Publications
] .
2016. How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems. Second International Workshop GraMSec 2015, Verona, Italy. 9390:55–65.
.
2016. Towards Empirical Evaluation of Automated Risk Assessment Methods. 11th International Conference on Risks and Security of Internet and Systems, CRiSIS 2016, Roscoff, France.
.
2016. Modelling Attack-defense Trees Using Timed Automata. 14th International Conference on Formal Modeling and Analysis of Timed Systems, FORMATS 2016, Quebec, QC, Canada. 9884:35–50.
.
2016. Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), Skövde, Sweden. 267:326–334.
.
2016. Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. New Security Paradigms Workshop (NSPW), Colorado, USA.
.
2016. Information Security Maturity as an Integral Part of ISMS based Risk Management Tools. SECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies, Nice, France. :295–298.
.
2013. A tighter bound for the self-stabilization time in Herman's algorithm. Information processing letters. 113:486–488.
.
2013. Deciding Bisimilarities on Distributions. 10th International Conference on Quantitative Evaluation of Systems (QEST), Buenos Aires, Argentina. 8054:72–88.
.
2013. The Quest for Minimal Quotients for Probabilistic Automata. 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Rome, Italy. 7795:16–31.
.
2014. Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy. 12:59–66.
.
2015. Modelling Social-Technical Attacks with Timed Automata. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST), Denver, Colorado, US. :21–28.
.
2016. TREsPASS Book 1: Picturing Risk.
.
2016. TREsPASS Book 2: Summer School.
.
2016. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications. 11th International Conference on Critical Information Infrastructures Security (CRITIS), Paris, France.
.
2015. A Probabilistic Analysis Framework for Malicious Insider Threats. Third International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), Los Angeles, US. 9190:178–189.
.
2016. Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. Singapore Cyber Security R&D Conference (SG-CRC), Singapore, Singapore. 1:1–6.
.
2015. Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.
.
2015. The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.
.
2013. New efficient utility upper bounds for the fully adaptive model of attack trees. 4th International Conference on Decision and Game Theory for Security (GameSec), Fort Worth, TX. 8252:192–205.
.
2014. Modeling Human Behaviour with Higher Order Logic: Insider Threats. 4th Workshop on Socio-Technical Aspects in Security and Trust (STAST), Vienna, Austria. :31–39.
.
2013. Defining the cloud battlefield - supporting security assessments by cloud customers. International Conference on Cloud Engineering (IC2E 2013), Redwood City, CA. :78–87.
.
2014. Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana.
.
2015. Maybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–15.
.
2015. Modeling and Analysing Socio-Technical Systems. 1st International Workshop on Socio-Technical Perspective in IS development (STPIS), Stockholm, Sweden. 1374:121–124.
