Biblio

Export results:
Author Title Type [ Year(Asc)]
Filters: Keyword is Trust and Author is Javier Lopez  [Clear All Filters]
D. Ferraris, C. Fernandez-Gago, and J. Lopez, "POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT",
Collaborative Approaches for Cyber Security in Cyber-Physical Systems, no. Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA), Springer, pp. 145-170, 01/2023. DOI More..
PDF icon 2013.pdf (433.59 KB)
D. Ferraris, C. Fernandez-Gago, and J. Lopez, "Novel Approaches for the Development of Trusted IoT Entities",
37th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2022, Springer, pp. 215-230, 06/2022. DOI More..
PDF icon 1980.pdf (558.28 KB)
D. Ferraris, C. Fernandez-Gago, and J. Lopez, "Verification and Validation Methods for a Trust-by-Design Framework for the IoT",
36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'22), vol. 13383, Springer, pp. 183-194, 07/2022. DOI More..
PDF icon 1981.pdf (385.14 KB)
M. Kolar, C. Fernandez-Gago, and J. Lopez, "A Model Specification Implementation for Trust Negotiation",
The 14th International Conference on Network and System Security (NSS 2020), vol. 12570, Springer, pp. 327-341, 11/2020. More..

Abstract

Trust negotiation represents a suitable approach for building trust in online environments, where the interacting entities are anonymous. It covers important criteria on security and privacy. In this work, we propose a method for implementing our model specification that handles trust negotiation. We define the structure of the trust negotiation module that is a standalone unit capable of negotiating on its own. It may be included to any software by its defined interfaces. We realise our method with a ride-sharing scenario and four trust negotiation strategies that we apply in order to validate our design and implementation. We propose a solution that is fully customisable based on different requirements. The proposal provides guidelines for developers in the process of including trust negotiation into their software.

PDF icon 1852.pdf (569.75 KB)
D. Ferraris, C. Fernandez-Gago, and J. Lopez, "A model-driven approach to ensure trust in the IoT",
Human-centric Computing and Information Sciences, vol. 10, no. 50, Springer, 12/2020. DOI (I.F.: 5.9)More..

Abstract

The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.

Impact Factor: 5.9
Journal Citation Reports® Science Edition (Thomson Reuters, 2020)

PDF icon ferraris2020b.pdf (2.11 MB)
D. Ferraris, D. Bastos, C. Fernandez-Gago, F. El-Moussa, and J. Lopez, "An Analysis of Trust in Smart Home Devices",
The 20th World Conference on Information Security Applications: WISA-Workshop 2019, Springer, 2019. More..

Abstract

In recent times, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. These devices are intrinsically intrusive, being able to access user’s personal information. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices. Improper trust assumptions and security controls can lead to unauthorized access of the devices, which can have severe consequences (i.e. safety risks). In this paper, we analysed the behaviour of smart home devices with respect to trust relationships. We set up a smart home environment to evaluate how trust is built and managed. Then, we performed a number of interaction tests with different types of users (i.e. owner, guests). As a result, we were able to assess the effectiveness of the provided security controls and identify some relevant security issues. To address them, we defined a trust model and proposed a solution based on it for securing smart home devices.

PDF icon 1814.pdf (247.14 KB)
R. Rios, C. Fernandez-Gago, and J. Lopez, "Modelling Privacy-Aware Trust Negotiations",
Computers & Security, vol. 77 , issue August 2018, Elsevier, pp. 773-789, 2018. DOI (I.F.: 3.062)More..

Abstract

Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.

Impact Factor: 3.062
Journal Citation Reports® Science Edition (Thomson Reuters, 2018)

PDF icon Ruben2017trust.pdf (425.82 KB)
C. Fernandez-Gago, F. Moyano, and J. Lopez, "Modelling Trust Dynamics in the Internet of Things",
Information Sciences, vol. 396, Elsevier, pp. 72-82, 2017. DOI (I.F.: 4.305)More..

Abstract

The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.

Impact Factor: 4.305
Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

PDF icon Fer_IS17.pdf (1002.43 KB)
R. Rios, C. Fernandez-Gago, and J. Lopez, "Privacy-Aware Trust Negotiation",
12th International Workshop on Security and Trust Management (STM), vol. LNCS 9871, Springer, pp. 98-105, 09/2016. DOI More..

Abstract

Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.

PDF icon rios2016b.pdf (237.78 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "Towards Engineering Trust-aware Future Internet Systems",
3rd International Workshop on Information Systems Security Engineering (WISSE 2013), X. Franch, and P. Soffer Eds., LNBIP 148, Springer-Verlag, pp. 490-501, Jun 2013. DOI More..

Abstract

Security must be a primary concern when engineering Future Internet (FI) systems and applications. In order to achieve secure solutions, we need to capture security requirements early in the Software Development Life Cycle (SDLC). Whereas the security community has traditionally focused on providing tools and mechanisms to capture and express hard security requirements (e.g. confidentiality), little attention has been paid to other important requirements such as trust and reputation. We argue that these soft security requirements can leverage security in open, distributed, heterogeneous systems and applications and that they must be included in an early phase as part of the development process. In this paper we propose a UML extension for specifying trust and reputation requirements, and we apply it to an eHealth case study.

PDF icon moyano13wisse.pdf (505.78 KB)
Modify or remove your filters and try again.