Biblio

Export results:
Author Title Type [ Year(Asc)]
Filters: First Letter Of Title is T and Author is Javier Lopez  [Clear All Filters]
D. Ferraris, C. Fernandez-Gago, and J. Lopez, "A Trust-by-Design Framework for the Internet of Things",
2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS), IEEE, 04/2018. DOI More..

Abstract

The Internet of Things (IoT) is an environment of interconnected entities, that are identifiable, usable and controllable via the Internet. Trust is necessary in a system such as IoT as the entities involved should know the effect of interacting with other entities. Moreover, the entities must also be able to trust a system to reliably use it. An IoT system is composed of different entities from different vendors, each of them with a different purpose and a different lifecycle. So considering trust in the whole IoT system lifecycle is useful and necessary to guarantee a good service for the whole system. The heterogeneity and dynamicity of this field make it difficult to ensure trust in IoT. We propose a trust by design framework for including trust in the development of an IoT entity considering all the phases of the life-cycle. It is composed of the K-Model and transversal activities.

PDF icon 1684.pdf (165.19 KB)
A. Nieto, R. Roman, and J. Lopez, "Testificación Digital",
Revista SIC, vol. 122, Ediciones CODA, pp. 94-98, Nov 2016. More..

Abstract

El creciente número de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos –muchos de ellos propietarios– y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse cómo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se está desarrollando una solución, el Testigo Digital, que permitirá a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegiéndonos de los ciberataques emergentes.

PDF icon nrlSIC16.pdf (476.98 KB)
A. Nieto, R. Roman, and J. Lopez, "Testigo digital: delegación vinculante de evidencias electrónicas para escenarios IoT",
II Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2016), pp. 109-116, 06/2016. More..

Abstract

En un mundo en el que los usuarios dependen cada vez más de sus dispositivos, éstos almacenan gran cantidad de datos y son una fuente muy valiosa de información sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, características propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este artículo definimos el concepto de testigo digital: funcionalidad que permitirá a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, amparándose en la colaboración de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de éstas.

PDF icon 1578.pdf (2.04 MB)
A. Nieto, R. Roman, and J. Lopez, "Testigo digital: procedimientos y dispositivos para la gestión segura de evidencias electrónicas con credenciales vinculantes",
España, C. Autón./Reg. de explotación: Andalucía, Invention Patent, vol. P201500764, G06F 21/00, 10/2015.
L. Cazorla, C. Alcaraz, and J. Lopez, "A Three-Stage Analysis of IDS for Critical Infrastructures",
Computers & Security, vol. 55, no. November, Elsevier, pp. 235-250, 2015. (I.F.: 1.64)More..

Abstract

The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.

Impact Factor: 1.64
Journal Citation Reports® Science Edition (Thomson Reuters, 2015)

PDF icon lorena2015c.pdf (1.54 MB)
L. Cazorla, C. Alcaraz, and J. Lopez, "Towards Automatic Critical Infrastructure Protection through Machine Learning",
8th International Conference on Critical Information Infrastructures Security, vol. 8328, Springer, pp. 197-203, 2013. DOI More..

Abstract

Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology

PDF icon 1805.pdf (110.09 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "Towards Engineering Trust-aware Future Internet Systems",
3rd International Workshop on Information Systems Security Engineering (WISSE 2013), X. Franch, and P. Soffer Eds., LNBIP 148, Springer-Verlag, pp. 490-501, Jun 2013. DOI More..

Abstract

Security must be a primary concern when engineering Future Internet (FI) systems and applications. In order to achieve secure solutions, we need to capture security requirements early in the Software Development Life Cycle (SDLC). Whereas the security community has traditionally focused on providing tools and mechanisms to capture and express hard security requirements (e.g. confidentiality), little attention has been paid to other important requirements such as trust and reputation. We argue that these soft security requirements can leverage security in open, distributed, heterogeneous systems and applications and that they must be included in an early phase as part of the development process. In this paper we propose a UML extension for specifying trust and reputation requirements, and we apply it to an eHealth case study.

