EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


Research Project: TREsPASS: Technology-supported Risk Estimation By Predictive Assessment Of Socio-technical Security
Home Policy Brochure Browse Search User Area Contact Help

2017

Guck, D. (2017) Reliable systems - Fault tree analysis via Markov reward automata. PhD thesis, Univeristy of Twente. CTIT Ph.D. Thesis Series No. 16-419 ISBN 978-90-365-4291-3
Junger, M. and Montoya Morales, A.L. and Overink, F.J. (2017) Priming and warnings are not effective to prevent social engineering attacks. Computers in Human Behavior, 66. pp. 75-87. ISSN 0747-5632 *** ISI Impact 2,880 ***
Junges, S. and Guck, D. and Katoen, J.P. and Rensink, A. and Stoelinga, M.I.A. (2017) Fault trees on a diet: automated reduction by graph rewriting. Formal Aspects of Computing, online pre-publication. pp. 1-53. ISSN 0934-5043 *** ISI Impact 0,521 ***
Kumar, Rajesh and Stoelinga, M.I.A. (2017) Quantitative security and safety analysis with attack-fault trees. In: Proceeding of the 18th IEEE International Symposium on High Assurance Systems Engineering, 12-14 Jan 2017, Singapore. IEEE Computer Society.
Pieters, W. and Dechesne, F. (2017) Adversarial risks in social experiments with new technologies. In: Experimentation beyond the laboratory: new perspectives on technology. Routledge, Oxford, UK. ISBN 9781138204010
Ruijters, E.J.J. and Schivo, S. and Stoelinga, M.I.A. and Rensink, A. (2017) Uniform analysis of fault trees through model transformations. In: Proceedings of the 63rd Annual Reliabliity and Maintainability Symposium (RAMS 2017), 23-26 Jan 2017, Orlando, FL, USA. IEEE Reliability Society. ISBN 978-1-5090-5285-1

