Rodrigo Román
Associate professor
Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34 951 952 915
E-mail: rroman@uma.es
ACADEMIC POSITIONS
- Academic coordinator of the Bachelor Degree on Cybersecurity and Artificial Intelligence, UMA (Grado en Ciberseguridad e Inteligencia Artificial)
- Coordinator of the “Cátedra de Ciberinteligencia MINSAIT – SIA” (Cátedra de Ciberinteligencia)
Domain of interest and research
- Artificial Intelligence and Cybersecurity
- Protecting the Internet of Things
- Protection of Critical Infrastructures
- Security Architectures (e.g. Edge Computing Infrastructures)
Current research
For Dr. Roman, security should not be an obscure concept that is difficult to apply, but a simple idea that can be easily explained and deployed. Consequently, Dr. Roman’s research is mainly focused on providing useful and relevant security solutions that fulfill the requirements of both applications and its users.
- Artificial Intelligence: One of our current goals is to explore the major challenges of the integration of cybersecurity and AI (CiberIA project, SecAI project)
- Security Architectures: Another of our goals is to define and create security architectures that fulfill the requirements of the application and its environment. Currently we are studying the security of digital twins (5G+TACTILE_4 project).
previous positions and fellowships
- Visiting Researcher (“Recualificación del Profesorado Universitario” fellowship), Kyushu University, Japan (September 2022-August 2023; March 2024-August 2024).
- Cybersecurity and AI.
- Scientist I, Institute for Infocomm Research (I2R), Singapore (August 2011 – December 2013).
- IoT and Cloud Security.
Education
- Ph.D. in Computer Science (with European Doctorate mention), University of Malaga (June 2008).
- Undergraduate Research Fellow, Institute for Infocomm Research (I2R), Singapore (August 2003 – December 2004).
- MSc. in Computer Engineering, University of Malaga (August 2003).
- BSc. in Computer Science, University of Malaga (August 2000).
Relevant publications
Davide Ferraris, Carmen Fernandez-Gago, Rodrigo Roman, Javier Lopez
A Survey on IoT Trust Model Frameworks
In: The Journal of Supercomputing, vol. 80, pp. 8259–8296, 2023.
@article{surveyIoTrust2023,
title = {A Survey on IoT Trust Model Frameworks},
author = {Davide Ferraris and Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/surveyIoTrust2023.pdf},
doi = {10.1007/s11227-023-05765-4},
year = {2023},
date = {2023-11-17},
urldate = {2023-11-17},
journal = {The Journal of Supercomputing},
volume = {80},
pages = {8259\textendash8296},
abstract = {Trust can be considered as a multidisciplinary concept, which is strongly related to the context and it falls in different fields such as Philosophy, Psychology or Computer Science. Trust is fundamental in every relationship, because without it, an entity will not interact with other entities. This aspect is very important especially in the Internet of Things (IoT), where many entities produced by different vendors and created for different purposes have to interact among them through the internet often under uncertainty. Trust can overcome this uncertainty, creating a strong basis to ease the process of interaction among these entities. We believe that considering trust in the IoT is fundamental, and in order to implement it in any IoT entity, it is fundamental to consider it through the whole System Development Life Cycle. In this paper, we propose an analysis of different works that consider trust for the IoT. We will focus especially on the analysis of frameworks that have been developed in order to include trust in the IoT. We will make a classification of them providing a set of parameters that we believe are fundamental in order to properly consider trust in the IoT. Thus, we will identify important aspects to be taken into consideration when developing frameworks that implement trust in the IoT, finding gaps and proposing possible solutions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Rodrigo Roman, Cristina Alcaraz, Javier Lopez, Kouichi Sakurai
Current Perspectives on Securing Critical Infrastructures’ Supply Chains
In: IEEE Security & Privacy, vol. 21, no. 4, pp. 29-38, 2023, ISSN: 1540-7993.
