Carmen Fernandez-Gago
Associate Professor
Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (España)
Phone: +34 951 952 912
E-mail: mcgago@uma.es
Domain of interest and research
- Trust and Reputation Management,
- CyberSEc4Euro, PRECISE, NeCS , NESSoS (NoE on Security for Software Engineering), A4Cloud, Cloud Accountability project, GREDIA (security for Grids), SPIKE (Identity federations and security for SMEs),
Current research
- Trust and Reputation Management
- Trust in IoT environments
- Trust in cloud environments
Education
- PhD in Computer Science (University of Liverpool), 2004
- MSc in Mathematics (University of Malaga), 1996
Relevant publications
Carmen Fernandez-Gago, Davide Ferraris, Rodrigo Roman, Javier Lopez
Trust interoperability in the Internet of Things Journal Article Forthcoming
In: Internet of Things, vol. 26, Forthcoming.
@article{FerIoT24,
title = {Trust interoperability in the Internet of Things},
author = {Carmen Fernandez-Gago and Davide Ferraris and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/FerIoT24.pdf},
doi = {https://doi.org/10.1016/j.iot.2024.101226},
year = {2024},
date = {2024-12-31},
urldate = {2024-12-31},
journal = {Internet of Things},
volume = {26},
abstract = {The Internet of Things (IoT) is a paradigm where entities or things are interconnected, often in heterogeneous contexts. As the interconnection happens, things establish collaborations with others, sometimes under uncertainty. Although trust can help us overcome this uncertainty, things might not be able to process the information about trust coming from other things: each thing could have its own trust model, which means its own way to understand and measure trust. If new trust relationships are to be established, it would be desirable to have a mechanism of interoperability that allows the things to process the information about the other things in terms of trust. In this paper, we describe an interoperability framework for tackling the trust interoperability issues in IoT, depending on the different types of trust models that might co-exist in the same IoT scenario.},
keywords = {},
pubstate = {forthcoming},
tppubtype = {article}
}
Davide Ferraris, Carmen Fernandez-Gago, Rodrigo Roman, Javier Lopez
A Survey on IoT Trust Model Frameworks Journal Article
In: The Journal of Supercomputing, 2023.
@article{surveyIoTrust2023,
title = {A Survey on IoT Trust Model Frameworks},
author = {Davide Ferraris and Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/surveyIoTrust2023.pdf},
doi = {10.1007/s11227-023-05765-4},
year = {2023},
date = {2023-11-17},
urldate = {2023-11-17},
journal = {The Journal of Supercomputing},
abstract = {Trust can be considered as a multidisciplinary concept, which is strongly related to the context and it falls in different fields such as Philosophy, Psychology or Computer Science. Trust is fundamental in every relationship, because without it, an entity will not interact with other entities. This aspect is very important especially in the Internet of Things (IoT), where many entities produced by different vendors and created for different purposes have to interact among them through the internet often under uncertainty. Trust can overcome this uncertainty, creating a strong basis to ease the process of interaction among these entities. We believe that considering trust in the IoT is fundamental, and in order to implement it in any IoT entity, it is fundamental to consider it through the whole System Development Life Cycle. In this paper, we propose an analysis of different works that consider trust for the IoT. We will focus especially on the analysis of frameworks that have been developed in order to include trust in the IoT. We will make a classification of them providing a set of parameters that we believe are fundamental in order to properly consider trust in the IoT. Thus, we will identify important aspects to be taken into consideration when developing frameworks that implement trust in the IoT, finding gaps and proposing possible solutions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Davide Ferraris, Carmen Fernandez-Gago, Javier Lopez
POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT Book Section
In: Collaborative Approaches for Cyber Security in Cyber-Physical Systems, pp. 145-170, Springer, 2023, ISSN: 1613-5113.
BibTeX | Links:
@incollection{2013,
title = {POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/2013.pdf
https://link.springer.com/chapter/10.1007/978-3-031-16088-2_7},
doi = {https://doi.org/10.1007/978-3-031-16088-2_7},
issn = {1613-5113},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Collaborative Approaches for Cyber Security in Cyber-Physical Systems},
pages = {145-170},
publisher = {Springer},
organization = {Springer},
series = {Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Antonio Muñoz, Carmen Fernandez-Gago, Roberto Lopez-Villa
A Test Environment for Wireless Hacking in Domestic IoT Scenarios Journal Article
In: Mobile Networks and Applications, 2022, ISSN: 1383-469X.
BibTeX | Links:
@article{munoz2022,
title = {A Test Environment for Wireless Hacking in Domestic IoT Scenarios},
author = {Antonio Mu\~{n}oz and Carmen Fernandez-Gago and Roberto Lopez-Villa},
url = {/wp-content/papers/munoz2022.pdf},
doi = {10.1007/s11036-022-02046-x},
issn = {1383-469X},
year = {2022},
date = {2022-10-01},
urldate = {2022-10-01},
journal = {Mobile Networks and Applications},
publisher = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Davide Ferraris, Carmen Fernandez-Gago, Javier Lopez
A model-driven approach to ensure trust in the IoT Journal Article
In: Human-centric Computing and Information Sciences, vol. 10, no. 50, 2020, ISSN: 2192-1962.
@article{ferraris2020b,
title = {A model-driven approach to ensure trust in the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/ferraris2020b.pdf},
doi = {10.1186/s13673-020-00257-3},
issn = {2192-1962},
year = {2020},
date = {2020-12-01},
urldate = {2020-12-01},
journal = {Human-centric Computing and Information Sciences},
volume = {10},
number = {50},
publisher = {Springer},
abstract = {The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.
