Rodrigo Roman

Assistant Professor

Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34-951-952914    Fax: +34-951-952749

 Domain of interest and research

  • Protecting the Internet of Things
  • Security Architectures (Fog / MEC Infrastructures)
  • Protection of Critical Infrastructures
  • Security in Wireless Sensor Networks

Current research

  • "Bring security to the real world": For Dr. Roman, security should not be an obscure concept that is difficult to apply, but a simple idea that can be easily explained and deployed. Consequently, Dr. Roman's research is mainly focused on providing useful and relevant security solutions that fulfill the requirements of both applications and its users.
    • Security solutions for the Internet of Things: One of our goals is to provide security mechanisms for various IoT scenarios, such as monitoring solutions for Industrial Internet of Things scenarios (SADCIP project) and the introduction of the "digital witness" concept in IoT Forensics (IoTest project).
    • Security Architectures: Another of our goals is to define and create security architectures that fulfill the requirements of the application and its environment. Currently we are studying the security of edge paradigms, such as Fog Computing and Mobile Edge Computing (SMOG project).


  • Ph.D. in Computer Science (with European Doctorate mention), University of Malaga (June 2008).
  • Undergraduate Research Fellow, Institute for Infocomm Research (I2R), Singapore (August 2003 - December 2004).
  • MSc. in Computer Engineering, University of Malaga (August 2003).
  • BSc. in Computer Science, University of Malaga (August 2000).

Relevant publications

  • R. Roman, J. Lopez, and S. Gritzalis, "Evolution and Trends in the Security of the Internet of Things",
    IEEE Computer, vol. 51, issue 7, IEEE Computer Society, pp. 16-25, 07/2018. DOI (I.F.: 1.940)More..
    Impact Factor: 1.940
    Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

  • J. E. Rubio, R. Roman, and J. Lopez, "Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection",
    The 12th International Conference on Critical Information Infrastructures Security, vol. Lecture Notes in Computer Science, vol 10707, Springer, pp. 119-130, 08/2018. More..
  • R. Roman, J. Lopez, and M. Mambo, "Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges",
    Future Generation Computer Systems, vol. 78, issue 1, Elsevier, pp. 680-698, 01/2018. DOI (I.F.: 4.639)More..


    For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.

    Impact Factor: 4.639
    Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

  • A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices",
    IEEE Network, IEEE Communications Society, pp. 12-19, 2016. DOI (I.F.: 7.230)More..


    Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.

    Impact Factor: 7.230
    Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

  • R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed internet of things",
    Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013. DOI (I.F.: 1.282)More..


    In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.

    Impact Factor: 1.282
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  • J. Lopez, R. Roman, and C. Alcaraz, "Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks",
    Foundations of Security Analysis and Design 2009, LNCS 5705, Springer Berlin/Heidelberg, pp. 289-338, August, 2009. DOI More..


    As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.

Attended courses and seminars

  • European Intensive Programme on Information & Communication Systems Security (IPICS), August 2003.

Scientific Activities

  • Editor:
    • International Journal on Advances in Security - IARIA
  • Guest Editor:
    • International Journal of Information Security - Springer ("IoT Security and Privacy")
    • Journal of Security and Communication Networks - Wiley ("Security in a Completely Interconnected World")
    • Journal of Security and Communication Networks - Wiley ("Protecting the Internet of Things")
    • Journal of Communication Systems - Wiley ("Advanced Processing Technologies and Applications for Mobile Communication Systems")
  • General (co)chair:
    • 2011: ACNS
    • 2010: SecIoT
  • Program (co)chair:
    • 2012: SecIoT
    • 2011: IWCS
  • Program committee member (last 5 years):
    • 2018: CPSS, SePrIoT, SPIoT
    • 2017: SIoT
    • 2016: TrustBus, WISTP, SIoT, ISI WIC, ICCVE
    • 2015: SIoT
    • 2014: WF-IoT, SNDS, ComNet-IoT, NCCA
  • Organization committee member:
    • 2008: ESORICS
    • 2007: CRITIS, EuroPKI,JITEL


  • IEEE, member.