@inproceedings {Ifip15, title = {A4Cloud Workshop: Accountability in the Cloud}, booktitle = {IFIP Sumer School 2015 on Privacy and Identity Management. Time for a Revolution?}, volume = {476}, year = {2016}, month = {07/2016}, pages = {61-78}, publisher = {AICT Series, Springer}, organization = {AICT Series, Springer}, address = {Edinburgh (United Kingdon)}, author = {Carmen Fernandez-Gago and Siani Pearson and Michela D{\textquoteright}Errico and Rehab Alnemr and Tobias Pulls and Anderson Santana de Oliveira} } @inproceedings {agudo2016technique, title = {A Technique for Enhanced Provision of Appropriate Access to Evidence across Service Provision Chains}, booktitle = {10th International IFIP Summer School on Privacy and Identity Management}, year = {2016}, pages = {187-204}, abstract = {

Transparency and verifiability are necessary aspects of accountability, but care needs to be taken that auditing is done in a privacy friendly way. There are situations where it would be useful for certain actors to be able to make restricted views within service provision chains on accountability evidence, including logs, available to other actors with specific governance roles. For example, a data subject or a Data Protection Authority (DPA) might want to authorize an accountability agent to act on their behalf, and be given access to certain logs in a way that does not compromise the privacy of other actors or the security of involved data processors. In this paper two cryptographic-based techniques that may address this issue are proposed and assessed.

}, isbn = {978-3-319-41762-2}, doi = {10.1007/978-3-319-41763-9_13}, author = {Isaac Agudo and Ali El Kaafarani and David Nu{\~n}ez and Siani Pearson} } @inproceedings {1516, title = {Tools for Cloud Accountability: A4Cloud Tutorial}, booktitle = {9th IFIP Summer School on Privacy and Identity Management for the Future Internet in the Age of Globalisation}, volume = {457}, year = {2015}, pages = {219-236}, publisher = {Springer IFIP AICT}, organization = {Springer IFIP AICT}, address = {Patras (Greece)}, abstract = {

Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).

}, isbn = {978-3-319-18620-7}, issn = {978-3-319-18621-4}, doi = {10.1007/978-3-319-18621-4_15}, author = {Carmen Fernandez-Gago and Vasilis Tountopoulos and Simone Fischer-H{\"u}bner and Rehab Alnemr and David Nu{\~n}ez and Julio Angulo and Tobias Pulls and Theo Koulouris} } @inproceedings {onieva2014, title = {An{\'a}lisis y Desarrollo de un Canal Encubierto en una Red de Sensores}, booktitle = { XIII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (RECSI 2014)}, year = {2014}, month = {09/2014}, pages = {333-338}, publisher = {Universidad de Alicante}, organization = {Universidad de Alicante}, address = {Alicante, Spain}, abstract = {

Continuamente aparecen nuevos estudios as{\'\i} como nuevos desarrollos de canales encubiertos. Como veremos, existen m{\'a}s de cien dise{\~n}os distintos para redes de ordenadores, pero no hemos encontrado en la literatura ning{\'u}n an{\'a}lisis, dise{\~n}o e implementaci{\'o}n de canales encubiertos sobre redes de sensores. En este art{\'\i}culo presentamos los resultados del dise{\~n}o e implementaci{\'o}n de un canal multitasa basado en los tiempos de monitorizaci{\'o}n sobre una red de sensores. En este proceso se han establecido las principales propiedades necesarias y, en base a ellas, se desarrolla e implementa el canal encubierto. Se describe el proceso de desarrollo y se analiza su detectabilidad.

}, keywords = {Covert channels, Information Security, Information Warfare, Intrusion Detection, Network Security, Wireless Sensor Network}, isbn = {978-84-9717-323-0}, author = {Jose A. Onieva and Ruben Rios and Bernardo Palenciano} } @inproceedings {1637, title = {An Intelligent and Adaptive Live Simulator: A new Concept for Cybersecurity Training}, booktitle = {9th Future Security Conference}, year = {2014}, address = {Berlin}, abstract = {

The rapid rate of change in technology and the increasing sophistication of cyber attacks require any organization to have a continuous preparation. However, the resource and time intensive nature of cybersecurity education and training renders traditional approaches highly inefficient. Simulators have attracted the attention in the last years as a potential solution for cybersecurity training. However, in spite of the advances achieved, there is still an urgent need to address some open challenges. In this paper we present a novel simulator that solves some these challenges. First, we analyse the main properties that any cybersecurity training solution should comprise, and evaluate to what extent training simulators can meet them. Next, we introduce the functional architecture and innovative features of the simulator, of which a functional prototype has already been released. Finally, we demonstrate how these capabilities are put into practice in training courses already available in the simulator.

