PhD Thesis

Journals

1. Katos, V., Stowell, F., Bednar, P. "Macroeconomics of privacy and security for identity management and surveillance", Kybernetes, 42(1), 2013, pp.140 - 163. [doi]

   Purpose – The purpose of this paper is to develop an approach for investigating the impact of surveillance technologies used to facilitate security and its effect upon privacy. Design/methodology/approach – The authors develop a methodology by drawing on an isomorphy of concepts from the discipline of Macroeconomics. This proposal is achieved by considering security and privacy as economic goods, where surveillance is seen as security technologies serving identity (ID) management and privacy is considered as being supported by ID assurance solutions. Findings – Reflecting upon Ashby’s Law of Requisite Variety, the authors conclude that surveillance policies will not meet espoused ends and investigate an alternative strategy for policy making. Practical implications – The result of this exercise suggests that the proposed methodology could be a valuable tool for decision making at a strategic and aggregate level. Originality/value – The paper extends the current literature on economics of privacy by incorporating methods from macroeconomics.

2. Shiaeles S., Katos V., Karakos A., Papadopoulos B. Real Time DDoS Detection Using Fuzzy Estimators. Computers and Security, 31, 2012, pp. 782-790.[pdf]

   We propose a method for DDoS detection by constructing a fuzzy estimator on the mean packet inter arrival times. We divided the problem into two challenges, the first being the actual detection of the DDoS event taking place and the second being the identification of the offending IP addresses. We have imposed strict real time constraints for the first challenge and more relaxed constraints for the identification of addresses. Through empirical evaluation we confirmed that the detection can be completed within improved real time limits and that by using fuzzy estimators instead of crisp statistical descriptors we can avoid the shortcomings posed by assumptions on the model distribution of the traffic. In addition we managed to obtain results under a 3 second detection window.

3. Karayanni, S., Katos, V., Georgiadis, C. A framework for password harvesting from volatile memory. Int. Journal of Electronic Security and Digital Forensics, 4(2/3), 2012, pp. 154-163.[pdf]

   In this paper, we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is terminated but the computer is still operating, the respective data are more likely to be lost. Therefore, capturing the memory could be as critical on a switched off system as on a running one.

   • Press: "Pulling the plug on RAM loophole", Science Omega
4. Katos, V. "An integrated model for online transactions: Illuminating the black box". Information Management and Computer Security, 20(3), 2012, pp. 184-206.

   Purpose – The purpose of this paper is to develop a model for online transactions, integrating the social influence approach, the trust-risk framework, and the theory of reasoned action, and test it in a non US/UK context such as Greece. Design/methodology/approach – Structural equation modeling was used to survey data from 376 household respondents from two residential departments of the city of Thessaloniki in Greece in order to examine causal inferences. Findings – The results of the model, where the trust-risk-subjective norms framework mediated the impact of information privacy on actual transactions, indicated that the individual’s attitude toward using technology, through the intention to submit individual information, resulted in positive actual transaction outcomes. Research limitations/implications – Cross-section data was used for testing the model. However, for properly investigating causality time-series or longitudinal data should be employed. Practical implications – For increasing online transactions, organizations should make their websites as simple and attractive as possible, develop their image that they do care about customers and are trustworthy, and develop privacy-friendly policies for gaining competitive advantage. Originality/value – This study proposes and empirically validates an integrative framework for online transactions at the individual level by adapting information privacy concerns and trust-risk-subjective norm beliefs and relating them to attitudes of individuals. Thus, the proposed integrative framework is critically engaging well established but of limited information models.

5. Spyridopoulos, T., Katos, V. "Requirements for a forensically ready cloud storage service". Int. Journal of Digital Crime and Forensics, 3(3), 2011, pp.19-3[pdf]

   This paper examines the feasibility of developing a forensic acquisition tool in a distributed file system. Using GFS and KFS distributed file systems as vehicles and through representative scenarios we develop forensic acquisition processes and examine both the requirements of the tool and the distributed file system must meet in order to facilitate the acquisition. We conclude that cloud storage has features that could be leveraged to perform acquisition (such as redundancy and replication triggers) but also maintains a complexity, which is higher than traditional storage systems leading to a need for forensic-readiness-by-design.

