Dimitris Mitropoulos

Security Officer @GRNET
Researcher @AUEB

I am the Security Officer of the Greek Research and Technology Network (GRNET) and a Researcher at the Athens University of Economics and Business. I am also a member of ACM, IEEE, SysSec, OWASP, and an official writer for the XRDS: Crossroads blog of ACM.

Previously, I've been a Postdoctoral Researcher at the Network Security Laboratory (NSL) of Columbia University in the City of New York, under the supervision of Prof. Angelos Keromytis. Before that, I finished my PhD in Computer Security at the Athens University of Economics and Business, under the supervision of Prof. Diomidis Spinellis.

Research

My research interests include application and system security, applied cryptography and software engineering. Some selected work of mine involves:

Honors and Awards

  1. Postdoctoral Research Funding Scholarship: Action II. Financed by the Athens University of Economics and Business (AUEB) to support postdoctoral research. Ref. number: EP-2606-01/00-01. November 2016.
  2. Postdoctoral Research Funding Scholarship: Action II. Financed by the Athens University of Economics and Business (AUEB) to support postdoctoral research. Ref. number: EP-2166-01/01-01. July 2014.
  3. LASER Workshop Scholarship. The award was given by the organizing committee of the "Learning from Authoritative Security Experiment Results" (LASER) Workshop 2013. The committee makes available to students a limited number of scholarships to participate in the workshop and present their work (covering registration fee, travel costs and others). October 2013.
  4. Highly Commended Paper Award Winner. The paper “Countering code injection attacks: a unified approach" (Information Management and Computer Security, 19(3):177-194, 2011) was awarded by Emerald publishers with the “Highly Commended Award" distinction. The award was given by the journal’s editorial board to three papers as part of the “Literati Network Awards for Excellence 2012". April 2012.
  5. PhD Scholarship / Research Funding Program: Heracleitus II. Co-financed by the European Union (European Social Fund | ESF) and Greek national funds through the Operational Program "Education and Lifelong Learning" of the National Strategic Reference Framework (NSRF). Ref. number: 4-15-6. September 2010.

Teaching

Currently, I am teaching:

  1. Computer Security (spring semester) at the Department of Informatics and Telecommunications of the National and Kapodistrian University of Athens.
  2. Software Robustness and Security (spring semester) at the Department of Management Science and Technology of the Athens University of Economics and Business, and
  3. Introduction to Computer Science (fall semester) at the Department of Management Science and Technology of the Athens University of Economics and Business,
Previously, I've been an senior instructor for the Coding Bootcamp for Professionals (fall 2016, spring 2017), teaching data structures, concurrent computing and secure programming, and a teaching assistant (TA) for the Information Systems Design and Implementation course of the Department of Management Science and Technology of the Athens University of Economics and Business (fall 2012, 2013).

GSoC I have also served as a mentor for the Google Summer of Code (GSoC) program (2017). Specifically, I have supervised the implementation of a re-encryption mix-net.

Publications

Peer-reviewed Journal Articles

  1. Dimitris Mitropoulos and Diomidis Spinellis. Fatal injection: a survey of modern code injection attack countermeasures. PeerJ Computer Science, 3:e136, November 2017.
  2. Dimitris Mitropoulos, Panos Louridas, Michalis Polychronakis and Angelos D. Keromytis. Defending against Web application attacks: Approaches, challenges and implications. IEEE Transactions on Dependable and Secure Computing, March 2017.
  3. Vaggelis Atlidakis, Jeremy Andrus, Roxana Geambasu, Dimitris Mitropoulos, and Jason Nieh. POSIX has become outdated. USENIX ;login: Magazine. 41(3), Fall 2016.
  4. Dimitris Mitropoulos, Kostantinos Stroggylos, Diomidis Spinellis and Angelos D. Keromytis. How to train your browser: Preventing XSS attacks using contextual script fingerprints. ACM Transactions on Privacy and Security, 19(1):2:1–2:31, August 2016.
  5. Maria Kechagia, Dimitris Mitropoulos and Diomidis Spinellis. Charting the API minefield using software telemetry data. Empirical Software Engineering, 20(6):1785–1830, December 2015.
  6. Vassilios Karakoidas, Dimitris Mitropoulos, Panagiotis Louridas, and Diomidis Spinellis. A type-safe embedding of SQL into Java using the extensible compiler framework J%. Computer Languages, Systems & Structures, 41:1–20, April 2015.
  7. Dimitris Mitropoulos, Vassilios Karakoidas, Panagiotis Louridas, and Diomidis Spinellis. Countering code injection attacks: A unified approach. Information Management and Computer Security, 19(3): 177-194, 2011. Highly Commended Paper Award.
  8. Dimitris Mitropoulos and Diomidis Spinellis. SDriver: Location-specific signatures prevent SQL injection attacks. Computers & Security, 28:121-129, May 2009.

