Carmen Fernandez-Gago

Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34 951952912    Fax: +34 951952749

Domain of interest and research

  • Trust and Reputation Management, 
  • PRECISE, NeCS , NESSoS (NoE on Security for Software Engineering), A4Cloud, Cloud Accountability project, GREDIA (security for Grids), SPIKE (Identity federations and security for SMEs), 

Current research

  • Trust and Reputation Management
  • Trust in cloud environments


  • PhD in Computer Science (University of Liverpool), 2004
  • MSc in Mathematics (University of Malaga), 1996

Relevant publications

  • F. Moyano, C. Fernandez-Gago, and J. Lopez, "A Model-driven Approach for Engineering Trust and Reputation into Software Services",
    Journal of Network and Computer Applications, vol. 69, Elsevier, pp. 134-151, 04/2016. (I.F.: 3.500)More..
    Impact Factor: 3.500
    Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

  • D. Nuñez, C. Fernandez-Gago, and J. Luna, "Eliciting Metrics for Accountability of Cloud Systems",
    Computers & Security, vol. 62, Elsevier, pp. 149-164, 08/2016. DOI (I.F.: 2.849)More..


    Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics. 

    Impact Factor: 2.849
    Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

  • C. Fernandez-Gago, I. Agudo, and J. Lopez, "Building Trust from Context Similarity Measures",
    Computer Standards & Interfaces, Special Issue on Security in Information Systems, vol. 36, issue 4, Elsevier, pp. 792-800, 2014. DOI (I.F.: 0.879)More..


     Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.


    Impact Factor: 0.879
    Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

  • I. Agudo, C. Fernandez-Gago, and J. Lopez, "A Scale Based Trust Model for Multi-Context Environments",
    Computers and Mathematics with Applications, vol. 60, Elsevier, pp. 209-216, July, 2010. DOI (I.F.: 1.472)More..


    When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.

    Impact Factor: 1.472
    Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

  • I. Agudo, C. Fernandez-Gago, and J. Lopez, "Concurrent access control for multi-user and multi-processor systems based on trust relationships",
    Concurrency and Computation: Practice and Experience, vol. 21, John Wiley & Sons, pp. 1389-1403, July, 2009. DOI (I.F.: 1.004)More..


    Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level

    Impact Factor: 1.004
    Journal Citation Reports® Science Edition (Thomson Reuters, 2009)

  • R. Roman, C. Fernandez-Gago, J. Lopez, and H. Hwa Chen, "Trust and Reputation Systems for Wireless Sensor Networks",
    Security and Privacy in Mobile and Wireless Networking, S. Gritzalis, T. Karygiannis, and C. Skianis Eds., Troubador Publishing Ltd, pp. 105-128, 2009. More..


    The concept of trust has become very relevant in the late years as a consequence of the growth of fields such as internet transactions or electronic commerce. In general, trust has become of paramount importance for any kind of distributed networks, such as wireless sensor networks (WSN in the following). In this chapter of the book, we try to give a general overview of the state of the art on trust management systems for WSN and also try to identify the main features of the architectures of these trust management systems.

  • I. Agudo, C. Fernandez-Gago, and J. Lopez, "A Model for Trust Metrics Analysis",
    5th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’08), LNCS 5185, Springer, pp. 28-37, 2008. DOI More..


    Trust is an important factor in any kind of network essential, for example, in the decision-making process. As important as the definition of trust is the way to compute it. In this paper we propose a model for defining trust based on graph theory and show examples of some simple operators and functions that will allow us to compute trust.

Scientific Activities

  • Program co-chair of the Track on trust of ATC'16, Toulousse (France) 
  • Chair of the 1st A4Cloud Summer school on Accountability and Security in the Cloud, Malaga (Spain), 2-6 June 2014
  • Program co-Chair of the 7th IFIP WG 11.11 International conference  on Trust Management, Malaga (Spain), 3-5 June 2013
  • Spring School on Trustworthy Services and Systems, May 2013, Malaga (Spain)
  • Program co-Chair of the 7th Workshop on Security and Trust Management, Copenhagen (Denmark), 27-28 June, 2011
  • Publicity Chair of the 6th Workshop on Security and Trust Management, Athens (Greece), 23-24 September, 2010
  • Publication Chair of the 7th International Conference on Trust, Privacy and Security in Digital Business, Bilbao (Spain), 30-31 August, 2010
  • Program Committee member of the following events (not all of them are here):
    • TrustBus 2011, 2012, 2013,  International COnference on Trust, Privacy and Security in Digital Business
    • EuroPKI 2013
    • ACM SAC Treck 2012, 2013
    • Workshop on Economics ans security in the Cloud, 2013
    • IEEE CloudCom 2013
    • STM (2008-onwards) Workshop on Security and Trust Management
    • 15th International Conference on Computational Science and Engineering, CSE 2012
    • TNS 2011, IADIS International Conference on Telecommunications, Networks and Systems 2011
    • SOTICS 2011-, International Conference on Social Eco-Informatics
    • WOSIS 2011-, International Workshop on Security in Information Systems
    • TNS 2010, IADIS International Conference on Telecommunications, Networks and Systems 2010
    • TrustBus 2009, 6th International Conference on Trust, Privacy and Security in Digital Business
    • TrustBus 2008, 5th International Conference on Trust, Privacy and Security in Digital Business


  • IFIP WG 11.14 on Secure Service Engineering
  • IFIP WG 11.11 on Trust Management
  • ERCIM WG STM, Security and Trust Management
  • Member of the editorial board of IJIIP, International Journal of Intelligent Information Processing

Thesis co-supervisor

  • Francisco Moyano (2015)


  • IFIPTM 2016 Graduate Symposium, Darmstadt (Germany), 2016
  • 1st A4cloud Summer School on Accountability in the cloud, Malaga (Spain), 2014
  • Invited Talk at WOSIS 2013, Angers (France)
  • NESSoS Roadmap at WISSE 2013, Valencia (Spain)