Publications
] .
2014. TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.
.
2014. Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.
.
2014. Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. to appear:1–14.
.
2017. Adversarial risks in social experiments with new technologies. Experimentation beyond the laboratory: new perspectives on technology.
.
2015. Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A
.
2015. Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.
.
2013. Defining "The Weakest Link" Comparative Security in Complex Systems of Systems. 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, Bristol, United Kingdom. :39–44.
.
2013. Obligations to enforce prohibitions: on the adequacy of security policies. SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey. :54–61.
.
2015. Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. 22:3–16.
.
2014. Cyber Security as Social Experiment. NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, Victoria, BC, Canada. :15–24.
.
2014. Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.
.
2016. Generating attacks in SysML activity diagrams by detecting attack surfaces. Journal of Ambient Intelligence and Humanized Computing. 6:361–373.
.
2015. Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems. The Cloud Security Ecosystem. :495–517.
.
2013. The TREsPASS project. ICTOpen2013, Eindhoven. :1–1.
.
2016. From A to Z: Developing a Visual Vocabulary for Information Security Threat Visualisation. Third International Workshop GraMSec 2016, Lisbon, Portugal. 9987:102–118.
.
2016. Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems. 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece. 9871:170–178.
.
2015. Security analysis of socio-technical physical systems. Computers & Electrical Engineering. online
.
2014. Attacker profiling in quantitative security assessment based on attack trees. 19th Nordic Conference on Secure IT (NordSec), Troms?, Norway. 8788
.
2014. Limiting Adversarial Budget in Quantitative Security Assessment. 5th International Conference on Decision and Game Theory for Security (GameSec), Los Angeles, CA, USA. 8840:155–174.
.
2015. Genetic Approximations for the Failure-Free Security Games. Decision and Game Theory for Security, 6th International Conference, GameSec 2015, London, UK. 9406:311–321.
.
2013. Applying the Lost-Letter Technique to Assess IT Risk Behaviour. Proceedings of the 3rd Workshop on Socio-Technical Aspects in Security and Trust, New Orleans, USA. :2–9.
.
2015. Apate: Anti-Phishing Analysing and Triaging Environment (Poster). 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA.
.
2014. Achieving a Consensual Definition of Phishing Based on a Systematic Review of the Literature. Crime Science. 3:9:1-9:16.
.
2015. Time dependent analysis with dynamic counter measure trees. Proceedings of the 13th Workshop on Quantitative Aspects of Programming Languages and Systems (QAPL 2015), London, England.
