Publications
] .
2014. Context-sensitive Information security Risk identification and evaluation techniques. 22nd IEEE International Requirements Engineering Conference (RE14), Karlskrona, Sweden. :485–488.
.
2014. Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.
.
2015. Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity. 1:93–108.
.
2014. Cyber Security as Social Experiment. NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, Victoria, BC, Canada. :15–24.
.
2016. Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. New Security Paradigms Workshop (NSPW), Colorado, USA.
.
2014. DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.
.
2015. DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.
.
2013. Deciding Bisimilarities on Distributions. 10th International Conference on Quantitative Evaluation of Systems (QEST), Buenos Aires, Argentina. 8054:72–88.
.
2013. Defining the cloud battlefield - supporting security assessments by cloud customers. International Conference on Cloud Engineering (IC2E 2013), Redwood City, CA. :78–87.
.
2013. Defining "The Weakest Link" Comparative Security in Complex Systems of Systems. 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, Bristol, United Kingdom. :39–44.
.
2013. DFTCalc: a tool for efficient fault tree analysis. Proceedings of the 32nd International Conference on Computer Safety, Reliability, and Security (SAFECOMP), Toulouse, France. 8153:293–301.
.
2014. Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. to appear:1–14.
.
2015. Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. 22:3–16.
.
2016. Enterprise Architecture-Based Risk and Security Modelling and Analysis. Third International Workshop, GraMSec 2016, Lisbon, Portugal. 9987:94–101.
.
2015. Examining the Contribution of Critical Visualisation to Information Security. New Security Paradigm Workshop (NSPW), Twente, The Netherlands. :1–14.
.
2014. Experiences with formal engineering: model-based specification, implementation and testing of a software bus at Neopost. Science of computer programming. 80:188–209.
.
2014. Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy. 12:59–66.
.
2013. Externalizing Behaviour for Analysing System Models. Journal of Internet Services and Information Security. 3:52–62.
.
2017. Fault trees on a diet: automated reduction by graph rewriting. Formal Aspects of Computing. online pre-publication:1–53.
.
2015. Fault Trees on a Diet - Automated Reduction by Graph Rewriting. Proceedings of the First International Symposium on Dependable Software Engineering: Theories, Tools, and Applications (SETTA 2015), Nanjing, China. 9409:3–18.
.
2015. Formal Modelling and Analysis of Socio-Technical Systems. Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays. 9560:54–73.