6. Aggelis, A., Sarris, E., Katos, V. "A location privacy extension for DVB-RCS". Radioengineering Journal, 20(1), 2011, pp.151-158 [pdf]

   In this paper we studied the DVB-RCS (Return Channel through Satellite) standard from a privacy perspective and proposed an approach to incorporate a location privacy enhancing mechanism into the standard. Offering location based privacy in DVB-RCS communication is a challenge as the location of a satellite terminal must be revealed to the network operator of the DVB-RCS network for technical and administrative reasons. We proposed an approach of cloaking the location by manipulating its accuracy whilst maintaining the operability and integrity of the communications system. In addition we implemented a proof of concept technique utilizing the theoretical findings of this work on a real DVB-RCS system, presenting the methodology along with the tools used and the experimental results.

7. Kavallaris, T., & Katos, V. "On the detection of pod slurping attacks". Computers & Security, 29(6), September 2010, pp. 680-685. [doi:10.1016/j.cose.2010.01.002]

   Time is recognised to be a dimension of paramount importance in computer forensics. In this paper, we report on the potential of identifying past pod slurping type of attacks by constructing a synthetic metric based on information contained in filesystem timestamps. More specifically, by inferring the transfer rate of a file from last access timestamps and correlating that to the characteristic transfer rate capabilities of a suspicious USB found in the Windows registry, one could assess the probability of having suffered an unauthorised copy of files. Preliminary findings indicate that file transfer rates can be associated with the make and model of the USB storage device and give supporting information to the forensic analyst to identify file leakages.

   • Press: "USB fingerprints identify 'pod slurping' data thieves", New Scientist
8. Katos, V. An integrated model for online transactions: Methodological Issues and Challenges. Methodological innovations, 4(3), 2009, pp. 27-40.[pdf]

   The purpose of this paper is to present a theoretical model that is based on the overall framework of the technology acceptance models and the concern for information privacy models, to better understand the linkages between the determinants of online transactions in information systems research. Emphasising on the methodological issues used in IS research, the proposed integrated model is focusing on the mediating variables, or the so-called ‘black box’, referring to the relationships between the primary independent and dependent variables, in online transactions. As such in this paper we attempt to fuse acknowledged technology acceptance models with information security and privacy models by proposing a general model which will enable the empirical validation and study of the factors that influence the users’ attitudes toward online transactions. The factors are represented in the model by variables (independent or mediating) and the analysis is proposed to be based on statistical techniques such as structural equation modelling. Since at this current stage the model is formed on a theoretical basis, we consider all mediating variables to be contained in a black box. Challenges such as the number of sub-boxes included in the linear causal process in a black box and what should be included in a sub-box are discussed.

9. Katos, V., Stowell, F. and Bednar, P. From synergy to symbiosis: new directions in security and privacy? Int. J. of Information Technologies and Systems Approach, 2(2),2009, pp.1-14.

   The objective of this paper reflects upon the isomorphic relationship between ideas across disciplines. In this instance we are considering the value of a well established methodology, cross methodology, adopted from macroeconomics and ideas from political science. The cross methodology is used as a means of considering if the relationship between data collected for security proposes and individual privacy. We argue that this relationship is moving towards a symbiotic relationship and away from a synergistic one. In the paper we present a model which we transform using system thinking and applying it within the context of security and privacy at the strategic level. The paper is about the relationship between security, information and control and the effect that increased surveillance has upon individual privacy and freedom.

10. Bednar, P. Katos, V., Hennell, C. On the complexity of collaborative cyber crime investigations. Digital Signature and Law Review, Vol.6,2009, pp.214-219.

    This paper considers the challenges faced by digital evidence specialists when collaborating with other specialists and agencies in other jurisdictions when investigating cyber crime. The opportunities, operational environment and modus operandi of a cyber criminal are considered, with a view to developing the skills and procedural support that investigators might usefully consider in order to respond more effectively to the investigation of cyber crimes across State boundaries. Carrying out blackmail by using a computer, for example, is a particularly popular category of computer crime which involves the coordination of law enforcement and investigatory groups on an international level. A representative case was that involving three Russian individuals who extorted up to 4 million US dollars from United Kingdom based on-line casinos and bookmakers.1 The criminals were taken into custody in September 2004 following the successful joint efforts of the National High Tech Crime Unit in the UK, Interpol, the FBI, Russia’s Interior Ministry and the Prosecutor General’s office. The authors propose in this article that the Electronic Discovery Reference Model (EDRM), which is a useful framework for systemic thinking, can used to support the need for collaboration during the investigation process.