Davide Ferraris, Daniel Bastos, Carmen Fernandez-Gago, Fadi El-Moussa
A Trust Model for Popular Smart Home Devices Journal Article
In: International Journal of Information Security, 2020, ISSN: 1615-5262.
@article{ferraris2020,
title = {A Trust Model for Popular Smart Home Devices},
author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa},
url = {/wp-content/papers/ferraris2020.pdf
https://link.springer.com/article/10.1007/s10207-020-00519-2},
doi = {10.1007/s10207-020-00519-2},
issn = {1615-5262},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
journal = {International Journal of Information Security},
publisher = {Springer},
abstract = {Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.
Martin Kolar, Carmen Fernandez-Gago, Javier Lopez
A Model Specification for the Design of Trust Negotiations Journal Article
In: Computers & Security, vol. 84, pp. 288-300, 2019, ISSN: 0167-4048.
@article{kolar2019trust,
title = {A Model Specification for the Design of Trust Negotiations},
author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/kolar2019trust.pdf
https://www.sciencedirect.com/science/article/pii/S0167404818310484},
doi = {10.1016/j.cose.2019.03.024},
issn = {0167-4048},
year = {2019},
date = {2019-04-01},
urldate = {2019-04-01},
journal = {Computers \& Security},
volume = {84},
pages = {288-300},
publisher = {Elsevier},
abstract = {Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Davide Ferraris, Carmen Fernandez-Gago
TrUStAPIS: A Trust Requirements Elicitation Method for IoT Journal Article
In: International Journal of Information Security, pp. 111-127, 2019, ISSN: 1615-5262.
@article{ferraris2019,
title = {TrUStAPIS: A Trust Requirements Elicitation Method for IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago},
url = {/wp-content/papers/ferraris2019.pdf
https://link.springer.com/article/10.1007%2Fs10207-019-00438-x},
doi = {10.1007/s10207-019-00438-x},
issn = {1615-5262},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
journal = {International Journal of Information Security},
pages = {111-127},
publisher = {Springer},
abstract = {The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform.
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.
To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity.
This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration.
We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.
To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity.
This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration.
We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.
Ruben Rios, Carmen Fernandez-Gago, Javier Lopez
Modelling Privacy-Aware Trust Negotiations Journal Article
In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.
@article{Ruben2017trust,
title = {Modelling Privacy-Aware Trust Negotiations},
author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Ruben2017trust.pdf},
doi = {10.1016/j.cose.2017.09.015},
issn = {0167-4048},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Computers \& Security},
volume = {77},
pages = {773-789},
publisher = {Elsevier},
abstract = {Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Carmen Fernandez-Gago, Francisco Moyano, Javier Lopez
Modelling Trust Dynamics in the Internet of Things Journal Article
In: Information Sciences, vol. 396, pp. 72-82, 2017, ISSN: 0020-0255.
@article{Fer_IS17,
title = {Modelling Trust Dynamics in the Internet of Things},
author = {Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez},
url = {/wp-content/papers/Fer_IS17.pdf},
doi = {10.1016/j.ins.2017.02.039},
issn = {0020-0255},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
journal = {Information Sciences},
volume = {396},
pages = {72-82},
publisher = {Elsevier},
abstract = {The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Francisco Moyano, Carmen Fernandez-Gago, Javier Lopez
A Model-driven Approach for Engineering Trust and Reputation into Software Services Journal Article
In: Journal of Network and Computer Applications, vol. 69, pp. 134-151, 2016, ISSN: 1084-8045.
BibTeX | Links:
@article{JNCA16,
title = {A Model-driven Approach for Engineering Trust and Reputation into Software Services},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/JNCA16.pdf},
issn = {1084-8045},
year = {2016},
date = {2016-04-01},
urldate = {2016-04-01},
journal = {Journal of Network and Computer Applications},
volume = {69},
pages = {134-151},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Scientific Activities
- Program co.chair of IFIP WG 11.11 International Conference on Trust Management, Amsterdam October 2023.
- Program co-chair of the Track on trust of ATC’16, Toulousse (France)
- Chair of the 1st A4Cloud Summer school on Accountability and Security in the Cloud, Malaga (Spain), 2-6 June 2014
- Program co-Chair of the 7th IFIP WG 11.11 International conference on Trust Management, Malaga (Spain), 3-5 June 2013
- Spring School on Trustworthy Services and Systems, May 2013, Malaga (Spain)
- Program co-Chair of the 7th Workshop on Security and Trust Management, Copenhagen (Denmark), 27-28 June, 2011
- Publicity Chair of the 6th Workshop on Security and Trust Management, Athens (Greece), 23-24 September, 2010
- Publication Chair of the 7th International Conference on Trust,
Privacy and Security in Digital Business, Bilbao (Spain), 30-31 August, 2010 - Program Committee member of many events.
Memberships
- Secretary of IFIP WG 11.14 on Secure Service Engineering
- IFIP WG 11.11 on Trust Management
- ERCIM WG STM, Security and Trust Management
- Member of the editorial board of IJIIP, International Journal of Intelligent Information Processing
Thesis co-supervisor
- Davide Ferraris (2022)
- Martin Kolar (2022)
- Francisco Moyano (2015)
Presentations
- Will Winsborough award on Trust Management, Copenhagen, 2019
- IFIPTM 2016 Graduate Symposium, Darmstadt (Germany), 2016
- 1st A4cloud Summer School on Accountability in the cloud, Malaga (Spain), 2014
- Invited Talk at WOSIS 2013, Angers (France)
- NESSoS Roadmap at WISSE 2013, Valencia (Spain)