Publications - Pervasive Computing Laboratory

 Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT magos Pervasive computing privacy Protocols Qursa raudo2 Security servicioseguridad Smart Card Trust management Ubisec VANETs 
Show all
2018
 Hinajeros, Francisca;  Almenares-Mendoza, Florina;  Gomila, Patricia Arias-Cabarcos Josep-Lluis Ferrer;  Marín-López, Andrés
RiskLaine: A Probabilistic Approach for Assessing Risk in Certificate-Based Security.  Journal Article 
In: IEEE Transactions on Information Forensics and Security , vol. 13, iss. 8, pp. 1975-1988, 2018, ISSN: 1556-6013.
Abstract | Links | BibTeX | Tags: certificate validation, mobile applications, risk assessment, trust validation
@article{almenarez009b,

title = {RiskLaine: A Probabilistic Approach for Assessing Risk in Certificate-Based Security. },

author = {Francisca Hinajeros and Florina Almenares-Mendoza and Patricia Arias-Cabarcos Josep-Lluis Ferrer Gomila and Andrés Marín-López},

doi = {https://doi.org/10.1109/tifs.2018.2807788},

issn = {1556-6013},

year  = {2018},

date = {2018-02-19},

urldate = {2018-02-19},

journal = {IEEE Transactions on Information Forensics and Security },

volume = {13},

issue = {8},

pages = {1975-1988},

abstract = {Digital certificates, based on X.509 PKI standard, are located at the core of many security mechanisms implemented in services and applications. However, the usage of certificates has revealed flaws in the certificate validation process (e.g., possibility of unavailable or non-updated data). This fact implies security risks that are not assessed. In order to address these issues that such flaws entail, we propose a novel probabilistic approach for quantitative risk assessment in X.509 PKI, together with trust management when there is uncertainty. We have evaluated our risk assessment approach and demonstrated its usage, considering as a use case the secure installation of mobile applications. The results show that our approach provides more granularity, appropriate values according to the impact, and relevant information in the risk calculation than other approaches.},

keywords = {certificate validation, mobile applications, risk assessment, trust validation},

pubstate = {published},

tppubtype = {article}

}

Close
Digital certificates, based on X.509 PKI standard, are located at the core of many security mechanisms implemented in services and applications. However, the usage of certificates has revealed flaws in the certificate validation process (e.g., possibility of unavailable or non-updated data). This fact implies security risks that are not assessed. In order to address these issues that such flaws entail, we propose a novel probabilistic approach for quantitative risk assessment in X.509 PKI, together with trust management when there is uncertainty. We have evaluated our risk assessment approach and demonstrated its usage, considering as a use case the secure installation of mobile applications. The results show that our approach provides more granularity, appropriate values according to the impact, and relevant information in the risk calculation than other approaches.
Close
doi:https://doi.org/10.1109/tifs.2018.2807788
Close
2015
 Arias-Cabarcos, Patricia;  Almenárez, Florina;  Trapero, Rubén;  Díaz-Sánchez, Daniel;  Marín, Andrés
Blended Identity: Pervasive IdM for Continuous Authentication Journal Article 
In: IEEE Xplore, vol. 13, iss. 3, pp. 32-39, 2015, ISSN: 1540-7993.
Abstract | Links | BibTeX | Tags: blended identity, emrisco, identity management, IdM, Pervasive computing, Protocols, risk assessment, Security
@article{ariascabarcos002,

title = {Blended Identity: Pervasive IdM for Continuous Authentication},

author = {Patricia Arias-Cabarcos and Florina Almenárez and Rubén Trapero and Daniel Díaz-Sánchez and Andrés Marín},

url = {https://ieeexplore.ieee.org/document/7118079},

doi = {https://doi.org/10.1109/MSP.2015.62},

issn = {1540-7993},

year  = {2015},

date = {2015-06-04},

urldate = {2015-06-04},

journal = {IEEE Xplore},

volume = {13},

issue = {3},

pages = {32-39},

abstract = {A proper identity management approach is necessary for pervasive computing to be invisible to users. Federated identity management is key to achieving efficient identity blending and natural integration in the physical and online layers where users, devices, and services are present.},

keywords = {blended identity, emrisco, identity management, IdM, Pervasive computing, Protocols, risk assessment, Security},

pubstate = {published},

tppubtype = {article}

}

Close
A proper identity management approach is necessary for pervasive computing to be invisible to users. Federated identity management is key to achieving efficient identity blending and natural integration in the physical and online layers where users, devices, and services are present.
Close
https://ieeexplore.ieee.org/document/7118079
doi:https://doi.org/10.1109/MSP.2015.62
Close
2012
 Arias-Cabarcos, Patricia;  Almenárez-Mendoza, Florina;  Marín-López, Andrés;  Díaz-Sánchez, Daniel;  Sánchez-Guerrero, Rosa
A Metric-Based Approach to Assess Risk for "On Cloud" Federated Identity Management Journal Article 
In: Journal of Network and Systems Management, vol. 20, iss. 4, pp. 513-533, 2012, ISSN: 1573-7705.
Abstract | Links | BibTeX | Tags: Cloud computing, consequence, federation, risk assessment, SAML, servicioseguridad, Trust management
@article{ariascabarcos001,

title = {A Metric-Based Approach to Assess Risk for "On Cloud" Federated Identity Management},

author = {Patricia Arias-Cabarcos and Florina Almenárez-Mendoza and Andrés Marín-López and Daniel Díaz-Sánchez and Rosa Sánchez-Guerrero },

url = {https://link.springer.com/article/10.1007/s10922-012-9244-2},

doi = {https://doi.org/10.1007/s10922-012-9244-2},

issn = {1573-7705},

year  = {2012},

date = {2012-07-04},

urldate = {2012-07-04},

journal = {Journal of Network and Systems Management},

volume = {20},

issue = {4},

pages = {513-533},

abstract = {The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidence-based trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.

},

keywords = {Cloud computing, consequence, federation, risk assessment, SAML, servicioseguridad, Trust management},

pubstate = {published},

tppubtype = {article}

}

Close
The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidence-based trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.

Close
https://link.springer.com/article/10.1007/s10922-012-9244-2
doi:https://doi.org/10.1007/s10922-012-9244-2
Close