Projects

This page provides a brief summary of Projects undertaken by the InfoSec Laboratory since 1995.

	International Projects Title Description PASSIVE: Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments The PASSIVE project proposes an improved model of security for virtualised systems to ensure that: o Adequate separation of concerns (e.g. policing, judiciary) can be achieved even in large scale deployments; o Threats from co-hosted operating systems are detected and dealt with; o Ppublic trust in application providers is maintained even in a hosting environment where the underlying infrastructure is highly dynamic. Duration: 2010 – 2012 e-SENSE: Capturing Ambient Intelligence for Mobile Communications through Wireless Sensor Networks e-SENSE aims to specify Ambient Intelligence mobile systems beyond 3G. Info-Sec-Lab is involved in the development of a comprehensive architecture for security and privacy. Duration: 2006 – 2007 SERENITY: System Engineering for Security and Dependability SERENITY aims to enhance security and dependability for AmI ecosystems by providing a framewok supporting the automated integration, configuration, monitoring and adaptation of security and dependability mechanisms for such ecosystems. Duration: 2006 – 2008 CSI Review: Scalability of Certificate Revocation and Certificate Suspension and enhancements on the respective mechanisms The objective was to study ways for handling large numbers of revoked certificates used in electronic signatures. The study dealt with the performance and management issues for both the use of delta CRLs and OCSP responses. Duration: 2000 – COSSAC: Co-ordination of security activities between Chambers of Commerce The main objectives of this project was: To identify current and future business scenarios for Cham­bers of Commerce (CoCs), which can be handled electro­nically; to expand the CoCs functionality, which will permit them to act as a vehicle for international electronic commerce; to provide a secure link between CoCs in order to enable them to transfer documents electronically; to emphasize the use of TTP technology in promoting Electronic Commerce through CoCs. Duration: 1998 – 2000 EUROMED-ETS: Trusted Third Party Services for Health Care in Europe The project aimed at identifying, defining and verifying the ope­ra­tional, organisational, technical and legal aspects of the TTPs for telemedical applications over the Web. Duration: 1997 – MEDSEC: Health Care Security and Privacy in the Information Society The main objectives of the project were to: Codify existing and emerging standards for security and privacy in Health Care Information Systems; identify gaps in existing and emerging standards thereby recommending additional standardization work to appro­priate bodies; assess the applicability and technical feasibility of sele­cted standards via field trials thereby providing input to standardization bodies; investigate the degree of compliance with these standards of European Health Care Institutions and HC Information Systems developers; promote the awareness on the existence and usefulness of such standards among European Health Care Insti­tu­tions and HC Information Systems developers. Duration: 1997 – 1998 ENCRESS: European Network of Clubs for Reliability and Safety of Software-Intensive Systems The aim of the project was to establish a European Special Interest Group linking users, experts and practitioners with shared concerns on safety, reliability, quality and security of software-intensive systems. Duration: 1996 – 1997 ISHTAR: Implementing Secure Healthcare Telematics in Europe The project aimed to activate the awareness process, and to en­sure that HCEs and Health Telematics projects are kept in touch with the legal, security, and safety issues ari­sing from the widespread utilization of Health Telematics in the context of patient care and the resulting EU recom­men­da­tions and directives. Duration: 1995 – 1998 SEISMED: Secure Environment for Information Systems in Medicine The main objectives of the project were to: examine, across the EU, the legal issues of data pro­tec­tion and privacy within healthcare information systems and develop a relevant code of Ethics; develop a High Level Security Policy to enable or­ga­nizations using information systems to follow a con­sistent path. Duration: 1991 – 1995

