@inproceedings {909, title = {Herramienta para la Compensaci{\'o}n de Par{\'a}metros de QoS y Seguridad}, booktitle = {XIII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (RECSI 2014)}, year = {2014}, month = {09/2014}, pages = {303-308}, address = {Alicante (Espa{\~n}a).}, abstract = {

El an{\'a}lisis conjunto de mecanismos de seguridad y QoS es esencial para las redes heterog{\'e}neas donde diversos\ dispositivos pueden coexistir en entornos din{\'a}micos. En concreto, los dispositivos no siempre pueden ser\ conocidos, por lo que diferentes requisitos y mecanismos pueden surgir para el an{\'a}lisis. En este art{\'\i}culo,\ proponemos una herramienta para facilitar la configuraci{\'o}n de entornos basada en el an{\'a}lisis param{\'e}trico de\ dependencias, tomando como base de conocimiento un conjunto de par{\'a}metros de seguridad y QoS. Esta forma de\ an{\'a}lisis de par{\'a}metros a alto nivel permite considerar las dependencias y la compensaci{\'o}n entre mecanismos con\ independencia del sistema de informaci{\'o}n subyacente. Posibilita por tanto evaluar el impacto que tales\ mecanismos, y otros definidos acorde al modelo, tienen sobre un sistema previo a su despliegue.\ 

}, isbn = {978-84-9717-323-0}, author = {Ana Nieto and Javier Lopez} } @inproceedings {Rios2012, title = {HIDE_DHCP: Covert Communications Through Network Configuration Messages}, booktitle = {Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012)}, series = {IFIP AICT}, volume = {376}, year = {2012}, month = {June 2012}, pages = {162-173}, publisher = {Springer Boston}, organization = {Springer Boston}, address = {Heraklion, Crete, Greece}, abstract = {

Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70{\textquoteright}s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements

}, keywords = {Covert channels, Network Security, System Information Security}, isbn = {978-3-642-30435-4}, issn = {1868-4238}, doi = {http://dx.doi.org/10.1007/978-3-642-30436-1_14}, author = {Ruben Rios and Jose A. Onieva and Javier Lopez}, editor = {Dimitris Gritzalis and Steve Furnell and Marianthi Theoharidou} } @inproceedings {rosado2009d, title = {Hacia una Arquitectura de Servicios de Seguridad para entornos Grid m{\'o}viles}, booktitle = {V Congreso Iberoamericano de Seguridad Inform{\'a}tica (CIBSI{\textquoteright}09)}, year = {2009}, pages = {409-423}, publisher = {Universidad de la Rep{\'u}blica, Uruguay}, organization = {Universidad de la Rep{\'u}blica, Uruguay}, address = {Montevideo, Uruguay}, abstract = {

Grid m{\'o}vil incluye las caracter{\'\i}sticas de los sistemas Grid junto conlas peculiaridades de la computaci{\'o}n m{\'o}vil, a{\~n}adiendo la propiedad de soportarusuarios y recursos m{\'o}viles de forma homog{\'e}nea, transparente, segura yeficiente. La seguridad de estos sistemas, debido a su naturaleza abierta ydistribuida, es un tema de gran inter{\'e}s. Una arquitectura de seguridad basada enSOA proporciona una arquitectura distribuida dise{\~n}ada para interoperabilidadde servicios, f{\'a}cil integraci{\'o}n, y acceso seguro, simple y extensible. Por tanto,una arquitectura orientada a servicios de seguridad es construida para entornosGrid m{\'o}viles, ofreciendo servicios de seguridad a usuarios m{\'o}viles quienesusan servicios Grid y recursos para ejecutar sus trabajos y tareas. Estaarquitectura es integrada con otras arquitecturas existentes proporcionandomayor seguridad y permitiendo que los usuarios m{\'o}viles puedan acceder aservicios Grid existentes ofreciendo nuevos y necesarios servicios de seguridadpara Grid m{\'o}viles. Hemos definido un conjunto de servicios de seguridad, quejunto a protocolos, pol{\'\i}ticas y est{\'a}ndares de seguridad forman una arquitecturade seguridad orientada a servicios para entornos Grid m{\'o}viles. Esta arquitecturaes abierta, escalable, din{\'a}mica, interoperable y flexible.

}, isbn = {978-9974-0-0593-8}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez} } @inproceedings {Rosado2007, title = {Hacia un Proceso sistem{\'a}tico para el desarrollo de sistemas Grid Seguros con Dispositivos M{\'o}viles}, booktitle = {IV Congreso Iberoamericano de Seguridad Inform{\'a}tica (CIBSI{\textquoteright}07)}, year = {2007}, pages = {111-124}, publisher = {Sebasti{\'a}n Ca{\~n}{\'o}n, M.A.}, organization = {Sebasti{\'a}n Ca{\~n}{\'o}n, M.A.}, address = {Mar del Plata, Argentina}, isbn = {978-950-623-043-2}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini} } @inproceedings {javierlopez2003, title = {High-level Specification of Security Systems}, booktitle = {IEEE Globecom 2003 - Communications Security Track}, year = {2003}, month = {December}, pages = {1506-1510}, publisher = {IEEE Press}, organization = {IEEE Press}, address = {San Francisco}, abstract = {

In order to study the security systems, we have developed a methodology for the application to the analysis of cryptographic protocols of the formal analysis techniques commonly used in communication protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on HMSC/MSC, which can be automatically translated into a generic SDL specification.

}, isbn = {0-7803-7974-8}, author = {Javier Lopez and Juan J. Ortega and Jose M. Troya and Jose L. Vivas} } @inproceedings {javierlopez2003a, title = {How to Specify Security Services: A Practical Approach}, booktitle = {7th IFIP Conference on Multimedia and Communications Security (CMS{\textquoteright}03)}, series = {LNCS}, volume = {2828}, year = {2003}, month = {October}, pages = {158-171}, publisher = {Springer-Verlag}, organization = {Springer-Verlag}, address = {Torino, Italy}, abstract = {

Security services are essential for ensuring secure communications. Typically no consideration is given to security requirements during the initial stages of system development. Security is only added latter as an afterthought in function of other factors such as the environment into which the system is to be inserted, legal requirements, and other kinds of constraints. In this work we introduce a methodology for the specification of security requirements intended to assist developers in the design, analysis, and implementation phases of protocol development. The methodology consists of an extension of the ITU-T standard requirements language MSC and HMSC, called SRSL, defined as a high level language for the specification of security protocols. In order to illustrate it and evaluate its power, we apply the new methodology to a real world example, the integration of an electronic notary system into a web-based multi-users service platform.

}, isbn = {3-540-20185-8}, author = {Javier Lopez and Juan J. Ortega and Jose M. Troya and Jose L. Vivas} }