Recent

Publications on Google Scholar

 

Books

  • M. Schumacher, E. B.Fernandez, D. Hybertson,  F. Buschmann, and P. Sommerlad, Security Patterns: Integrating security and systems engineering”,  Wiley 2006. Wiley Series on Software Design Patterns.
  • E.B.Fernandez, E. Gudes, and M. Olivier, The design of secure systems, under contract with Addison-Wesley.
  • E.B.Fernandez, “Security patterns in practice: Building secure architectures using software patterns”, Wiley Series on Software Design Patterns, 2013.

 

Journal papers

  • Santiago Moral-García, Santiago Moral-Rubio, E.B. Fernandez, E. Fernandez-Medina, “Enterprise Security Pattern: A New Type of Security Pattern”, accepted for Security and Communication Networks (ISI)
  • S. Moral-Garcia, S. Moral-Rubio, E. B. Fernandez, and E. Fernandez-Medina “Enterprise Security Pattern: A Model-Driven Architecture Instance”, The Journal of Computer Standards & Interfaces ( Special Issue on Security in Information Systems), vol. 36, No 4,748-758, 2014. (Elsevier).  (SCOPUS)
  • A. Uzunov and E.B.Fernandez, “An Extensible Pattern-based Library and Taxonomy of Security Threats for Distributed Systems”- Special Issue on Security in Information Systems of the Journal of Computer Standards & Interfaces.  (SCOPUS) http://dx.doi.org/10.1016/j.csi.2013.12.008
  • Keiko Hashizume, David G. Rosado, Eduardo Fernández-Medina, Eduardo B. Fernandez “An Analysis of Security issues for Cloud Computing”, Journal of Internet Services and Applications 2013, 4:5 (27 February 2013) (SCOPUS)
  •  E.B.Fernandez and Xiaohong Yuan, “Semantic analysis patterns and secure semantic analysis patterns”, in revision for the Int. Journal of Information and Computer Security (IJICS). Inderscience Publishers.
  •  Anton V. Uzunov, E.B.Fernandez, and K. Falkner, “Engineering Security into Distributed Systems: A Survey of Methodologies”,  Journal of Universal Computer Science,  Vol. 18, No. 20, 2013, pp. 2920-3006. (ISI) http://www.jucs.org/jucs_18_20/engineering_security_into_distributed
  •  E.B. Fernandez, David La Red Martinez, and J. I. Pelaez, “A conceptual approach to voting based on patterns”, Government Information Quarterly.  30 (2013), 64-73 (ISI, Impact factor: 1.425.)
  •  A.V. Uzunov, E.B. Fernandez & K. Falkner (2012), “Securing distributed systems using patterns: A survey”, Computers & Security, 31(5), 681 – 703. (ISI, IF= 0.868)) doi:10.1016/j.cose.2012.04.005
  •  Eduardo B. Fernandez, “Editorial: Introduction to the Special Issue on Recent Advances in Web Services”, Future Internet 2012, 4(3), 618-620; doi:10.3390/fi4030618 http://www.mdpi.com/1999-5903/4/3/618/
  •  E.B.Fernandez, O.Ajaj, I.Buckley, N.Delessy-Gassant, K.Hashizume, M.M. Larrondo-Petrie, “ A Survey of Patterns for Web Services Security and Reliability Standards”. Future Internet 2012, 4, 430-450. http://www.mdpi.com/1999-5903/4/2/430/
  •  E.B.Fernandez and Sergio Mujica, “Model-based development of security requirements”, CLEI (Latin-American Center for Informatics Studies) Journal. Vol. 14, No 3, paper 2, December 2011 Special issue of best papers presented at SCCC 2010, Antofagasta, Chile
  •  A. Marcus, M. Cardei, I. Cardei, E. Fernandez, F. Frati, E. Damiani, “A Pattern for Web-based WSN Monitoring” , Journal of Communications , Special Issue on New Advances in Wireless Sensor Networks Vol 6, No 5,  393-399, Aug 2011. http://ojs.academypublisher.com/index.php/jcm/issue/view/289
  • D. L. La Red, J.I. Peláez, J.M. Doña, and E.B. Fernández, “WKC-OWA, a new neat-OWA operator to aggregate information in democratic decision problems”,  International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems (IJUFKS). Volume No.19, No. 5. 759-779, DOI: 10.1142/S0218488511007222. (ISI)
  • Xiaohong Yuan and E. B. Fernandez, ” Patterns for Business-to-Consumer E-Commerce Applications”, International Journal of Software Engineering & Applications (IJSEA), vol. 2 No 3, July 2011, 1-20, http://airccse.org/journal/ijsea/papers/0711ijsea01.pdf
  •  Juan C. Pelaez and Eduardo B. Fernandez, “Network Forensics Models for Converged Architectures”, Int. Journal on Advances in Security, IARIA, 2010, vol. 3 No 1 & 2, 2010. http://www.iariajournals.org/security/tocv3n12.html
  •  A. Agarwal and E.B. Fernandez, “System Level Power Management for Embedded RTOS: an Object-Oriented Approach”, International Journal of Engineering (IJE) , Vol. 3, No 5, 2010
  •  J. Pelaez, E.B.Fernandez, and M.M. Larrondo-Petrie, “Misuse patterns in VoIP”,  Security and Communication Networks Journal. Wiley, vol. 2, No 2, 635-653, published online: 15 Apr 2009 http://www3.interscience.wiley.com/journal/122324463/abstract   http://onlinelibrary.wiley.com/doi/10.1002/sec.105/pdf   (ISI)
  • M. VanHilst, E.B.Fernandez, and F. Braz, “A multidimensional classification for users of security patterns”,  Journal of Research and Practice in Information Technology, vol. 41, No 2, May 2009, 87-97.  (ISI)
  •  E.B.Fernandez, J.C. Pelaez,  and M.M. Larrondo-Petrie, “Security patterns for voice over IP networks”,  Journal of Software, Vol. 2, No 2, August 2007, 19-29(http://www.academypublisher.com/jsw)
  •  B. Wu, J. Wu, E.B.Fernandez, M. Ilyas, and S. Magliveras, “Secure and efficient key management in mobile ad hoc networks“, Journal of Network and Computer Applications, vol. 30, 2007, 937-954.