}, keywords = {Cyberdefence, Cybersecurity, Education, Simulation, Training}, author = {Jorge L. Hern{\'a}ndez-Ardieta and David Santos and Pascual Parra and Juan E. Tapiador and Pedro Peris-L{\'o}pez and Javier Lopez and Gerardo Fernandez} } @inproceedings {moyano2012stm, title = {Building Trust and Reputation In: A Development Framework for Trust Models Implementation}, booktitle = {8th International Workshop on Security and Trust Management (STM 2012)}, series = {LNCS}, volume = {7783}, year = {2013}, pages = {113-128}, publisher = {Springer}, organization = {Springer}, address = {Pisa}, abstract = {

During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.

}, isbn = {978-3-642-38004-4}, issn = {0302-9743}, doi = {10.1007/978-3-642-38004-4}, author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez}, editor = {Audung J{\o}sang and Pierangela Samarati and Marinella Petrocchi} } @inproceedings {moyano2013ares, title = {Detecting Insider Threats: a Trust-Aware Framework}, booktitle = {8th International Conference on Availability, Reliability and Security}, year = {2013}, month = {Nov 2013}, pages = {121-130}, publisher = {IEEE}, organization = {IEEE}, address = {Regensburg, Germany}, abstract = {

The number of insider threats hitting organizations and big enterprises is rapidly growing. Insider threats occur when trusted employees misuse their permissions on organizational assets. Since insider threats know the organization and its processes, very often they end up undetected. Therefore, there is a pressing need for organizations to adopt preventive mechanisms to defend against insider threats. In this paper, we propose a framework for insiders identification during the early requirement analysis of organizational settings and of its IT systems. The framework supports security engineers in the detection of insider threats and in the prioritization of them based on the risk they represent to the organization. To enable the automatic detection of insider threats, we extend the SI* requirement modeling language with an asset model and a trust model. The asset model allows associating security properties and sensitivity levels to assets. The trust model allows specifying the trust level that a user places in another user with respect to a given permission on an asset. The insider threats identification leverages the trust levels associated with the permissions assigned to users, as well as the sensitivity of the assets to which access is granted. We illustrate the approach based on a patient monitoring scenario.

}, isbn = {978-0-7695-5008-4}, doi = {10.1109/ARES.2013.22}, author = {Federica Paci and Carmen Fernandez-Gago and Francisco Moyano} } @inproceedings {nunez2013metamodel, title = {A Metamodel for Measuring Accountability Attributes in the Cloud}, booktitle = {2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013)}, year = {2013}, month = {12/2013}, pages = {355-362}, publisher = {IEEE}, organization = {IEEE}, address = {Bristol, UK}, abstract = {

Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.

}, isbn = {978-0-7685-5095-4}, doi = {10.1109/CloudCom.2013.53}, author = {David Nu{\~n}ez and Carmen Fernandez-Gago and Siani Pearson and Massimo Felici} } @inproceedings {moyano2013ifiptm, title = {Towards Trust-Aware and Self-Adaptive Systems}, booktitle = {7th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2013)}, series = {AICT}, volume = {401}, year = {2013}, month = {Jun 2013}, pages = {255-262}, publisher = {Springer}, organization = {Springer}, address = {Malaga}, abstract = {

The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Software engineering currently provides frameworks to develop reasoning engines that automatically take reconfiguration decisions and that support the runtime adaptation of distributed, heterogeneous applications. However, these frameworks have very limited support to address security concerns of these application, hindering their usage for FI scenarios. We address this challenge by enhancing self-adaptive systems with the concepts of trust and reputation. Trust will improve decision-making processes under risk and uncertainty, in turn improving security of self-adaptive FI applications. This paper presents an approach that includes a trust and reputation framework into a platform for adaptive, distributed component-based systems, thus providing software components with new abilities to include trust in their reasoning process.