11. Katos, V. and Furnell, S. The security and privacy impact of criminalising the distribution of hacking tools. Computer Fraud and Security, July 2008, pp.9-16[doi:10.1016/S1361-3723(08)70112-X]

    Following the recent amendments to computer misuse legislation in the UK, which essentially criminalise the possession of and research in security hacking tools, there have been concerns raised by security practitioners and researchers. These concerns revolve around the apparently unfair and disadvantageous position the “good guys” will be placed in, when required to perform security assessments as part of their IT auditing responsibilities. In this paper we investigate the impact this revised legal framework will have on privacy. This is performed by an adoption of market analysis tools ported from the macroeconomics domain. This study concludes that an indiscriminate criminalisation of the distribution of hacking tools, irrespective of the intention, is not a sound decision as it will not only have a negative impact on privacy, but the price for maintaining it on this reduced level will increase.

12. Bednar, P., Welch, C. and Katos, V. "Innovation management through the use of diversity networks", Int. J. Knowledge and Learning, Vol. 4, No. 4, 2008, pp.357-369[doi:10.1504/IJKL.2008.022056]

    A methodology for innovation and analysis in a context of complex problem spaces is presented, introducing the idea of a diversity network. The methodology draws upon a framework which puts 'complexification' into systemic practice. Such an application helps individual participants to outline their narratives, create and agree upon categories, and use these to classify their narratives. Clusters of narratives, reflecting innovation through diversity networks of opinion and competences, are encouraged to emerge in analytical practice. This approach can be applied to promote creativity and sharing in a knowledge management context.

13. Katos, V., Patel, A. ''A Partial Equilibrium View on Security and Privacy'', Information Management & Computer Security,16(1), 2008, pp.77-83. [pdf]

    Purpose – This paper aims to propose a tool to help policy makers understand the dynamic relationships between security and privacy on a strategic (macro) level. Design/methodology/approach – The methodology is ported from the discipline of Macroeconomics, and applied to the information security and privacy domain. The methodology adopted is the so-called “cross methodology” which claims ownership of the well-known supply/demand market equilibrium exercise. Findings – Early evaluation reveals that this is a potentially very effective tool in understanding societal behaviour and position towards information security and privacy and therefore makes this a suitable tool for investigating and exploring scenarios that can assist in policy making. Originality/value – Up to date, research on the economics of security and privacy has been primarily focusing on a micro level. The main contribution of this paper is a methodology for investigating privacy and security on a macro level. We believe that our approach in undertaking this research is new and looking at the issues and relationships between security and privacy at a macro level, gives a better understanding of the problems at hand and how to resolve them. Practical implications – The proposed tool may increase the efficiency of policy making and planning as it enables the policy makers on a governmental and strategic level to run scenarios in order to investigate the effect of their decisions (for example, an introduction of a stricter law relating to computer misuse) to the delicate balance of security and privacy.

14. Adams, C., Katos, V., ''Exoinformation space audits: an information richness view of privacy and security obligations'', Journal of Information Privacy and Security,3(3), 2007, pp. 29-44.

    The privacy–security challenge for corporations is multifaceted and complex with privacy and security demands seemingly pulling in conflicting directions. In addition, the automated and often unconscious and unintentional flow of data, which Brunk (2002) describes as exoinformation, makes the traditional auditing function inadequate to fully capture the security and privacy aspects facing most corporations. This paper draws upon an existing theoretical model of privacy and security, based on the concept of information richness, to develop a practical framework for wider information audit. The proposed information space audit, a supplement to existing information audits, provides guidance on how to manage the rich set of exoinformation data that is typically unplanned and automatically collected. Collating and combining information from different sources provides further scope to reduce information collection requirements, but also raises privacy concerns.

