Dimitris Mitropoulos

...

E-mail: dimitro@aueb.gr
Web site: https://dimitro.gr

Biographical Information

Dimitris Mitropoulos is an Assistant Professor at the National and Kapodistrian University of Athens and leads the Reliability Engineering Directorate of the Greek National Infrastructures for Research and Technology (GRNET). Previously, he has been a Postdoctoral Researcher at the Computer Science Department of Columbia University. Dimitris holds a PhD in Software Security from the Athens University of Economics and Business, and has been involved in several EU and US funded R&D projects. His research interests include software engineering and computer security. He is a member of ACM, IEEE and USENIX.

Publications

Journal Articles

    • Dimitris Mitropoulos, Thodoris Sotiropoulos, Nikos Koutsovasilis, and Diomidis Spinellis. PDGuard: an architecture for the control and secure processing of personal data. In International Journal of Information Security, volume 19, 479–498. 2020.

    • Dimitris Mitropoulos, Panos Louridas, Michalis Polychronakis, and Angelos D. Keromytis. Defending against Web application attacks: approaches, challenges and implications. IEEE Transactions on Dependable and Secure Computing, 16(2):188–203, March 2019.

    • Konstantina Dritsa, Dimitris Mitropoulos, and Diomidis Spinellis. Aspects of the history of computing in modern Greece. IEEE Annals of the History of Computing, 40(1):47–60, May 2018.

    • Dimitris Mitropoulos and Diomidis Spinellis. Fatal injection: a survey of modern code injection attack countermeasures. PeerJ Computer Science, pages e136, November 2017.

    • Dimitris Mitropoulos, Konstantinos Stroggylos, Diomidis Spinellis, and Angelos D. Keromytis. How to train your browser: preventing XSS attacks using contextual script fingerprints. ACM Transactions on Privacy and Security, 19(1):2:1–2:31, July 2016.

    • Vaggelis Atlidakis, Jeremy Andrus, Roxana Geambasu, Dimitris Mitropoulos, and Jason Nieh. POSIX has become outdated. USENIX ;login: Magazine, Fall 2016.

    • Maria Kechagia, Dimitris Mitropoulos, and Diomidis Spinellis. Charting the API minefield using software telemetry data. Empirical Software Engineering, 20(6):1785–1830, December 2015.

    • Vassilios Karakoidas, Dimitris Mitropoulos, Panagiotis Louridas, and Diomidis Spinellis. A type-safe embedding of SQL into Java using the extensible compiler framework J%. Computer Languages, Systems & Structures, 41:1–20, April 2015.

    • Dimitris Mitropoulos, Vassilios Karakoidas, Panagiotis Louridas, and Diomidis Spinellis. Countering code injection attacks: a unified approach. Information Management and Computer Security, 19(3):177–194, 2011. Highly Commended Paper Award.

    • Dimitris Mitropoulos and Diomidis Spinellis. SDriver: location-specific signatures prevent SQL injection attacks. Computers & Security, 28:121–129, May 2009.

Book Chapters

    • Dimitris Mitropoulos, Theodosios Tsaklanos, and Diomidis Spinellis. Secure software technologies. In Sokratis Katsikas, Stefanos Gritzalis, and Konstantinos Lambrinoudakis, editors, Information and System Security in the Cyberspace. NewTech Pub, 2021.

    • Dimitris Mitropoulos. Securing software. In Phillip A. Laplante, editor, Encyclopedia of Computer Science and Technology, Second Edition. CRC Press, Taylor and Francis Group, 2016.

Conference Publications

    • Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Ben Livshits. Smart contract and DeFi security tools: do they meet the needs of practitioners? In 45th International Conference on Software Engineering, ICSE '24. 2024. To appear.

    • Charalambos Mitropoulos, Thodoris Sotiropoulos, Sotiris Ioannidis, and Dimitris Mitropoulos. Syntax-aware mutation for testing the Solidity compiler. In 28th European Symposium on Research in Computer Security, ESORICS '23. September 2023.

    • Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Ben Livshits. Smart contract and DeFi security: insights from tool evaluations and practitioner surveys. In The Science of Blockchain Conference 2023, SBC '23. September 2023.

    • Stefanos Chaliasos, Thodoris Sotiropoulos, Diomidis Spinellis, Arthur Gervais, Benjamin Livshits, and Dimitris Mitropoulos. Finding typing compiler bugs. In Proceedings of the 43rd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'22. ACM, June 2022. Distinguished Paper Award, Best Artifact Award.

    • Thodoris Sotiropoulos, Stefanos Chaliasos, Vaggelis Atlidakis, Dimitris Mitropoulos, and Diomidis Spinellis. Data-oriented differential testing of object-relational mapping systems. In 43rd International Conference on Software Engineering, ICSE '21. May 2021. Distinguished Artifact Award.