  

Book chapters (refereed)

  •  Keiko Hashizume, Nobukazu Yoshioka, Eduardo B. Fernandez, “Three misuse patterns for Cloud Computing”, in Security Engineering for Cloud Computing: Approaches and Tools , edited by David Garcia Rosado and Eduardo Fernandez-Medina, IGI Global. 2012
  •  M. VanHilst and E.B.Fernandez, “A Construct Grid Approach to Security Classification and Analysis”,  in “Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions “, Manish Gupta, John Walp, and  Raj Sharman., IGI Global 2011.

 

Book chapters (by invitation)

  •  E.B.Fernandez, “Security in Data Intensive Computing Systems”, chapter in the Handbook of Data Intensive Computing, B. Furht and A. Escalante (Eds.)
  •  E. B. Fernandez, “Wireless network security for health applications”, Chapter 15 in the “Pervasive Communication Handbook”, S. Shah, M. Ilyas, H.T. Mouftah (Eds.), CRC Press 2012.

 

Conference papers

 2014

  •  E. B. Fernandez, Raul Monge, and Rene Carvajal, “A pattern for a secure and safe port loading facility”, was accepted for the 10th Latin American Conference on Pattern Languages of Programs – SugarLoafPLoP 2014.
  •  Ali Alkazimi and E.B.Fernandez, “Change Cipher Specification Message Drop Attack: A Misuse Pattern for the SSL/TLS Server Authentication Handshake Protocol”, was accepted for the 10th Latin American Conference on Pattern Languages of Programs – SugarLoafPLoP 2014.
  •  E.B.Fernandez and M. VanHilst, ”The Secure Domain Name System pattern”, 21st Conf. on Pattern Languages of Programs (PLoP 2014)
  •  Ali Alkazimi and E.B.Fernandez. ”Cipher Suite Rollback Attack: A Misuse Pattern for TLS Server Authentication Handshake Protocol”,  21st Conf. on Pattern Languages of Programs (PLoP 2014)
  •  E. B. Fernandez, Hernan Astudillo, Gilberto Pedraza-Garcia, Revisiting architectural tactics for security, Procs. LACCEI , July 2014
  •  E.B.Fernandez and Sergio Mujica, “From domain models to secure and compliant applications”, Procs.12th LACCEI
  •  O. Encina, E. B. Fernandez and R. Monge, “Threat analysis and misuse patterns of federated Inter-Cloud systems”. Proceedings of 19th European Conference on Pattern Languages of Programs, Germany, July 2014.
  •  E.B.Fernandez, R. Monge, R. Carvajal, O Encina, J. Hernandez, and P. Silva, R.”Patterns for Content-Dependent and Context-Enhanced Authorization”. Proceedings of 19th European Conference on Pattern Languages of Programs, Germany, July 2014.
  •  E. B.Fernandez, Nobukazu Yoshioka, Hironori  Washizaki, and Joseph Yoder, “Abstract security patterns for requirements specification and analysis of secure systems”, Procs. of the WER 2014 conference, a track of the  17th Ibero-American Conf. on Soft. Eng.(CIbSE 2014), Pucon, Chile, April 2014
  •  René Noël, Gilberto Pedraza-García Hernán Astudillo, E. B.Fernández,, “An Exploratory Comparison of Security Patterns and Tactics to Harden Systems”, Procs. of the  ESELAW 2014 conference, a track of the  17th Ibero-American Conf. on Soft. Eng.(CIbSE 2014)
  •  Oscar Encina, E.B. Fernandez, and Raúl Monge, “Towards Secure Inter-Cloud Architectures”. Proceedings of Nordic pattern conference on Pattern Languages of Programs, Sagadi Manor, Estonia, April 2014.
  •  E.B. Fernandez and R. Monge, “A Security Reference Architecture for Cloud Systems”, Procs. of  the Workshop on Dependable and Secure Cloud Computing Architecture (DaSCCA), part of  the Working IEEE/IFIP Conference on Software Architecture (WICSA) 2014.
  •  A. Uzunov, K. Falkner, and E. B. Fernandez, “ A comprehensive pattern-driven  security methodology for distributed systems”, Procs. of  the Australasian Software Engineering Conference (ASWEC2014), Sydney, Australia, April 2014. 
  •  E. B. Fernandez, Nobukazu Yoshioka, and Hironori Washizaki, “Patterns for cloud firewalls”,  Procs. of AsianPLoP (Pattern Languages of Programs) 2014, Tokyo, Japan, March 2014.
  •  E. B. Fernandez and S. Mujica, “Two patterns for HIPAA regulations”, Procs. of AsianPLoP (Pattern Languages of Programs) 2014, Tokyo, Japan, March 2014.
  •  Oscar Encina, E.B. Fernandez, and Raúl Monge, “A misuse pattern for Denial-of-Service  in federated Inter-Clouds”,   Procs. of AsianPLoP (Pattern Languages of Programs) 2014, Tokyo, Japan, March 2014.