15. Katos, V. & Bednar, P. 2008. ''A cyber-crime investigation framework''. Computer Standards & Interfaces, 30, 2008, pp.223-228 [doi:10.1016/j.csi.2007.10.003]

    Epistemic uncertainty is an unavoidable attribute which is present in criminal investigations and could affect negatively the effectiveness of the process. A cyber-crime investigation involves a potentially large number of individuals and groups who need to communicate, share and make decisions across many levels and boundaries. This paper presents an approach adopting elements of the Strategic Systems Thinking Framework (SST) by which conflicting information due to the unavoidable uncertainty can be captured and processed, in support of the investigation process. A formal description of this approach is proposed as a basis for developing a cyber-crime investigation support system.

16. Katos, V., Stowell, F., Bednar, P. ''Quis Custodiet Ipsos Custodies?'', Systemist, 29(2), 2007, pp. 96-105.
17. Katos, V., ''Network Intrusion Detection: Evaluating Cluster, Discriminant, and Logit analysis''. Information Sciences, 177(15), 2007, pp. 3060-3073.[doi: 10.1016/j.ins.2007.02.034]

    This paper evaluates the statistical methodologies of cluster analysis, discriminant analysis, and Logit analysis used in the examination of intrusion detection data. The research is based on a sample of 1200 random observations for 42 variables of the KDD-99 database, that contains ‘normal’ and ‘bad’ connections. The results indicate that Logit analysis is more effective than cluster or discriminant analysis in intrusion detection. Specifically, according to the Kappa statistic that makes full use of all the information contained in a confusion matrix, Logit analysis (K = 0.629) has been ranked first, with second discriminant analysis (K = 0.583), and third cluster analysis (K = 0.460).

18. Katos, V., Doherty, B. ''Exploring confusion in product ciphers through regression analysis'', Information Sciences, Vol. 177, No. 8, 2007, pp. 1789- 131795.[doi: 10.1016/j.ins.2006.09.017]

    This paper investigates the modelling of confusion in product encryption by statistical means, to support understanding of the avalanche effect of the continuous application of an encryption step or round. To facilitate the modelling, a metric for confusion is proposed and its appropriateness and properties verified against broadly accepted theoretical assumptions. The regression analysis showed that confusion can be approximated by well-known econometrics functions.

19. Katos, V., ''Forecasting Volatility of Active Phising Sites'', Information Risk Management & Audit, IRMA Journal, Vol 16 Νo. 2, BCS, 2006, pp. 8-11

    Although it is suggested that the phishing threat is increasing rather rapidly for financial institutions and consumers, this analysis performed on data from the Anti-Phishing Working Group (APWG) shows that the problem of phishing started showing signs of slowing down. As phishing remains a profitable avenue for attackers, this saturation could indicate that a new wave of phishing attacks, possibly stealthier ones, is about to be unleashed.

20. Furnell, S., Katos, V., Clarke, N. ''The role of academic qualifications in the IT security profession''. Datawatch Winter 05, 2005, pp. 8-14.

    Information security has become an essential element of organisational IT infrastructures, with networks at risk from an increasing range of threats. However, the IT security industry is comprised of individuals with varying degrees of skill, competency, and knowledge. Although a wide variety of professional certifications are available, ranging from the highly specific and technical, to those that are more general and broadly based, there is arguably a greater role to be played by academic qualifications in this domain.

21. Katos, V., Adams, C. ''Modelling Corporate Wireless Security and Privacy''. Journal of Strategic Information Systems. Volume 14, Issue 3, 2005, pp. 307-321.[doi:10.1016/j.jsis.2005.07.006]

    As corporations adopt wireless technologies then both privacy and security landscapes change dramatically, causing a reassessment of how the wireless systems can be secured and at the same time ensuring privacy obligations to their customers, staff and shareholders are met. This paper explores the relationship between wireless security and privacy issues, and develops the foundation for metrics with which to develop and examine appropriate policies. The challenge is to get consistent and supportive security and privacy policies. In addition, the adoption of a wireless infrastructure will result in richer sets of information flows, requiring additional resources to achieve the same level of security as in a wired infrastructure. Richer sets of information are also likely to have a negative impact on privacy.

