Publications
] .
2016. Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees. Third International Workshop GraMSec 2016, Lisbon, Portugal. :80–93.
.
2016. Automating Defence Generation for Risk Assessment. 1st European Symposium on Security and Privacy, Saarbrücken, Germany. :Number6.
.
2016. Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0. 13th International Conference on Quantitative Evaluation of Systems, QEST 2016, Quebec City, QC, Canada. 9826:159–162.
.
2016. Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), Skövde, Sweden. 267:326–334.
.
2016. Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. New Security Paradigms Workshop (NSPW), Colorado, USA.
.
2016. Information Security Maturity as an Integral Part of ISMS based Risk Management Tools. SECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies, Nice, France. :295–298.
.
2013. A tighter bound for the self-stabilization time in Herman's algorithm. Information processing letters. 113:486–488.
.
2013. Deciding Bisimilarities on Distributions. 10th International Conference on Quantitative Evaluation of Systems (QEST), Buenos Aires, Argentina. 8054:72–88.
.
2013. The Quest for Minimal Quotients for Probabilistic Automata. 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Rome, Italy. 7795:16–31.
.
2014. Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy. 12:59–66.
.
2015. Modelling Social-Technical Attacks with Timed Automata. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST), Denver, Colorado, US. :21–28.
.
2016. TREsPASS Book 2: Summer School.
.
2016. TREsPASS Book 1: Picturing Risk.
.
2016. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications. 11th International Conference on Critical Information Infrastructures Security (CRITIS), Paris, France.
.
2015. A Probabilistic Analysis Framework for Malicious Insider Threats. Third International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), Los Angeles, US. 9190:178–189.
.
2016. Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. Singapore Cyber Security R&D Conference (SG-CRC), Singapore, Singapore. 1:1–6.
.
2015. Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.
.
2015. The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.
.
2013. New efficient utility upper bounds for the fully adaptive model of attack trees. 4th International Conference on Decision and Game Theory for Security (GameSec), Fort Worth, TX. 8252:192–205.
.
2014. Modeling Human Behaviour with Higher Order Logic: Insider Threats. 4th Workshop on Socio-Technical Aspects in Security and Trust (STAST), Vienna, Austria. :31–39.
.
2013. Defining the cloud battlefield - supporting security assessments by cloud customers. International Conference on Cloud Engineering (IC2E 2013), Redwood City, CA. :78–87.
.
2014. Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana.
.
2015. Maybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–15.
.
2015. Pareto Efficient Solution of Attack-Defence Trees. 4th International Conference on Principles of Security and Trust, POST 2015, London, UK. 9036:95–114.
