Michalis Pavlidis scite author profile

Modern information society depends on reliable functionality of information systems infrastructure, while at the same time the number of cyber-attacks has been increasing over the years and damages have been caused. Furthermore, graphs can be used to show paths than can be exploited by attackers to intrude into systems and gain unauthorized access through vulnerability exploitation. This paper presents a method that builds attack graphs using data supplied from the maritime supply chain infrastructure. The method delivers all possible paths that can be exploited to gain access. Then, a recommendation system is utilized to make predictions about future attack steps within the network. We show that recommender systems can be used in cyber defense by predicting attacks. The goal of this paper is to identify attack paths and show how a recommendation method can be used to classify future cyber-attacks in terms of risk management. The proposed method has been experimentally evaluated and validated, with the results showing that it is both practical and effective.

show abstract

Cyber-attack path discovery in a dynamic supply chain maritime risk management system

Polatidis

Pavlidis

Mouratidis

2018

Computer Standards & Interfaces

View full text Add to dashboard Cite

a b s t r a c t Maritime port infrastructures rely on the use of information systems for collaboration, while a vital part of collaborating is to provide protection to these systems. Attack graph analysis and risk assessment provide information that can be used to protect the assets of a network from cyber-attacks. Furthermore, attack graphs provide functionality that can be used to identify vulnerabilities in a network and how these can be exploited by potential attackers. Existing attack graph generation methods are inadequate in satisfying certain requirements necessary in a dynamic supply chain risk management environment, since they do not consider variables that assist in exploring specific network parts that satisfy certain criteria, such as the entry and target points, the propagation length and the location and capability of the potential attacker. In this paper, we present a cyber-attack path discovery method that is used as a component of a maritime risk management system. The method uses constraints and Depth-first search to effectively generate attack graphs that the administrator is interested in. To support our method and to show its effectiveness we have evaluated it using real data from a maritime supply chain.

show abstract

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Piras

Al-Obeidallah

Praitano³

et al. 2019

View full text Add to dashboard Cite

The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and 2 L. Piras et al. to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

show abstract

Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform

Gharib

Salnitri

Paja

et al. 2016

View full text Add to dashboard Cite

Abstract-Information practices and systems that make use of personal and health-related information are governed by European laws and regulations to prevent unauthorized use and disclosure. Failure to comply with these laws and regulations results in huge monetary sanctions, which both private companies and public administrations want to avoid. How to comply with these laws, requires understanding the privacy requirements imposed on information systems. A holistic approach to privacy requirements specification calls for understanding not only the requirements derived from law, but also citizens' needs with respect to privacy. In this paper, we report on our experience in conducting privacy requirements engineering as part of a H2020 European Project, namely VisiOn (Visual Privacy Management in User Centric Open Requirements) for the development of a privacy platform to improve the interaction between Public Administrations (PA) and citizens, while guarding the privacy of the latter. Specifically, we present the process for eliciting, classifying, prioritizing, and validating privacy requirements for the two types of users, namely PA and citizen. The process is applied to different cases spanning from healthcare to other e-governmental initiatives, with the active involvement of the corresponding PAs. We report on findings and lessons learned from this experience.

show abstract

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Piras

Al-Obeidallah

Pavlidis

et al. 2020

View full text Add to dashboard Cite

The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.