David Garcia Rosado

David Garcia Rosado
University of Castilla-La Mancha · Department of Information Technologies and Systems

PhD Computer Science

About

78
Publications
32,097
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,147
Citations
Additional affiliations
September 2005 - present
University of Castilla-La Mancha
Position
  • Research Assistant

Publications

Publications (78)
Article
Cyber-physical systems (CPSs) are smart systems that include engineered interacting networks of physical and computational components. CPSs have an increasingly presence on critical infrastructures and an impact in almost every aspect of our daily life, including transportation, healthcare, electric power, and advanced manufacturing. However, CPSs...
Article
The importance of data security is currently increasing owing to the number of data transactions that are continuously taking place. Large amounts of data are generated, stored, modified and transferred every second, signifying that databases require an appropriate capacity, control and protection that will enable them to maintain a secure environm...
Article
In the last years, cyber-physical systems (CPS) are receiving substantial mainstream attention especially in industrial environments, but this popularity has been accompanied by serious security challenges. A CPS is a complex system that includes hardware and software components, with different suppliers and connection protocols, forcing complex da...
Article
Full-text available
Cyber-physical systems (CPS) are the next generation of engineered systems into which computing, communication, and control technologies are now being closely integrated. They play an increasingly important role in critical infrastructures, governments and everyday life. Security is crucial in CPS, but they were not, unfortunately, initially concei...
Conference Paper
Full-text available
The proliferation of Cyber-Physical Systems (CPSs) is raising serious security challenges. These are complex systems, integrating physical elements into automated networked systems, often containing a variety of devices, such as sensors and actuators, and requiring complex management and data storage. This makes the construction of secure CPSs a ch...
Article
Data is one of the most important assets for all types of companies, which have undoubtedly grown their quantity and the ways of exploiting them. Big Data appears in this context as a set of technologies that manage data to obtain information that supports decision-making. These systems were not conceived to be secure, resulting in significant risk...
Article
Full-text available
Society is increasingly dependent on Information Security Management Systems (ISMS), and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to dep...
Article
During the reform of computer engineering degrees, the emergence of the concept of competence has not helped students better understand the extent to achieve the objectives of the different subjects, or to make better decisions about next steps in their careers. This article is intended to show the results obtained during the investigation, which h...
Article
The importance of cloud computing is increasing enormously and receives a great attention from the scientific community. The Cloud Computing offers a wide range of benefits, but also a major challenge from the point of view of security, in fact security remains the main obstacle to success. Migration of legacy systems to the cloud gives us the oppo...
Conference Paper
Full-text available
The modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLETM framework has been developed for the extraction of business process models from their source code. Building on top of that work,...
Conference Paper
Full-text available
We enhance an existing security governance framework for migrating legacy systems to the cloud by holisti-cally modelling the cloud infrastructure. To achieve this we demonstrate how components of the cloud infrastructure can be identified from existing security requirements models. We further extend the modelling language to capture cloud security...
Conference Paper
The emergence of cloud computing as a major trend in the IT industry signifies that corporate users of this paradigm are confronted with the challenge of securing their systems in this new environment. An important aspect of that, includes the secure migration of an organization’s legacy systems, which run in data centers that are completely contro...
Article
Companies and professionals are currently demanding increasingly more specialized profiles, and it is therefore desirable for future graduates to have obtained one or more international professional certificates in computing security and auditing, or to at least to have received the preparation required to obtain them. It is therefore of the utmost...
Article
In recent years, most organizations have suffered attacks against their information systems. For this reason, organizations should seek support from enterprise security architectures (ESAs) in order to secure their information assets. Security patterns can help when building complex ESAs, but they have some limitations that reduce their usability....
Article
Full-text available
Las empresas y los profesionales están demandando perfiles cada vez más especializados, por lo que es deseable que los futuros graduados cuenten con una o varias certificaciones profesionales internacionales en seguridad y auditoría informática, o al menos que tengan el camino preparado para conseguirlas. Por lo tanto es muy importante que los nuev...
Conference Paper
Full-text available
Foreword The Eleventh International Workshop on Security in Information Systems – WOSIS 2014 was organized in conjunction with ICEIS 2014 in Lisbon, Portugal. As in previous years, this workshop is primarily focused on high quality and innovative research papers from different fields related to the most recent developments in Security in Informatio...
Conference Paper
Full-text available