Book Chapters

  1. Dimitris Mitropoulos. Securing software. Encyclopedia of Computer Science and Technology, Second Edition. Edited by Phillip A. Laplante. CRC Press, Taylor and Francis Group, 2016. Print ISBN: 978-1-4822-0819-1, eBook ISBN: 978-1-4822-0822-1.

Peer-reviewed Conference and Workshop Publications

  1. Vaggelis Atlidakis, Jeremy Andrus, Roxana Geambasu, Dimitris Mitropoulos, and Jason Nieh. POSIX abstractions in modern operating systems: The old, the new, and the missing. In Proceedings of the Eleventh European Conference on Computer Systems (EuroSys '16), pages 19:1–19:17. ACM, April 2016.
  2. Vassilios Karakoidas, Dimitris Mitropoulos, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. Generating the blueprints of the Java ecosystem. In MSR '15: Proceedings of the 2015 International Working Conference on Mining Software Repositories, pages 510–513. IEEE Computer Society, May 2015.
  3. Dimitris Mitropoulos, Panagiotis Papadopoulos, Georgios Gousios, Vasilios Karakoidas, Panos Louridas, and Diomidis Spinellis. The vulnerability dataset of a large software ecosystem. In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014), IEEE Computer Society, September 2014.
  4. Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Panagiotis Katsaros, and Sotiris Ioannidis. Securing legacy code with the TRACER platform. In Proceedings of 18th Panhellenic Conference on Informatics, pages 25:1-25:6. ACM, October 2014.
  5. Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, and Panagiotis Katsaros. TRACER: A platform for securing legacy code. In TRUST '14: Proceedings of 7th International Conference on Trust & Trustworthy Computing - Poster Presentation Track, pages 218-219. Springer, June 2014.
  6. Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. The bug catalog of the Maven ecosystem. In MSR '14: Proceedings of the 2014 International Working Conference on Mining Software Repositories, pages 372-365. ACM, May 2014.
  7. Maria Kechagia, Dimitris Mitropoulos, and Diomidis Spinellis. Improving the quality of APIs through the analysis of software crash reports. In 2013 Imperial College Computing Student Workshop, volume 35 of OpenAccess Series in Informatics (OASIcs), pages 57-64, Dagstuhl, Germany, September 2013. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.
  8. Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. Dismal code: Studying the evolution of security bugs. In Proceedings of the LASER Workshop 2013, Learning from Authoritative Security Experiment Results, pages 37-48. Usenix Association, October 2013.
  9. Dimitris Mitropoulos, Georgios Gousios, and Diomidis Spinellis. Measuring the occurrence of security-related bugs through software evolution. In Proceedings of 16th Panhellenic Conference on Informatics, pages 117-122. IEEE Computer Society, October 2012.
  10. Konstantinos Kravvaritis, Dimitris Mitropoulos, and Diomidis Spinellis. Cyberdiversity: Measures and initial results. In Proceedings of 14th Panhellenic Conference on Informatics, pages 135-140. IEEE Computer Society, September 2010.
  11. Dimitris Mitropoulos, Vassilios Karakoidas, and Diomidis Spinellis. Fortifying applications against XPath injection attacks. In Proceedings of the 4th Mediterranean Conference on Information Systems, pages 1169-1179, September 2009.
  12. Dimitris Mitropoulos and Diomidis Spinellis. Countering SQL injection attacks with a database driver. In Proceedings of the 11th Panhellenic Conference on Informatics, volume B, pages 105-115. New Technologies Publications, May 2007.

