Dimitris Mitropoulos

...

E-mail: dimitro@aueb.gr
Web site: https://dimitro.gr

Biographical Information

Dimitris Mitropoulos is an Associate Professor at the National and Kapodistrian University of Athens and Head of the Reliability Engineering Directorate of the Greek National Infrastructures for Research and Technology (GRNET). Previously, he was a Postdoctoral Researcher in the Computer Science Department at Columbia University. Dimitris holds a PhD in Software Security from the Athens University of Economics and Business and has contributed to several EU- and US-funded R&D projects. He has led the design and implementation of advanced infrastructures supporting critical digital governance services. Among other distinctions, he has received the "Research Excellence Award" from NKUA and a "Distinguished Paper Award" at the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). His research interests include software engineering and cybersecurity.

Publications

PhD Theses

    • Dimitris Mitropoulos. Secure software development technologies. PhD thesis, Athens University of Economics and Business, Athens, Greece, 2014.

Journal Articles

    • Dimitris Mitropoulos, Thodoris Sotiropoulos, Nikos Koutsovasilis, and Diomidis Spinellis. PDGuard: an architecture for the control and secure processing of personal data. In International Journal of Information Security, volume 19, 479–498. 2020.

    • Dimitris Mitropoulos, Panos Louridas, Michalis Polychronakis, and Angelos D. Keromytis. Defending against Web application attacks: approaches, challenges and implications. IEEE Transactions on Dependable and Secure Computing, 16(2):188–203, March 2019.

    • Konstantina Dritsa, Dimitris Mitropoulos, and Diomidis Spinellis. Aspects of the history of computing in modern Greece. IEEE Annals of the History of Computing, 40(1):47–60, May 2018.

    • Dimitris Mitropoulos and Diomidis Spinellis. Fatal injection: a survey of modern code injection attack countermeasures. PeerJ Computer Science, pages e136, November 2017.

    • Dimitris Mitropoulos, Konstantinos Stroggylos, Diomidis Spinellis, and Angelos D. Keromytis. How to train your browser: preventing XSS attacks using contextual script fingerprints. ACM Transactions on Privacy and Security, 19(1):2:1–2:31, July 2016.

    • Maria Kechagia, Dimitris Mitropoulos, and Diomidis Spinellis. Charting the API minefield using software telemetry data. Empirical Software Engineering, 20(6):1785–1830, December 2015.

    • Vassilios Karakoidas, Dimitris Mitropoulos, Panagiotis Louridas, and Diomidis Spinellis. A type-safe embedding of SQL into Java using the extensible compiler framework J%. Computer Languages, Systems & Structures, 41:1–20, April 2015.

    • Dimitris Mitropoulos, Vassilios Karakoidas, Panagiotis Louridas, and Diomidis Spinellis. Countering code injection attacks: a unified approach. Information Management and Computer Security, 19(3):177–194, 2011. Highly Commended Paper Award.

    • Dimitris Mitropoulos and Diomidis Spinellis. SDriver: location-specific signatures prevent SQL injection attacks. Computers & Security, 28:121–129, May 2009.

Book Chapters

    • Dimitris Mitropoulos, Theodosios Tsaklanos, and Diomidis Spinellis. Secure software technologies. In Sokratis Katsikas, Stefanos Gritzalis, and Konstantinos Lambrinoudakis, editors, Information and System Security in the Cyberspace. NewTech Pub, 2021.

    • Dimitris Mitropoulos. Securing software. In Phillip A. Laplante, editor, Encyclopedia of Computer Science and Technology, Second Edition. CRC Press, Taylor and Francis Group, 2016.

Conference Publications

    • Georgios Alexopoulos, Thodoris Sotiropoulos, Zhendong Su, and Dimitris Mitropoulos. Best of both worlds: effective foreign bridge identification in V8 embedders for security analysis. In 47th IEEE Symposium on Security and Privacy, S&P '26. 2026. To appear.

    • Georgios Alexopoulos, Thodoris Sotiropoulos, Georgios Gousios, Zhendong Su, and Dimitris Mitropoulos. PyXray: practical cross-language call graph construction through object layout analysis. In 48th International Conference on Software Engineering, ICSE '26. 2026. To appear.

    • Konstantinos Karakatsanis, Georgios Alexopoulos, Ioannis Karyotakis, Foivos Timotheos Proestakis, Evangelos Talos, Panos Louridas, and Dimitris Mitropoulos. PyTrim: a practical tool for reducing Python dependency bloat. In Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025: Tool Demonstrations Track. IEEE, October 2025.

