Theodoros Balopoulos - Academia.edu (original) (raw)

Papers by Theodoros Balopoulos

Research paper thumbnail of Specifying and implementing privacy-preserving cryptographic protocols

International Journal of Information Security, May 28, 2008

Formal methods are an important tool for designing secure cryptographic protocols. However, the e... more Formal methods are an important tool for designing secure cryptographic protocols. However, the existing work on formal methods does not cover privacypreserving protocols as much as other types of protocols. Furthermore, privacy-related properties, such as unlinkability, are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol's execution. In this paper, we demonstrate how, starting from an informal description of a privacy-preserving protocol in natural language, one may use a modified and extended version of the Typed MSR language to create a formal specification of this protocol, typed in a linkability-oriented type system, and then use this specification to reach an implementation of this protocol in Jif, in such a way that privacy vulnerabilities can be detected with a mixture of static and runtime checks.

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

European Conference on Information Warfare and Security, 2005

Research paper thumbnail of An Extension of Typed MSR for Specifying Esoteric Protocols and Their Dolev-Yao Intruder

Kluwer Academic Publishers eBooks, Sep 27, 2005

Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.

Research paper thumbnail of Specifying electronic voting protocols in typed MSR

Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...

Research paper thumbnail of Specifying Privacy-Preserving Protocols in Typed MSR

Computer Standards & Interfaces, Jun 1, 2005

Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure... more Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and known-plaintext attacks) that privacy-preserving as well as other types of protocols are designed to protect against. This paper aims to present an extension of Typed MSR in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack such protocols.

Research paper thumbnail of Employing Ontologies for the Development of Security Critical Applications

Kluwer Academic Publishers eBooks, Jun 7, 2006

Incorporating security in the application development process is a fundamental requirement for bu... more Incorporating security in the application development process is a fundamental requirement for building secure applications, especially with regard to security sensitive domains, such as e-government. In this paper we follow a novel approach to demonstrate how the process of developing an e-poll application can be substantially facilitated by employing a specialized security ontology. To accomplish this, we describe the security ontology we have developed, and provide a set of indicative questions that developers might face, together with the solutions that ontology deployment provides.

Research paper thumbnail of Προδιαγραφή και υλοποίηση κρυπτογραφικών πρωτοκόλλων ασφάλειας με απαιτήσεις διασφάλισης ιδιωτικότητας

Formal methods are an important tool for designing and implementing secure cryptographic protocol... more Formal methods are an important tool for designing and implementing secure cryptographic protocols. However, the existing work on formal methods does not cover privacy-preserving protocols as much as other types of protocols (for example, authentication protocols). Furthermore, privacy-related properties are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol’s execution. This thesis: (i) proposes abstractions for some (relatively) complex cryptographic primitives used in privacy-preserving protocols, and uses these abstractions to develop suitable message constructors and a linkability-oriented type system for Typed MSR (a strongly typed specification language for security protocols), and (ii) demonstrates how these typed message constructors can be implemented in Jif (a security-oriented extension of a subset of the Java programming language dealing with information flow) in such a way that linkability vulnerabilities can be...

Research paper thumbnail of 争鸣·宽容·民主

2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们... more 2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们对于观点的记录与保存往往偏向于有权势者或受过良好教育的人,而实际上许多有价值的观点与下层社会成员有关。那么如何让这些弱势者自由表达出来呢?

Research paper thumbnail of A knowledge-based approach to security requirements for e-health applications

This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on

Research paper thumbnail of A knowledge-based approach to security requirements for e-health applications

This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

European Conference on Information Warfare and Security, 2005

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.

Research paper thumbnail of Developing a Security Patterns Repository for Secure Applications Design

Proceedings of the …, 2006

... patterns in software development, by customizing the patterns' structure... more ... patterns in software development, by customizing the patterns' structure so as to include security specific properties, such as threats and vulnerabilities. ... 2.1 Software patterns Software patterns are a solution to recurring software development problems in a specific context. ...

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

Eciw, 2005

Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.

Research paper thumbnail of An Extension of Typed MSR for Specifying Esoteric Protocols and Their Dolev-Yao Intruder

Communications and Multimedia Security

Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.

Research paper thumbnail of Specifying electronic voting protocols in typed MSR

Proceedings of the 2005 ACM workshop on Privacy in the electronic society - WPES '05, 2005

Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...