2016

Aslanyan, Z. (2016) Formal Analysis of Graphical Security Models. PhD thesis, Technical University of Denmark. DTU Compute PHD-2016 Number 421 ISBN not assigned
Aslanyan, Z. and Nielson, F. and Parker, D. (2016) Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference. In: 29th IEEE Computer Security Foundations Symposium, CSF 2016, 27 Jun - 1 Jul 2016, Lisbon, Portugal. pp. 105-119. IEEE Computer Society. ISSN 2374-8303 ISBN 978-1-5090-2607-4
Bullee, J.H. and Montoya Morales, A.L. and Junger, M. and Hartel, P.H. (2016) Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. In: Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016), 14-15 Jan 2016, Singapore, Singapore. pp. 107-114. Cryptology and Information Security Series 14. IOS Press. ISSN 1871-6431 ISBN 978-1-61499-616-3
Chockalingam, S. and Hadžiosmanović, D. and Pieters, W. and Texeira, A. and van Gelder, P. (2016) Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications. In: 11th International Conference on Critical Information Infrastructures Security (CRITIS), October 10–12, 2016, Paris, France. Lecture Notes in Computer Science. Springer.
Coles-Kemp, L. and Hall, P. (2016) TREsPASS Book 1: Picturing Risk. Royal Holloway, University of London. ISBN 978-1-905846-74-0
Coles-Kemp, L. and Hall, P. (2016) TREsPASS Book 2: Summer School. Royal Holloway, University of London. ISBN 978-1-905846-76-4
Coles-Kemp, L. and Hall, P. (2016) TREsPASS Book 3: Creative Engagements. Royal Holloway, University of London. ISBN 978-1-905846-78-8
Fetler, B. and Harpes, C. (2016) Information Security Maturity as an Integral Part of ISMS based Risk Management Tools. In: SECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies, 24-28 July 2016, Nice, France. pp. 295-298. Xpert Publishing Services. ISSN 2162-2116 ISBN 978-1-61208-493-0
Fichtner, L. and Pieters, W. and Texeira, A. (2016) Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. In: New Security Paradigms Workshop (NSPW), September 26-29, 2016, Colorado, USA. ACM.
Fraile, M. and Ford, M. and Gadyatskaya, O. and Kumar, Rajesh and Stoelinga, M.I.A. and Trujillo-Rasua, R. (2016) Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. In: 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), 08-10 Nov 2016, Skövde, Sweden. pp. 326-334. Lecture Notes in Business Information Processing 267. Springer. ISBN 978-3-319-48392-4
Gadyatskaya, O. (2016) How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems. In: Second International Workshop GraMSec 2015, 13 July 2015, Verona, Italy. pp. 55-65. Lecture Notes in Computer Science 9390. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-29967-9
Gadyatskaya, O. (2016) Automating Defence Generation for Risk Assessment. In: 1st European Symposium on Security and Privacy, March 21-24, 2016, Saarbrücken, Germany. Number 6. IEEE Computer Society. ISBN not assigned
Gadyatskaya, O. and Hansen, R.R. and Larsen, K.G. and Legay, A. and Olesen, M.C. and Poulsen, D.B. (2016) Modelling Attack-defense Trees Using Timed Automata. In: 14th International Conference on Formal Modeling and Analysis of Timed Systems, FORMATS 2016, 24-26 Aug 2016, Quebec, QC, Canada. pp. 35-50. Lecture Notes in Computer Science 9884. Springer International Publishing. ISSN 0302-9743 ISBN 978-3-319-44877-0
Gadyatskaya, O. and Harpes, C. and Mauw, S. and Muller, C. and Muller, S. (2016) Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees. In: Third International Workshop GraMSec 2016, 27 June 2016, Lisbon, Portugal. pp. 80-93. Lecture Notes in Computer Science (9987). Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-46262-2
Gadyatskaya, O. and Jhawar, R. and Kordy, P. and Lounis, K. and Mauw, S. and Trujillo-Rasua, R. (2016) Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0. In: 13th International Conference on Quantitative Evaluation of Systems, QEST 2016, 23-25 Aug 2016, Quebec City, QC, Canada. pp. 159-162. Lecture Notes in Computer Science 9826. Springer International Publishing. ISSN 0302-9743 ISBN 978-3-319-43424-7
Gadyatskaya, O. and Labunets, K. and Paci, F. (2016) Towards Empirical Evaluation of Automated Risk Assessment Methods. In: 11th International Conference on Risks and Security of Internet and Systems, CRiSIS 2016, 05-07 Sep 2016, Roscoff, France. Springer.
Gu, Min and Aslanyan, Z. and Probst, C.W. (2016) Understanding How Components of Organisations Contribute to Attacks. In: 21st Nordic Conference, NordSec 2016, 2-4 Nov 2016, Oulu, Finland. pp. 54-66. Lecture Notes in Computer Science 10014. Springer International Publishing. ISSN 0302-9743 ISBN 978-3-319-47559-2
Hermanns, H. and Krämer, J. and Krčál, J. and Stoelinga, M.I.A. (2016) The Value of Attack-Defence Diagrams. In: Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, April 2-8, 2016, Eindhoven, Netherlands. pp. 163-185. Lecture Notes in Computer Science 9635. Springer Verlag. ISSN 0302-9743 ISBN 978-3-662-49634-3
Ionita, D. and Gordijn, J. and Yesuf, A.S. and Wieringa, R.J. (2016) Value-Driven Risk Analysis of Coordination Models. In: The Practice of Enterprise Modeling : 9th IFIP WG 8.1. Working Conference, PoEM 2016, Proceedings, 8-10 Nov 2016, Skovde, Sweden. pp. 102-116. Lecture Notes in Business Information Processing 267. Springer Verlag. ISBN 978-3-319-48392-4
