Carmen Fernández-Gago

@article{FerIoT24,

title = {Trust interoperability in the Internet of Things},

author = {Carmen Fernandez-Gago and Davide Ferraris and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/FerIoT24.pdf},

doi = {https://doi.org/10.1016/j.iot.2024.101226},

year  = {2024},

date = {2024-12-31},

urldate = {2024-12-31},

journal = {Internet of Things},

volume = {26},

abstract = {The Internet of Things (IoT) is a paradigm where entities or things are interconnected, often in heterogeneous contexts. As the interconnection happens, things establish collaborations with others, sometimes under uncertainty. Although trust can help us overcome this uncertainty, things might not be able to process the information about trust coming from other things: each thing could have its own trust model, which means its own way to understand and measure trust. If new trust relationships are to be established, it would be desirable to have a mechanism of interoperability that allows the things to process the information about the other things in terms of trust. In this paper, we describe an interoperability framework for tackling the trust interoperability issues in IoT, depending on the different types of trust models that might co-exist in the same IoT scenario.},

keywords = {},

pubstate = {forthcoming},

tppubtype = {article}

}

@article{surveyIoTrust2023,

title = {A Survey on IoT Trust Model Frameworks},

author = {Davide Ferraris and Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/surveyIoTrust2023.pdf},

doi = {10.1007/s11227-023-05765-4},

year  = {2023},

date = {2023-11-17},

urldate = {2023-11-17},

journal = {The Journal of Supercomputing},

abstract = {Trust can be considered as a multidisciplinary concept, which is strongly related to the context and it falls in different fields such as Philosophy, Psychology or Computer Science. Trust is fundamental in every relationship, because without it, an entity will not interact with other entities. This aspect is very important especially in the Internet of Things (IoT), where many entities produced by different vendors and created for different purposes have to interact among them through the internet often under uncertainty. Trust can overcome this uncertainty, creating a strong basis to ease the process of interaction among these entities. We believe that considering trust in the IoT is fundamental, and in order to implement it in any IoT entity, it is fundamental to consider it through the whole System Development Life Cycle. In this paper, we propose an analysis of different works that consider trust for the IoT. We will focus especially on the analysis of frameworks that have been developed in order to include trust in the IoT. We will make a classification of them providing a set of parameters that we believe are fundamental in order to properly consider trust in the IoT. Thus, we will identify important aspects to be taken into consideration when developing frameworks that implement trust in the IoT, finding gaps and proposing possible solutions.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{munoz2022,

title = {A Test Environment for Wireless Hacking in Domestic IoT Scenarios},

author = {Antonio Mu\~{n}oz and Carmen Fernandez-Gago and Roberto Lopez-Villa},

url = {/wp-content/papers/munoz2022.pdf},

doi = {10.1007/s11036-022-02046-x},

issn = {1383-469X},

year  = {2022},

date = {2022-10-01},

urldate = {2022-10-01},

journal = {Mobile Networks and Applications},

publisher = {Springer},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2020b,

title = {A model-driven approach to ensure trust in the IoT},

author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/ferraris2020b.pdf},

doi = {10.1186/s13673-020-00257-3},

issn = {2192-1962},

year  = {2020},

date = {2020-12-01},

urldate = {2020-12-01},

journal = {Human-centric Computing and Information Sciences},

volume = {10},

number = {50},

publisher = {Springer},

abstract = {The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues. 

In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them. 

So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity. 

In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy. 

We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way. 

Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram. 

This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC. 

These models will be a fundamental input for the following and final phases of the SDLC.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2020,

title = {A Trust Model for Popular Smart Home Devices},

author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa},

url = {/wp-content/papers/ferraris2020.pdf

https://link.springer.com/article/10.1007/s10207-020-00519-2},

doi = {10.1007/s10207-020-00519-2},

issn = {1615-5262},

year  = {2020},

date = {2020-01-01},

urldate = {2020-01-01},

journal = {International Journal of Information Security},

publisher = {Springer},

abstract = {Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. 

Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others. 

There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers. 

As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it. 

Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences. 

In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors. 

We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests). 

As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{kolar2019trust,

title = {A Model Specification for the Design of Trust Negotiations},

author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/kolar2019trust.pdf

https://www.sciencedirect.com/science/article/pii/S0167404818310484},

doi = {10.1016/j.cose.2019.03.024},

issn = {0167-4048},

year  = {2019},

date = {2019-04-01},

urldate = {2019-04-01},

journal = {Computers \& Security},

volume = {84},

pages = {288-300},

publisher = {Elsevier},

abstract = {Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2019,

title = {TrUStAPIS: A Trust Requirements Elicitation Method for IoT},

author = {Davide Ferraris and Carmen Fernandez-Gago},

url = {/wp-content/papers/ferraris2019.pdf

https://link.springer.com/article/10.1007%2Fs10207-019-00438-x},

doi = {10.1007/s10207-019-00438-x},

issn = {1615-5262},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

journal = {International Journal of Information Security},

pages = {111-127},

publisher = {Springer},

abstract = {The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform. 

When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy. 

To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity. 

This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration. 

We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Ruben2017trust,

title = {Modelling Privacy-Aware Trust Negotiations},

author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/Ruben2017trust.pdf},

doi = {10.1016/j.cose.2017.09.015},

issn = {0167-4048},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

journal = {Computers \& Security},

volume = {77},

pages = {773-789},

publisher = {Elsevier},

abstract = {Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Fer_IS17,

title = {Modelling Trust Dynamics in the Internet of Things},

author = {Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez},

url = {/wp-content/papers/Fer_IS17.pdf},

doi = {10.1016/j.ins.2017.02.039},

issn = {0020-0255},

year  = {2017},

date = {2017-01-01},

urldate = {2017-01-01},

journal = {Information Sciences},

volume = {396},

pages = {72-82},

publisher = {Elsevier},

abstract = {The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JNCA16,

title = {A Model-driven Approach for Engineering Trust and Reputation into Software Services},

author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/JNCA16.pdf},

issn = {1084-8045},

year  = {2016},

date = {2016-04-01},

urldate = {2016-04-01},

journal = {Journal of Network and Computer Applications},

volume = {69},

pages = {134-151},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}