}, isbn = {978-3-642-38323-6}, issn = {1868-4238}, doi = {10.1007/978-3-642-38323-6}, author = {Francisco Moyano and Benoit Baudry and Javier Lopez}, editor = {Carmen Fernandez-Gago and Isaac Agudo and Fabio Martinelli and Siani Pearson} } @inproceedings {neumann2012strong, title = {Strong Authentication of Humans and Machines in Policy Controlled Cloud Computing Environment Using Automatic Cyber Identity}, booktitle = {Information Security Solutions Europe 2012}, year = {2012}, month = {2012}, pages = {195-206}, publisher = {Springer Vieweg}, organization = {Springer Vieweg}, address = {Brussels, Belgium}, abstract = {

The paper describes the experience with integration of automatic cyber identity technology with policy controlled virtualisation environment. One identity technology has been used to enable strong authentication of users (human beings) as well as machines (host systems) to the virtualization management system. The real experimental evaluation has been done in PASSIVE project (Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments - SEVENTH FRAMEWORK PROGRAMME THEME ICT-2009.1.4 INFORMATION AND COMMUNICATION TECHNOLOGIES - Small or medium-scale focused research project - Grant agreement no.: 257644).

}, isbn = {978-3-658-00332-6}, doi = {10.1007/978-3-658-00333-3_19}, author = {Neumann Libor and Tomas Halman and Rotek Pavel and Alexander Boettcher and Julian Stecklina and Michal Sojka and David Nu{\~n}ez and Isaac Agudo}, editor = {Norbert Pohlmann and Helmut Reimer and Wolfgang Schneider} } @inproceedings {1642, title = {Analysis of Secure Mobile Grid Systems: A systematic approach}, booktitle = {XVI Jornadas de Ingenier{\'\i}a del Software y Bases de Datos (JISBD 2011)}, year = {2011}, month = {2011}, pages = {487-491}, publisher = {Servizo de publicaci{\'o}ns da Universidade da Coru{\~n}a}, organization = {Servizo de publicaci{\'o}ns da Universidade da Coru{\~n}a}, address = {A Coru{\~n}a, Spain}, abstract = {

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. The identification of security aspects in the first stages ensures a more robust development and permits the security requirements to be perfectly coupled with the design and the rest of the system\’s requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. Generic development processes are sometimes used to develop Grid specific systems without taking into consideration either the subjacent technological environment or the special features and particularities of these specific systems. In fact, the majority of existing Grid applications have been built without a systematic development process and are based on ad hoc developments.

}, isbn = {978-84-9749-486-1}, author = {David G. Rosado and E. Fernandez-Medina and M. Pattini and Javier Lopez} } @inproceedings {agudo2011cryptography, title = {Cryptography Goes to the Cloud}, booktitle = {1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011)}, series = {Communications in Computer and Information Science}, volume = {187}, year = {2011}, month = {June}, pages = {190-197}, publisher = {Springer}, organization = {Springer}, abstract = {

In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer{\textquoteright}s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.

}, isbn = {978-3-642-22364-8}, doi = {10.1007/978-3-642-22365-5_23}, author = {Isaac Agudo and David Nu{\~n}ez and Gabriele Giammatteo and Panagiotis Rizomiliotis and Costas Lambrinoudakis}, editor = {Changhoon Lee and Jean-Marc Seigneur and James J. Park and Roland R. Wagner} } @inproceedings {JoseA.Montenegro2010, title = {Computacion Segura Multiparte Aplicada a Subastas Electr{\'o}nicas}, booktitle = {IX Jornadas de Ingenier{\'\i}a Telemenatica (JITEL 2010)}, year = {2010}, month = {Octubre}, abstract = {