  2013

  • O. Ajaj and E. B. Fernandez, ” A pattern for the WS-Federation standard for web services”, 20th Conf. on Pattern Languages of Programs (PLoP 2013)
  •  E.B. Fernandez, Raul Monge, and Keiko Hashizume, “Two patterns for cloud computing: Secure Virtual Machine Image Repository and Cloud Policy Management Point”20th Conf. on Pattern Languages of Programs (PLoP 2013)
  •  Antonio Maña, E.B. Fernandez, Jose Ruiz, and Carsten Rudolph, “Towards Computer-based Security Patterns”20th Conf. on Pattern Languages of Programs (PLoP 2013)
  •   Fabricio Braz, E.B. Fernandez, and Diogo C. Rispoli, “Transaction Authentication pattern”,  MiniPLoP Brazil 2013 (Latin American Mini Conference on Pattern Languages of Programming), Brasília, Brazil, September 28, 2013
  •  Anton V. Uzunov, Katrina Falkner, Eduardo B. Fernandez , “Distributed Software Architectures for the Determination and Incorporation of Security and Other Non-Functional Requirements”, 22nd Australasian Software Engineering Conference (ASWEC 2013), Melbourne, Australia, 4-7 June 2013

 2012

  •  Keiko Hashizume, E.B.Fernandez, and Maria M. Larrondo-Petrie, “A pattern for Software-as-a-Service in Clouds”,  RISE’12,Workshop on Redefining and Integrating Security Engineering, part of the ASE Int. Conf. on Cyber Security, Washington, DC, December 12-14 (http://www.securityengineeringforum.org/rise12)
  •  E B. Fernandez, Ernest Alder, Richard Bagley, and Swati Paghdar,  “A Misuse Pattern for Retrieving Data from a Database Using SQL Injection” , RISE’12,Workshop on Redefining and Integrating Security Engineering, part of the ASE Int. Conf. on Cyber Security, Washington, DC, December 12-14 (http://www.securityengineeringforum.org/rise12)
  •  E.B. Fernandez and A.V. Uzunov, “Secure middleware patterns”, 4th International Symposium on Cyberspace Safety and Security (CSS 2012), Melbourne, Australia, Dec. 12-13, 2012.
  •  Ola Ajaj and Eduardo B. Fernandez, “A pattern for the WS-SecureConversation standard for web services”,   19th. Int. Conference on Pattern Languages of Programs (PLoP2012).
  •  Keiko Hashizume, Eduardo B. Fernandez, Maria M. Larrondo-Petrie, “Cloud Service Model Patterns”,   19th. Int. Conference on Pattern Languages of Programs (PLoP2012).
  •  Ajoy Kumar and E.B. Fernandez, “A Security Pattern for the Transport Layer Security (TLS) Protocol”,  19th. Int. Conference on Pattern Languages of Programs (PLoP2012).
  •  Ingrid Buckley and E.B.Fernandez, “Failure patterns: A new way to analyze failures”, First International Symposium on Software Architecture and Patterns in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, July 23-27, 2012, Panama City, Panama
  •  Kaivan Kaighovadi and E.B.Fernandez, “A pattern for the Secure Shell protocol”, First International Symposium on Software Architecture and Patterns, in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, July 23-27, 2012, Panama City, Panama
  •  Ajoy Kumar and E.B.Fernandez, “Security patterns for Intrusion Detection Systems”, First International Symposium on Software Architecture and Patterns in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, July 23-27, 2012, Panama City, Panama
  •  N. Delessy and E.B. Fernandez,  “The Secure MVC pattern”, First International Symposium on Software Architecture and Patterns, in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, July 23-27, 2012, Panama City, Panama.
  •  E.B. Fernandez and H. Astudillo, “Should we use tactics or patterns to build secure systems?”,  First International Symposium on Software Architecture and Patterns, in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, July 23-27, 2012, Panama City, Panama
  •  K. Hashizume, E. B. Fernandez, M. Larrondo-Petrie, Cloud Infrastructure Pattern, First International Symposium on Software Architecture and Patterns, in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, July 23-27, 2012, Panama City, Panama
  •  Ola Ajaj and E.B. Fernandez,”Adding Security to BPEL Workflows of Web Services”, Procs. of  8th International Conference on Innovations in Information Technology (IIT’12). March 18-20, 2012, Al Ain, UAE

