The Navigation Metaphor in Security Economics. IEEE Security & Privacy. 14:14–21.. 2016.
New efficient utility upper bounds for the fully adaptive model of attack trees. 4th International Conference on Decision and Game Theory for Security (GameSec), Fort Worth, TX. 8252:192–205.. 2013.
Obligations to enforce prohibitions: on the adequacy of security policies. SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey. :54–61.. 2013.
Pareto Efficient Solution of Attack-Defence Trees. 4th International Conference on Principles of Security and Trust, POST 2015, London, UK. 9036:95–114.. 2015.
The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.. 2015.
Priming and warnings are not effective to prevent social engineering attacks. Computers in Human Behavior. 66:75–87.. 2017.
A Probabilistic Analysis Framework for Malicious Insider Threats. Third International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), Los Angeles, US. 9190:178–189.. 2015.
A Probabilistic Framework for Security Scenarios with Dependent Actions. 11th International Conference on Integrated Formal Methods, IFM 2014, Bertinoro, Italy. 8739:256–271.. 2014.
Probabilistic reasoning with graphical security models. Information sciences. 342:111–131.. 2016.
Quantitative Attack Tree Analysis via Priced Timed Automata. Proceedings of the 13th International Conference on Formal Modeling and Analysis of Timed Systems, FORMATS 2015, Madrid, Spain. 9268:156–171.. 2015.
Quantitative penetration testing with item response theory. 9th International Conference on Information Assurance and Security, IAS 2013, Gammarth, Tunisia. :49–54.. 2013.
Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security. 9:118–127.. 2014.
Quantitative security and safety analysis with attack-fault trees. Proceeding of the 18th IEEE International Symposium on High Assurance Systems Engineering, Singapore.. 2017.
Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference. 29th IEEE Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal. :105–119.. 2016.
The Quest for Minimal Quotients for Probabilistic Automata. 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Rome, Italy. 7795:16–31.. 2013.
Reachability-based impact as a measure for insiderness. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 4:38–48.. 2013.
Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.. 2014.
Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.. 2015.
Risk assessment as an argumentation game. 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV, Corunna, Spain. 8143:357–373.. 2013.