8220/22/17/6527},

doi = {10.3390/s22176527},

issn = {1424-8220},

year  = {2022},

date = {2022-08-30},

urldate = {2022-08-30},

journal = {SENSORS},

volume = {22},

number = {17},

issue = {6527},

abstract = {IoT devices present an ever-growing domain with multiple applicability. This technology has favored and still favors many areas by creating critical infrastructures that are as profitable as possible. This paper presents a hierarchical architecture composed of different licensing entities that manage access to different resources within a network infrastructure. They are conducted on the basis of well-drawn policy rules. At the same time, the security side of these resources is also placed through a context awareness module. Together with this technology, IoT is used and Blockchain is enabled (for network consolidation, as well as the transparency with which to monitor the platform). The ultimate goal is to implement a secure and scalable security platform for the Smart Grid. The paper presents the work undertaken in the SealedGRID project and the steps taken for implementing security policies specifically tailored to the Smart Grid, based on advanced concepts such as Opinion Dynamics and Smart Grid-related Attribute-based Access Control.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close

IoT devices present an ever-growing domain with multiple applicability. This technology has favored and still favors many areas by creating critical infrastructures that are as profitable as possible. This paper presents a hierarchical architecture composed of different licensing entities that manage access to different resources within a network infrastructure. They are conducted on the basis of well-drawn policy rules. At the same time, the security side of these resources is also placed through a context awareness module. Together with this technology, IoT is used and Blockchain is enabled (for network consolidation, as well as the transparency with which to monitor the platform). The ultimate goal is to implement a secure and scalable security platform for the Smart Grid. The paper presents the work undertaken in the SealedGRID project and the steps taken for implementing security policies specifically tailored to the Smart Grid, based on advanced concepts such as Opinion Dynamics and Smart Grid-related Attribute-based Access Control.

Close

Antonio Muñoz, Aristeidis Farao, Ryan Casas, Christos Xenakis

P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements

In: Information, vol. 12, no. 357, 2021, ISSN: 2078-2489,.

BibTeX | Links:

@article{anto2021,

title = {P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements},

author = {Antonio Mu\~{n}oz and Aristeidis Farao and Ryan Casas and Christos Xenakis},

url = {/wp-content/papers/anto2021.pdf},

issn = {2078-2489,},

year  = {2021},

date = {2021-08-01},

urldate = {2021-08-01},

journal = {Information},

volume = {12},

number = {357},

publisher = {MDPI},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close

Antonio Muñoz

ICITPM: Integrity validation of software in iterative Continuous Integration through the use of Trusted Platform Module (TPM)

In: Aristeidis Farao (Ed.): 1st Workshop on Dependability and Safety Emerging Cloud and Fog Systems (DeSECSyS) – Colocated with ESORICS, Guildford (United Kingdom). September 2020., pp. 147–165, Springer Springer, 2020, ISBN: 978-3-030-66504-3.

Abstract | BibTeX | Links:

@inproceedings{munoz2020icitpm,

title = {ICITPM: Integrity validation of software in iterative Continuous Integration through the use of Trusted Platform Module (TPM)},

author = {Antonio Mu\~{n}oz},

editor = {Aristeidis Farao},

url = {/wp-content/papers/munoz2020icitpm.pdf},

doi = {10.1007/978-3-030-66504-3_9},

isbn = {978-3-030-66504-3},

year  = {2020},

date = {2020-01-01},

urldate = {2020-01-01},

booktitle = {1st Workshop on Dependability and Safety Emerging Cloud and Fog Systems (DeSECSyS) - Colocated with ESORICS, Guildford (United Kingdom). September 2020.},

volume = {12580},

pages = {147\textendash165},

publisher = {Springer},

organization = {Springer},

abstract = {Software development has passed from being rigid and not very flexible, to be automated with constant changes. This happens due to the creation of continuous integration and delivery environments. Nevertheless, developers often rely on such environments due to the large number of amenities they offer. They focus on authentication only, without taking into consideration other aspects of security such as the integrity of the source code and of the compiled binaries. The source code of a software project must not be maliciously modified. Notwithstanding, there is no safe method to verify that its integrity has not been violated. Trusted computing technology, in particular, the Trusted Platform Module (TPM) can be used to implement that secure method.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close

Software development has passed from being rigid and not very flexible, to be automated with constant changes. This happens due to the creation of continuous integration and delivery environments. Nevertheless, developers often rely on such environments due to the large number of amenities they offer. They focus on authentication only, without taking into consideration other aspects of security such as the integrity of the source code and of the compiled binaries. The source code of a software project must not be maliciously modified. Notwithstanding, there is no safe method to verify that its integrity has not been violated. Trusted computing technology, in particular, the Trusted Platform Module (TPM) can be used to implement that secure method.

