Manos Magkos | Ionian University (original) (raw)
Papers by Manos Magkos
Journal of Data Intelligence, 2021
In order to empower user data protection and user rights, the European General Data Protection Re... more In order to empower user data protection and user rights, the European General Data Protection Regulation (GDPR) has been enforced. On the positive side, the user is obtaining advantages from GDPR. However, organisations are facing many difficulties in interpreting GDPR, and to properly applying it, and, in the meanwhile, due to their lack of compliance, many organisations are receiving huge fines from authorities. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting...
International Journal of Ad Hoc and Ubiquitous Computing, 2012
International Journal of Information Technologies and Systems Approach, 2011
Current research in location-based services (LBSs) highlights the importance of cryptographic pri... more Current research in location-based services (LBSs) highlights the importance of cryptographic primitives in privacy preservation for LBSs, and presents solutions that attempt to support the (apparently) mutually exclusive requirements for access control and context privacy (i.e., identity and/or location), while at the same time adopting more conservative assumptions in order to reduce or completely remove the need for trust on system entities (e.g., the LBS provider, the network operator, or other peer nodes). This paper surveys the current state of knowledge concerning the use of cryptographic primitives for privacy-preservation in LBS applications.
Information & Computer Security, 2020
Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing pe... more Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy...
ABSTRACT In this paper, fingerprint segmentation for secure Internet verification purposes is inv... more ABSTRACT In this paper, fingerprint segmentation for secure Internet verification purposes is investigated. The novel application of computational geometry algorithms in the fingerprint segmentation stage showed that the extracted feature (characteristic polygon) may be used as a secure and accurate method for fingerprint-based verification over the Internet. On the other hand the proposed method promisingly allows very small false acceptance and false rejection rates, as it is based on specific segmentation.
International Journal of Digital Crime and Forensics, 2012
With the advent of Information and Communication Technologies, the means of committing a crime an... more With the advent of Information and Communication Technologies, the means of committing a crime and the crime itself are constantly evolved. In addition, the boundaries between traditional crime and cybercrime are vague: a crime may not have a defined traditional or digital form since digital and physical evidence may coexist in a crime scene. Furthermore, various items found in a crime scene may worth be examined as both physical and digital evidence, which the authors consider as hybrid evidence. In this paper, a model for investigating such crime scenes with hybrid evidence is proposed. Their model unifies the procedures related to digital and physical evidence collection and examination, taking into consideration the unique characteristics of each form of evidence. The authors’ model can also be implemented in cases where only digital or physical evidence exist in a crime scene.
We propose a framework for modeling the security of cyber-physical systems in which the behavior ... more We propose a framework for modeling the security of cyber-physical systems in which the behavior of the adversary is controlled by a threat model that captures both the cyber aspects (with discrete values) and the physical aspects (with continuous values) of such systems in a unified way. In particular, it addresses combined (dependent) vector attacks, and synchronization/localization issues. The framework identifies the cyberphysical features specified by the security policies that need to be protected, and can be used for proving formally the security of cyber-physical systems.
International Journal of Critical Infrastructure Protection, 2012
Journal in Computer Virology, 2007
Learning and Analytics in Intelligent Systems, 2020
Information & Computer Security
Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing pe... more Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy...
Abstract—In highly dynamic systems resources may have to be accessed in real-time, within the str... more Abstract—In highly dynamic systems resources may have to be accessed in real-time, within the strict time limits of un-derlying physical processes, with availability becoming critical. Current access control models such as RBAC and ABAC do not address real-time availability in a scalable way for such scenarios. In this paper we propose a real-time attribute-based access control model that extends the functionality of ABAC by using real-time attributes that reflect the requirements of critical applications. We describe two applications of our model: (a) a substation automation system, and (b) a medical cyber-physical system. Keywords- Dynamic systems, access control, real-time avail-ability, cyber-physical systems, trusted computing. I.
2013 IEEE Symposium on Computers and Communications (ISCC), 2013
Journal of Computing Science and Engineering, 2011
Privacy in Statistical Databases, 2010
In this work, we study the problem of anonymity-preserving data publishing in moving objects data... more In this work, we study the problem of anonymity-preserving data publishing in moving objects databases. In particular, the trajectory of a mobile user on the plane is no longer a polyline in a two-dimensional space, instead it is a two-dimensional surface: we know that the trajectory of the mobile user is within this surface, but we do not know exactly
Abstract. The exchange of user-related sensitive data within a Per-vasive Computing Environment (... more Abstract. The exchange of user-related sensitive data within a Per-vasive Computing Environment (PCE) raises security and privacy con-cerns. On one hand, service providers require user authentication and authorization prior to the provision of a service, while at the same time users require anonymity, i.e., untraceability and unlinkability for their transactions. In this paper we discuss privacy and security requirements for access control in PCEs and show why a recently proposed efficient scheme [1] fails to satisfy these requirements. Furthermore, we discuss a generic approach for achieving a desired level of privacy against malicious insiders, while balancing with competing demands for access control and accountability.
Information
Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects... more Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects of cybersecurity, maintaining hands-on lab exercises, and integrating gamification elements. However, deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources by educators. In this paper, we present PocketCTF, an extensible and fully independent CTF platform, open to educators to run realistic virtual labs to host cybersecurity exercises in their classrooms. PocketCTF is based on containerization technologies to minimize the deployment effort and to utilize less system resources. A proof-of-concept implementation demonstrates the feasibility of deploying CTF challenges that allows the trainees to engage not only in offensive security but also in defensive tasks that have to be conducted during cybersecurity incidents. When using PocketCTF, educators can deploy hands-on labs, spendi...