La confidencialidad ha pasado de ser un requisito de seguridad a ser considerado como requisito funcional y de obligado cumplimiento e inclusi\ón en todos los sistemas de comunicaciones. Un inconveniente que presenta las t\écnicas criptogr\áficas, utilizadas para obtener la confidencialidad de la informaci\ón, surge cuando varias entidades se ven forzadas a compartir informaci\ón secreta para realizar tareas puntuales de colaboraci\ón, ya que las primitivas tradicionales utilizadas para conseguir la confidencialidad resultan poco flexibles. La situaci\ón ideal permitir\ía hacer posible dicha colaboraci\ón sin que ninguna de las partes revele la informaci\ón aportada. En este escenario entra en juego la tecnolog\ía de Computaci\ón Segura Multiparte (CSM) que posibilita realizar operaciones con la informaci\ón compartida sin tener que hacerla p\ública. Este trabajo muestra una soluci\ón CSM aplicada a una subasta electr\ónica que permite la realizaci\ón de la subasta sin que las apuestas sean reveladas a ning\ún participante, incluyendo el subastador, por lo que no necesita el estableciendo de ninguna autoridad confiable. Aunque la literatura ofrece una amplia variedad de propuestas te\óricas de CSM desde su creaci\ón en la d\écada de los ochenta, no es com\ún su aplicacion pr\áctica en situaciones reales.

}, author = {Jose A. Montenegro and Javier Lopez and Rene Peralta} } @inproceedings {Rios2010a, title = {Implementaci{\'o}n de un esquema de localizaci{\'o}n privada y segura para interiores}, booktitle = {IX Jornadas de Ingenier{\'\i}a Telem{\'a}tica (JITEL{\textquoteright}10)}, year = {2010}, month = {Sept.}, pages = {237 - 244}, address = {Valladolid (Spain)}, abstract = {

Las aplicaciones basadas en localizaci\ón proporcionan a los usuarios servicios personalizados dependiendo de su ubicaci\ón. Las estimaciones prev\én que estos servicios se extender\án enormemente en los pr\óximos a\ños reportando grandes beneficios tanto a la industria como a los usuarios finales. Sin embargo, para que estos avances sean posibles se hace necesario analizar en profundidad las distintas implicaciones de seguridad y privacidad que la utilizaci\ón de tales servicios pueden traer consigo a los usuarios. En este trabajo proponemos un sistema de localizaci\ón que da soporte a la provisi\ón de servicios basados en localizaci\ón para entornos indoor y que se fundamenta en la tecnolog\ía de redes de sensores inal\ámbricos. En este esquema hemos tenido en cuenta diversos aspectos de seguridad y privacidad, prestando especial atenci\ón a la limitaci\ón extrema de recursos caracter\ística de las redes de sensores. Finalmente hemos desarrollado una prueba de concepto para comprobar la viabilidad de nuestro esquema dentro del \ámbito del proyecto OSAmI.

}, isbn = {978-84-693-5398-1}, author = {Ruben Rios and Isaac Agudo and Jose L. Gonzalez}, editor = {Yannis Dimitriadis and Mar{\'\i}a Jes{\'u}s Verd{\'u} P{\'e}rez} } @inproceedings {Benito2009, title = {SMEPP: A Secure Middleware for Embedded P2P}, booktitle = {ICT Mobile and Wireless Communications Summit (ICT-MobileSummit{\textquoteright}09)}, year = {2009}, month = {June}, address = {Santander (Spain)}, abstract = {

The increasing presence of embedded devices with internet access capabilities constitutes a new challenge in software development. These devices are now cooperating in a distributed manner towards what has been called as \"Internet of Things\". In this new scenario the client-server model is sometimes not adequate and dynamic ad-hoc networks are more common than before. However, security poses as a hard issue as these systems are extremely vulnerable. In this paper, we introduce SMEPP project, which aims at developing a middleware designed for P2P systems with a special focus on embedded devices and security. SMEPP is designed to be deployed in a wide range of devices. It tries to ease the development of applications hiding platforms details and other aspects such as scalability, adaptability and interoperability. A full implementation of this middleware is already available that incorporates security features specially designed for low-resource devices. Moreover, we describe two business applications being developed using this middleware in the context of \"Digital Home\" and \"Environmental Monitoring in Industrial Environments\".