 2011

  •  Ingrid Buckley and Eduardo B. Fernandez, “Enumerating software failures to build dependable distributed applications”, Procs. of the 13th IEEE Int.High Assurance Systems Engineering Symposium (HASE 2011), Boca Raton, Nov. 10-12.
  •  Ingrid Buckley, Eduardo Fernandez, Marco Anisetti, Claudio A. Ardagna, Masoud Sadjadi, and Ernesto Damiani, “Towards Pattern-based Reliability Certification of Services, Procs. 1st International Symposium on Secure Virtual Infrastructures (DOA-SVI’11), 17-19 Oct. 2011, Crete, Greece, Vol. 7045 Springer Lecture Notes in Computer Science.
  • Eduardo B. Fernandez, Nobukazu Yoshioka, and Hironori Washizaki “Two patterns for distributed systems: Enterprise Service Bus (ESB) and Distributed Publish/Subscribe”, 18th Conference on Pattern Languages of Programs (PLoP 2011)
  •  Zhen Jiang, E.B.Fernandez, and L. Cheng, “P2N: A pedagogical pattern for teaching computer programming to non-CS majors”, 18th Conference on Pattern Languages of Programs (PLoP 2011)
  •  Keiko Hashizume, Eduardo B. Fernandez, and Nobukazu Yoshioka, “Misuse patterns for cloud computing: Malicious virtual machine creation””, Procs. of the Twenty-Third International Conference on Software Engineering and  Knowledge Engineering (SEKE 2011), Miami Beach, USA, July 7-9, 2011,  (Acceptance rate: 31%)
  •  Carolina Marin, E.B.Fernandez, and Maria M. Larrondo-Petrie, “Secure location-based service for social networks”, 9th Latin American and Caribbean Conference (LACCEI’2011).
  •  E. B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, and Michael VanHilst, “An approach to model-based development of secure and reliable systems”, Sixth International Conference on Availability, Reliability and Security (ARES 2011), August 22-26, Vienna, Austria.  (Acceptance rate: 25%).
  •  Ingrid Buckley, Eduardo B. Fernandez, and Maria M. Larrondo-Petrie, “Patterns Combining Reliability and Security”, Procs. of  PATTERNS 2011: The Third International Conferences on Pervasive Patterns and Applications, September 25-30, 2011 – Rome, Italy  http://www.iaria.org/conferences2011/SubmitPATTERNS11.html
  •  K. Hashizume, N. Yoshioka, and E.B.Fernandez, “Misuse Patterns for Cloud Computing”, Procs. of Asian PLoP 2011.
  •  Mihaela Cardei, E. B.Fernandez, Anupama Sahu, and Ionut Cardei, “A pattern for Wireless System Architectures”, Procs. of Asian PLoP 2011.
  •  E.B.Fernandez , Sergio Mujica, and Francisca Valenzuela, “Two security patterns: Least Privilege and Security Logger/Auditor.”, Procs. of Asian PLoP 2011.
  •  Jaime Muñoz-Arteaga, E.B. Fernandez, and Hector Caudel, “Misuse pattern: Spoofing web services”, Procs. of Asian PLoP 2011.
  •  Jaime Muñoz-Arteaga, Eduardo B. Fernandez, René Santaolaya-Salgado, “Interaction Patterns for Designing Visual Feedback in Secure Websites”, Fourth International Conference on Advances in Computer-Human Interactions (ACHI 2011), IARIA, February 23-28, 2011, Gosier, Guadeloupe, France, 95-100.