Generating attacks in SysML activity diagrams by detecting attack surfaces. Journal of Ambient Intelligence and Humanized Computing. 6:361–373.. 2016.
Obligations to enforce prohibitions: on the adequacy of security policies. SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey. :54–61.. 2013.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. 22:3–16.. 2015.
Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.. 2014.
Cyber Security as Social Experiment. NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, Victoria, BC, Canada. :15–24.. 2014.
On thinging things and serving services: technological mediation and inseparable goods. Ethics and information technology. 15:195–208.. 2013.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2016.
The Navigation Metaphor in Security Economics. IEEE Security & Privacy. 14:14–21.. 2016.
Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.. 2014.
TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.. 2014.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2015.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. to appear:1–14.. 2014.
Adversarial risks in social experiments with new technologies. Experimentation beyond the laboratory: new perspectives on technology.. 2017.
Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.. 2015.
Defining "The Weakest Link" Comparative Security in Complex Systems of Systems. 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, Bristol, United Kingdom. :39–44.. 2013.
Towards Rigorously Faking Bidirectional Model Transformations. Proceedings of the Workshop on Analysis of Model Transformations, AMT 2014, Valencia, Spain. 1277:70–75.. 2014.
Risk assessment as an argumentation game. 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV, Corunna, Spain. 8143:357–373.. 2013.
The Attack Navigator (Invited). Graphical Models for Security - Revised Selected Papers. 9390:1–17.. 2016.
Reachability-based impact as a measure for insiderness. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 4:38–48.. 2013.
Model-based Abstraction of Data Provenance. 6th USENIX Workshop on the Theory and Practice of Provenance, Cologne, Germany. :Article3.. 2014.
Formal Modelling and Analysis of Socio-Technical Systems. Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays. 9560:54–73.. 2015.
Stochastic Model Checking: Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems. Lecture Notes in Computer Science. 8453. 2014.
Maintenance analysis and optimization via statistical model checking: Evaluating a train pneumatic compressor. Proceedings of the 13th International Conference on Quantitative Evaluation of SysTems, QEST 2016, Québec City, Canada. 9826. 2016.
Uniform analysis of fault trees through model transformations. Proceedings of the 63rd Annual Reliabliity and Maintainability Symposium (RAMS 2017), Orlando, FL, USA.. 2017.