Publications

Export results:
Author [ Title(Desc)] Type Year
Filters: First Letter Of Title is M  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
M
M. Yague, A. Mana, and J. Lopez, "A Metadata-based Access Control Model for Web Services",
Internet Research Journal, vol. 15, no. 1, Emerald, pp. 99-116, 2005. More..
PDF icon 1707.pdf (365.96 KB)
J. L. Vivas, I. Agudo, and J. Lopez, "A methodology for security assurance-driven system development",
Requirements Engineering, vol. 16, no. 1, Springer, pp. 55-73, Mar 2011. DOI (I.F.: 0.971)More..

Abstract

In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.

Impact Factor: 0.971
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon vivas2010.pdf (1.27 MB)
R. Roman, J. Lopez, and M. Mambo, "Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges",
Future Generation Computer Systems, vol. 78, issue 1, Elsevier, pp. 680-698, 01/2018. DOI (I.F.: 5.768)More..

Abstract

For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.

Impact Factor: 5.768
Journal Citation Reports® Science Edition (Thomson Reuters, 2018)

PDF icon RomanFog16.pdf (775.54 KB)
A. Nieto, and J. Lopez, "A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms",
Mobile Networks and Applications (MONET) Journal, vol. 19, issue 1, Springer US, pp. 64-78, 02/2014. DOI (I.F.: 1.045)More..

Abstract

Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.

Impact Factor: 1.045
Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

PDF icon nieto2013mone.pdf (666.18 KB)
M. Kolar, C. Fernandez-Gago, and J. Lopez, "A Model Specification for the Design of Trust Negotiations",
Computers & Security, vol. 84, issue July 2019, Elsevier, pp. 288-300, 04/2019. DOI (I.F.: 3.579)More..

Abstract

Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.

Impact Factor: 3.579
Journal Citation Reports® Science Edition (Thomson Reuters, 2019)

PDF icon kolar2019trust.pdf (594.23 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "A Model-driven Approach for Engineering Trust and Reputation into Software Services",
Journal of Network and Computer Applications, vol. 69, Elsevier, pp. 134-151, 04/2016. (I.F.: 3.500)More..
Impact Factor: 3.500
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon JNCA16.pdf (613.36 KB)
D. Ferraris, C. Fernandez-Gago, and J. Lopez, "A model-driven approach to ensure trust in the IoT",
Human-centric Computing and Information Sciences, vol. 10, no. 50, Springer, 12/2020. DOI (I.F.: 5.9)More..

Abstract

The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.

Impact Factor: 5.9
Journal Citation Reports® Science Edition (Thomson Reuters, 2020)

PDF icon ferraris2020b.pdf (2.11 MB)
R. Rios, C. Fernandez-Gago, and J. Lopez, "Modelling Privacy-Aware Trust Negotiations",
Computers & Security, vol. 77 , issue August 2018, Elsevier, pp. 773-789, 2018. DOI (I.F.: 3.062)More..

Abstract

Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.

Impact Factor: 3.062
Journal Citation Reports® Science Edition (Thomson Reuters, 2018)

PDF icon Ruben2017trust.pdf (425.82 KB)
C. Fernandez-Gago, F. Moyano, and J. Lopez, "Modelling Trust Dynamics in the Internet of Things",
Information Sciences, vol. 396, Elsevier, pp. 72-82, 2017. DOI (I.F.: 4.305)More..

Abstract

The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.

Impact Factor: 4.305
Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

PDF icon Fer_IS17.pdf (1002.43 KB)
J. A. Onieva, J. Zhou, and J. Lopez, "Multi-Party Nonrepudiation: A survey",
ACM Comput. Surveys, vol. 41, no. 1, pp. 5, December, 2008. (I.F.: 9.92)More..

Abstract

Nonrepudiation is a security service that plays an important role in many Internet applications. Traditional two-party nonrepudiation has been studied intensively in the literature. This survey focuses on multiparty scenarios and provides a comprehensive overview. It starts with a brief introduction of fundamental issues on nonrepudiation, including the types of nonrepudiation service and cryptographic evidence, the roles of trusted third-party, nonrepudiation phases and requirements, and the status of standardization. Then it describes the general multiparty nonrepudiation problem, and analyzes state-of-the-art mechanisms. After this, it presents in more detail the 1-N multiparty nonrepudiation solutions for distribution of different messages to multiple recipients. Finally, it discusses advanced solutions for two typical multiparty nonrepudiation applications, namely, multiparty certified email and multiparty contract signing.

Impact Factor: 9.92
Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

PDF icon JoseA.Onieva2008a.pdf (478.03 KB)