PhD Thesis Final Defense to be held on 6 March 2018 at 12:00

The examination is open to anyone who wishes to attend.

Image 1 (Papadopoulou M.-El. PhD thesis)

Image 2 (Papadopoulou M.-El. PhD thesis)

Thesis Title: Ensuring Privacy in Large-Scale Distributed Systems

Abstract

The ever-increasing dependence of services provided in both private and public sectors on Information and Communication Technologies (ICT) has led to the dramatic explosion of system vulnerabilities, the variety and number of threats and attacks, as well as the severity of the consequences for both the service provider and the end-user in case of a security incident. Today’s attacks on the electronic services offered and the information systems that support the former constitute a new kind of electronic warfare. They may hide a criminal, economic or terrorist motive and lead to destabilization of society. Leakages of critical information, modification of sensitive data and unavailability of key operations may jeopardize the financial interests of companies as well as strategic interests of states.
Since attacks against ICT are constantly evolving and their detection is becoming more and more difficult, ensuring an adequate level of system’s security and user’s privacy is necessary. Thus, it is now imperative that during the design and development of secure information systems the following are taken into account: (a) the variety and intensity of the risks faced by modern information systems; (b) the legal and regulatory requirements for the protection of personal and sensitive data; (c) the significant cost of any deliberate violations of system security, as well as any accidental or natural events threatening a modern information system. In order to effectively address the aforementioned issues, the development of security and data protection strategies, policy-making and the adoption of the appropriate mechanisms, as well as the a-priori, ongoing and a-posteriori evaluation of the overall endeavor are crucial for the creation of a secure and trusted environment.
In general, the goal of this thesis is to present an integrated security framework and a platform that adopts the necessary technical, procedural and organizational measures required to protect information systems from the threats to which they are exposed and/or to minimize any impact of potential security incidents. The aforementioned platform follows the security- and privacy-by-design approaches, covering needs related to the management of the transmission, storage and processing of personal data, while meeting the requirements arising from the necessary compliance with the current legal and regulatory framework concerning privacy protection. The effectiveness of the abovementioned platform is examined and verified in systems that manage data (both personal and non-personal) in heterogeneous distributed environments, and, to be more specific, in service provision systems in the production management, eGovernment and health monitoring domains.

Supervisor: Venieris Iakovos, Professor

PhD student: Papadopoulou Maria-Eleftheria