    • Vitalis Salis, Thodoris Sotiropoulos, Panos Louridas, Diomidis Spinellis, and Dimitris Mitropoulos. PyCG: practical call graph construction in Python. In 43rd International Conference on Software Engineering, ICSE '21. May 2021.

    • Georgios Nikitopoulos, Konstantina Dritsa, Panos Louridas, and Dimitris Mitropoulos. CrossVul: a cross-language vulnerability dataset with commit data. In 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering: Demonstrations Track, ESEC/FSE '21, 1565–1569. ACM, August 2021.

    • Stefanos Chaliasos, Thodoris Sotiropoulos, Georgios-Petros Drosos, Charalambos Mitropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. Well-typed programs can go wrong: a study of typing-related bugs in JVM compilers. In Proceedings of the ACM on Programming Languages, OOPSLA '21. ACM, October 2021.

    • Thodoris Sotiropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. Practical fault detection in Puppet programs. In 42nd International Conference on Software Engineering, ICSE '20, 26–37. ACM, June 2020.

    • Thodoris Sotiropoulos, Stefanos Chaliasos, Dimitris Mitropoulos, and Diomidis Spinellis. A model for detecting faults in build specifications. In Proceedings of the ACM on Programming Languages, OOPSLA '20. ACM, November 2020.

    • Dimitris Mitropoulos, Panos Louridas, Vitalis Salis, and Diomidis Spinellis. Time present and time past: analyzing the evolution of JavaScript code in the wild. In 16th International Conference on Mining Software Repositories: Technical Track, MSR '19. May 2019.

    • Linos Giannopoulos, Eirini Degkleri, Panayiotis Tsanakas, and Dimitris Mitropoulos. Pythia: identifying dangerous data-flows in Django-based applications. In Proceedings of the 12th Workshop on Systems Security (EuroSec '19), colocated with the 14th European Conference on Computer Systems (EuroSys '19). ACM, March 2019.

    • Stefanos Chaliasos, George Metaxopoulos, George Argyros, and Dimitris Mitropoulos. Mime artist: bypassing whitelisting for the web with JavaScript mimicry attacks. In 24th European Symposium on Research in Computer Security, ESORICS '19, 565–585. September 2019.

    • Antonios Gkortzis, Dimitris Mitropoulos, and Diomidis Spinellis. VulinOSS: a dataset of security vulnerabilities in open-source systems. In 15th International Conference on Mining Software Repositories: Data Showcase Track, MSR '18. New York, NY, USA, May 2018. Association for Computing Machinery.

    • Vaggelis Atlidakis, Jeremy Andrus, Roxana Geambasu, Dimitris Mitropoulos, and Jason Nieh. POSIX abstractions in modern operating systems: the old, the new, and the missing. In Proceedings of the 11th European Conference on Computer Systems (EuroSys '16), 19:1–19:17. ACM, 2016.

    • Vassilios Karakoidas, Dimitris Mitropoulos, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. Generating the blueprints of the Java ecosystem. In MSR '15: Proceedings of the 2015 International Working Conference on Mining Software Repositories, 510–513. IEEE Computer Society, 2015.

    • Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, and Panagiotis Katsaros. TRACER: a platform for securing legacy code. In TRUST '14: Proceedings of 7th International Conference on Trust & Trustworthy Computing - Poster Presentation Track, 218–219. Springer, June 2014.

    • Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, and Panagiotis Katsaros. Securing legacy code with the TRACER platform. In PCI 2014: Proceedings of 18th Panhellenic Conference on Informatics, 25:1–25:6. ACM, 2014.

    • Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. The bug catalog of the Maven ecosystem. In MSR '14: Proceedings of the 2014 International Working Conference on Mining Software Repositories, 372–365. ACM, June 2014.

    • Dimitris Mitropoulos, Georgios Gousios, Panagiotis Papadopoulos, Vassilios Karakoidas, Panos Louridas, and Diomidis Spinellis. The vulnerability dataset of a large software ecosystem. In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014), colocated with the 19th European Symposium on Research in Computer Security (ESORICS 2014). IEEE Computer Society, September 2014.

    • Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, and Diomidis Spinellis. Dismal code: studying the evolution of security bugs. In Proceedings of the LASER Workshop 2013, Learning from Authoritative Security Experiment Results, 37–48. Usenix Association, October 2013.

    • Maria Kechagia, Dimitris Mitropoulos, and Diomidis Spinellis. Improving the quality of apis through the analysis of software crash reports. In Andrew V. Jones and Nicholas Ng, editors, 2013 Imperial College Computing Student Workshop, volume 35 of OpenAccess Series in Informatics (OASIcs), 57–64. Dagstuhl, Germany, 2013. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik.

