Christos-Minas Mathas

Christos-Minas Mathas, Costas Vassilakis, Nicholas Kolokotronis

In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

Christos-Minas Mathas, Konstantinos-Panagiotis Grammatikakis, Costas Vassilakis et al.

Smart Grids are energy delivery networks, constituting an evolution of power grids, in which a bidirectional flow between power providers and consumers is established. These flows support the transfer of electricity and information, in order to support automation actions in the context of the energy delivery network. Insofar, many smart grid implementations and implementation proposals have emerged, with varying degrees of feature delivery and sophistication. While smart grids offer many advantages, their distributed nature and information flow streams between energy producers and consumers enable the launching of a number of attacks against the smart grid infrastructure, where the related consequences may range from economic loss to complete failure of the smart grid. In this paper, we survey the threat landscape of smart grids, identifying threats that are specific to this infrastructure, providing an assessment of the severity of the consequences of each attack type, discerning features that can be utilized to detect attacks and listing methods that can be used to mitigate them.