22. Adams C., Katos, V. ''The Ubiquitous Mobile and Location Aware Technologies Time Bomb''. Cutter IT journal, vol. 18, n. 6, 2005, pp. 20-26.
23. Katos, V., ''Statistical Risk Cluster Analysis for Network Segmentation'', Information Risk Management & Audit, IRMA Journal, BCS, vol. 15, n.1, 2005, pp. 7-11.
24. Katos, V., ''A Randomness Test for Block Ciphers'', Applied Mathematics and Computation, Vol. 162, n. 1, 2005, pp.29-35.[doi:10.1016/j.amc.2003.12.122]

    This paper describes a randomness test which can be used to measure the cryptographic strength of a block cipher or its underlying cryptographic primitive(s). Cryptographic strength in the context of this paper is related to the ability of the round function to produce a random output which in turn is defined as the distance between a theoretical calculation and an experimental measure. The measurements are based on the diffusion characteristic of the cipher. Potentially, the test for randomness proposed in this paper could be used as a distinguisher based on diffusion.

25. Katos, V., King, T., Adams, C. ''Towards a Computer Based Training Tool for Education in Cryptography'', The Keys of Cryptography, UPGRADE Journal, vol V., issue 6, CEPIS, 2004, pp. 30-35[pdf]

    This paper discusses the requirements of a computer based learning tool specialised in supporting education in the discipline of cryptography. In order to consider a computer based e-learning environment, a role- playing, problem-based approach to cryptography related scenarios was adopted. A number of scenarios presented in this paper were used for analysing the requirements and for identifying attributes of the specialised e-learning environment that can support simulation of cryptographic activity on a protocol level. These attributes in turn would form the basis of a tool set to role-play different scenarios of communicating within the presence of adversaries. The role-play activity helps to develop an appreciation of the need for cryptography and an understanding of different cryptographic techniques. The role-play activity is particularly appropriate for enabling an understanding of protocol failures.

    • Version in Spanish: ''Hacia una herramienta de formación por ordenador para la enseñanza de la Criptografía'', ATI Novatica, n.172, 2004, pp. 28-32.
26. Κάτος, Β., ''Η Αναγκαιότητα της Πολιτικής Ασφάλειας στις Σύγχρονες Επιχειρήσεις'', Επιθεώρηση ΕΑΔΕ, Τόμος Ι(1), 2003, σελ. 66-74.
27. Katos, V., Alyea, W., ''Trust Models for Access Control'', Journal of Information Technology Impact, vol.2, issue 3, 2002.[pdf]

    This paper using the concept of a trust model aims at providing practical value to distributed security. It describes a method to derive authentication and authorisation requirements from the reduction of trust inherently associated with the number of participating entities placed in a communication path between two parties. It demonstrates how a traditional approach to understanding the trust relationships between interacting entities can be applied directly to the definition and design of secure e-business architectures. By applying these principles, the business and social impact of a security architecture which optimizes the provided level of security, performance of the architecture and the investment associated with that security architecture can be realized.

Books

1. Κάτος, Β., Στεφανίδης, Γ. ''Τεχνικές Κρυπτογραφίας και Κρυπτανάλυσης'', εκδόσεις ΖΥΓΟΣ, ISBN 960-8065-40-2, 2003.

Book Chapters

1. Bednar, P., Katos, V., ''Digital Forensic Investigations: A New Frontier for Informing Systems'', In Information Systems: People, Organizations,Institutions, and Technologies,A. D’Atri and D. Saccà (eds.), Springer Physica-Verlag, pp.361-371.[pdf]
2. Efraimidis, P., Katos, V., ''Probability and Information Theory'' (in Greek). In Modern Cryptography: Theory and Applications. M. Burmester, S. Gritzalis, S. Katsikas, V. Chryssikopoulos (editors). Papasotiriou, 2009.
3. Katos, V., Efraimidis, P., ''Identity Assurance in the Surveillance Society'' (in Greek). In Privacy Protection in ICT: Technical and Legal Aspects. C. Lambrinoudakis, L. Mitrou, S. Gritzalis, S. Katsikas (editors). Papasotiriou, 2009.
4. Katos, V., ''Managing IS Security and Privacy'', Encyclopedia of Information Science and Technology, 2nd Edition, Mehdi Khosrow-Pour (ed.), IGI Global, 2008.
5. Katos, V., Bednar, P., Welch, C. ''Dealing with epistemic uncertainty in the SST framework'', Creativity and innovation in Decision Making and Decision Support, London: Decision Support Press, 2006, ISBN 0387295518, pp. 886-903.
6. Adams, C., Katos, V. ''Privacy challenges for Location Aware Technologies'', Mobile Ιnformation Systems II, NY: Springer, 2005, ISBN 0387295518, pp. 303-310. [pdf]