PDF icon moyano13wisse.pdf (505.78 KB)
F. Moyano, B. Baudry, and J. Lopez, "Towards Trust-Aware and Self-Adaptive Systems",
7th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2013), C. Fernandez-Gago, I. Agudo, F. Martinelli, and S. Pearson Eds., AICT 401, Springer, pp. 255-262, Jun 2013. DOI More..

Abstract

The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Software engineering currently provides frameworks to develop reasoning engines that automatically take reconfiguration decisions and that support the runtime adaptation of distributed, heterogeneous applications. However, these frameworks have very limited support to address security concerns of these application, hindering their usage for FI scenarios. We address this challenge by enhancing self-adaptive systems with the concepts of trust and reputation. Trust will improve decision-making processes under risk and uncertainty, in turn improving security of self-adaptive FI applications. This paper presents an approach that includes a trust and reputation framework into a platform for adaptive, distributed component-based systems, thus providing software components with new abilities to include trust in their reasoning process.  

PDF icon moyano2013ifiptm.pdf (585.82 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "A Trust and Reputation Framework",
Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2013), M. Heisel, and E. Marchetti Eds., CEUR-WS 965, CEUR-WS, pp. 7-12, 2013. More..

Abstract

The Future Internet is posing new security challenges as their scenarios are bringing together a huge amount of stakeholders and devices that must interact under unforeseeable conditions. In addition, in these scenarios we cannot expect entities to know each other beforehand, and therefore, they must be involved in risky and uncertain collaborations. In order to minimize threats and security breaches, it is required that a well-informed decision-making process is in place, and it is here where trust and reputation can play a crucial role. Unfortunately, services and applications developers are often unarmed to address trust and reputation requirements in these scenarios. To overcome this limitation, we propose a trust and reputation framework that allows developers to create trust- and reputation-aware applications.  

PDF icon moyano2013essosds.pdf (217.23 KB)
F. Moyano, C. Fernandez-Gago, I. Agudo, and J. Lopez, "A Task Ordering Approach for Automatic Trust Establishment",
Proceedings of the 2012 International Symposium on Engineering Secure Software and Systems (ESSoS 2012), G. Barthe, B. Livshits, and R. Scandariato Eds., LNCS 7159, Springer, pp. 76–89, Feb 2012. DOI More..

Abstract

Trust has become essential in computer science as a way of assisting the process of decision-making, such as access control. In any system, several tasks may be performed, and each of these tasks might pose different associated trust values between the entities of the system. For instance, in a file system, reading and overwriting a file are two tasks that pose different trust values between the users who can carry out these tasks. In this paper, we propose a simple model for automatically establishing trust relationships between entities considering an established order among tasks.

PDF icon Moyano_ESSoS12.pdf (526.84 KB)
A. Nieto, and J. Lopez, "Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks",
Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, IEEE, pp. 607-612, 03/2012. DOI More..

Abstract

 

Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.

 

PDF icon Nieto2012a.pdf (372.72 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid systems",
IEICE Trans. on Information and Systems, vol. E94-D, IEICE, pp. 243-254, Feb 2011. DOI (I.F.: 0.178)More..

Abstract

The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.
 

Impact Factor: 0.178
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon rosado2009.pdf (302.25 KB)
J. Lopez, R. Roman, I. Agudo, and C. Fernandez-Gago, "Trust Management Systems for Wireless Sensor Networks: Best practices",
Computer Communications, vol. 33, no. 9, Elsevier, pp. 0140-3664, 2010. DOI (I.F.: 0.816)More..

Abstract

Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.

Impact Factor: 0.816
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

PDF icon JavierLopezMunoz2010.pdf (210.98 KB)
S. K. Katsikas, J. Lopez, and M. Soriano Eds., "Trust, Privacy and Security in Digital Business, 7th International Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010. Proceedings",
TrustBus, vol. 6264, Springer, 2010. DOI More..
R. Roman, C. Fernandez-Gago, J. Lopez, and H. Hwa Chen, "Trust and Reputation Systems for Wireless Sensor Networks",
Security and Privacy in Mobile and Wireless Networking, S. Gritzalis, T. Karygiannis, and C. Skianis Eds., Troubador Publishing Ltd, pp. 105-128, 2009. More..

