Publications
] .
2014. Context-sensitive Information security Risk identification and evaluation techniques. 22nd IEEE International Requirements Engineering Conference (RE14), Karlskrona, Sweden. :485–488.
.
2016. Value-Driven Risk Analysis of Coordination Models. 9th IFIP WG 8.1. Working Conference, PoEM 2015, Proceedings, Skovde, Sweden. 267:102–116.
.
2015. Tangible Modelling to Elicit Domain Knowledge: An Experiment and Focus Group. 34th International Conference, ER 2015, Stockholm, Sweden. 9381:558–565.
.
2014. Argumentation-Based Security Requirements Elicitation: The Next Round. Proceedings of the 2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Karlskrona, Sweden. :7–12.
.
2016. Automated Identification and Prioritization of Business Risks in e-service Networks. Proceedings of the 7th International Conference on Exploring Service Science, IESS 2016, Bucharest, Romania. 247:547–560.
.
2016. ArgueSecure: Out-of-the-box Risk Assessment. Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Beijing, China.
.
2014. Modelling telecom fraud with e3value.
.
2015. Using Value Models for Business Risk Analysis in e-Service Networks. 8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain. 235:239–253.
.
2015. Investigating the usability and utility of tangible modelling of socio-technical architectures.
.
2016. A study on tangible participative enterprise modelling. ER 2016 Workshops AHA, MoBID, MORE-BI, MReBA, QMMQ, and WM2SP, Gifu, Japan, November 14-17, 2016, Proceedings, Gifu, Japan. 9975:139–148.
.
2015. Attack Tree Generation by Policy Invalidation. 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, Heraklion, Crete, Greece. 9311:249–259.
.
2013. Externalizing Behaviour for Analysing System Models. Journal of Internet Services and Information Security. 3:52–62.
.
2015. Transforming Graphical System Models To Graphical Attack Models. The Second International Workshop on Graphical Models for Security (GraMSec 2015), Verona, Italy. :1–15.
.
2016. A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece. 9871:138–153.
.
2016. Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory. European Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany. :163–172.
.
2015. Attack Trees with Sequential Conjunction. International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany.
.
2016. Enterprise Architecture-Based Risk and Security Modelling and Analysis. Third International Workshop, GraMSec 2016, Lisbon, Portugal. 9987:94–101.
.
2017. Priming and warnings are not effective to prevent social engineering attacks. Computers in Human Behavior. 66:75–87.
.
2017. Fault trees on a diet: automated reduction by graph rewriting. Formal Aspects of Computing. online pre-publication:1–53.
.
2016. Uncovering dynamic fault trees. Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France. :299–310.
.
2015. Fault Trees on a Diet - Automated Reduction by Graph Rewriting. Proceedings of the First International Symposium on Dependable Software Engineering: Theories, Tools, and Applications (SETTA 2015), Nanjing, China. 9409:3–18.
.
2014. Invalidating policies using structural information. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA). 5:59–79.
.
2014. Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. IEEE Security and Privacy Workshops (SPW), San Jose, California. :229–235.