Close

Jamal Toutouh, Antonio Muñoz, Sergio Nesmachnow

Evolution Oriented Monitoring Oriented to Security Properties for Cloud Applications

In: Proceedings of the 13th International Conference on Availability, Reliability and Security, Association for Computing Machinery, Hamburg, Germany, 2018, ISBN: 9781450364485.

Abstract | BibTeX | Links:

@inproceedings{munoz2018,

title = {Evolution Oriented Monitoring Oriented to Security Properties for Cloud Applications},

author = {Jamal Toutouh and Antonio Mu\~{n}oz and Sergio Nesmachnow},

url = {/wp-content/papers/munoz2018.pdf},

doi = {10.1145/3230833.3232856},

isbn = {9781450364485},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

booktitle = {Proceedings of the 13th International Conference on Availability, Reliability and Security},

publisher = {Association for Computing Machinery},

address = {Hamburg, Germany},

series = {ARES '18},

abstract = {Internet is changing from an information space to a dynamic computing space. Data distribution and remotely accessible software services, dynamism, and autonomy are prime attributes. Cloud technology offers a powerful and fast growing approach to the provision of infrastructure (platform and software services) avoiding the high costs of owning, operating, and maintaining the computational infrastructures required for this purpose. Nevertheless, cloud technology still raises concerns regarding security, privacy, governance, and compliance of data and software services offered through it. Concerns are due to the difficulty to verify security properties of the different types of applications and services available through cloud technology, the uncertainty of their owners and users about the security of their services, and the applications based on them, once they are deployed and offered through a cloud. This work presents an innovative and novel evolution-oriented, cloud-specific monitoring model (including an architecture and a language) that aim at helping cloud application developers to design and monitor the behavior and functionality of their applications in a cloud environment.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close

Internet is changing from an information space to a dynamic computing space. Data distribution and remotely accessible software services, dynamism, and autonomy are prime attributes. Cloud technology offers a powerful and fast growing approach to the provision of infrastructure (platform and software services) avoiding the high costs of owning, operating, and maintaining the computational infrastructures required for this purpose. Nevertheless, cloud technology still raises concerns regarding security, privacy, governance, and compliance of data and software services offered through it. Concerns are due to the difficulty to verify security properties of the different types of applications and services available through cloud technology, the uncertainty of their owners and users about the security of their services, and the applications based on them, once they are deployed and offered through a cloud. This work presents an innovative and novel evolution-oriented, cloud-specific monitoring model (including an architecture and a language) that aim at helping cloud application developers to design and monitor the behavior and functionality of their applications in a cloud environment.

Close

Antonio Muñoz

A performance-oriented monitoring system for security properties in cloud computing applications

In: The Computer Journal, 2012, ISSN: 1460-2067.

BibTeX | Links:

@article{munoz2012,

title = {A performance-oriented monitoring system for security properties in cloud computing applications},

author = {Antonio Mu\~{n}oz},

editor = {Javier Gonz\'{a}lez},

url = {/wp-content/papers/munoz2012.pdf},

issn = {1460-2067},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

journal = {The Computer Journal},

publisher = {Oxford Academic},

address = {Reino Unido},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close

Attended courses and seminars

• European Intensive Programme on Information & Communication Systems Security (IPICS), August 2003.
• Smart University, Sophia-Antipolis (France), September 2005.
• Trainning Annual Computer Security Applications Conference (ACSAC) in Orlando (USA), December 2012.

Scientific Activities (Orcid, Publons)

