Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. Singapore Cyber Security R&D Conference (SG-CRC), Singapore, Singapore. 1:1–6.. 2016.
Time dependent analysis with dynamic counter measure trees. Proceedings of the 13th Workshop on Quantitative Aspects of Programming Languages and Systems (QAPL 2015), London, England.. 2015.
Time-dependent analysis of attacks. Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014, Grenoble, France. 8414:285–305.. 2014.
Towards Empirical Evaluation of Automated Risk Assessment Methods. 11th International Conference on Risks and Security of Internet and Systems, CRiSIS 2016, Roscoff, France.. 2016.
Towards Formal Analysis of Insider Threats for Auctions. Proceedings of the 2016 International Workshop on Managing Insider Security Threats, Vienna, Austria. :23–34.. 2016.
Towards Rigorously Faking Bidirectional Model Transformations. Proceedings of the Workshop on Analysis of Model Transformations, AMT 2014, Valencia, Spain. 1277:70–75.. 2014.
Transforming Graphical System Models To Graphical Attack Models. The Second International Workshop on Graphical Models for Security (GraMSec 2015), Verona, Italy. :1–15.. 2015.
TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.. 2014.
The TREsPASS project. ICTOpen2013, Eindhoven. :1–1.. 2013.
A tutorial on interactive Markov chains. Stochastic Model Checking. Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems, Vahrn, Italy. 8453:26–66.. 2014.
Uncovering dynamic fault trees. Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France. :299–310.. 2016.
Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Greece. 9963:19–33.. 2016.
Understanding How Components of Organisations Contribute to Attacks. 21st Nordic Conference, NordSec 2016, Oulu, Finland. 10014:54–66.. 2016.
Uniform analysis of fault trees through model transformations. Proceedings of the 63rd Annual Reliabliity and Maintainability Symposium (RAMS 2017), Orlando, FL, USA.. 2017.
Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), Skövde, Sweden. 267:326–334.. 2016.
Using Value Models for Business Risk Analysis in e-Service Networks. 8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain. 235:239–253.. 2015.
The Value of Attack-Defence Diagrams. Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, Netherlands. 9635:163–185.. 2016.
Value-Driven Risk Analysis of Coordination Models. 9th IFIP WG 8.1. Working Conference, PoEM 2015, Proceedings, Skovde, Sweden. 267:102–116.. 2016.
Achieving a Consensual Definition of Phishing Based on a Systematic Review of the Literature. Crime Science. 3:9:1-9:16.. 2014.
Attack navigator vindt en verhelpt zwakke plekken. Bits en chips. 4. 2013.
Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity. 1:93–108.. 2015.
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.. 2015.
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.. 2014.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. to appear:1–14.. 2014.