Invalidating policies using structural information. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA). 5:59–79.. 2014.
Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. IEEE Security and Privacy Workshops (SPW), San Jose, California. :229–235.. 2014.
Towards Formal Analysis of Insider Threats for Auctions. Proceedings of the 2016 International Workshop on Managing Insider Security Threats, Vienna, Austria. :23–34.. 2016.
Modeling and Verification of Insider Threats Using Logical Analysis. IEEE Systems Journal. 99:1–12.. 2015.
Probabilistic reasoning with graphical security models. Information sciences. 342:111–131.. 2016.
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.. 2014.
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.. 2015.
Proceedings First International Workshop on Graphical Models for Security, GraMSec 2014, Grenoble, France, 12th April, 2014. EPTCS. 148. 2014.
ADTool: Security Analysis with Attack-Defense Trees. 10th International Conference on Quantitative Evaluation of Systems (QEST), Buenos Aires, Argentina. 8054:173–176.. 2013.
A Probabilistic Framework for Security Scenarios with Dependent Actions. 11th International Conference on Integrated Formal Methods, IFM 2014, Bertinoro, Italy. 8739:256–271.. 2014.
Time dependent analysis with dynamic counter measure trees. Proceedings of the 13th Workshop on Quantitative Aspects of Programming Languages and Systems (QAPL 2015), London, England.. 2015.
Quantitative Attack Tree Analysis via Priced Timed Automata. Proceedings of the 13th International Conference on Formal Modeling and Analysis of Timed Systems, FORMATS 2015, Madrid, Spain. 9268:156–171.. 2015.
Quantitative security and safety analysis with attack-fault trees. Proceeding of the 18th IEEE International Symposium on High Assurance Systems Engineering, Singapore.. 2017.
Applying the Lost-Letter Technique to Assess IT Risk Behaviour. Proceedings of the 3rd Workshop on Socio-Technical Aspects in Security and Trust, New Orleans, USA. :2–9.. 2013.
Apate: Anti-Phishing Analysing and Triaging Environment (Poster). 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA.. 2015.
Achieving a Consensual Definition of Phishing Based on a Systematic Review of the Literature. Crime Science. 3:9:1-9:16.. 2014.
Attacker profiling in quantitative security assessment based on attack trees. 19th Nordic Conference on Secure IT (NordSec), Troms?, Norway. 8788. 2014.
Limiting Adversarial Budget in Quantitative Security Assessment. 5th International Conference on Decision and Game Theory for Security (GameSec), Los Angeles, CA, USA. 8840:155–174.. 2014.
Genetic Approximations for the Failure-Free Security Games. Decision and Game Theory for Security, 6th International Conference, GameSec 2015, London, UK. 9406:311–321.. 2015.
Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems. 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece. 9871:170–178.. 2016.
Security analysis of socio-technical physical systems. Computers & Electrical Engineering. online. 2015.
From A to Z: Developing a Visual Vocabulary for Information Security Threat Visualisation. Third International Workshop GraMSec 2016, Lisbon, Portugal. 9987:102–118.. 2016.
The TREsPASS project. ICTOpen2013, Eindhoven. :1–1.. 2013.
Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems. The Cloud Security Ecosystem. :495–517.. 2015.