Abstract

The concept of trust has become very relevant in the late years as a consequence of the growth of fields such as internet transactions or electronic commerce. In general, trust has become of paramount importance for any kind of distributed networks, such as wireless sensor networks (WSN in the following). In this chapter of the book, we try to give a general overview of the state of the art on trust management systems for WSN and also try to identify the main features of the architectures of these trust management systems.

PDF icon Roman2009b.pdf (291.67 KB)
S. K. Katsikas, J. Lopez, and G. Pernul, "Trust, Privacy and Security in Digital Business",
International Journal of Computer Systems, Science & Engineering, vol. 20, no. 6, CRL Publishing, 2005. (I.F.: 0.119)More..

Abstract

An important aspect of e-business is the area of e-commerce. According to recent surveys, one of the most severe restraining factors for the proliferation of e-commerce, as measured by the gap between predicted market value and actual development is the (lack of) security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. A large number of individuals are not willing to engage in e-commerce (or are only participating at a reduced level) simply because they do not trust the e-commerce sites and the underlying information and communication technologies to be secure enough. This paper first considers privacy and security requirements for e-commerce applications; it then discusses methods and technologies that can be used to fulfil these requirements.

Impact Factor: 0.119
Journal Citation Reports® Science Edition (Thomson Reuters, 2005)

PDF icon SokratisKatsikas2005a.pdf (215.19 KB)
S. K. Katsikas, J. Lopez, and G. Pernul Eds., "Trust, Privacy and Security in Digital Business: Second International Conference, TrustBus 2005, Copenhagen, Denmark, August 22-26, 2005, Proceedings",
TrustBus, vol. 3592, Springer, 2005. More..
S. K. Katsikas, J. Lopez, and G. Pernul, "Trust, Privacy and Security in E-business: Requirements and Solutions",
10th Panhellenic Conference in Informatics (PCI’05), LNCS 3746, Springer, pp. 548-558, November, 2005. More..

Abstract

  An important aspect of e-business is the area of e-commerce. One of the most severe restraining factors for the proliferation of e-commerce, is the lack of trust between customers and sellers, consumer privacy concerns and the lack of security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. This paper considers trust privacy and security issues in e-commerce applications and discusses methods and technologies that can be used to fulfil the pertinent requirements.

PDF icon SokratisKatsikas2005.pdf (240.98 KB)
J. Lopez, J. A. Montenegro, R. Oppliger, and G. Pernul, "On a Taxonomy of Systems for Authentication and/or Authorization Services",
TERENA Networking Conference, June, 2004. More..

Abstract

In this work we elaborate on a taxonomy of systems that provide either joint solutions for both authentication and authorization problems, or solutions for only one of the problems. Basically, we do not focus our work on theoretical systems that have been proposed only in the literature. On the other hand, we focus on: (i) systems that are already developed; (ii) systems that are under development or deployment; and (iii) systems that are still in the initial stages of design but are supported by international working groups or bodies. More precisely, we elaborate on a taxonomy of systems that are (or will be soon) available to final users.

PDF icon JavierLopez2004a.pdf (19.35 KB)
M. Carbonell, J. A. Onieva, J. Lopez, D. Galpert, and J. Zhou, "Timeout Estimation using a Simulation Model for Non-repudiation Protocols",
2nd Workshop on Internet Communications Security (WICS’04), (within Computational Science and its Applications International Conference), LNCS 3043, Springer, pp. 903-914, May, 2004. More..

Abstract

An essential issue for the best operation of non-repudiation protocols is to figure out their timeouts. In this paper, we propose a simulation model for this purpose since timeouts depend on specific scenario features such as network speed, TTP characteristics, number of originators and recipients, etc. Based on a one-to-many Markowicth’s protocol simulation model as a specific example, we have worked out various simulation experiments.