Research paper thumbnail of Towards a logic of privacy-preserving selective disclosure credential protocols

14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings., 2003

ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achi... more ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achieve selective disclosure of credentials while preserving privacy. The analysis draws from the BAN and related logics by M. Burrows et al (1990) and P. Syverson and I. Cervesanto (2001) that are targeted to aid reasoning about authentication protocols, as well as from formal methods on PKIs by C. Liu et al (2000, 2001) . The families of protocols directly covered are built using selective disclosure certificates, blind signatures and one-way has functions as cryptographic primitives. The logic is able to prove that if the protocol's credentials are properly constructed and signed by trusted issuers, they should convince a verifier; furthermore, it provides a framework on which mechanized attacks against privacy may be attempted by an automatic theorem prover. The runner example is a protocol by J.E. Holt and K.E. Seamons (2002).

Research paper thumbnail of Employing Ontologies for the Development of Security Critical Applications

IFIP International Federation for Information Processing, 2005

 Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference ... more  Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference 3 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 4 Introduction  Problem: Need for secure applications  Proposed solution: Use of security ontologies during the software development process  Implementation in:  e-Government  e-Voting  Remote internet voting (security sensitive application environment) 18/11/05 IFIP I3E 2005 Conference 5 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 6 Ontology "an ontology is the attempt to express an exhaustive conceptual scheme within a given domain"  In computer science: ontology is used as a means for modelling information 18/11/05 IFIP I3E 2005 Conference 7 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 8 Secure software development  It is generally accepted that security should be "built-in" rather than "addedon"  A number of methodologies exist that try to handle security issues in the design level but they  make no reference as to how security requirements can be translated into system components  do not provide a generic model of security and thus can be applied only in specific application environments  are rather technical 18/11/05 IFIP I3E 2005 Conference 9 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 10 Security ontology  A security ontology can facilitate secure applications development through  the provision of a common vocabulary for application developers and security experts  expression of security concepts and realization of their relationships and thus the provision of a generic security model  being implementation agnostic  To the best of our knowledge no such ontology exists* * See paper section 2.2 for related work details 18/11/05 IFIP I3E 2005 Conference 11 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 12 Building a secure application ontology  No generally accepted, robust methodology exists for developing an ontology  Our approach:  Step one:  Determining ontology domain and scope  Found and used existing material  other ontologies  CRAMM database of countermeasures, etc.  Step two (iterative):  Determining competency questions  Enumerating important domain terms  Defining classes and class hierarchy  Instantiating defined classes  Querying the ontology 18/11/05 IFIP I3E 2005 Conference 13 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 14 Methods  Competency questions are loosely structured questions that a knowledge base based on the ontology under production, should be able to answer  Example  Q: Are voters stakeholders of the system?  A: Yes  Approximately 100 terms were enumerated  Some formed classes, others formed properties, some were not used at all  Classes and relations between them, the class hierarchy, and class slots along with their domain and range were defined  Instantiation was based on the CRAMM countermeasure database 18/11/05 IFIP I3E 2005 Conference 15 Tools We used  Protégé to construct the ontology  It is a software tool for constructing ontologies  Used along with its OWL and RQL Tab plug-ins  Racer to detect inconsistencies & submit queries  It is an inference engine for query answering over RDF documents  new Racer Query Language (nRQL) language used  The RQL Tab plug-in allows the OWL plug-in to send queries to Racer and receive the answers (results) 18/11/05 IFIP I3E 2005 Conference 16 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 17 Remote internet voting: The e-poll application environment Domain characteristics  Voter authentication is a mandatory requirement  There is a specific list of authorized voters  Voters are not allowed to vote more than once  Voters can vote from any computer connected to the internet  Voters are presented with a predefined set of choices and/or with alternative ways of expressing opinion 18/11/05 IFIP I3E 2005 Conference 18 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05

Research paper thumbnail of A Framework for Exploiting Security Expertise in Application Development

Lecture Notes in Computer Science, 2006

This paper presents a framework that employs security ontologies and security patterns to provide... more This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with these concepts to provide tested solutions for accommodating security requirements.

Research paper thumbnail of An ontology for secure e-government applications

This paper addresses the issue of accommodating security requirements in application development.... more This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that will help them fulfill security requirements more effectively. We have developed a security ontology for two different application scenarios to illustrate its use. To validate the ontology we have used queries.