Technical Reports

  1. Theofilos Petsios, Adrian Tang, Dimitris Mitropoulos, Salvatore J. Stolfo, Angelos D. Keromytis, Suman Jana. Tug-of-War: Observations on unified content handling. Technical Report. CoRR abs/1708.09334 (2017).
  2. Roxana Geambasu, Dimitris Mitropoulos, Simha Sethumadhavan Junfeng Yang, Angelos Stravrou, Dan Fleck, Matthew Elder and Azzedine Benameur. Maintaining Enterprise Resiliency via Kaleidoscopic Adaption and Transformation of Software Services (MEERKATS). Technical Report. Air Force Research Laboratory, Sensors Directorate, Wright-Patterson, Air Force Base, OH 45433-7320, Air Force Materiel Command, United States Air Force. April 2016.

Magazine Articles

  1. Dimitris Mitropoulos. How 1 million app calls can tell you a bit about malware. XRDS: Crossroads, The ACM Magazine for Students, 24(1):17–19, 2017.
  2. Dimitris Mitropoulos. On the evolution of security bugs. XRDS: Crossroads, The ACM Magazine for Students, 21(3):18–19, 2015.
  3. Dimitris Mitropoulos. Security bugs in large software ecosystems. XRDS: Crossroads, The ACM Magazine for Students, 20(2):15-16, 2013.
  4. Dimitris Mitropoulos. Data security in the cloud environment. XRDS: Crossroads, The ACM Magazine for Students, 19(3):11-11, 2013.
  5. Dimitris Mitropoulos. Fatal injection: the server's side. XRDS: Crossroads, The ACM Magazine for Students, 19(2):12-14, 2012.
  6. Dimitris Mitropoulos. How secure is your software? XRDS: Crossroads, The ACM Magazine for Students, 19(1):11-13, 2012.
  7. Dimitris Mitropoulos. Better safe than sorry: Backup your backups. XRDS: Crossroads, The ACM Magazine for Students, 18(2):6-6, 2012.

Projects

Over the years I have beed involved in several EU and US funded R&D projects:

  1. CERTCOOP: Trans-European and Greek CERTs collaboration project. Funded by the European Commision (CEF-TC-2016-3, ref.number: 2016-EL-IA-0123). 2017-Today.
  2. PANORAMIX: Privacy and Accountability in Networks via Optimized Randomized Mix-nets. Funded by the European Commision (HORIZON 2020, ref. number: 653497). 2016-Today.
  3. TREDISEC: Trust-aware, Reliable and Distributed Information Security in the Cloud. Funded by the European Commision (HORIZON 2020, ref. number: 644412). 2016-Today.
  4. Virtual Private Social Networks. Funded by the National Science Foundation — NSF (ref. number: 1318415). 2014-2016.
  5. MEERKATS: Maintaining Enterprise Resiliency via Kaleidoscopic Adaptation and Transformation of Software Services. Funded by the Defense Advanced Research Projects Agency – DARPA (ref. number: FA8650-11-C-7190). 2014-2015.
  6. TRACER: Identifying Software Vulnerabilities and Securing Legacy Systems. Funded by the Greek General Secretariat of Research and Technology (ref. number: 09ΣΥΝ-72-942). 2011-2014.
  7. SOPRANO: Service Oriented Programmable Smart Environments for Older Europeans. Funded by the European Commision (FP6-IST, ref. number: 045212). 2008-2010.
  8. SQO-OSS: Software Quality Observatory for Open Source Software. Funded by the European Commision (FP6-IST, ref. number: 033331). 2007.

Contact

You can reach me via e-mail: dimitro at grnet.gr.
Also, here's my public key.