Integration of Multiple Data Sources for predicting the Engagement of Students in Practical Activities

This work presents the integration of an automatic assessment system for virtual/remote laboratories and the institutional Learning Management System (LMS), in order to analyze the students’ progress and their collaborative learning in virtual/remote laboratories. As a result of this integration, it is feasible to extract useful information for the characterization of the students’ learning process and detecting the students’ engagement with the practical activities of our subjects. From this integration, a dashboard has been created to graphically present to lecturers the analyzed results. Thanks to this, faculty can use the analyzed information in order to guide the learning/teaching process of each student. As an example, a subject focused on the configuration of network services has been chosen to implement our proposal

Hispanic Medieval Tagger (HisMeTag): una aplicación web para el etiquetado de entidades en textos medievales

El resumen presenta la herramienta de etiquetado de entidades nombradas en textos medievales en español. Este trabajo se enmarca dentro de los proyectos de investigación, proyecto europeo ERC-2015-STG-679528 POSTDATA

EVI-LINHD, un Entorno Virtual de Investigación para la edición digital académica.

EVI-LINHD, un Entorno Virtual de Investigación para la edición digital académica

Formal methods for the analysis of security protocols.

Los sistemas informáticos que aparecen en la actualidad se encuentran orientados al desarrollo de entornos colaborativos y distribuidos. Estas tendencias han convertido a las redes, y especialmente a Internet, en elementos clave en el proceso del diseño de un sistema. La aparición de nuevos tipos de aplicaciones sobre Internet que implican el intercambio de datos privados han otorgado suma importacia al estudio de los protocolos de seguridad. Las soluciones tradicionales en este campo no son adecuadas para los nuevos requisitos en seguridad. Actualmente, la criptografía debe, ademas de proporcionar confidencialidad, garantizar intergridad, no-repudio, autenticación, autorización, . . . . Además es necesario el desarrollo de nuevos esquemas criptográficos que den cobertura a las nuevas necesidades. Los protocolos de seguridad son programas distribuidos que se ejecutan bajo un entorno inseguro. Debido a su naturaleza distribuida son complejos de diseñar, junco con que el anlisis de su correctitud es una tarea crucial. La mayoria de los métodos formales omiten el tiempo para incrementar su rendimiento. Sin embargo, en sistemas de seguridad, como programas distribuidos que son, el tiempo tiene gran influencia en su ejecución. Los aspectos temporales de un protocolo de seguridad se pueden dividir en dos categorias. Primero, las marcas temporales e información temporal (tiempo de vida para los tokens, las sesiones, las claves, . . . ) que son incluidos en los mensajes. Segundo, el flujo temporal de los protocolos (tiempos de caducidad, retransmisiones,. . . ) que pueden ser explotados por un intruso para llevar a cabo un ataque. De forma que no solo estamos interesados en modelar elementos temporales pero tambien en representar el flujo temporal en nuestro modelos. Los automatas temporizados extendidos que presentamos en esta tesis doctoral nos ayudan en ambos casos. Los modelos basados en la propuesta de Dolev-Yao consideran un medio de comunicación hostil en una red cableada. Debido al desarrollo de las redes inalmbricas y la aparición de nuevas tecnologías, como los servicios web o las redes inalámbricas de sensores, este modelo no es apropiado. Necesitamos representar diferentes medios de comunicación con diferentes propiedades que pueden afectar a la seguridad del sistema. Otra razón para introducir nuestra extensión para automatas temporizados. La verificación de protocolos de seguridad es una tarea crucial en la mayoria de los procesos de desarrollo de sistemas de comunicacin. Pero el análisis de los protocolos de seguridad no se puede realizar de forma aislada. Debe integrarse en los procesos de desarrollo de software. Como consequencia, no solo necesitamos un mecanismo para analizar protocolos de seguridad, sino que también es necesario una metodologa bien definida para aplicar el mecanismo de análisis. Después de todo esto, en esta tesis doctoral, se presenta como contribución principal una metodología para el diseño y análisis de protocolos de seguridad mediante Uppaal asi como un nuevo tipo de automata temporizados de comportamiento extendido. La metodología se encarga de definir un conjunto de pasos bien establecidos para permitir que diseñadores desarrollen analicen un protocolo de seguridad siguiendo un estilo incremental. Además, introducimos los automatas de comportamiento extendido como herramienta para facilitar la tarea de modelado del sistema

Smart Contracts for Managing the Chain-of-Custody of Digital Evidence: A Practical Case of Study

The digital revolution is renewing many aspects of our lives, which is also a challenge in judicial processes, such as the Chain-of-Custody (CoC) process of any electronic evidence. A CoC management system must be designed to guarantee them to maintain its integrity in court. This issue is essential for digital evidence’s admissibility and probative value. This work has built and validated a real prototype to manage the CoC process of any digital evidence. Our technological solution follows a process model that separates the evidence registry and any evidence itself for scalability purposes. It includes the development of an open-source smart contract under Quorum, a version of Ethereum oriented to private business environments. The significant findings of our analysis have been: (1) Blockchain networks can become a solution, where integrity, privacy and traceability must be guaranteed between untrustworthy parties; and (2) the necessity of promoting the standardization of CoC smart contracts with a secure, simple process logic. Consequently, these contracts should be deployed in consortium environments, where reliable, independent third parties validate the transactions without having to know their content

Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps

Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile is the emerging standard in this context. In this paper we provide formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google’s customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols. SATMC has revealed a severe security flaw in the protocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security flaw of the SAML-based SSO for Google Applications was previously unknown

A Cloud Game-Based Educative Platform Architecture: The CyberScratch Project

The employment of modern technologies is widespread in our society, so the inclusion of practical activities for education has become essential and useful at the same time. These activities are more noticeable in Engineering, in areas such as cybersecurity, data science, artificial intelligence, etc. Additionally, these activities acquire even more relevance with a distance education methodology, as our case is. The inclusion of these practical activities has clear advantages, such as (1) promoting critical thinking and (2) improving students’ abilities and skills for their professional careers. There are several options, such as the use of remote and virtual laboratories, virtual reality and game-based platforms, among others. This work addresses the development of a new cloud game-based educational platform, which defines a modular and flexible architecture (using light containers). This architecture provides interactive and monitoring services and data storage in a transparent way. The platform uses gamification to integrate the game as part of the instructional process. The CyberScratch project is a particular implementation of this architecture focused on cybersecurity game-based activities. The data privacy management is a critical issue for these kinds of platforms, so the architecture is designed with this feature integrated in the platform components. To achieve this goal, we first focus on all the privacy aspects for the data generated by our cloud game-based platform, by considering the European legal context for data privacy following GDPR and ISO/IEC TR 20748-1:2016 recommendations for Learning Analytics (LA). Our second objective is to provide implementation guidelines for efficient data privacy management for our cloud game-based educative platform. All these contributions are not found in current related works. The CyberScratch project, which was approved by UNED for the year 2020, considers using the xAPI standard for data handling and services for the game editor, game engine and game monitor modules of CyberScratch. Therefore, apart from considering GDPR privacy and LA recommendations, our cloud game-based architecture covers all phases from game creation to the final users’ interactions with the game

A Cloud Game-Based Educative Platform Architecture: The CyberScratch Project

The employment of modern technologies is widespread in our society, so the inclusion of practical activities for education has become essential and useful at the same time. These activities are more noticeable in Engineering, in areas such as cybersecurity, data science, artificial intelligence, etc. Additionally, these activities acquire even more relevance with a distance education methodology, as our case is. The inclusion of these practical activities has clear advantages, such as (1) promoting critical thinking and (2) improving students’ abilities and skills for their professional careers. There are several options, such as the use of remote and virtual laboratories, virtual reality and game-based platforms, among others. This work addresses the development of a new cloud game-based educational platform, which defines a modular and flexible architecture (using light containers). This architecture provides interactive and monitoring services and data storage in a transparent way. The platform uses gamification to integrate the game as part of the instructional process. The CyberScratch project is a particular implementation of this architecture focused on cybersecurity game-based activities. The data privacy management is a critical issue for these kinds of platforms, so the architecture is designed with this feature integrated in the platform components. To achieve this goal, we first focus on all the privacy aspects for the data generated by our cloud game-based platform, by considering the European legal context for data privacy following GDPR and ISO/IEC TR 20748-1:2016 recommendations for Learning Analytics (LA). Our second objective is to provide implementation guidelines for efficient data privacy management for our cloud game-based educative platform. All these contributions are not found in current related works. The CyberScratch project, which was approved by UNED for the year 2020, considers using the xAPI standard for data handling and services for the game editor, game engine and game monitor modules of CyberScratch. Therefore, apart from considering GDPR privacy and LA recommendations, our cloud game-based architecture covers all phases from game creation to the final users’ interactions with the game

Forensic Analysis Laboratory for Sport Devices: A Practical Use Case

At present, the mobile device sector is experiencing significant growth. In particular, wearable devices have become a common element in society. This fact implies that users unconsciously accept the constant dynamic collection of private data about their habits and behaviours. Therefore, this work focuses on highlighting and analysing some of the main issues that forensic analysts face in this sector, such as the lack of standard procedures for analysis and the common use of private protocols for data communication. Thus, it is almost impossible for a digital forensic specialist to fully specialize in the context of wearables, such as smartwatches for sports activities. With the aim of highlighting these problems, a complete forensic analysis laboratory for such sports devices is described in this paper. We selected a smartwatch belonging to the Garmin Forerunner Series, due to its great popularity. Through an analysis, its strengths and weaknesses in terms of data protection are described. We also analyse how companies are increasingly taking personal data privacy into consideration, in order to minimize unwanted information leaks. Finally, a set of initial security recommendations for the use of these kinds of devices are provided to the reader