Portfolio item number 1
Published:
Short description of portfolio item number 1
Published:
Short description of portfolio item number 1
Published:
Short description of portfolio item number 2
Published in 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2016
Cloud computing relies on virtualization technologies to provide computer resource elasticity and scalability. Despite its benefits, virtualization technologies come with serious concerns in terms of security. Although existing work focuses on specific vulnerabilities and attack models related to virtualization, a systematic analysis of known vulnerabilities for different virtualization models, including hypervisor-based and container-based solutions is not present in the literature. In this paper, we present an overview of the existing known vulnerabilities for hypervisor and container solutions reported in the CVE database and classified under CWE categories. Given the vulnerability identification and categorization, we analyze our results with respect to different virtualization models and license schemes (open source/commercial). Our findings show among others that hypervisors and containers share common weaknesses with most of their vulnerabilities reported in the category of security features.
Recommended citation: A. Gkortzis, S. Rizou and D. Spinellis, 'An Empirical Analysis of Vulnerabilities in Virtualization Technologies,' 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2016, pp. 533-538, doi: 10.1109/CloudCom.2016.0093. https://antonisgkortzis.github.io/files/GRS_CloudSPD16.pdf
Published in ACM Mining Software Repositories conference (MSR'18), 2018
Examining the different characteristics of open-source software in relation to security vulnerabilities, can provide the research community with findings that can lead to the development of more secure systems. We present a dataset where the reported vulnerabilities of 8694 open-source project versions, can be correlated with the corresponding source code and a number of software metrics. The metrics were obtained by analyzing the project’s source code via well-established tools. Apart from commonly used metrics (e.g. loc), we also provide data related to modern development trends such as continuous integration and testing. We outline motivational examples based on the dataset we describe.
Recommended citation: Antonios Gkortzis, Dimitris Mitropoulos, Diomidis Spinellis. "VulinOSS: A Dataset of Security Vulnerabilities in Open-source Systems." ACM Mining Software Repositories conference (MSR'18). https://antonisgkortzis.github.io/files/GMS_MSR_18.pdf
Published in Proceedings of the 18th International Conference on Software and Systems Reuse (ICSR '19), 2019
Reuse is a common and often-advocated software development practice. Significant efforts have been invested into facilitating it, leading to advancements such as software forges, package managers, and the widespread integration of open source components into proprietary software systems. Reused software can make a system more secure through its maturity and extended vetting, or increase its vulnerabilities through a larger attack surface or insecure coding practices. To shed more light on this issue, we investigate the relationship between software reuse and potential security vulnerabilities, as assessed through static analysis. We empirically investigated 301 open source projects in a holistic multiple-case methods study. In particular, we examined the distribution of potential vulnerabilities between the native code created by a project’s development team and external code reused through dependencies, as well as the correlation between the ratio of reuse and the density of vulnerabilities. The results suggest that the amount of potential vulnerabilities in both native and reused code increases with larger project sizes. We also found a weak-to-moderate correlation between a higher reuse ratio and a lower density of vulnerabilities. Based on these findings it appears that code reuse is neither a frightening werewolf introducing an excessive number of vulnerabilities nor a silver bullet for avoiding them.
Recommended citation: Antonios Gkortzis, Daniel Feitosa, Diomidis Spinellis, 'A double-edged sword? software reuse and potential security vulnerabilities', Publisher: Springer, Cham, pages: 187-203 https://doi.org/10.1007/978-3-030-22888-0_13 https://antonisgkortzis.github.io/files/GFS_ICSR_19.pdf
Published in Journal of Systems and Software, Volume 172, February 2021, 110653, 2021
Software reuse is a widely adopted practice among both researchers and practitioners. The relation between security and reuse can go both ways: a system can become more secure by relying on mature dependencies, or more insecure by exposing a larger attack surface via exploitable dependencies. To follow up on a previous study and shed more light on this subject, we further examine the association between software reuse and security threats. In particular, we empirically investigate 1244 open-source projects in a multiple-case study to explore and discuss the distribution of security vulnerabilities between the code created by a development team and the code reused through dependencies. For that, we consider both potential vulnerabilities, as assessed through static analysis, and disclosed vulnerabilities, reported in public databases. The results suggest that larger projects in size are associated with an increase on the amount of potential vulnerabilities in both native and reused code. Moreover, we found a strong correlation between a higher number of dependencies and vulnerabilities. Based on our empirical investigation, it appears that source code reuse is neither a silver bullet to combat vulnerabilities nor a frightening werewolf that entail an excessive number of them.
Recommended citation: Gkortzis, Antonios, Daniel Feitosa, and Diomidis Spinellis. 'Software reuse cuts both ways: An empirical analysis of its relationship with security vulnerabilities.' Journal of Systems and Software 172 (2021): 110653 https://www2.dmst.aueb.gr/dds/pubs/jrnl/2020-JSS-reuse-vs-vuln/html/GFS20.pdf
Published:
This is a description of your talk, which is a markdown files that can be all markdown-ified like any other post. Yay markdown!
Published:
This is a description of your conference proceedings talk, note the different field in type. You can put anything in this field.
Undergraduate courses, University of Groningen, 2014
Responsibilities
Master courses, University of Groningen, 2015
Responsibilities
Undergraduate course, Department of Management Science and Technology, Athens University of Economics and Business, 2017
Lab Instructor in Reliable and Secure Software Development elective course.
Undergraduate course, Department of Management Science and Technology, Athens University of Economics and Business, 2021
Lab Instructor in Software Engineering in Practice major course for the Spring semesters of 2017 to 2021.