    • Charalambos Mitropoulos, Maria Kechagia, Chrysostomos Maschas, Sotiris Ioannidis, Federica Sarro, and Dimitris Mitropoulos. Broken agreement: the evolution of Solidity error handling. In Proceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM '24. October 2024.

    • Nikolaos Makris, Konstantinos Tsimvrakidis, Alkinoos Papageorgopoulos, Persefoni Konteli, Yannick Gautier, Marco Terenziani, Eric Daudin, Dimosthenis Ntoulias, Thanasis Fragkioudakis, Ian Meletios, Michele Mosca, Dale Hobbs, Tony Rosati, Ilias Papastamatiou, Ognjen Prnjat, Kostas Koumantaros, Dimitris Mitropoulos, Jean-Robert Morax, Bruno Huttner, Kostas Christodoulopoulos, George T. Kanellos, and Dimitris Syvridis. Field demonstration of a fully managed, L1 encrypted 3-node network with hybrid relayed-QKD and centralized symmetric classical key management. In Proceedings of the 50th European Conference on Optical Communications, ECOC '24. 2024.

    • Georgios-Petros Drosos, Thodoris Sotiropoulos, Diomidis Spinellis, and Dimitris Mitropoulos. Bloat beneath Python's scales: a fine-grained inter-project dependency analysis. In Proceedings of the ACM on Software Engineering, FSE '24. ACM, July 2024.

    • Georgios-Petros Drosos, Thodoris Sotiropoulos, Georgios Alexopoulos, Dimitris Mitropoulos, and Zhendong Su. When your infrastructure is a buggy program: understanding faults in infrastructure as code ecosystems. In Proceedings of the ACM on Programming Languages, OOPSLA '24. ACM, October 2024.

    • Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Ben Livshits. Smart contract and DeFi security tools: do they meet the needs of practitioners? In 45th International Conference on Software Engineering, ICSE '24. 2024.

    • Charalambos Mitropoulos, Thodoris Sotiropoulos, Sotiris Ioannidis, and Dimitris Mitropoulos. Syntax-aware mutation for testing the Solidity compiler. In 28th European Symposium on Research in Computer Security, ESORICS '23. September 2023.

    • Apostolos P. Fournaris, Christos Tselios, Evangelos Haleplidis, Elias Athanasopoulos, Antreas Dionysiou, Dimitrios Mitropoulos, Panos Louridas, Georgios Christou, Manos Athanatos, George Hatzivasilis, Konstantinos Georgopoulos, Costas Kalogeros, Christos Kotselidis, Simon Vogl, Francois Hamon, and Sotiris Ioannidis. Providing security assurance & hardening for open source software/hardware: the secopera approach. In 2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 80–86. 2023.

    • Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Ben Livshits. Smart contract and DeFi security: insights from tool evaluations and practitioner surveys. In The Science of Blockchain Conference 2023, SBC '23. September 2023.

    • Stefanos Chaliasos, Thodoris Sotiropoulos, Diomidis Spinellis, Arthur Gervais, Benjamin Livshits, and Dimitris Mitropoulos. Finding typing compiler bugs. In Proceedings of the 43rd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'22. ACM, June 2022. Distinguished Paper Award, Best Artifact Award.

    • Thodoris Sotiropoulos, Stefanos Chaliasos, Vaggelis Atlidakis, Dimitris Mitropoulos, and Diomidis Spinellis. Data-oriented differential testing of object-relational mapping systems. In 43rd International Conference on Software Engineering, ICSE '21. May 2021. Distinguished Artifact Award.

    • Vitalis Salis, Thodoris Sotiropoulos, Panos Louridas, Diomidis Spinellis, and Dimitris Mitropoulos. PyCG: practical call graph construction in Python. In 43rd International Conference on Software Engineering, ICSE '21. May 2021.

    • Georgios Nikitopoulos, Konstantina Dritsa, Panos Louridas, and Dimitris Mitropoulos. CrossVul: a cross-language vulnerability dataset with commit data. In 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering: Demonstrations Track, ESEC/FSE '21, 1565–1569. ACM, August 2021.

    • Stefanos Chaliasos, Thodoris Sotiropoulos, Georgios-Petros Drosos, Charalambos Mitropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. Well-typed programs can go wrong: a study of typing-related bugs in JVM compilers. In Proceedings of the ACM on Programming Languages, OOPSLA '21. ACM, October 2021.

    • Thodoris Sotiropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. Practical fault detection in Puppet programs. In 42nd International Conference on Software Engineering, ICSE '20, 26–37. ACM, June 2020.