	National Projects Title Description ICISnet (Integrated Customs Information System) Security Study Aiming at the best possible security level for the new ICIS, the project will: a) assess the risks and analyze the business impact in case of a security incident, b) develop a security plan that will include the appropriate technical, organizational and procedural countermeasures and c) develop an operational security policy that on top of the general security guidelines it will include the organizational structure (role description and hierarchy) for IS security. Duration: 2007 – 2008 Security Study for the Internet Portal of the Central Greece Region’s Municipalities The aim of this project was to develop a security policy and propose the appropriate countermeasures for the portal of the municipalities belonging to the region of Central Greece. Duration: 2007 – 2007 The Greek e-Government Digital Authentication framework Τhe Greek Authentication Framework aims at assisting public organizations, which offer electronic services, to select the appropriate authentication, registration and identification mechanisms. This is achieved through the provision of specific guidelines that have been based on the existing legal and regulatory framework. Duration: 2007 – 2008 MOBI-MUL-SEC This project, which is funded by the General Secretariat for Research and Technology, is a research project on “Interdomain AAA and context-aware Security of Mobile Multimedia Services over ALL-IP based wireless network infrastructures” Duration: 2006 – 2008 Security study for the Fire Department Information System The aim of this project was to develop a security policy and propose the appropriate countermeasures for the Greek Fire Department’s information system and portal. The security plan has been based on a full risk assessment. Duration: 2006 – 2007 Security study for the Information System of the Regional Health System of South Aegean and Creta The aim of this project was to develop a security policy and propose the appropriate countermeasures for the information system that will support the Regional Health System of South Aegean and Creta. Duration: 2006 – 2007 Security study for the Ministry for the Interior and Public Administration (National Registry of Greek Citizens) The main objective was to identify the risks, propose the appropriate security measures and develop a generic security policy for the information system that supports the National registry of Greek citizens. Furthermore, the existing disaster recovery plan will be evaluated/updated. Duration: 2006 – 2007 Security Study for the “Police On Line” Information System The main objective was to identify the risks, propose the appropriate security measures and develop a generic security policy for the new nationwide information system of the Greek Police. Duration: 2006 – 2007 e-University The “e-University” project aims at the development of a modular system that will support most of the administrative functions of Greek universities. Our role in the project has been to specify user requirements for the module that will offer services directly to the students. Duration: 2005 – 2006 Security study for the medical information system of the Korinthos Hospital. The aim of this project was to provide a plan for the protection of sensitive information processed by the hospital’s information systems. The security plan was based on a full risk assessment. A code of conduct for the non-medical personnel has also been developed. Duration: 2005 – Study, Design and Implementation of a Comprehensive Security Plan for the Greek Lottery S.A Perform risk analyses surveys at a number of healthcare cen­ters, in order to identify the needs for improved secu­ri­ty; develop specific guidelines for enhancing security of exi­s­ting sy­stems, development of future systems and sys­tems using com­puter network; develop an encryption prototype suitable for use in health­care en­vironments. Duration: 2004 – Public Key Infrastructure Services in the Public Sector of the European Union Member States The main objective of this study was to identify the requirements of the public sector as far as the development and utilization of PKI services in the EU member states are concerned. Duration: 2003 – Security Plan for the Information Systems of the Greek Ministry of Foreign Affairs The aim was the development of a security plan that would facilitate the selection and maintenance of all technical, organizational and procedural security measures that would be necessary for achieving an acceptable (adequate) security level for the information systems of the Greek Ministry of Foreign Affairs. Duration: 2003 – 2004 Security Plan for the Information Systems of the Greek Social Security Organisation The aim was to perform a risk analysis and management study for the information systems of the Greek Social Security Organisation Duration: 2002 – Security Study for the National Schengen Information System (NSIS) The aim of this study was to investigate and propose the technical, administrative and organizational measures that were necessary for achieving an acceptable (adequate) security level for the Greek Schengen Information System. Duration: 2002 – Security Plan for the Information System of the Greek Authority for the Protection of Personal Data. The aim was to perform a risk analysis and management study for the information systems of the Greek Authority for the protection of personal data and the development of a security plan for the organisation. Duration: 1999 – 2000 Security Plan for the Information Systems of the Greek Ministry of Finance (TAXIS) The aim was the development of a security plan that would facilitate the selection and maintenance of all technical, organizational and procedural security measures that would be necessary for achieving an acceptable (adequate) security level for the information systems of the Greek Ministry of Finance. Duration: 1999 – Development of a Trusted Third Party for the Clearing House of the Athens Chamber of Commerce and Industry The aim of the project was the development of software applications that would support, through a TTP, the operations of the e-Commerce Center of the Athens Chamber of Commerce and Industry. Duration: 1997 – 1999