Hristo Koshutanski

Research

Research Activities

7 years of experience in cyber security innovation, solution design and application in various topics, such as IoT security (CROSSCON, SerIoT projects), honeypot-based sandbox malware analysis (YAKSHA), cyber range architecture and integration for cyber security training (Threat-Arrest), anomaly and intrusion detection in ICS/SCADA protocols (ELECTRON, SDN-microSENSE projects), anomaly and intrusion detection in Kubernetes computing clusters (6G-DAWN project).
Lead the design and development of a key asset in our unit: LADS.
10 years of experience in information system security in solution definition, specification, and design. Since my doctorate dissertation, I participated in several EU co-funded R&D projects in the context of authorization, access control and policy specification (RBAC, ABAC/ XACML), authentication and federated identity management (digital certificates X.509v3, PKI/PMI, SSO (SAML)), and security assurance through security service certificates. Related projects OKKAM, ConTur, CUMULUS, ASSERT4SOA, ONE, Marie Curie Fellowship (iAccess).

Involved in different levels of activities:

Management of research and innovation activities in several EU co-funded projects under Horizon 2020, FP7, and FP6;
Expert evaluator for the EC under Horizon Europe and Horizon 2020 of the EU in the areas of Digital Security, Future and Emerging Technologies, and Ethics;
Innovation activities with reference to evaluation of technological solutions for international conferences and journals in the field.

Over the years, I have learned to deliver results under strict deadlines and strong inter-dependencies to other activities, and to adapt and meet professional standards even under changing conditions and priorities.

Please refer to section Projects for a summary of my activities and results per project (chronologically ordered) with references to publications co-authored.

Experience and Skills

Anomaly and intrusion detection in Electric Power and Energy System (EPES) for SCADA protocols Modbus, IEC 60870-5-104 (IEC-104), DNP3, IEC 61850 using ML/deep learning-based models. We achieved an innovation on efficient detection of several attacks, such as false data injection, man in the middle, packet replay/drop, ARP poisoning, and DoS, not only on TCP/IP based Modbus, IEC104 and DNP3 protocols but also on lower layer 2 (of OSI) based protocols such as IEC68150 (GOOSE/SV), Precision Time Protocol, etc. (ref. SDN-microSENSE, ELECTRON).
Knowledge of communication and network protocols, acquired from the analysis and definition of traffic flow telemetry on different OSI layers protocols for the needs of anomaly detection.
Multi-layer security architecture specification from network-layer security to system and application layer security for a comprehensive end-to-end security solution (refer for instance to SerIoT).
Knowledge of IoT device security through low-level mechanisms such as trusted execution environment, root of trust, and isolation (CROSSCON project).
Sandbox-based malware behaviour analysis for Linux and Windows platforms using ML and traces of system calls (ref. YAKSHA project).
Knowledge of vulnerability identification and management. Supervised the involvement and integration of a vulnerability discovery tool, an OpenVAS tool, in the FINSEC project system, from asset inventory integration to vulnerability discovery and reporting.
Models of authorization, access control and trust management (ref. OKKAM, ConTur, MarieCurie iAccess, ONE projects).
Identity management and privacy. Federated Identity Management. Single Sign-On (SSO). Security Assertion Markup Language (SAML) for federated identity information exchange (ConTur).
X.509 certificate standard both identity and attribute certificates for authentication and authorisation. Public-key infrastructure and privilege management infrastructure (PKI/PMI) for user identity and (entity) attribute management in decentralised environments (OKKAM, ConTur, MarieCurie iAccess).

