Hello and welcome to the web page about my research work.

I am currently working as scientific / technical project officer and postdoctoral researcher at the Joint Research Center of the European Commission in Ispra, Italy (site). My research is in information systems security and currently I focus on security in cyber-physical systems (e.g. Smart Grid).

Before I was a postdoctoral researcher in the department of Informatics at Athens University of Economics and Business. I am a member of the Information Security And Critical Infrastructure Protection Research Group (site), which is headed by Professor Dimitris Gritzalis.


Research Interests

  • Information systems security
  • Cyber security
  • Adaptive real-time security
  • Human interaction proofs (CAPTCHA)
  • Model checking of systems and software(SPIN model checker)
  • Probabilistic model checking (PRISM model checker)
  • Security metrics

Publications

Journals

  1. Ntalampiras S., Soupionis Y., Giannopoulos G., "A Fault Diagnosis System For Interdependent Critical Infrastructures Based On HMMs", Reliability Engineering and System Safety, Vol. 138, pp. 73-81, 2015. (open access license)
  2. Tasidou A., Efraimidis P., Soupionis Y., Mitrou L., Katos V., "Privacy-Preserving, User-centric VoIP CAPTCHA Challenges: an Integrated Solution in the SIP Environment", Information and Computer Security, 2015 (to appear)
  3. Soupionis Y., Koutsiamanis A.-R., Efraimidis P., Gritzalis D., "A game-theoretic analysis of preventing spam over Internet Telephony via audio CAPTCHA-based authentication" Journal of Computer Security, Vol. 22, No. 3, pp. 383-413, 2014.
  4. Gritzalis D., Katsaros P., Basagiannis S., Soupionis Y., "Formal analysis for robust anti-SPIT protection using model-checking", International Journal of Information Security, Vol. 11, No. 2, pp. 121-135, 2012 (authors in seniority order).
  5. Gritzalis D., Marias G., Rebahi Y. Soupionis Y., Elhert S., "SPIDER: A platform for managing SIP-based Spam over Internet Telephony (SPIT)", Journal of Computer Security, Vol. 19, No. 5, pp. 835-867, 2011.
  6. Soupionis Y., Gritzalis D., "Audio CAPTCHA: Existing solutions assessment and a new implementation for VoIP telephony", Computers & Security, Vol. 29, No. 5, pp. 603-618, 2010.
  7. Gymnopoulos L, Tsoumas V., Soupionis Y., Gritzalis S., "A Generic Grid Security Policy Reconciliation Framework", Internet Research, Emerald Group Publishing Limited, 2005 Volume: 15, Issue: 5, Page: 508 - 517.