    • Thodoris Sotiropoulos, Stefanos Chaliasos, Dimitris Mitropoulos, and Diomidis Spinellis. A model for detecting faults in build specifications. In Proceedings of the ACM on Programming Languages, OOPSLA '20. ACM, November 2020.

    • Dimitris Mitropoulos, Panos Louridas, Vitalis Salis, and Diomidis Spinellis. Time present and time past: analyzing the evolution of JavaScript code in the wild. In 16th International Conference on Mining Software Repositories: Technical Track, MSR '19. May 2019.

    • Linos Giannopoulos, Eirini Degkleri, Panayiotis Tsanakas, and Dimitris Mitropoulos. Pythia: identifying dangerous data-flows in Django-based applications. In Proceedings of the 12th Workshop on Systems Security (EuroSec '19), colocated with the 14th European Conference on Computer Systems (EuroSys '19). ACM, March 2019.

    • Stefanos Chaliasos, George Metaxopoulos, George Argyros, and Dimitris Mitropoulos. Mime artist: bypassing whitelisting for the web with JavaScript mimicry attacks. In 24th European Symposium on Research in Computer Security, ESORICS '19, 565–585. September 2019.

    • Antonios Gkortzis, Dimitris Mitropoulos, and Diomidis Spinellis. VulinOSS: a dataset of security vulnerabilities in open-source systems. In 15th International Conference on Mining Software Repositories: Data Showcase Track, MSR '18. New York, NY, USA, May 2018. Association for Computing Machinery.

    • Vaggelis Atlidakis, Jeremy Andrus, Roxana Geambasu, Dimitris Mitropoulos, and Jason Nieh. POSIX abstractions in modern operating systems: the old, the new, and the missing. In Proceedings of the 11th European Conference on Computer Systems (EuroSys '16), 19:1–19:17. ACM, 2016.

    • Vassilios Karakoidas, Dimitris Mitropoulos, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. Generating the blueprints of the Java ecosystem. In MSR '15: Proceedings of the 2015 International Working Conference on Mining Software Repositories, 510–513. IEEE Computer Society, 2015.

    • Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, and Panagiotis Katsaros. TRACER: a platform for securing legacy code. In TRUST '14: Proceedings of 7th International Conference on Trust & Trustworthy Computing - Poster Presentation Track, 218–219. Springer, June 2014.

    • Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, and Panagiotis Katsaros. Securing legacy code with the TRACER platform. In PCI 2014: Proceedings of 18th Panhellenic Conference on Informatics, 25:1–25:6. ACM, 2014.

    • Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. The bug catalog of the Maven ecosystem. In MSR '14: Proceedings of the 2014 International Working Conference on Mining Software Repositories, 372–365. ACM, June 2014.

    • Dimitris Mitropoulos, Georgios Gousios, Panagiotis Papadopoulos, Vassilios Karakoidas, Panos Louridas, and Diomidis Spinellis. The vulnerability dataset of a large software ecosystem. In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014), colocated with the 19th European Symposium on Research in Computer Security (ESORICS 2014). IEEE Computer Society, September 2014.

    • Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. Dismal code: studying the evolution of security bugs. In Proceedings of the LASER Workshop 2013, Learning from Authoritative Security Experiment Results, 37–48. Usenix Association, October 2013.

    • Maria Kechagia, Dimitris Mitropoulos, and Diomidis Spinellis. Improving the quality of apis through the analysis of software crash reports. In Andrew V. Jones and Nicholas Ng, editors, 2013 Imperial College Computing Student Workshop, volume 35 of OpenAccess Series in Informatics (OASIcs), 57–64. Dagstuhl, Germany, 2013. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik.

    • Dimitris Mitropoulos, Georgios Gousios, and Diomidis Spinellis. Measuring the occurrence of security-related bugs through software evolution. In PCI 2012: Proceedings of 16th Panhellenic Conference on Informatics (PCI 2012), 117–122. IEEE Computer Society, 2012.

    • Konstantinos Kravvaritis, Dimitris Mitropoulos, and Diomidis Spinellis. Cyberdiversity: measures and initial results. In 14th Panhellenic Conference on Informatics, PCI 2010, Tripoli, Greece, September 10-12, 2010, 135–140. 2010.

    • Konstantinos Kravvaritis, Dimitris Mitropoulos, and Diomidis Spinellis. Cyberdiversity: measures and initial results. In Costas Vassilakis and Nikolaos Tselikas, editors, PCI 2010: Proceedings of 14th Panhellenic Conference on Informatics (PCI 2010), 135–140. IEEE Computer Society, September 2010.