BibTeX | Links:
@article{Roman2023a,
title = {Current Perspectives on Securing Critical Infrastructures’ Supply Chains},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Kouichi Sakurai},
url = {/wp-content/papers/Roman2023a.pdf},
doi = {10.1109/MSEC.2023.3247946},
issn = {1540-7993},
year = {2023},
date = {2023-03-08},
urldate = {2023-03-08},
journal = {IEEE Security \& Privacy},
volume = {21},
number = {4},
pages = {29-38},
publisher = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Manuel Ruiz, Ruben Rios, Rodrigo Roman, Antonio Muñoz, Juan Manuel Martínez, Jorge Wallace
AndroCIES: Automatización de la certificación de seguridad para aplicaciones Android
In: XVII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2022), pp. 192-197, Ediciones Universidad Cantabria Ediciones Universidad Cantabria, Santander, Spain, 2022.
@inproceedings{2016,
title = {AndroCIES: Automatizaci\'{o}n de la certificaci\'{o}n de seguridad para aplicaciones Android},
author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Antonio Mu\~{n}oz and Juan Manuel Mart\'{i}nez and Jorge Wallace},
url = {/wp-content/papers/2016.pdf},
year = {2022},
date = {2022-10-01},
urldate = {2022-10-01},
booktitle = {XVII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2022)},
volume = {265},
pages = {192-197},
publisher = {Ediciones Universidad Cantabria},
address = {Santander, Spain},
organization = {Ediciones Universidad Cantabria},
abstract = {El auge de las plataformas m\'{o}viles est\'{a} impulsando el desarrollo de un gran n\'{u}mero de aplicaciones, muchas de las cuales salen al mercado sin las convenientes comprobaciones de seguridad. Recientemente, Google est\'{a} apostando por hacer este problema m\'{a}s visible y concienciar a los usuarios de la necesidad de instalar aplicaciones verificadas por laboratorios independientes. Sin embargo, la certificaci\'{o}n de aplicaciones suele ser una tarea ardua y no exenta de errores. Por ello, en este trabajo, presentamos la herramienta AndroCIES, que es capaz de automatizar en gran medida las evaluaciones necesarias para la certificaci\'{o}n de aplicaciones m\'{o}viles, reduciendo en torno a un 20% el tiempo empleado en este proceso.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Ruben Rios, Jose A. Onieva, Rodrigo Roman, Javier Lopez
Personal IoT Privacy Control at the Edge
In: IEEE Security & Privacy, vol. 20, pp. 23 – 32, 2022, ISSN: 1540-7993.
@article{rios2022pmec,
title = {Personal IoT Privacy Control at the Edge},
author = {Ruben Rios and Jose A. Onieva and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rios2022pmec.pdf},
doi = {10.1109/MSEC.2021.3101865},
issn = {1540-7993},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
journal = {IEEE Security \& Privacy},
volume = {20},
pages = {23 - 32},
publisher = {IEEE},
abstract = {This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Juan E. Rubio, Rodrigo Roman, Javier Lopez
Integration of a Threat Traceability Solution in the Industrial Internet of Things
In: IEEE Transactions on Industrial Informatics, vol. 16, no. 6575-6583, 2020, ISSN: 1551-3203.
@article{Rubio2020IIoT,
title = {Integration of a Threat Traceability Solution in the Industrial Internet of Things},
author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Rubio2020IIoT.pdf},
doi = {10.1109/TII.2020.2976747},
issn = {1551-3203},
year = {2020},
date = {2020-10-01},
urldate = {2020-10-01},
journal = {IEEE Transactions on Industrial Informatics},
volume = {16},
number = {6575-6583},
publisher = {IEEE},
abstract = {In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Jose A. Onieva, Ruben Rios, Rodrigo Roman, Javier Lopez
Edge-Assisted Vehicular Networks Security
In: IEEE Internet of Things Journal, vol. 6, pp. 8038-8045, 2019, ISSN: 2327-4662.
@article{onieva2019vec,
title = {Edge-Assisted Vehicular Networks Security},
author = {Jose A. Onieva and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/onieva2019vec.pdf},
doi = {10.1109/JIOT.2019.2904323},
issn = {2327-4662},
year = {2019},
date = {2019-10-01},
urldate = {2019-10-01},
journal = {IEEE Internet of Things Journal},
volume = {6},
pages = {8038-8045},
publisher = {IEEE Computer Society},
abstract = {Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Juan E. Rubio, Rodrigo Roman, Cristina Alcaraz, Yan Zhang
Tracking APTs in Industrial Ecosystems: A Proof of Concept
In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
BibTeX | Links:
@article{RubioSIJCS19,
title = {Tracking APTs in Industrial Ecosystems: A Proof of Concept},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioSIJCS19.pdf},
issn = {0167-4048},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {Journal of Computer Security},
volume = {27},
pages = {521-546},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Rodrigo Roman, Ruben Rios, Jose A. Onieva, Javier Lopez
Immune System for the Internet of Things using Edge Technologies
In: IEEE Internet of Things Journal, vol. 6, pp. 4774-4781, 2019, ISSN: 2327-4662.