Reviewer Activities

Expert evaluator for the European Commission’s Horizon Europe and H2020 frameworks:

Digital Europe Program 2023: evaluation of proposals under work program DIGITAL-ECCC-2022-CYBER-03 topic Uptake of innovative cybersecurity solutions.
Horizon Europe: EIC TRANSITION as Vice Chair Quality Control (2024, 2023);
Horizon Europe: EIC PATHFINDER OPEN as Vice Chair Quality Control (2024–2021);
Horizon Europe: EIC PATHFINDER CHALLENGES as Vice Chair Quality Control (2022, 2021);
Horizon Europe: Ethics screening of proposals under MSCA and Increased cybersecurity (2023-21);
Horizon 2020: Digital Security Focus Area, Evaluator of proposals for Work Programme 2016-2017;
Horizon 2020: FET-OPEN – Novel Ideas for Radically New Technologies, Evaluator of proposals for Work Programme Year: 2014-2015;
Horizon 2020: Ethics screening of project proposals related to Big Data research (2015-2018), High performance computing (2014), and European research infrastructures (2014-2015).

Journal reviewer:

Computers & Security, Elsevier (2018, 2017, 2016, 2015, 2012).
ACM Transactions on Internet Technology (2016).
Journal of Information Security and Applications, Elsevier (2016).
Service Oriented Computing and Applications, Springer (2016, 2015, 2013, 2011, 2008).
Security and Communication Networks, John Wiley & Sons (2014, 2012, 2011, 2010, 2009).
World Wide Web Journal, Springer (2014).
African Journal of Business Management, AcademicJournals (2013).
Journal of Zhejiang University Science C, Springer (2013).
Simulation Modelling Practice and Theory, Elsevier (2011).
Future Internet, MDPI AG (2011).
IEEE Communications Surveys and Tutorials (2010).
Journal Of Systems and Software, Elsevier (2010).
Journal of Internet Services and Applications, Springer (2010).
Computer Communications, Elsevier (2008).

Program committee member:

International Conference on Information Systems Security and Privacy:
- ICISSP 2019, ICISSP 2018, ICISSP 2017, ICISSP 2016, ICISSP 2015
IFIP International Conference on New Technologies, Mobility and Security:
- NTMS-2019/Security Track, NTMS-2018/Security Track, NTMS-2016/Security Track, NTMS-2015/Security Track, NTMS-2014/Security Track, NTMS-2012/Security Track
International Workshop on Emerging Technologies for Authorization and Authentication:
- ETAA-2018,
International Workshop on Security Engineering for Cloud Computing:
- IWSECC-2019,
IARIA International Conference on Emerging Security Information, Systems and Technologies:
- SECURWARE-2019, SECURWARE-2018, SECURWARE-2017, SECURWARE-2016, SECURWARE-2015, SECURWARE-2014, SECURWARE-2013, SECURWARE-2012, SECURWARE-2011, SECURWARE-2010, SECURWARE-2009, SECURWARE-2008 (Introducing ECOSEC: Ecosystem Security and Trust)
International Conference on Agents and Artificial Intelligence:
- ICAART-2018, ICAART-2017, ICAART-2016
IARIA International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services:
- CENTRIC-2018, CENTRIC-2017, CENTRIC-2016, CENTRIC-2015, CENTRIC-2014, CENTRIC-2013, CENTRIC-2011, CENTRIC-2010, CENTRIC-2009
International ACM Conference on Management of Emergent Digital EcoSystems:
- MEDES 2015, MEDES 2013
International Workshop on Security and Privacy in Model Based Engineering 2015 (SPIE-2015)
3rd International Workshop on Privacy Enhanced Technology and Security Engineering (PETSE 2011).
International Symposium on Service, Security and its Data management technologies in Ubi-com:
- SSDU-10, SSDU-09, SSDU-08
1st International Conference on Digital Businesses (Digibiz-09).
2nd International Conference on Information Security and Assurance / Session on Security & Privacy in Pervasive Computing environments (SPPC-2008).

External reviewer:

European Symposium on Research in Computer Security: ESORICS 2016, ESORICS 2015.
International Conference on Information and Communication Technology Research: (ICTRC-2015).
8th International Workshop on Formal Aspects of Security and Trust (FAST-2011).
International Symposium on Engineering Secure Software and Systems: ESSoS-2010, ESSoS-2009.
5th International Conference on Security and Cryptography (SECRYPT-2010).