Journal of Data Intelligence, 2021
In order to empower user data protection and user rights, the European General Data Protection Re... more In order to empower user data protection and user rights, the European General Data Protection Regulation (GDPR) has been enforced. On the positive side, the user is obtaining advantages from GDPR. However, organisations are facing many difficulties in interpreting GDPR, and to properly applying it, and, in the meanwhile, due to their lack of compliance, many organisations are receiving huge fines from authorities. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting...
International Journal of Ad Hoc and Ubiquitous Computing, 2012
International Journal of Information Technologies and Systems Approach, 2011
Current research in location-based services (LBSs) highlights the importance of cryptographic pri... more Current research in location-based services (LBSs) highlights the importance of cryptographic primitives in privacy preservation for LBSs, and presents solutions that attempt to support the (apparently) mutually exclusive requirements for access control and context privacy (i.e., identity and/or location), while at the same time adopting more conservative assumptions in order to reduce or completely remove the need for trust on system entities (e.g., the LBS provider, the network operator, or other peer nodes). This paper surveys the current state of knowledge concerning the use of cryptographic primitives for privacy-preservation in LBS applications.
Information & Computer Security, 2020
Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing pe... more Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy...
ABSTRACT In this paper, fingerprint segmentation for secure Internet verification purposes is inv... more ABSTRACT In this paper, fingerprint segmentation for secure Internet verification purposes is investigated. The novel application of computational geometry algorithms in the fingerprint segmentation stage showed that the extracted feature (characteristic polygon) may be used as a secure and accurate method for fingerprint-based verification over the Internet. On the other hand the proposed method promisingly allows very small false acceptance and false rejection rates, as it is based on specific segmentation.
International Journal of Digital Crime and Forensics, 2012
With the advent of Information and Communication Technologies, the means of committing a crime an... more With the advent of Information and Communication Technologies, the means of committing a crime and the crime itself are constantly evolved. In addition, the boundaries between traditional crime and cybercrime are vague: a crime may not have a defined traditional or digital form since digital and physical evidence may coexist in a crime scene. Furthermore, various items found in a crime scene may worth be examined as both physical and digital evidence, which the authors consider as hybrid evidence. In this paper, a model for investigating such crime scenes with hybrid evidence is proposed. Their model unifies the procedures related to digital and physical evidence collection and examination, taking into consideration the unique characteristics of each form of evidence. The authors’ model can also be implemented in cases where only digital or physical evidence exist in a crime scene.
We propose a framework for modeling the security of cyber-physical systems in which the behavior ... more We propose a framework for modeling the security of cyber-physical systems in which the behavior of the adversary is controlled by a threat model that captures both the cyber aspects (with discrete values) and the physical aspects (with continuous values) of such systems in a unified way. In particular, it addresses combined (dependent) vector attacks, and synchronization/localization issues. The framework identifies the cyberphysical features specified by the security policies that need to be protected, and can be used for proving formally the security of cyber-physical systems.
International Journal of Critical Infrastructure Protection, 2012
Journal in Computer Virology, 2007
Learning and Analytics in Intelligent Systems, 2020
Information & Computer Security
Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing pe... more Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy...
Abstract—In highly dynamic systems resources may have to be accessed in real-time, within the str... more Abstract—In highly dynamic systems resources may have to be accessed in real-time, within the strict time limits of un-derlying physical processes, with availability becoming critical. Current access control models such as RBAC and ABAC do not address real-time availability in a scalable way for such scenarios. In this paper we propose a real-time attribute-based access control model that extends the functionality of ABAC by using real-time attributes that reflect the requirements of critical applications. We describe two applications of our model: (a) a substation automation system, and (b) a medical cyber-physical system. Keywords- Dynamic systems, access control, real-time avail-ability, cyber-physical systems, trusted computing. I.
2013 IEEE Symposium on Computers and Communications (ISCC), 2013
Journal of Computing Science and Engineering, 2011
Privacy in Statistical Databases, 2010
In this work, we study the problem of anonymity-preserving data publishing in moving objects data... more In this work, we study the problem of anonymity-preserving data publishing in moving objects databases. In particular, the trajectory of a mobile user on the plane is no longer a polyline in a two-dimensional space, instead it is a two-dimensional surface: we know that the trajectory of the mobile user is within this surface, but we do not know exactly
Abstract. The exchange of user-related sensitive data within a Per-vasive Computing Environment (... more Abstract. The exchange of user-related sensitive data within a Per-vasive Computing Environment (PCE) raises security and privacy con-cerns. On one hand, service providers require user authentication and authorization prior to the provision of a service, while at the same time users require anonymity, i.e., untraceability and unlinkability for their transactions. In this paper we discuss privacy and security requirements for access control in PCEs and show why a recently proposed efficient scheme [1] fails to satisfy these requirements. Furthermore, we discuss a generic approach for achieving a desired level of privacy against malicious insiders, while balancing with competing demands for access control and accountability.
Information
Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects... more Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects of cybersecurity, maintaining hands-on lab exercises, and integrating gamification elements. However, deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources by educators. In this paper, we present PocketCTF, an extensible and fully independent CTF platform, open to educators to run realistic virtual labs to host cybersecurity exercises in their classrooms. PocketCTF is based on containerization technologies to minimize the deployment effort and to utilize less system resources. A proof-of-concept implementation demonstrates the feasibility of deploying CTF challenges that allows the trainees to engage not only in offensive security but also in defensive tasks that have to be conducted during cybersecurity incidents. When using PocketCTF, educators can deploy hands-on labs, spendi...