Examinando por Autor "Calvo, Miguel"

Seleccione resultados tecleando las primeras letras
Mostrando 1 - 2 de 2
  • Miniatura
    Ítem
    A Model For risk-Based adaptive security controls
    (Elsevier, 2022) Calvo, Miguel; Beltrán, Marta
    Security controls and countermeasures have shifted from static desktop-based and corporate network environments to heterogeneous, distributed and dynamic environments (e.g., cloud and mobile computing or Internet of Things). Due to this paradigm shift, adaptive and risk-based approaches have gained significant importance. These approaches allow security managers to perform context-aware decision making, adapting controls’ deployment, configuration or use to every specific situation, depending on the current value of risk indicators or scores and on the level of risk tolerated by the organisation at any given time. This paper proposes a model to automatically adapt security controls to different risk scenarios in almost real-time (if required). This model is based on a three-layer architecture and a three-step flow (measurement-decision-adaptation), relying on a scalable policies&rules framework capable of integrating with different kinds of controls. Furthermore, the proposed model is validated and evaluated with an actual use case.
  • Miniatura
    Ítem
    A privacy threat model for identity verification based on facial recognition
    (Elsevier, 2023) Beltrán, Marta; Calvo, Miguel
    The proliferation of different types of photographic and video cameras makes it relatively simple and non-intrusive to acquire facial fingerprints with sufficient quality to perform individuals’ identity verification. In most democratic societies, a debate has been occurring regarding using such techniques in different application domains. Discussions usually revolve around the tradeoffs between utility (security in access control, mobile phone unlocking, payment processing, etc.), usability or economic gain and risks to citizens’ rights and freedoms (privacy) or ethics. This paper identifies the common aspects of different solutions for identity verification based on facial recognition techniques within different application domains. It then performs a privacy threat modelling based on these common aspects to identify the most critical risk factors and a minimum set of safeguards to be considered for their management.