Las empresas y los profesionales están demandando perfiles cada vez más especializados, por lo que es deseable que los futuros graduados cuenten con una o varias certificaciones profesionales internacionales en seguridad y auditoría informática, o al menos que tengan el camino preparado para conseguirlas. Por lo tanto es muy importante que los nuev...
Article
Full-text available
Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service...
Article
We describe a data management solution and associated key management approaches to provide accountability within service provision networks, in particular addressing privacy issues in cloud computing applications. Our solution involves machine readable ...
Conference Paper
Full-text available
Foreword The Tenth International Workshop on Security in Information Systems – WOSIS 2013 was organized in conjunction with ICEIS 2013 in Angers, France. As in previous years, this workshop is primarily focused on high quality and innovative research papers from different fields related to the most recent developments in Security in Information Sys...
Chapter
Full-text available
Cloud computing is a new computing model that allows providers to deliver services on demand by means of virtualization. One of the main concerns in cloud computing is security. In particular, the authors describe some attacks in the form of misuse patterns, where a misuse pattern describes how an attack is performed from the point of view of the a...
Article
Full-text available
Cloud computing is a new paradigm that combines several computing concepts and technologies of the Internet creating a platform for more agile and cost-effective business applications and IT infrastructure. The adoption of Cloud computing has been increasing for some time and the maturity of the market is steadily growing. Security is the question...
Conference Paper
Full-text available
The process of writing honours theses is based on a set of general and specific competences which, in the majority of cases, entail a high level of abstraction and ambiguity. What is more, the apparition of these competences has not helped students towards a better understanding of the extent to which they attain the objectives of their various sub...
Article
Full-text available
Information Systems Security is one of the most pressing challenges facing all kinds of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, preventing intru...
Conference Paper
Full-text available
Foreword The Ninth International Workshop on Security in Information Systems – WOSIS 2012 was organized in conjunction with ICEIS 2012 in Wroclaw, Poland. As in previous years, this workshop is primarily focused on high quality and innovative research papers from different fields related to the most recent developments in Security in Information Sy...
Article
Information Systems Security is one of the most pressing challenges confronting all kinds of present-day organizations. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, preve...
Article
Cloud computing is setting trend in IT world. As it evolves, providers and clients claim their concern about their pros and cons. Some proposals have been made on the methodologies to assess criteria for benefits and risks of the different cloud models. How these proposals deal with security issues (that most IT executives point out as their top co...
Book
Applying software engineering to Cloud computing is a primary aspect to obtain a systematic approach to the development, operation and maintenance of software. As a result, there is a need to examine and propose security solutions for cloud computing in order to improve the quality and security of all services, applications, and tools based on clou...
Conference Paper
Full-text available
El proceso de elaboración de las memorias de grado (en concreto en el caso del Grado en Ingeniería Informática), se ha basado en un conjunto de competencias generales y específicas, que en la mayoría de los casos entrañan un alto nivel de abstracción y ambigüedad. Este hecho ha dificultado considerablemente la forma de asociar asignaturas con compe...
Conference Paper
Full-text available
Con la implantación del Grado en Ingeniería Informática, se ha elaborado una memoria donde se recogen, entre otras cosas, información sobre su organización en módulos, que a su vez contiene materias, y que éstas están formadas por asignaturas, que son definidas en términos de unos descriptores generales. Para estas asignaturas, se incluye también i...
Article
Ce workshop a eu lieu en conjonction avec la conférence CAiSE'2011 à Londre, UK, le 21 juin 2011
Conference Paper
Information systems security problems are currently a widespread and growing concern that covers most of the areas of society, such as business, domestic, financial, government, healthcare, and so on. The scientific community is beginning to realize the importance of aligning information systems engineering and security engineering in order to deve...
Article
Mobile Grid, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. Security is an important aspect in Grid based systems, and it is more complex to ensure this in a mobile platform owing to the limitations of resources in these devices. A Grid infrastructure that supports the participation of mobil...
Article
The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same...
Chapter
Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, with the additional feature of supporting mobile users and resources in a seamless, transparent, secure, and efficient way. Security of these systems, due to their distributed and open nature, is considered a topic of great interest. We...
Article
Full-text available
The software industry needs highly qualified professionals who, in addition to a sound university education, also require professional qualifications which are difficult to attain in university lecture rooms. These professional qualifications, which are so highly regarded by businesses, are more specifically professional certification which groups...
Conference Paper
Full-text available