Conferences / Workshops / Symposiums

  1. Soupionis Y., Benoist T., "Cyber attacks in Power Grid ICT systems leading to financial disturbance", in Proc. of the 9th International Conference on Critical Information Infrastructures Security (CRITIS-2014), Springer, Cyprus, October 2014 (to appear).
  2. Soupionis Y., Ntalampiras S., Giannopoulos G., "Faults and Cyber Attacks Detection in Critical Infrastructures", in Proc. of the 9th International Conference on Critical Information Infrastructures Security (CRITIS-2014), Springer, Cyprus, October 2014 (to appear).
  3. Soupionis Y., Benoist T., "Demonstrating Cyber-attacks impact on Cyber-Physical simulated environment", in Proc. of the ACM/IEEE 5th International Conference on Cyber-Physical Systems (ICCPS-2014), Demo section, Berlin, April 2014.
  4. Gritzalis D., Katos V., Katsaros P., Soupionis Y., Psaroudakis J., Mentis A., "The Sphinx enigma in critical VoIP infrastructures: Human or botnet?", in Proc. of the 4th International Conference on Information, Intelligence, Systems and Applications (IISA-2013), IEEE Press, Greece, July 2013.
  5. Soupionis Y., Galbusera L., Ntalampiras S., Siaterlis C., Giannopoulos G., "Assessing interdependencies of energy and ICT infrastructure on realistic topologies using experimental facilities and high level models", Forschung und Innovation, Herausforderungen durch die Energiewende, 10.12.2013, Vienna, Austria (invited)
  6. Stachtiari E., Soupionis Y., Katsaros P., Mentis A., Gritzalis D., "Probabilistic model checking of CAPTCHA admission control for DoS resistant anti-SPIT protection", in Proc. of the 7th International Conference on Critical Information Infrastructures Security (CRITIS-2012), pp. 143-154, Springer (LNCS 7722), Norway, September 2012.
  7. Soupionis Y., Kandias M., "Web services security assessment: An authentication-focused approach", in Proc. of the 27th IFIP International Information Security and Privacy Conference,pp. 561-566, Gritzalis D., et al (Eds.), Springer (AICT 376), June 2012.
  8. Tassidou A., Efraimidis P., Soupionis Y., Mitrou L., Katos V., "User-centric privacy-preserving adaptation for VoIP CAPTCHA challenges", in Proc. of the 6th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2012), Furnell S., et al. (Eds.), Greece, June 2012.
  9. Soupionis Y., Gritzalis D., "ASPF: An adaptive anti-SPIT policy-based framework", in Proc. of the 6th International Conference on Availability, Reliability and Security (ARES-2011), Pernul G., et al. (Eds.), pp. 153-160, Austria, August 2011.
  10. Soupionis Y., Basagiannis S., Katsaros P., Gritzalis D., "A formally verified mechanism for countering SPIT", in Proc. of the 5th International Conference on Critical Information Infrastructure Security (CRITIS-2010), Xenakis C., Wolthusen S. (Eds.), Springer, Greece, September 2010.
  11. Gritzalis D., Soupionis Y., "Human or Bot? Let an audio CAPTCHA decide", in Proc. of the 4th Workshop on Practical Aspects of Security (PRACSE '09), Dimitriou T. (Ed.), Athens, June 2009 (invited).
  12. Soupionis Y., Tountas G., Gritzalis D., "Audio CAPTCHA for SIP-based VoIP", in Proc. of the 24th International Information Security Conference (SEC-2009), pp. 25-38, Gritzalis D., Lopez J. (Eds.), IFIP AICT 297, Springer, Cyprus, May 2009.
  13. Soupionis Y., Dritsas S., Gritzalis D., "An adaptive policy-based approach to SPIT management", in Proc. of the 13th European Symposium on Research in Computer Security (ESORICS 2008), Lopez J., Jajodia S. (Eds.), pp. 446-460, Springer, Malaga, October 2008.
  14. Dritsas S., Soupionis Y., Theoharidou M., Mallios J., Gritzalis D., "SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned", in Proc. of the IFIP 23st International Information Security Conference (SEC-2008), pp. 381-395, Springer, Milan, Italy, September 2008.
  15. Gritzalis D., Theoharidou M., Soupionis Y., "VoIP spam: Trends and perspectives", 2nd Workshop on Practical Aspects of Security (PRACSE '07), Athens.
  16. Gymnopoulos L, Tsoumas V., Soupionis Y., Gritzalis S., "Enhancing Security Policy Negotiation in the GRID", in Proceedings of the Fifth International Network Conference, Samos, Greece, 5-7 July 2005, pp. 175-182, Plymouth: University of Plymouth.

Book Chapters

  1. Marias G., Theoharidou M., Soupionis Y., Ehlert S., Gritzalis D., "SIP vulnerabilities for SPIT, SPIT identification criteria and anti-SPIT mechanisms evaluation framework", in IP Handbook: Services, Technologies, and Security of Session Initiation Protocol, Ilyas M., Ahson S. (Eds.), CRC Press, USA, 2008.

Book Reviews

  1. Soupionis Y., Gritzalis D., Review of "Hacking VoIP: Protocols, Attacks and Countermeasures" (authored by D. Himanshu, No Starch Press, USA, 2008), Computers & Security, 2012 (to appear).

Invited Talks

  1. Soupionis Y. "SPHINX: Robust Web Services Telling Human and Machine apart with Interactive Audio Proofs", 16th Panhellenic Conference on Informatics (PCI 2012), October 2012.

