Publications
] .
2014. Modelling telecom fraud with e3value.
.
2016. The Navigation Metaphor in Security Economics. IEEE Security & Privacy. 14:14–21.
.
2013. New efficient utility upper bounds for the fully adaptive model of attack trees. 4th International Conference on Decision and Game Theory for Security (GameSec), Fort Worth, TX. 8252:192–205.
.
2013. Obligations to enforce prohibitions: on the adequacy of security policies. SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey. :54–61.
.
2015. Pareto Efficient Solution of Attack-Defence Trees. 4th International Conference on Principles of Security and Trust, POST 2015, London, UK. 9036:95–114.
.
2015. The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.
.
2017. Priming and warnings are not effective to prevent social engineering attacks. Computers in Human Behavior. 66:75–87.
.
2015. A Probabilistic Analysis Framework for Malicious Insider Threats. Third International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), Los Angeles, US. 9190:178–189.
.
2014. A Probabilistic Framework for Security Scenarios with Dependent Actions. 11th International Conference on Integrated Formal Methods, IFM 2014, Bertinoro, Italy. 8739:256–271.
.
2016. Probabilistic reasoning with graphical security models. Information sciences. 342:111–131.
.
2015. Quantitative Attack Tree Analysis via Priced Timed Automata. Proceedings of the 13th International Conference on Formal Modeling and Analysis of Timed Systems, FORMATS 2015, Madrid, Spain. 9268:156–171.
.
2013. Quantitative penetration testing with item response theory. 9th International Conference on Information Assurance and Security, IAS 2013, Gammarth, Tunisia. :49–54.
.
2014. Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security. 9:118–127.
.
2017. Quantitative security and safety analysis with attack-fault trees. Proceeding of the 18th IEEE International Symposium on High Assurance Systems Engineering, Singapore.
.
2016. Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference. 29th IEEE Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal. :105–119.
.
2013. The Quest for Minimal Quotients for Probabilistic Automata. 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Rome, Italy. 7795:16–31.
.
2013. Reachability-based impact as a measure for insiderness. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 4:38–48.
.
2014. Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.
.
2015. Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.
.
2013. Risk assessment as an argumentation game. 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV, Corunna, Spain. 8143:357–373.