La seguridad informática ha venido cobrando mayor importancia para las organizaciones dado el marcado crecimiento de las nuevas tecnologías de la información, servicios Web, comercio electrónico, etc. Es por ello que existe la necesidad de contar con nuevos profesionales en este entorno. Para ello, es necesario contar con asignaturas de Seguridad e...
Conference Paper
Full-text available
The software industry needs highly qualified professionals who, in addition to a sound university education, also require professional qualifications which are difficult to attain in university lecture rooms. These professional qualifications, which are so highly regarded by businesses, are more specifically professional certification which groups...
Article
Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computi...
Conference Paper
Full-text available
Computer Security has come to be of great importance given the tremendous growth of new information technologies, Web services, electronic commerce, etc. Organizations are therefore concerned about how secure their applications and infrastructures are, and what the current security level of the information systems which manage their information is....
Conference Paper
Full-text available
The current situation, in which new study plans are being defined and Europe is heavily involved in an agreement on higher education, is fundamental to the future of certain degree courses such as that of computer engineering. The capacity to adapt these new study plans to the market’s real necessities is, therefore, extremely important. In the cas...
Conference Paper
Full-text available
Computer Security has come to be of great importance given the tremendous growth of new information technologies, Web services, electronic commerce, etc. Organizations are therefore concerned about how secure their applications and infrastructures are, and what the current security level of the information systems which manage their information is....
Article
Full-text available
The idea of developing software through systematic development processes to improve software quality is not new. Nevertheless, there are still many information systems such as those of Grid Computing which are not developed through methodologies that are adapted to their most differentiating features. A systematic development process for Grid syste...
Chapter
Information security is currently considered to be a crucial aspect of systems development. However it has traditionally been considered during the final stages of development, once the main components of the system have been developed and therefore provides solutions which are inappropriate for security integration. Software engineering has tradit...
Article
Full-text available
Due to the growing dependence of information society on Information and Communication Technologies, the need to protect information is getting more and more important for enterprises. In this context, Information Security Management Systems (ISMSs), have arisen for supporting the processes and systems for effectively managing information security....
Article
Best practices currently state that the security requirements and security architectures of distributed software-intensive systems should be based on security risk assessments, which have been designed from security patterns, are implemented in security standards and are tool-supported throughout their development life-cycle. Web service-based info...
Conference Paper
Full-text available
Systems based on Grid computing have not traditionally been developed through suitable methodologies and have not taken into account security requirements throughout their development, offering technical security solutions only during the implementation stages. We are creating a development methodology for the construction of information systems ba...
Conference Paper
Due to the growing complexity of software development, developing software through systematic processes is becoming more and more important. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. In the last years, GRID tech...
Article
Due to the growing complexity of software development, developing software through systematic processes is becoming more and more important. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. In the last years, GRID tech...
Article
Full-text available
Data Warehouses manage historical information for the decision making process, and this information could be discovered by unauthorized users if security constraints are not established. It is therefore highly important for OLAP tools to consider the security rules defined at early stages of the development lifecycle. By following the MDA approach...
Article
Full-text available
Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, with the additional feature of supporting mobile users and resources in a seamless, transparent, secure and efficient way. Security of these systems, due to their distributed and open nature, is considered a topic of great interest. In...
Conference Paper
Full-text available
Mobile Grid, in relevance to both Grid and Mobile Computing, is a full inheritor of Grid with the additional feature of supporting mobile users and resources in a seamless, transparent, secure and efficient way. Security of these systems, due to their distributed and open nature, receives great interest. A formal approach to security in the softwar...
Conference Paper
Recently, there has been a growing interest in identifying security patterns in software-intensive systems since they provide techniques for considering, detecting and solving security issues from the beginning of its development life-cycle. This paper describes how security architectural patterns lack of a comprehensive and complete well-structure...
Article
Purpose – The purpose of this paper is that of linking security requirements for web services with security patterns, both at the architectural and the design level, obtaining in a systematic way a web services security software architecture that contains a set of security patterns, thus ensuring that the security requirements of the internet-based...