Technical Reports

  1. Soupionis Y., Benoist T., "Cyber-Physical working prototype for assessing cyber-security", Ispra (Italy): Joint Research Centre; 2014. JRC92418
  2. Soupionis Y., Benoist T., "Designing a cyber-physical system for security assessment purposes", Ispra (Italy): Joint Research Centre; 2014. JRC90242
  3. Benoist T., Charonitakis G., Soupionis Y., "On PRIAM, a proof of concept of a communication middleware for cyber-exercises", Ispra (Italy): Joint Research Centre; 2014. JRC86772
  4. Genge B., Soupionis Y., Siaterlis C., "Enhancing EXITO for simulation-driven training and exercises of human actors in Critical Infrastructures", Ispra (Italy): Joint Research Centre; 2014. JRC85007
  5. Siaterlis C., Benoist T., Karopoulos G., Perez-Garcia A., Soupionis Y., , "Alternative approaches for cyber-security exercises ", Ispra (Italy): Joint Research Centre; 2014. JRC83613
  6. Soupionis Y., Marias G., Ehlert S., Rebahi Y., Dritsas S., Theoharidou M., Tountas G., Gritzalis D., Bergmann A., Golubenco T., Hoffmann M., "SPIDER Final Report", Technical Report SPIDER-D4.2, Nov. 2008.

Projects

Critical Infrastructure Protection - Cyber Physical Systems (CIP-CPS) (site)

  • Study on the impact of cyber network events on physical systems at a macroscopic level with examples of application to the power grid.
  • Study on the resilience of networked cyber-physical systems. To improve understanding of the behaviour and vulnerabilities of complex cyber-physical networked systems by carrying out exercises and studies using the EPIC facility, which enables simulation of physical systems to be combined with emulation of the IT control systems linked to them.

SFINX - Robust web services: Telling Humans and Computers apart by interactive audio proofs (site)

  • In-charge of the design and implememention of few software modules, leading a team of 5 researchers from 3 universities.
  • Funded by European Union and the Hellenic General Secretariat for Research and Technology.

SPAM over Internet Telephony Detection Service (SPIDER- COOP-32720) (site)

  • Responsible for designing and implementing the main module of the project.
  • A.U.E.B. team representative in project meetings (Barcelona, Berlin,etc.).
  • Responsible for managing project deliverables.

eClass - Asynchronous E-learning Platform" (2008-2009) (site)

  • Responsible for the security evaluation and customization of the university's e-learning platform.

Research projects and studies in the fields of Risk Management and Infrastructure Protection

  • On behalf of clients such as the General Secretariat of Social Security (Ministry of Employment and Social Protection) and the Peloponnese Regional Health Administration.

Education

  • PhD in information systems security, Athens University of Economics and Business.
    PhD Thesis "SPAM prevention in VoIP networks via security policies and audio CAPTCHA".
    (PhD thesis in greek) (Presentation in english)
  • MSc in Information Systems, Athens University of Economics and Business.
    Master Thesis "Management of security policies in Grid Computing".
  • BSc in Informatics and Telecommunications, National University of Athens.
    Dissertation "Study and Implementation of Control System of Network Services".

Awards

  • The HRAKLEITOS II scholarship for my PhD thesis in the areas of network security and information security management, granted by the Greek Ministry of Education and National Strategic Reference Framework (European Union Funds).

Teaching

Teaching at A.U.E.B.:

  • Adjunct lecturer in "Information systems audit" course - MSc in Information Systems (2013).
  • Teaching assistant in "Information systems security" course - undergraduate studies 6th semester (2007-2010).
  • Teaching assistant in "Information theory" course - undergraduate studies 8th semester (2007).
  • Supervisor of assignments and lab instructor in "Introduction to computer science" course - undergraduate studies 1st semester (2008-2010).
  • Co-supervisor in two (2) B.Sc. dissertations and four (4) M.Sc. theses.

Contact information

Postal address
Joint Research Center
European Commission
Enrico Fermi 2749 - TP210
Ispra (VA), I-21021
Italy

fax: +30 211 770 7074
email: jsoup_at_aueb_dot_gr
            yannis_dot_soupionis_at_jrc_dot_ec_dot_europa_dot_eu
           (replace _at_ , _dot_ )