PDF icon MildreyCarbonell2004.pdf (324.28 KB)
S. K. Katsikas, J. Lopez, and G. Pernul Eds., "Trust and Privacy in Digital Business, First International Conference, TrustBus 2004, Zaragoza, Spain, August 30 - September 1, 2004, Proceedings",
TrustBus, vol. 3184, Springer, 2004. More..
J. A. Montenegro, and J. Lopez, "Taxonomía de las Infraestructuras de Autorización y Autentificación",
XIII Jornadas TELECOM I+D 2003, Noviembre, 2003.
J. L. Vivas, J. A. Montenegro, and J. Lopez, "Towards Business Process-Driven Framework for Security Engineering with the UML",
6th International Conference on Information Security (ISC’03), LNCS 2851, Springer-Verlag, pp. 381-395, October, 2003. More..

Abstract

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is commonly at the business process level that customers and end users are able to express their security needs. In addition, systems are often developed by automating existing manual business processes. Since many security notions belongs conceptually to the world of business processes, it is natural to try to capture and express them in the context of business models in which moreover customers and end users feel most comfortable. In this paper, based on experience drawn from an ongoing work within the CASENET project \cite{CASENET}, we propose a UML-based business process-driven framework for the development of security-critical systems.

PDF icon josevivas2003.pdf (206.96 KB)
J. Lopez, A. Mana, J. A. Montenegro, J. J. Ortega, and J. M. Troya, "Towards a Trustful and Flexible Environment for Secure Communications with Public Administrations",
First International Conference on Electronic Government (EGOV’02), LNCS 2456, Springer, pp. 211-214, September, 2002. More..

Abstract

Interaction of citizens and private organizations with Public Administrations can produce meaningful benefits in the accessibility, efficiency and availability of documents, regardless of time, location and quantity. Although there are some experiences in the field of e-government there are still some technological and legal difficulties that avoid a higher rate of communications with Public Administrations through Internet, not only from citizens, but also from private companies. We have studied two of the technological problems, the need to work in a trustful environment and the creation of tools to manage electronic versions of the paper-based forms.

PDF icon JavierLopez2002g.pdf (72.46 KB)
A. Mana, J. Lopez, J. Martinez, and S. Matamoros, "Ticketing Genérico y Seguro Sobre GSM",
Simposio en Informática y Telecomunicaciones 2001 (SIT’01), pp. 297-305, Septiembre, 2001. More..

Abstract

La confianza en el comercio electrónico se ha reforzado, sin duda, gracias a la difusión de las tarjetas inteligentes. Estos elementos clave, que mejoran en gran medida la seguridad de los sistemas informáticos, tienen usos que van desde la simple identificación del usuario hasta complejos mecanismos de pago. Dentro del comercio electrónico, uno de los servicios de valor añadido más interesantes para cualquier usuario es el de ticketing. La seguridad de este sistema puede beneficiarse del uso de las tarjetas inteligentes en los procesos de venta, almacenamiento y uso de los tickets electrónicos. Uno de los puntos críticos para conseguir una amplia aceptación de este servicio será su capacidad de llegar a la gran mayoría de usuarios. En esta línea, parece apropiado pensar en los teléfonos móviles como la mejor plataforma sobre la que implantar el sistema. Este trabajo presenta los resultados del proyecto GSM-ticket, en el que se introducen, por una parte, un esquema de tickets electrónicos seguros, eficientes y fáciles de usar, y por otra el conjunto de servicios adicionales de venta, pago y distribución junto con sus protocolos correspondientes.

L. Pino, J. Lopez, F. Lopez, and C. Maraval, "A Tool for Functions Approximation by Neural Networks",
5th European Congress of Intelligent Techniques and Soft Computing (EUFIT ’97), pp. 557-564, 1997.
Modify or remove your filters and try again.