}, isbn = {978-1-905824-12-0}, author = {Rafael J. Caro and David Garrido and Pierre Plaza and Rodrigo Roman and Nuria Sanz and Jose L. Serrano} } @inproceedings {rosado2008a, title = {Engineering Process Based On Grid Use Cases For Mobile Grid Systems}, booktitle = {Third International Conference on Software and Data Technologies (ICSOFT{\textquoteright}08)}, year = {2008}, pages = {146-151}, publisher = {Springer}, organization = {Springer}, address = {Porto, Portugal}, abstract = {

The interest to incorporate mobile devices into Grid systems has arisen with two main purposes. The firstone is to enrich users of these devices while the other is that of enriching the own Grid infrastructure.Security of these systems, due to their distributed and open nature, is considered a topic of great interest. Aformal approach to security in the software life cycle is essential to protect corporate resources. However,little attention has been paid to this aspect of software development. Due to its criticality, security should beintegrated as a formal approach into the software life cycle. We are developing a methodology ofdevelopment for secure mobile Grid computing based systems that helps to design and build secure Gridsystems with support for mobile devices directed by use cases and security use cases and focused onservice-oriented security architecture. In this paper, we will present one of the first steps of ourmethodology consisting of analyzing security requirements of mobile grid systems. This analysis will allowus to obtain a set of security requirements that our methodology must cover and implement.

}, isbn = {978-3-642-05200-2}, issn = {1865-0929}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini} } @inproceedings {Benito2008, title = {Middleware Seguro EP2P: un Desaf{\'\i}o para las Redes Sociales}, booktitle = {XVIII Jornadas Telecom I+D}, year = {2008}, month = {October}, address = {Bilbao (Spain)}, abstract = {

Los sistemas distribuidos en dispositivos embebidos representan un nuevo reto en el desarrollo de software. Estos sistemas han supuesto una importante revoluci{\'o}n en el paradigma de la computaci{\'o}n distribuida donde se intenta fragmentar un problema grande en m{\'u}ltiples problemas m{\'a}s peque{\~n}os. El nuevo escenario tiende entonces hacia sistemas en los cuales todos los elementos de la red se consideran iguales y los mecanismos de comunicaci{\'o}n est{\~a}n basados en redes ad-hoc que se forman din{\'a}micamente. De esta forma cualquier usuario de la red (en realidad cualquier elemento, hasta el m{\'a}s simple dispositivo) adquiere valor, a mayor colaboraci{\'o}n, mayor {\'e}xito del sistema. Sin embargo, desde el punto de vista de la seguridad, estos sistemas son extremadamente vulnerables. En este art{\'\i}culo se presenta SMEPP, un middleware dise{\~n}ado especialmente para sistemas P2P incluyendo aspectos de seguridad. SMEPP est{\'a} dise{\~n}ado para poder ser ejecutado en un amplio rango de dispositivos (desde redes de sensores hasta PC), y trata de facilitar el desarrollo de aplicaciones ocultando los detalles de la plataforma y otros aspectos tales como escalabilidad, adaptabilidad e interoperabilidad. Adem{\'a}s el art{\'\i}culo presenta dos aplicaciones de alto nivel que utilizando este middleware pasan a ser m{\'a}s personales, m{\'a}s sociales y m{\'a}s baratas, haciendo que todos los usuarios de la red cobren mayor importancia.

}, author = {Rafael J. Caro and David Garrido and Pierre Plaza and Rodrigo Roman and Nuria Sanz and Jose L. Serrano} } @inproceedings {rosado2008, title = {PSecGCM: Process for the development of Secure Grid Computing based Systems with Mobile devices}, booktitle = {International Conference on Availability, Reliability and Security (ARES{\textquoteright}08)}, year = {2008}, pages = {136-143}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {A Grid computing system is defined as a platform that supports distributed system applications which require fast access to a large quantity of distributed resources in a coordinated manner. With the development of wireless technology and mobile devices,}, abstract = {

A Grid computing system is defined as a platformthat supports distributed system applications which require fastaccess to a large quantity of distributed resources in acoordinated manner. With the development of wirelesstechnology and mobile devices, the Grid becomes the perfectcandidate so that mobile users can make complex works that addnew computational capacity to the Grid. Security of thesesystems, due to their distributed and open nature, receives greatinterest. The growing size and profile of the grid requirecomprehensive security solutions as they are critical to thesuccess of the endeavour. A formal approach to security in thesoftware life cycle is essential to protect corporate resources.However, little thought has been given to this aspect of softwaredevelopment. Due to its criticality, security should be integratedas a formal approach in the software life cycle. A methodology ofdevelopment for secure mobile Grid computing based systems isdefined, that is to say, an engineering process that defines thesteps to follow so that starting from the necessities to solve, wecan design and construct a secure Grid system with support formobile devices that is able to solve and cover these necessities.

