Stochastic Model Checking: Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems. Lecture Notes in Computer Science. 8453. 2014.
Adversarial risks in social experiments with new technologies. Experimentation beyond the laboratory: new perspectives on technology.. 2017.
The Attack Navigator (Invited). Graphical Models for Security - Revised Selected Papers. 9390:1–17.. 2016.
Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.. 2014.
Formal Modelling and Analysis of Socio-Technical Systems. Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays. 9560:54–73.. 2015.
Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems. The Cloud Security Ecosystem. :495–517.. 2015.
ADTool: Security Analysis with Attack-Defense Trees. 10th International Conference on Quantitative Evaluation of Systems (QEST), Buenos Aires, Argentina. 8054:173–176.. 2013.
Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems. 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece. 9871:170–178.. 2016.
Apate: Anti-Phishing Analysing and Triaging Environment (Poster). 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA.. 2015.
An application to estimate the cyber-risk detection skill of mobile device users (IDEA). Sixth International Conference on Advances in Human oriented and Personalized Mechanisms, Technologies, and Services (CENTRIC), Venice, Italy. :Article7.. 2013.
Applying the Lost-Letter Technique to Assess IT Risk Behaviour. Proceedings of the 3rd Workshop on Socio-Technical Aspects in Security and Trust, New Orleans, USA. :2–9.. 2013.
ArgueSecure: Out-of-the-box Risk Assessment. Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Beijing, China.. 2016.
Argumentation-Based Security Requirements Elicitation: The Next Round. Proceedings of the 2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Karlskrona, Sweden. :7–12.. 2014.
Attack Tree Generation by Policy Invalidation. 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, Heraklion, Crete, Greece. 9311:249–259.. 2015.
Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0. 13th International Conference on Quantitative Evaluation of Systems, QEST 2016, Quebec City, QC, Canada. 9826:159–162.. 2016.
Attack Trees with Sequential Conjunction. International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany.. 2015.
Attacker profiling in quantitative security assessment based on attack trees. 19th Nordic Conference on Secure IT (NordSec), Troms?, Norway. 8788. 2014.
Automated Identification and Prioritization of Business Risks in e-service Networks. Proceedings of the 7th International Conference on Exploring Service Science, IESS 2016, Bucharest, Romania. 247:547–560.. 2016.
Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory. European Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany. :163–172.. 2016.
Automating Defence Generation for Risk Assessment. 1st European Symposium on Security and Privacy, Saarbrücken, Germany. :Number6.. 2016.
Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees. Third International Workshop GraMSec 2016, Lisbon, Portugal. :80–93.. 2016.
Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.. 2015.