Research paper thumbnail of Specifying and implementing privacy-preserving cryptographic protocols

International Journal of Information Security, May 28, 2008

Formal methods are an important tool for designing secure cryptographic protocols. However, the e... more Formal methods are an important tool for designing secure cryptographic protocols. However, the existing work on formal methods does not cover privacypreserving protocols as much as other types of protocols. Furthermore, privacy-related properties, such as unlinkability, are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol's execution. In this paper, we demonstrate how, starting from an informal description of a privacy-preserving protocol in natural language, one may use a modified and extended version of the Typed MSR language to create a formal specification of this protocol, typed in a linkability-oriented type system, and then use this specification to reach an implementation of this protocol in Jif, in such a way that privacy vulnerabilities can be detected with a mixture of static and runtime checks.

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

European Conference on Information Warfare and Security, 2005

Research paper thumbnail of An Extension of Typed MSR for Specifying Esoteric Protocols and Their Dolev-Yao Intruder

Kluwer Academic Publishers eBooks, Sep 27, 2005

Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.

Research paper thumbnail of Specifying electronic voting protocols in typed MSR

Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...

Research paper thumbnail of Specifying Privacy-Preserving Protocols in Typed MSR

Computer Standards & Interfaces, Jun 1, 2005

Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure... more Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and known-plaintext attacks) that privacy-preserving as well as other types of protocols are designed to protect against. This paper aims to present an extension of Typed MSR in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack such protocols.

Research paper thumbnail of Employing Ontologies for the Development of Security Critical Applications

Kluwer Academic Publishers eBooks, Jun 7, 2006

Incorporating security in the application development process is a fundamental requirement for bu... more Incorporating security in the application development process is a fundamental requirement for building secure applications, especially with regard to security sensitive domains, such as e-government. In this paper we follow a novel approach to demonstrate how the process of developing an e-poll application can be substantially facilitated by employing a specialized security ontology. To accomplish this, we describe the security ontology we have developed, and provide a set of indicative questions that developers might face, together with the solutions that ontology deployment provides.

Research paper thumbnail of Προδιαγραφή και υλοποίηση κρυπτογραφικών πρωτοκόλλων ασφάλειας με απαιτήσεις διασφάλισης ιδιωτικότητας

Formal methods are an important tool for designing and implementing secure cryptographic protocol... more Formal methods are an important tool for designing and implementing secure cryptographic protocols. However, the existing work on formal methods does not cover privacy-preserving protocols as much as other types of protocols (for example, authentication protocols). Furthermore, privacy-related properties are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol’s execution. This thesis: (i) proposes abstractions for some (relatively) complex cryptographic primitives used in privacy-preserving protocols, and uses these abstractions to develop suitable message constructors and a linkability-oriented type system for Typed MSR (a strongly typed specification language for security protocols), and (ii) demonstrates how these typed message constructors can be implemented in Jif (a security-oriented extension of a subset of the Java programming language dealing with information flow) in such a way that linkability vulnerabilities can be...

Research paper thumbnail of 争鸣·宽容·民主

2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们... more 2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们对于观点的记录与保存往往偏向于有权势者或受过良好教育的人,而实际上许多有价值的观点与下层社会成员有关。那么如何让这些弱势者自由表达出来呢?

Research paper thumbnail of A knowledge-based approach to security requirements for e-health applications

This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on

Research paper thumbnail of A knowledge-based approach to security requirements for e-health applications

This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

European Conference on Information Warfare and Security, 2005

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.

Research paper thumbnail of Developing a Security Patterns Repository for Secure Applications Design

Proceedings of the …, 2006

... patterns in software development, by customizing the patterns' structure... more ... patterns in software development, by customizing the patterns' structure so as to include security specific properties, such as threats and vulnerabilities. ... 2.1 Software patterns Software patterns are a solution to recurring software development problems in a specific context. ...

Research paper thumbnail of Incorporating Security Requirements Into the Software Development Process

Eciw, 2005

Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.

Research paper thumbnail of An Extension of Typed MSR for Specifying Esoteric Protocols and Their Dolev-Yao Intruder

Communications and Multimedia Security

Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.

Research paper thumbnail of Specifying electronic voting protocols in typed MSR

Proceedings of the 2005 ACM workshop on Privacy in the electronic society - WPES '05, 2005

Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...

