Publications
] .
2013. Defining "The Weakest Link" Comparative Security in Complex Systems of Systems. 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, Bristol, United Kingdom. :39–44.
.
2013. Defining the cloud battlefield - supporting security assessments by cloud customers. International Conference on Cloud Engineering (IC2E 2013), Redwood City, CA. :78–87.
.
2013. Deciding Bisimilarities on Distributions. 10th International Conference on Quantitative Evaluation of Systems (QEST), Buenos Aires, Argentina. 8054:72–88.
.
2014. DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.
.
2015. DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.
.
2016. Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. New Security Paradigms Workshop (NSPW), Colorado, USA.
.
2014. Cyber Security as Social Experiment. NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, Victoria, BC, Canada. :15–24.
.
2015. Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity. 1:93–108.
.
2014. Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.
.
2014. Context-sensitive Information security Risk identification and evaluation techniques. 22nd IEEE International Requirements Engineering Conference (RE14), Karlskrona, Sweden. :485–488.
.
2013. Confluence Reduction for Markov Automata. Proceedings of the 11th International Conference on Formal Modeling and Analysis of Timed Systems (FORMATS), Buenos Aires, Argentina. 8053:243–257.
.
2014. Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. IEEE Security and Privacy Workshops (SPW), San Jose, California. :229–235.
.
2014. Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana.
.
2015. Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.
.
2016. Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees. Third International Workshop GraMSec 2016, Lisbon, Portugal. :80–93.
.
2016. Automating Defence Generation for Risk Assessment. 1st European Symposium on Security and Privacy, Saarbrücken, Germany. :Number6.
.
2016. Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory. European Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany. :163–172.
.
2016. Automated Identification and Prioritization of Business Risks in e-service Networks. Proceedings of the 7th International Conference on Exploring Service Science, IESS 2016, Bucharest, Romania. 247:547–560.
.
2014. Attacker profiling in quantitative security assessment based on attack trees. 19th Nordic Conference on Secure IT (NordSec), Troms?, Norway. 8788
.
2013. Attack-Defense Trees.
.
2015. Attack Trees with Sequential Conjunction. International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany.
.
2016. Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0. 13th International Conference on Quantitative Evaluation of Systems, QEST 2016, Quebec City, QC, Canada. 9826:159–162.
