Publications
] .
2013. Statistical Model Checking in Uppaal: Lets Practice. 1st Workshop on Statistical Model Checking, Rennes, France.
.
2013. Quantitative penetration testing with item response theory. 9th International Conference on Information Assurance and Security, IAS 2013, Gammarth, Tunisia. :49–54.
.
2014. Time-dependent analysis of attacks. Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014, Grenoble, France. 8414:285–305.
.
2014. Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security. 9:118–127.
.
2013. DFTCalc: a tool for efficient fault tree analysis. Proceedings of the 32nd International Conference on Computer Safety, Reliability, and Security (SAFECOMP), Toulouse, France. 8153:293–301.
.
2015. Sequential and Parallel Attack Tree Modelling. Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands. 9338:291–299.
.
2014. A tutorial on interactive Markov chains. Stochastic Model Checking. Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems, Vahrn, Italy. 8453:26–66.
.
2015. Modeling and Analysing Socio-Technical Systems. 1st International Workshop on Socio-Technical Perspective in IS development (STPIS), Stockholm, Sweden. 1374:121–124.
.
2016. Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference. 29th IEEE Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal. :105–119.
.
2015. Pareto Efficient Solution of Attack-Defence Trees. 4th International Conference on Principles of Security and Trust, POST 2015, London, UK. 9036:95–114.
.
2015. Maybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–15.
.
2013. Defining the cloud battlefield - supporting security assessments by cloud customers. International Conference on Cloud Engineering (IC2E 2013), Redwood City, CA. :78–87.
.
2014. Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana.
.
2014. Modeling Human Behaviour with Higher Order Logic: Insider Threats. 4th Workshop on Socio-Technical Aspects in Security and Trust (STAST), Vienna, Austria. :31–39.
.
2013. New efficient utility upper bounds for the fully adaptive model of attack trees. 4th International Conference on Decision and Game Theory for Security (GameSec), Fort Worth, TX. 8252:192–205.
.
2016. Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. Singapore Cyber Security R&D Conference (SG-CRC), Singapore, Singapore. 1:1–6.
.
2015. Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.
.
2015. The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.
.
2015. A Probabilistic Analysis Framework for Malicious Insider Threats. Third International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), Los Angeles, US. 9190:178–189.
.
2016. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications. 11th International Conference on Critical Information Infrastructures Security (CRITIS), Paris, France.
.
2016. TREsPASS Book 1: Picturing Risk.