}, issn = {978-0-7695-3102-1}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini} } @inproceedings {Rosado2007, title = {Hacia un Proceso sistem{\'a}tico para el desarrollo de sistemas Grid Seguros con Dispositivos M{\'o}viles}, booktitle = {IV Congreso Iberoamericano de Seguridad Inform{\'a}tica (CIBSI{\textquoteright}07)}, year = {2007}, pages = {111-124}, publisher = {Sebasti{\'a}n Ca{\~n}{\'o}n, M.A.}, organization = {Sebasti{\'a}n Ca{\~n}{\'o}n, M.A.}, address = {Mar del Plata, Argentina}, isbn = {978-950-623-043-2}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini} } @inproceedings {M.MagdalenaPayerasCapella2007, title = {Incompatibilidades entre Propiedades de los Protocolos de Intercambio Equitativo de Valores}, booktitle = {VI Jornadas de Ingenier{\'\i}a Telem{\'a}tica (JITEL{\textquoteright}07)}, year = {2007}, pages = {605-608}, publisher = {Universidad de Malaga}, organization = {Universidad de Malaga}, abstract = {

Sets of ideal properties are defined for different kinds of protocols designed for e-commerce applications. These sets are used as a start point in the design and then as a tool to evaluate the quality of the protocols. This is the case of fair exchange protocols and their application to electronic contract signing and certified electronic mail. However, in this area does not exist an agreement about which properties are ideal. Instead we can find properties described by different authors to his convenience. We illustrate the contradictions that appear between some of these properties.

}, author = {Magdalena Payeras and Josep L. Ferrer Gomila and Lloren Huguet Rotger and Jose A. Onieva} } @inproceedings {JavierLopez2005a, title = {Classifying Public Key Certificates}, booktitle = {2nd European PKI Workshop: Research and Applications (EuroPKI{\textquoteright}05)}, series = {LNCS}, volume = {3545}, year = {2005}, month = {June}, pages = {135-143}, publisher = {Springer}, organization = {Springer}, address = {Canterbury, U.K.}, abstract = {

In spite of the fact that there are several companies that (try to) sell public key certificates, there is still no unified or standardized classification scheme that can be used to compare and put into perspective the various offerings. In this paper, we try to start filling this gap and propose a four-dimensional scheme that can be used to uniformly describe and classify public key certificates. The scheme distinguishes between (i) who owns a certificate, (ii) how the certificate owner is registered, (iii) on what medium the certificate (or the private key, respectively) is stored, and (iv) what type of functionality the certificate is intended to be used for. We think that using these or similar criteria to define and come up with unified or even standardized classes of public key certificate is useful and urgently needed in practice.

}, author = {Javier Lopez and Rolf Oppliger and Guenther Pernul} } @inproceedings {1716, title = {A Novel Method To Maintain Privacy in Mobile Agent Applications}, booktitle = {Fourth International Conference on Cryptology and Network Security (CANS{\textasciiacute}05)}, series = {LNCS}, volume = {3810}, year = {2005}, pages = {247-260}, publisher = {Springer}, organization = {Springer}, isbn = {978-3-540-30849-2}, author = {K. Peng and Ed Dawson and J Gonzalez-Nieto and Eiji Okamoto and J. Lopez} } @inproceedings {SokratisKatsikas2005, title = {Trust, Privacy and Security in E-business: Requirements and Solutions}, booktitle = {10th Panhellenic Conference in Informatics (PCI{\textquoteright}05)}, series = {LNCS}, volume = {3746}, year = {2005}, month = {November}, pages = {548-558}, publisher = {Springer}, organization = {Springer}, address = {Volos, Greece}, abstract = {

An important aspect of e-business is the area of e-commerce. One of the most severe restraining factors for the proliferation of e-commerce, is the lack of trust between customers and sellers, consumer privacy concerns and the lack of security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. This paper considers trust privacy and security issues in e-commerce applications and discusses methods and technologies that can be used to fulfil the pertinent requirements.