    • Dimitris Mitropoulos, Georgios Gousios, and Diomidis Spinellis. Measuring the occurrence of security-related bugs through software evolution. In PCI 2012: Proceedings of 16th Panhellenic Conference on Informatics (PCI 2012), 117–122. IEEE Computer Society, 2012.

    • Konstantinos Kravvaritis, Dimitris Mitropoulos, and Diomidis Spinellis. Cyberdiversity: measures and initial results. In 14th Panhellenic Conference on Informatics, PCI 2010, Tripoli, Greece, September 10-12, 2010, 135–140. 2010.

    • Konstantinos Kravvaritis, Dimitris Mitropoulos, and Diomidis Spinellis. Cyberdiversity: measures and initial results. In Costas Vassilakis and Nikolaos Tselikas, editors, PCI 2010: Proceedings of 14th Panhellenic Conference on Informatics (PCI 2010), 135–140. IEEE Computer Society, September 2010.

    • Dimitris Mitropoulos and Diomidis Spinellis. Securing e-voting against MITM attacks. In Vassilios Chrissikopoulos, Nikolaos Alexandris, Christos Douligeris, and Spyros Sioutas, editors, Proceedings of the 13th Pan-Hellenic Conference on Informatics (PCI 2009). September 2009.

    • Dimitris Mitropoulos, Vassilios Karakoidas, and Diomidis Spinellis. Fortifying applications against XPath injection attacks. In A. Poulymenakou, N. Pouloudi, and K. Pramatari, editors, 4th Mediterranean Conference on Information Systems, 1169–1179. September 2009.

    • Dimitris Mitropoulos and Diomidis Spinellis. Countering SQL injection attacks with a database driver. In Theodore S. Papatheodorou, Dimitris N. Christodoulakis, and Nikitas N. Karanikolas, editors, Current Trends in Informatics: 11th Panhellenic Conference on Informatics, PCI 2007, volume B, 105–115. Athens, May 2007. New Technologies Publications.

Technical Reports

    • Theofilos Petsios, Adrian Tang, Dimitris Mitropoulos, Salvatore J. Stolfo, Angelos D. Keromytis, and Suman Jana. Tug-of-war: observations on unified content handling. Technical Report, CoRR abs/1708.09334, 2017.

    • Roxana Geambasu, Dimitris Mitropoulos, Simha Sethumadhavan, Junfeng Yang, Angelos Stravrou, Dan Fleck, Matthew Elder, and Azzedine Benameur. Maintaining enterprise resiliency via kaleidoscopic adaption and transformation of software services (MEERKATS). Technical Report, Air Force Research Laboratory, Sensors Directorate, Wright-Patterson, Air Force Base, OH 45433-7320, Air Force Materiel Command, United States Air Force, April 2016.

Magazine Articles

    • Dimitris Mitropoulos. How 1 million app calls can tell you a bit about malware. XRDS: Crossroads, The ACM Magazine for Students, 24(1):17–19, 2017.

    • Dimitris Mitropoulos. On the evolution of security bugs. XRDS: Crossroads, The ACM Magazine for Students, 21(3):18–19, 2015.

    • Dimitris Mitropoulos. Security bugs in large software ecosystems. XRDS: Crossroads, The ACM Magazine for Students, 20(2):15–16, 2013.

    • Dimitris Mitropoulos. Data security in the cloud environment. XRDS: Crossroads, The ACM Magazine for Students, 19(3):11–11, 2013.

    • Dimitris Mitropoulos. How secure is your software? XRDS: Crossroads, The ACM Magazine for Students, 19(1):11–13, 2012.

    • Dimitris Mitropoulos. Fatal injection: the server's side. XRDS: Crossroads, The ACM Magazine for Students, 19(2):12–14, 2012.

    • Dimitris Mitropoulos. Better safe than sorry: backup your backups. XRDS: Crossroads, The ACM Magazine for Students, 18(2):6–6, 2012.

Datasets

    • Stefanos Chaliasos, Thodoris Sotiropoulos, Georgios-Petros Drosos, Charalambos Mitropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. Well-typed programs can go wrong: a study of typing-related bugs in JVM compilers. October 2021.

    • Dimitris Mitropoulos, Panos Louridas, Vitalis Salis, and Diomidis Spinellis. All Your Script Are Belong to Us: Collecting and Analyzing JavaScript Code from 10K Sites for 9 Months. March 2019.

    • Antonios Gkortzis, Dimitris Mitropoulos, and Diomidis Spinellis. VulinOSS: a dataset of security vulnerabilities in open-source systems. May 2018.