@article{roman2018VIS,
title = {Immune System for the Internet of Things using Edge Technologies},
author = {Rodrigo Roman and Ruben Rios and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/roman2018VIS.pdf
https://ieeexplore.ieee.org/document/8449989/},
doi = {10.1109/JIOT.2018.2867613},
issn = {2327-4662},
year = {2019},
date = {2019-06-01},
urldate = {2019-06-01},
journal = {IEEE Internet of Things Journal},
volume = {6},
pages = {4774-4781},
publisher = {IEEE Computer Society},
abstract = {The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Rodrigo Roman, Javier Lopez, Stefanos Gritzalis
Evolution and Trends in the Security of the Internet of Things
In: IEEE Computer, vol. 51, pp. 16-25, 2018, ISSN: 0018-9162.
BibTeX | Links:
@article{RomanIoT18,
title = {Evolution and Trends in the Security of the Internet of Things},
author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},
url = {/wp-content/papers/RomanIoT18.pdf
https://ieeexplore.ieee.org/document/8423133/},
doi = {10.1109/MC.2018.3011051},
issn = {0018-9162},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
journal = {IEEE Computer},
volume = {51},
pages = {16-25},
publisher = {IEEE Computer Society},
address = {New Jersey, USA},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Rodrigo Roman, Javier Lopez, Masahiro Mambo
Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges
In: Future Generation Computer Systems, vol. 78, pp. 680-698, 2018, ISSN: 0167-739X.
@article{RomanFog16,
title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges},
author = {Rodrigo Roman and Javier Lopez and Masahiro Mambo},
url = {/wp-content/papers/RomanFog16.pdf
https://authors.elsevier.com/c/1VmhQ,3q5xKgZZ},
doi = {10.1016/j.future.2016.11.009},
issn = {0167-739X},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Future Generation Computer Systems},
volume = {78},
pages = {680-698},
publisher = {Elsevier},
abstract = {For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The full list of publications can be accessed here.
Scientific Activities
- Editor:
- International Journal of Information Security – Springer
- Guest Editor:
- IEEE Transactions on Intelligent Transportation Systems – IEEE (“Edge Intelligence for Internet of Vehicles”)
- Sensors – MDPI (“Sensors Cybersecurity”)
- Sensors – MDPI (“IoT Security and Privacy”)
- International Journal of Information Security – Springer (“IoT Security and Privacy”)
- Journal of Security and Communication Networks – Wiley (“Security in a Completely Interconnected World”)
- Journal of Security and Communication Networks – Wiley (“Protecting the Internet of Things”)
- Journal of Communication Systems – Wiley (“Advanced Processing Technologies and Applications for Mobile Communication Systems”)
- General (co)chair:
- 2011: ACNS
- 2010: SecIoT
- Program (co)chair:
- 2023: CPSS
- 2021: STM
- 2019: EuroSPEC
- 2012: SecIoT
- 2011: IWCS
- Program committee member (last 5 years):
- 2024: ICICS’24, CPSS’24, SECRYPT 2024, SPICES 2024.
- 2023: S&P-FL, SECRYPT 2023, ISPEC 2023, SPICES 2023, CyberICPS’23, SPIoT’23
- 2022: CPSS’22, ISPEC 2022, HTESP 2022, CyberICPS’22
- 2021: CPSS’21, WF-IoT, CyberICPS’21, SPIoT
- 2020: IEEE ICC’20 (SAC-06 IoT Track), GIoTS’20, SPIoT, IEEE TrustComm, CyberICPS, WF-IoT
- 2024: ICICS’24, CPSS’24, SECRYPT 2024, SPICES 2024.
- Organization committee member:
- 2008: ESORICS
- 2007: CRITIS, EuroPKI,JITEL
Memberships
- IEEE, member.