Ionita, D. and Kaidalova, J. and Vasenev, A. and Wieringa, R.J. (2016) A study on tangible participative enterprise modelling. In: ER 2016 Workshops AHA, MoBID, MORE-BI, MReBA, QMMQ, and WM2SP, Gifu, Japan, November 14-17, 2016, Proceedings, Nov. 14-17, 2016, Gifu, Japan. pp. 139-148. Lecture Notes in Computer Science 9975. Springer Verlag. ISBN 978-3-319-47716-9
Ionita, D. and Kegel, R.H.P. and Baltuta, A. and Wieringa, R.J. (2016) ArgueSecure: Out-of-the-box Risk Assessment. In: Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), 12 Sept 2016, Beijing, China. pp. 74-79. IEEE Computer Society. ISBN 978-1-5090-3694-3
Ionita, D. and Wieringa, R.J. and Gordijn, J. (2016) Automated Identification and Prioritization of Business Risks in e-service Networks. In: Proceedings of the 7th International Conference on Exploring Service Science, IESS 2016, 25-27 May 2016, Bucharest, Romania. pp. 547-560. Lecture Notes in Business Information Processing 247. Springer Verlag. ISSN 1865-1348 ISBN 978-3-319-32689-4
Ivanova, M.G. (2016) Modelling Socio-Technical Aspects of Organisational Security. PhD thesis, Technical University of Denmark. DTU Compute PHD-2016 Number 406 ISBN not assigned
Jhawar, R. and Lounis, K. and Mauw, S. (2016) A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. In: 12th International Workshop on Security and Trust Management, STM 2016, 26-27 Sept 2016, Heraklion, Crete, Greece. pp. 138-153. Lecture Notes in Computer Science 9871. Springer International Publishing. ISSN 0302-9743 ISBN 978-3-319-46597-5
Jhawar, R. and Mauw, S. and Zakiuddin, I. (2016) Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory. In: European Conference on Cyber Warfare and Security, ECCWS 2016, 7-8 Jul 2016, Munich, Germany. pp. 163-172. Academic Conferences and Publishing International. ISBN 9781910810934
Jonkers, H. and Quartel, D.A.C. (2016) Enterprise Architecture-Based Risk and Security Modelling and Analysis. In: Third International Workshop on Graphical Models for Security, GraMSec 2016, 27 Jun 2016, Lisbon, Portugal. pp. 94-101. Lecture Notes in Computer Science 9987. Springer Verlag. ISBN 978-3-319-46262-2
Junges, S. and Guck, D. and Katoen, J.P. and Stoelinga, M.I.A. (2016) Uncovering dynamic fault trees. In: Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), 28 June -1 July 2016, Toulouse, France. pp. 299-310. IEEE Computer Society. ISSN 2158-3927 ISBN 978-1-4673-8892-4
Kammüller, F. and Kerber, M. and Probst, C.W. (2016) Towards Formal Analysis of Insider Threats for Auctions. In: Proceedings of the 2016 International Workshop on Managing Insider Security Threats, 24-28 Oct. 2016, Vienna, Austria. pp. 23-34. ACM. ISBN 978-1-4503-4571-2
Kammüller, F. and Probst, C.W. (2016) Modeling and Verification of Insider Threats Using Logical Analysis. IEEE Systems Journal. ISSN 1932-8184 *** ISI Impact 2,114 ***
Kordy, B. and Pouly, M. and Schweitzer, P. (2016) Probabilistic reasoning with graphical security models. Information sciences, 342. pp. 111-131. ISSN 0020-0255 *** ISI Impact 3,364 ***
Lenzini, G. and Mauw, S. and Ouchani, S. (2016) Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems. In: 12th International Workshop on Security and Trust Management, STM 2016, 26-27 Sept 2016, Heraklion, Crete, Greece. pp. 170-178. Lecture Notes in Computer Science 9871. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-46597-5
Li, E. and Barendse, J. and Brodbeck, F. and Tanner, A. (2016) From A to Z: Developing a Visual Vocabulary for Information Security Threat Visualisation. In: Third International Workshop GraMSec 2016, 27 June 2016, Lisbon, Portugal. pp. 102-118. Lecture Notes in Computer Science 9987. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-46262-2
Ouchani, S. and Lenzini, G. (2016) Generating attacks in SysML activity diagrams by detecting attack surfaces. Journal of Ambient Intelligence and Humanized Computing, 6 (3). pp. 361-373. ISSN 1868-5137 *** ISI Impact 0,835 ***
Pieters, W. and Barendse, J. and Ford, M. and Heath, C.P.R. and Probst, C.W. and Verbij, R. (2016) The Navigation Metaphor in Security Economics. IEEE Security & Privacy, 14 (3). pp. 14-21. ISSN 1540-7993 *** ISI Impact 0,902 ***
Pieters, W. and Hadžiosmanović, D. and Dechesne, F. (2016) Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics, 22 (3). pp. 831-850. ISSN 1353-3452 *** ISI Impact 1,454 ***
Probst, C.W. and Willemson, J. and Pieters, W. (2016) The Attack Navigator (Invited). In: Graphical Models for Security - Revised Selected Papers. Lecture Notes in Computer Science 9390. Springer Verlag, Berlin, pp. 1-17. ISSN 0302-9743 ISBN 978-3-319-29967-9
Ruijters, E.J.J. and Guck, D. and Drolenga, P. and Peters, M. and Stoelinga, M.I.A. (2016) Maintenance analysis and optimization via statistical model checking: Evaluating a train pneumatic compressor. In: Proceedings of the 13th International Conference on Quantitative Evaluation of SysTems, QEST 2016, 23-25 Aug 2016, Québec City, Canada. pp. 331-347. Lecture Notes in Computer Science 9826. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-43424-7
van Wieren, M. and Doerr, C. and Jacobs, V. and Pieters, W. (2016) Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. In: 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, 26-27 September 2016, Heraklion, Greece. pp. 19-33. Lecture Notes in Computer Science 9963. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-47071-9