Conferences

1. Varka, A.M., Katos, V. On the user acceptance of graphical passwords. In 6th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2012), Furnell S., et al. (Eds.).[pdf]
2. Tassidou, A., Efraimidis, P, Soupionis, Y., Mitrou, L., Katos, V. User-centric privacy-preserving adaptation for VoIP CAPTCHA challenges. In 6th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2012), Furnell S., et al. (Eds.)[pdf]
3. Chryssanthou, A., Katos, V. Assessing forensic readiness. In 7th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2012), pp.107-118. [pdf]
4. Clarke, N., Katos, V., Menesidou, S., Ghita, B., Furnell, S. A novell security architecture for a space-data DTN. In 10th International Conference on Wired/Wireless Internet Communications (WWIC 2012), invited paper.[pdf]
5. Menesidou, S. and Katos, V. Authenticated Key Exchange (AKE) in Delay Tolerant Networks. Proc. of the 27th IFIP International Information Security and Privacy Conference, Springer IFIP AICT, Greece, June 2012, pp.49-60.
6. Psaroudakis I., Katos V., Efraimidis P. A framework for anonymizing GSM calls over a smartphone VoIP network. Proc. of the 27th IFIP International Information Security and Privacy Conference, Springer IFIP AICT, Greece, June 2012, pp. 543-548. [pdf]
7. Bednar, P, Katos, V. SSD: New challenges for digital forensics. In 8th Conference of the Italian Chapter of AIS, itAIS 2011.
8. Karayanni, S., Katos, V. Practical password harvesting from volatile memory. In 7th International Conference in Global Security, Safety and Sustainability (ICGS3).
9. Spyridopoulos, T., Katos, V. Towards a forensically ready cloud storage service. In 6th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2011) [pdf]
10. Katos, V., Vrakas, D., Katsaros, P. A Framework for Access Control with Inference Constraints. In Proc. 35 Annual IEEE Computer Software and Applications Conference, [pdf]
11. Karagianni, S., Katos, V. RAM Foreniscs for Windows based operating systems (in Greek). 4th SFHMMY Conference, 2010, Patra, Greece.
12. Katos, V., Stowell, F., Bednar, P. Surveillance, Privacy and The Law of Requisite Variety. Data Privacy Management 2010, Athens.
13. Bednar, P., Katos, V. Addressing the Human Factor in Information Systems Security. 4th Mediterranean Conference on Information Systems, 2009, Athens.
14. Tassidou, A., Efraimidis, P., Katos, V. Economics of Personal Data Management: Fair Personal Information Trades. e-Democracy 2009, Athens, Springer Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 26, 2010, pp. 151-160.[pdf]
15. Pangalos, G., Katos, V. Information Assurance and Forensic Readiness. e-Democracy 2009, Athens, Springer Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 26, 2010, pp.181-188.[pdf]
16. Kavallaris, T., Katos, V. Detecting Data Leakage from Pod Slurping Based Attacks on a Windows XP Platform.4th Workshop on Digital Forensics and Incident Analysis, Athens, Greece, 25-26 June 2009, pp.1-8.
17. Bednar, P., Katos, V. Diversity Networks in Digital Investigations. 4th Workshop on Digital Forensics and Incident Analysis, Athens, Greece, 25-26 June 2009, pp.63-71.
18. Bednar, P., Katos V. Digital forensic investigations: a new frontier for Informing Systems. ItAIS 2008, Proceedings of the 5th Conference of the Italian Chapter of the Association for Information Systems. Challenges and Changes: People, Organizations, Institutions and IT. Paris, France. 13-14 December, 2008.[pdf]
19. Bednar, P., Katos, V., Hennell, C. Cyber-Crime Investigations: Complex Collaborative Decision Making. 3rd Workshop on Digital Forensics and Incident Analysis, IEEE CS Press, Malaga, Spain, 10 October 2008, pp.3-11.
20. Briggs, J. S. Katos, V., Bhaludin, A. On the Security Controls of Portable Computing Devices in Healthcare Environments. International Network Conference, INC 2008, Plymouth 2008.
