Publications
] .
2016. The Attack Navigator (Invited). Graphical Models for Security - Revised Selected Papers. 9390:1–17.
.
2016. Modeling and Verification of Insider Threats Using Logical Analysis. IEEE Systems Journal.
.
2016. The Navigation Metaphor in Security Economics. IEEE Security & Privacy. 14:14–21.
.
2016. Towards Formal Analysis of Insider Threats for Auctions. Proceedings of the 2016 International Workshop on Managing Insider Security Threats, Vienna, Austria. :23–34.
.
2016. Understanding How Components of Organisations Contribute to Attacks. 21st Nordic Conference, NordSec 2016, Oulu, Finland. 10014:54–66.
.
2015. Attack Tree Generation by Policy Invalidation. 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, Heraklion, Crete, Greece. 9311:249–259.
.
2015. Formal Modelling and Analysis of Socio-Technical Systems. Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays. 9560:54–73.
.
2015. Formal Modelling and Analysis of Socio-Technical Systems. Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays. 9560:54–73.
.
2015. Modeling and Analysing Socio-Technical Systems. 1st International Workshop on Socio-Technical Perspective in IS development (STPIS), Stockholm, Sweden. 1374:121–124.
.
2015. Modeling and Verification of Insider Threats Using Logical Analysis. IEEE Systems Journal. 99:1–12.
.
2015. Modelling Social-Technical Attacks with Timed Automata. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST), Denver, Colorado, US. :21–28.
.
2015. A Probabilistic Analysis Framework for Malicious Insider Threats. Third International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), Los Angeles, US. 9190:178–189.
.
2015. Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems. The Cloud Security Ecosystem. :495–517.
.
2015. Transforming Graphical System Models To Graphical Attack Models. The Second International Workshop on Graphical Models for Security (GraMSec 2015), Verona, Italy. :1–15.
.
2014. Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. IEEE Security and Privacy Workshops (SPW), San Jose, California. :229–235.
.
2014. Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.
.
2014. Invalidating policies using structural information. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA). 5:59–79.
.
2014. Model-based Abstraction of Data Provenance. 6th USENIX Workshop on the Theory and Practice of Provenance, Cologne, Germany. :Article3.
.
2013. Externalizing Behaviour for Analysing System Models. Journal of Internet Services and Information Security. 3:52–62.
.
2013. Invalidating policies using structural information. IEEE Security and Privacy Workshops (SPW 2013), San Francisco, CA. :76–81.
.
2013. Reachability-based impact as a measure for insiderness. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 4:38–48.