Research paper thumbnail of Towards a logic of privacy-preserving selective disclosure credential protocols

14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings., 2003

ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achi... more ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achieve selective disclosure of credentials while preserving privacy. The analysis draws from the BAN and related logics by M. Burrows et al (1990) and P. Syverson and I. Cervesanto (2001) that are targeted to aid reasoning about authentication protocols, as well as from formal methods on PKIs by C. Liu et al (2000, 2001) . The families of protocols directly covered are built using selective disclosure certificates, blind signatures and one-way has functions as cryptographic primitives. The logic is able to prove that if the protocol's credentials are properly constructed and signed by trusted issuers, they should convince a verifier; furthermore, it provides a framework on which mechanized attacks against privacy may be attempted by an automatic theorem prover. The runner example is a protocol by J.E. Holt and K.E. Seamons (2002).

Research paper thumbnail of Employing Ontologies for the Development of Security Critical Applications

IFIP International Federation for Information Processing, 2005

 Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference ... more  Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference 3 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 4 Introduction  Problem: Need for secure applications  Proposed solution: Use of security ontologies during the software development process  Implementation in:  e-Government  e-Voting  Remote internet voting (security sensitive application environment) 18/11/05 IFIP I3E 2005 Conference 5 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 6 Ontology "an ontology is the attempt to express an exhaustive conceptual scheme within a given domain"  In computer science: ontology is used as a means for modelling information 18/11/05 IFIP I3E 2005 Conference 7 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 8 Secure software development  It is generally accepted that security should be "built-in" rather than "addedon"  A number of methodologies exist that try to handle security issues in the design level but they  make no reference as to how security requirements can be translated into system components  do not provide a generic model of security and thus can be applied only in specific application environments  are rather technical 18/11/05 IFIP I3E 2005 Conference 9 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 10 Security ontology  A security ontology can facilitate secure applications development through  the provision of a common vocabulary for application developers and security experts  expression of security concepts and realization of their relationships and thus the provision of a generic security model  being implementation agnostic  To the best of our knowledge no such ontology exists* * See paper section 2.2 for related work details 18/11/05 IFIP I3E 2005 Conference 11 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 12 Building a secure application ontology  No generally accepted, robust methodology exists for developing an ontology  Our approach:  Step one:  Determining ontology domain and scope  Found and used existing material  other ontologies  CRAMM database of countermeasures, etc.  Step two (iterative):  Determining competency questions  Enumerating important domain terms  Defining classes and class hierarchy  Instantiating defined classes  Querying the ontology 18/11/05 IFIP I3E 2005 Conference 13 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 14 Methods  Competency questions are loosely structured questions that a knowledge base based on the ontology under production, should be able to answer  Example  Q: Are voters stakeholders of the system?  A: Yes  Approximately 100 terms were enumerated  Some formed classes, others formed properties, some were not used at all  Classes and relations between them, the class hierarchy, and class slots along with their domain and range were defined  Instantiation was based on the CRAMM countermeasure database 18/11/05 IFIP I3E 2005 Conference 15 Tools We used  Protégé to construct the ontology  It is a software tool for constructing ontologies  Used along with its OWL and RQL Tab plug-ins  Racer to detect inconsistencies & submit queries  It is an inference engine for query answering over RDF documents  new Racer Query Language (nRQL) language used  The RQL Tab plug-in allows the OWL plug-in to send queries to Racer and receive the answers (results) 18/11/05 IFIP I3E 2005 Conference 16 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 17 Remote internet voting: The e-poll application environment Domain characteristics  Voter authentication is a mandatory requirement  There is a specific list of authorized voters  Voters are not allowed to vote more than once  Voters can vote from any computer connected to the internet  Voters are presented with a predefined set of choices and/or with alternative ways of expressing opinion 18/11/05 IFIP I3E 2005 Conference 18 Structure of the Presentation  Introduction  Ontology and Developing Secure Software  Ontology  Secure software development  Security ontology  Research Methodology  Building a secure application ontology  Methods and tools  Case Study: The Secure e-Poll Paradigm  Remote internet voting: The e-poll application environment  The e-poll application  Secure e-poll ontology  nRQL queries and results  Conclusions and Further Research 18/11/05

Research paper thumbnail of A Framework for Exploiting Security Expertise in Application Development

Lecture Notes in Computer Science, 2006

This paper presents a framework that employs security ontologies and security patterns to provide... more This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with these concepts to provide tested solutions for accommodating security requirements.

Research paper thumbnail of An ontology for secure e-government applications

This paper addresses the issue of accommodating security requirements in application development.... more This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that will help them fulfill security requirements more effectively. We have developed a security ontology for two different application scenarios to illustrate its use. To validate the ontology we have used queries.