21. Bednar, P., Katos, V. and Welch, C. Innovation Management through the use of Diversity Networks. EURO XXII Prague, Book of abstracts. 22nd European Conference on Operational Research: OR creates bridges. Prague, July 8-11, 2007. Prague School of Economics, Czech Republic.
22. Bednar, P. Welch, C., Katos, V. Dealing with Complexity in Knowledge Sharing Processes, ECKM 2007, The 8th European Conference on Knowledge Management, Barcelona, Spain, 6-7 September 2007, pp.101-107.
23. Wilson, C., Katos, V., Strevens, C. "An Interdisciplinary Approach to Forensic IT and Forensic Psychology Education". Workshop on Information Security Education, WISE 5, IFIP TC 11.8, pp.65-72.
24. Hennell, C., Katos, V. "A systemic approach to analysing the implications of the introduction of biometric passports", 1st International Conference in Human Aspects of Information Security Assurance, HAISA, 2007. [google_books]
25. Bednar, P., Katos, V., Welch, C. "Systems Analysis: Exploring the Spectrum of Diversity", ECIS 07. [pdf]
26. Bednar, P., Welch, C., Katos, V. "Four valued logic: supporting complexity in knowledge sharing processes", ECKM 2006, The 7th European Conference on Knowledge Management, Hungary, 4-5 September 2006. [google_books]
27. Katos, V., Bednar, P., Welch, C. "Dealing with epistemic uncertainty in the SST framework", International Conference on Creativity and Innovation in Decision Making and Decision Support, CIDMDS 2006, IFIP TC8/WG 8.3, 28th June" 1st July 2006, London, UK, pp. 886-903.
28. Katos, V., Mavridis, I. "A Practical Location Aware Access Control Solution for HTML Content in Wireless Networks", MediaWiN 2006, pp. 44-50.
29. Furnell, S., Katos, V., Clarke, N. "Considering the role of academic qualifications for IT security professionals", 1st Colloquium for Information Systems Security Education" Asia Pacific, 21-22 Nov. 2005, Adelaide, Australia.
30. Adams, C., Katos, V. "Privacy challenges for Location Aware Technologies", IFIP TC8 Working Conference on Mobile Information Systems, published in Mobile Information Systems II, Springer, 2005.
31. Fouliras, P., Katos, V. "A Novel Security Protocol Enhancement on Distributed Multicasting for Video on Demand", INC 2005 Fifth International Network Conference, Samos, July, 2005.
32. Katos V., Adams, C., King, T. "Virtual E-learning Game for Cryptographic Teaching (VEGCT): A Role-Playing Tool for Teaching Cryptography on Distance Learning Courses", WISE 4 Proceedings, Moscow, 18-20 May, 2005.
33. Katos, V., "Risk Cluster Analysis for Network Segmentation", Proceedings of the Fourth International Network Conference, INC 2004, Plymouth, 6-9 July 2004.
34. Katos, V., "Diffusion Behaviour of Cryptographic Primitives in Feistel Networks", Proceedings of the 2nd International Workshop on Security in Information Systems, WOSIS 2004, Porto/Portugal 13-14 April, 2004. [pdf]
35. Mavridis, I., Katos, V., Kotini, I., "Security Modules for Access Control in Mobile Applications", Proceedings in First International Workshop in Wireless Security Technologies, London, UK, April 15-16, 2003.
36. Katos, V., Vlachopoulou, M. and Manthou V., "Modeling Virtual Network Processes", Proceedings, 6th World Multiconference in Systemics, Cybernetics and Informatics, Orlando, Florida, July 14-18, 2002.
37. Kalentzi, E., Katos, V., Batzios, C., "On the scalability of the BRODESSYS decision support system", Proceedings, 6th World Multiconference in Systemics, Cybernetics and Informatics, Orlando, Florida, July 14-18, 2002.

Conferences (without proceedings)

1. Strevens, C., Welch, C., Katos, V. "E-legal Services and the High Street Legal Practice". The Society of Legal Scholars Annual Conference, Strathclyde, 6-9 September 2005.
2. Tyrovouzis, P., Tsopogou, S., Bousiou, D., Katos, V., "An Open Source Content Management System for the Development of a Hybrid Environment in Economic Lessons", The Eastern Economic Association, Crowne Plaza, Manhattan NY, 21-23 February, 2003.