• International Advisory Board
  • International Journal of Grid and High Performance Computing  (IJGHPC)
• Associate Editor:
  • Journal of Ambient Intelligence and Humanized Computing (JAIHC)
  • International Journal of Information Security and Privacy (IJISP)
  • International Journal of Software Science and Computational Intelligence (IJSSCI)
  • International Journal of Network Security and Cryptography (BIJNSC)
• Editorial Board:
  • The Open Bioinformatics Journal (TOBJ)
  • International Journal of Future Generation Communication and Networking (IJFGCN)
  • Journal of Computer Science Research (JCSR)
  • International Journal of Software Science and Computational Intelligence (IJSSCI)
  • International Journal of Computers in Clinical Practice (IJCCP)
  • International Journal of Systems and Software Security and Protection (IJSSSP)
  • International Journal of Risk and Contingency Management (IJRCM)
  • International Journal of Hyperconnectivity and the Internet of Things (IJHIoT)
• Program (co)chair:
  • IWSECC 2018, 2019, 2021, 2022, 2023 – International Workshop on Security Engineering for Cloud Computing
  • IWOCS 2014 – International WOrkshop on Cloud Security
  • WOCOS 2013 – International WOrkshop on ClOud Security
  • APTC 2022 – Asia-Pacific Computer Technologies Conference
• Organizing Committee
  • ICEEE 2019
  • GSEEE 2020
• Local chair
  • AMI – First International Joint Conference on Ambient Intelligence 2010
• Artifact Evaluator
  • USENIX – USENIX Security Symposium 2025. 
• Project Reviewer
  • FONCyT – Fondo para la Investigación Científica y Tecnológica
  • Qatar National Research Fund – Grants
• Program Committee
  • ARES – International Conference on Availability, Reliability and Security – 2023, 2024
  • NSS International Conference on Network and System Security – 2023
  • MODELSWARD 2015 – International Conference on Model-Driven Engineering and Software Development.
  • AMI – The Premier Conference on Ambient Intelligence and Internet of Things 2017
  • AISCEN – International Workshop on Artificial Intelligence and Security Challenges in Emerging Networks   2019
  • CIC  – International Symposium on Models and Modeling Methodologies in Science and Engineering: MMMse 2011 
  • DEPEND – International Conference on Dependability 2009, 2010
  • ICCGI International Multi-Conference on Computing in the Global Information Technology 2013, 2014, 2015, 2016
  • ICONS – International Conference on Systems 2013, 2014, 2015, 2016
  • ICSOFT – International Conference on Software Technologies 2017, 2018, 2019, 2020, 2021
  • Annual International Conference on ICT: Bid Data, Cloud and Security 2018
  • International Conference on New Technologies, Mobility and Security 2012, 2014, 2015
  • SSCC – Security in Computing and Communications 2017, 2018, 2020
  • TPMC – International Conference Theory and Practice in Modern Computing 2012, 2013, 2014, 2018, 2019, 2020, 2021, 2022
  • IEEE International Conference on Web Services (ICWS) 2019,2020
  • European Conference on Cyber Warfare and Security 2019, 2020, 2021, 2022, 2023
  • International Conference on Systems, Control and Communications 2020, 2021
  • WCNA – International Conference on Wireless Communications, Networking and Applications 2021
  • ACAI – International Conference on Algorithms, Computing and Artificial Intelligence 2021, 2022
  • ESSE – European Symposium on Software Engineering 2022
  • IWAPS – International Workshop on Advances on Privacy Preserving  Technologies and Solutions 2022
  • Pattern Recognition, Machine Vision and Intelligent Algorithms 2022
  • DMCIT- International Conference on Data Mining, Communications and Information Technology 2022
  • IMBDKM – International Conference on Intelligent Media, Big Data and Knowledge Mining 2022
  • ICSC-CITIES – Congreso Ibero-Americano de Ciudades Inteligentes  2021, 2022, 2023, 2024, 2025
  • ICMSS – International Conference on Management Engineering, Software Engineering and Service Sciences 2023
  • MobiApps – International Workshop on Mobile Applications  2022, 2023, 2024, 2025
  • ISCIT – International Symposium on Communications and Information Technologies  2022
  • IMTRUST – International Workshop on Incident Management, Trusted Computing, Open Hardware, and Advanced Security Attacks  2025
  • ARTMAN – Recent Advances in  Resilient and Trustworthy Machine Learning  2024, 2025
  • PATTERNS – International Conference on Pervasive Patterns and Applications PATTERNS  2022, 2023, 2024, 2025
  • HS3 – Workshop on Hardware-Supported Software Security  2025
  • SAFER –   Workshop on Sustainable Security and Awareness for Next Generation Infrastructures   2025
• Reviewer:
  • Journal of system Architecture
  • Symmetry
  • Security & Communication Networks
  • Computers
  • International Journal of Agent Technologies and Systems (IJATS)
  • IEEE Intelligent Transportation Systems Transactions
  • SENSORS
  • International Journal of Secure Software Engineering (IJSSE)
  • IEEE Access
  • Information
  • International Journal of Digital Crime and Forensics (IJDCF)
  • International Journal of Secure Software Engineering (IJSSE)
  • ACM Transactions on Internet Technology
  • Applied Sciences
  • Future Internet
  • Electronics
  • Transactions on Emerging Telecommunications Technologies
  • IEEE Security & Privacy
  • Applied System Innovation
  • International Journal of Information Security
  • Telecommunication Systems