    • Dimitris Mitropoulos and Diomidis Spinellis. Securing e-voting against MITM attacks. In Vassilios Chrissikopoulos, Nikolaos Alexandris, Christos Douligeris, and Spyros Sioutas, editors, Proceedings of the 13th Pan-Hellenic Conference on Informatics (PCI 2009). September 2009.

    • Dimitris Mitropoulos, Vassilios Karakoidas, and Diomidis Spinellis. Fortifying applications against XPath injection attacks. In A. Poulymenakou, N. Pouloudi, and K. Pramatari, editors, 4th Mediterranean Conference on Information Systems, 1169–1179. September 2009.

    • Dimitris Mitropoulos and Diomidis Spinellis. Countering SQL injection attacks with a database driver. In Theodore S. Papatheodorou, Dimitris N. Christodoulakis, and Nikitas N. Karanikolas, editors, Current Trends in Informatics: 11th Panhellenic Conference on Informatics, PCI 2007, volume B, 105–115. Athens, May 2007. New Technologies Publications.

Technical Reports

    • Theofilos Petsios, Adrian Tang, Dimitris Mitropoulos, Salvatore J. Stolfo, Angelos D. Keromytis, and Suman Jana. Tug-of-war: observations on unified content handling. Technical Report, CoRR abs/1708.09334, 2017.

    • Roxana Geambasu, Dimitris Mitropoulos, Simha Sethumadhavan, Junfeng Yang, Angelos Stravrou, Dan Fleck, Matthew Elder, and Azzedine Benameur. Maintaining enterprise resiliency via kaleidoscopic adaption and transformation of software services (MEERKATS). Technical Report, Air Force Research Laboratory, Sensors Directorate, Wright-Patterson, Air Force Base, OH 45433-7320, Air Force Materiel Command, United States Air Force, April 2016.

Magazine Articles

    • Dimitris Mitropoulos and Georgios Tsoukalas. AppStack: an agile platform for running digital public services. USENIX ;login: Magazine, Spring 2024.

    • Dimitris Mitropoulos. GRNET's platform for running digital public services. CONNECT, The Magazine from the GÉANT, June 2024.

    • Dimitris Mitropoulos. How 1 million app calls can tell you a bit about malware. XRDS: Crossroads, The ACM Magazine for Students, 24(1):17–19, 2017.

    • Vaggelis Atlidakis, Jeremy Andrus, Roxana Geambasu, Dimitris Mitropoulos, and Jason Nieh. POSIX has become outdated. USENIX ;login: Magazine, Fall 2016.

    • Dimitris Mitropoulos. On the evolution of security bugs. XRDS: Crossroads, The ACM Magazine for Students, 21(3):18–19, 2015.

    • Dimitris Mitropoulos. Security bugs in large software ecosystems. XRDS: Crossroads, The ACM Magazine for Students, 20(2):15–16, 2013.

    • Dimitris Mitropoulos. Data security in the cloud environment. XRDS: Crossroads, The ACM Magazine for Students, 19(3):11–11, 2013.

    • Dimitris Mitropoulos. How secure is your software? XRDS: Crossroads, The ACM Magazine for Students, 19(1):11–13, 2012.

    • Dimitris Mitropoulos. Fatal injection: the server's side. XRDS: Crossroads, The ACM Magazine for Students, 19(2):12–14, 2012.

    • Dimitris Mitropoulos. Better safe than sorry: backup your backups. XRDS: Crossroads, The ACM Magazine for Students, 18(2):6–6, 2012.

Datasets

    • Georgios-Petros Drosos, Thodoris Sotiropoulos, Diomidis Spinellis, and Dimitris Mitropoulos. Bloat beneath python's scales: a fine-grained inter-project dependency analysis. July 2024.

    • Stefanos Chaliasos, Thodoris Sotiropoulos, Georgios-Petros Drosos, Charalambos Mitropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. Well-typed programs can go wrong: a study of typing-related bugs in JVM compilers. October 2021.

    • Dimitris Mitropoulos, Panos Louridas, Vitalis Salis, and Diomidis Spinellis. All Your Script Are Belong to Us: Collecting and Analyzing JavaScript Code from 10K Sites for 9 Months. March 2019.

    • Antonios Gkortzis, Dimitris Mitropoulos, and Diomidis Spinellis. VulinOSS: a dataset of security vulnerabilities in open-source systems. May 2018.