Publications
] .
2014. Proceedings First International Workshop on Graphical Models for Security, GraMSec 2014, Grenoble, France, 12th April, 2014. EPTCS. 148
.
2014. Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security. 9:118–127.
.
2014. Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.
.
2014. RISK-DET: ICT Security Awareness Aspect Combining Education and Cognitive Sciences. Ninth International Multi-Conference on Computing in the Global Information Technology, ICCGI 2014, Seville, Spain.
.
2014. The Social Engineering Personality Framework. 4th Workshop on Socio-Technical Aspects in Security and Trust (STAST), Vienna, Austria. :24–30.
.
2014. Stochastic Model Checking: Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems. Lecture Notes in Computer Science. 8453
.
2014. Time-dependent analysis of attacks. Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014, Grenoble, France. 8414:285–305.
.
2014. Towards Rigorously Faking Bidirectional Model Transformations. Proceedings of the Workshop on Analysis of Model Transformations, AMT 2014, Valencia, Spain. 1277:70–75.
.
2014. TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.
.
2014. A tutorial on interactive Markov chains. Stochastic Model Checking. Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems, Vahrn, Italy. 8453:26–66.
.
2015. Apate: Anti-Phishing Analysing and Triaging Environment (Poster). 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA.
.
2015. Attack Tree Generation by Policy Invalidation. 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, Heraklion, Crete, Greece. 9311:249–259.
.
2015. Attack Trees with Sequential Conjunction. International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany.
.
2015. Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.
.
2015. Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity. 1:93–108.
.
2015. DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.
.
2015. Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. 22:3–16.
.
2015. Examining the Contribution of Critical Visualisation to Information Security. New Security Paradigm Workshop (NSPW), Twente, The Netherlands. :1–14.
.
2015. Fault Trees on a Diet - Automated Reduction by Graph Rewriting. Proceedings of the First International Symposium on Dependable Software Engineering: Theories, Tools, and Applications (SETTA 2015), Nanjing, China. 9409:3–18.
.
2015. Formal Modelling and Analysis of Socio-Technical Systems. Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays. 9560:54–73.
.
2015. From Cybercrime to Cyborg Crime: Botnets as Hybrid Criminal Actor-Networks. British journal of Criminology. 55:1–18.
.
2015. Genetic Approximations for the Failure-Free Security Games. Decision and Game Theory for Security, 6th International Conference, GameSec 2015, London, UK. 9406:311–321.
.
2015. "If you were attacked, you'd be sorry": Counterfactuals as security arguments. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–12.
.
2015. Investigating the usability and utility of tangible modelling of socio-technical architectures.
.
2015. Maybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–15.