}, author = {Sokratis K. Katsikas and Javier Lopez and Guenther Pernul} } @inproceedings {JavierLopez2004a, title = {On a Taxonomy of Systems for Authentication and/or Authorization Services}, booktitle = {TERENA Networking Conference}, year = {2004}, month = {June}, address = {Rhodes, Greece}, abstract = {

In this work we elaborate on a taxonomy of systems that provide either joint solutions for both authentication and authorization problems, or solutions for only one of the problems. Basically, we do not focus our work on theoretical systems that have been proposed only in the literature. On the other hand, we focus on: (i) systems that are already developed; (ii) systems that are under development or deployment; and (iii) systems that are still in the initial stages of design but are supported by international working groups or bodies. More precisely, we elaborate on a taxonomy of systems that are (or will be soon) available to final users.

}, author = {Javier Lopez and Jose A. Montenegro and Rolf Oppliger and Guenther Pernul} } @inproceedings {JavierLopez2002j, title = {Access Control Infrastructure for Digital Objects}, booktitle = {International Conference on Information and Communications Security (ICICS{\textquoteright}02)}, series = {LNCS}, volume = {2513}, year = {2002}, month = {December}, pages = {399-410}, publisher = {Springer-Verlag}, organization = {Springer-Verlag}, address = {Singapore}, abstract = {

Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges on the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralized security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML-based Secure Content Distribution (XSCD) infrastructure is based on the production of self-protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating Privilege Management Infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, solves the \“originator retained control\” issue and allows activities (such as payment) to be bound to the access to objects.

}, author = {Javier Lopez and Antonio Mana and Ernesto Pimentel and Jose M. Troya and Mariemma I. Yague} } @inproceedings {JavierLopez2002, title = {Protecci{\'o}n de Software basada en Tarjetas Inteligentes}, booktitle = {VII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (VII RECSI)}, year = {2002}, month = {Septiembre}, pages = {485-497}, address = {Oviedo, Espa}, author = {Javier Lopez and Antonio Mana and Juan J. Ortega and Ernesto Pimentel} } @inproceedings {1720, title = {A First Approach to Latin Electronic Notary Public Services}, booktitle = {IFIP Conference on Security \& Control of IT in Security}, year = {2001}, pages = {49-60}, author = {Jorge Davila and Javier Lopez and Rene Peralta and Jose maria troya} } @inproceedings {1737, title = {Una Soluci{\'o}n Flexible para Redes Privadas Virtuales}, booktitle = {VI Reuni{\'o}n Espa{\~n}ola de Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (VI RECSI)}, year = {2000}, month = {Sep 2000}, pages = {329-340}, address = {La Laguna}, isbn = {978-84789743-1-3}, author = {J. Davila and Javier Lopez and R. Peralta} } @inproceedings {SigridGuergens1999, title = {Efficient Detection of Failure Modes in Electronic Commerce Protocols}, booktitle = {IEEE International Workshop on Electronic Commerce and Security}, year = {1999}, month = {September}, pages = {850-857}, publisher = {IEEE Press}, organization = {IEEE Press}, address = {Florence, Italy}, abstract = {The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smartcards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.}, author = {Sigrid Gurgens and Javier Lopez and Rene Peralta} } @inproceedings {1740, title = {Aproximacion de Funciones mediante Redes Neuronales}, year = {1997}, month = {Sep 1997}, pages = {209-215}, isbn = {84-89654-03-4}, author = {Lucia Pino and Javier Lopez and Francisco Lopez and Carlos Maraval} } @inproceedings {FranciscoLopez1997a, title = {Determination of Objects Orientation in Assembly Lines using Neural Networks}, booktitle = {5th Intern. Conf. on Computer Aided Systems Theory and Technology (EUROCAST{\textquoteright}97)}, year = {1997}, month = {February}, pages = {183-189}, address = {Las Palmas, Spain}, abstract = {

This paper is a first approach to the use of artificial neural networks as a tool to estimate the orientation of an object, and is mainly directed towards industrial applications. The capability of neural networks to generalise is a key element in the calculation of an object\’s orientation. In this sense, a neural network can identify the angle of a part never seen before. To evaluate the efficiency of this method we have performed a series of tests with the different parts used in a car assembly line.

}, author = {Francisco Lopez and Javier Lopez and Alvaro Vergara and Lucia Pino} } @inproceedings {AntonioMana1997, title = {Incremento de la Seguridad del Estandar de Cifrado de Datos basado en la Combinaci{\'o}n de Datos y Clave}, booktitle = {III Jornadas de Inform{\'a}tica y Autom{\'a}tica}, year = {1997}, month = {Julio}, pages = {423-432}, address = {El Puerto de Santa Mar{\'\i}a, Espa}, abstract = {

A pesar del gran esfuerzo investigador llevado a cabo, el ataque al DES ha sido infructuoso desde que a mediados de los setenta fue adoptado como est\ándar por el U. S. National Bureau of Standards. El criptoan\álisis diferencial constituye la base de las primeras t\écnicas capaces de acabar con tal invulnerabilidad. Las t\écnicas de criptoan\álisis basadas en modelos de fallos y su adaptaci\ón a DES, el criptoan\álisis de fallos diferencial, son dos de esas t\écnicas que han conseguido recientemente romper sistemas DES (aunque el ataque est\á limitado a ciertos casos especiales, en particular implementaciones hardware). En este art\ículo se presenta un punto d\ébil de DES sobre el cual puede aumentarse la seguridad y se propone una modificaci\ón de la estructura interna de DES con objeto de mejorar su resistencia ante el criptoan\álisis diferencial y por ende de los ataques derivados de este. La modificaci\ón introducida no supone un coste adicional elevado

}, author = {Antonio Mana and Javier Lopez and Lucia Pino and Juan J. Ortega and Carlos Maraval} } @inproceedings {FranciscoLopez1997, title = {Neural Networks for Systems Security}, booktitle = {5th European Congress of Intelligent Techniques and Soft Computing (EUFIT{\textquoteright}97)}, year = {1997}, month = {August}, pages = {410-413}, address = {Germany}, abstract = {
This paper is a first approach in the use of Neural Networks for security. We apply it for electronic mail private systems in Local Area Networks. Some of these systems use public keys directories which must be protected suitably. This task is very complicated because all users in the systems must be able to change their public keys in those directories. We see the advantage of using Neural Networks versus other classical methods to resolve this problem.
}, author = {Francisco Lopez and Javier Lopez and Lucia Pino and Carlos Maraval} } @inproceedings {1741, title = {Sistema Jer{\'a}rquico de Administraci{\'o}n de Claves P{\'u}blicas para el Correo Electr{\'o}nico}, booktitle = {I Jornadas de Ingenier{\'\i}a Telem{\'a}tica (JITEL{\textquoteright}97)}, year = {1997}, month = {Sep 1997}, pages = {295-302}, address = {Bilbao (Spain)}, isbn = {84-89654-04-2}, author = {Lucia Pino and Antonio Mana and Juan J. Ortega and Javier Lopez} } @inproceedings {1723, title = {A Tool for Functions Approximation by Neural Networks}, booktitle = {5th European Congress of Intelligent Techniques and Soft Computing (EUFIT {\textquoteright}97)}, year = {1997}, pages = {557-564}, address = {Aachen (Germany)}, author = {L Pino and Javier Lopez and Francisco Lopez and Carlos Maraval} } @inproceedings {JavierLopez1996, title = {Generaci{\'o}n de N{\'u}meros Primos mediante Tests de Primalidad Probabil{\'\i}stas}, booktitle = {IV Reuni{\'o}n Espa{\~n}ola de Criptolog{\'\i}a (IV REC)}, year = {1996}, month = {Septiembre}, pages = {27-33}, address = {Valladolid, Espa}, abstract = {
Nowadays cryptography is present in nearly every aspect of our everyday life, in particular public-key cryptosystems. Some of them have a mathematical foundation of number theory working with big integer numbers. Factoring these numbers is more complex and time-consuming than generating and testing prime numbers; this is the main reason for the strenght of some public key cryptosystems. This paper presents three different probabilistic methods for testing big prime numbers in a reasonable amount of time. A comparison of their efficiency to test prime numbers is also introduced.
}, author = {Javier Lopez and Francisco Ona and Lucia Pino and Carlos Maraval} } @inproceedings {JavierLopez1995, title = {Seguridad de Directorios en Criptosistemas de Clave P{\'u}blica mediante Redes Neuronales en Sistemas de Comunicaciones}, booktitle = {X Symposium Nacional de la Uni{\'o}n Cient{\'\i}fica Internacional de Radio (URSI{\textquoteright}95)}, year = {1995}, month = {Septiembre}, pages = {147-150}, address = {Valladolid, Espa}, author = {Javier Lopez and Francisco Ona and Lucia Pino and Carlos Maraval} }