2015

Arnold, F. and Guck, D. and Kumar, Rajesh and Stoelinga, M.I.A. (2015) Sequential and Parallel Attack Tree Modelling. In: Computer Safety, Reliability, and Security - Proceedings of the SAFECOM 2015 Workshops, ASSURE, DECSoS. ISSE, ReSA4CI, and SASSUR, 22 September 2015, Delft, The Netherlands. pp. 291-299. Lecture Notes in Computer Science 9338. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-24248-4
Aslanyan, Z. and Ivanova, M.G. and Nielson, F. and Probst, C.W. (2015) Modeling and Analysing Socio-Technical Systems. In: 1st International Workshop on Socio-Technical Perspective in IS development (STPIS), 9 Jun 2015, Stockholm, Sweden. pp. 121-124. CEUR Workshop Proceedings 1374. CEUR. ISSN 1613-0073
Aslanyan, Z. and Nielson, F. (2015) Pareto Efficient Solution of Attack-Defence Trees. In: 4th International Conference on Principles of Security and Trust, POST 2015, 11-18 Apr 2015, London, UK. pp. 95-114. Lecture Notes in Computer Science 9036. Springer Verlag. ISSN 0302-9743 ISBN 978-3-662-46665-0
Benenson, Z. and Lenzini, G. and Oliveira, D. and Parkin, S. and Uebelacker, S. (2015) Maybe Poor Johnny Really Cannot Encrypt – The Case for a Complexity Theory for Usable Security. In: New Security Paradigm Workshop (NSPW), 8-11 Sept 2015, Twente, Netherlands. pp. 85-99. ACM. ISBN 978-1-4503-3754-0
Bullee, J.H. and Montoya Morales, A.L. and Pieters, W. and Junger, M. and Hartel, P.H. (2015) The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology, 11 (1). pp. 97-115. ISSN 1573-3750 *** ISI Impact 2,229 ***
Bullee, J.H. and Montoya Morales, A.L. and Pieters, W. and Junger, M. and Hartel, P.H. (2015) Regression Nodes: Extending attack trees with data from social sciences. In: Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (STAST 2015), 13 Jul 2015, Verona, Italy. pp. 17-23. IEEE Computer Society. ISBN 978-1-5090-0178-1
Chen, Taolue and Kammüller, F. and Nemli, I. and Probst, C.W. (2015) A Probabilistic Analysis Framework for Malicious Insider Threats. In: Third International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS), 2-7 Aug 2015, Los Angeles, US. pp. 178-189. Lecture Notes in Computer Science 9190. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-20375-1
David, N. and David, A. and Hansen, R.R. and Larsen, K.G. and Legay, A. and Olesen, M.C. and Probst, C.W. (2015) Modelling Social-Technical Attacks with Timed Automata. In: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST), 12-16 Oct 2015, Denver, Colorado, US. pp. 21-28. ACM. ISBN 978-1-4503-3824-0
Gollmann, D. and Herley, C. and Koenig, V. and Pieters, W. and Sasse, M. A. (2015) Socio-Technical Security Metrics (Dagstuhl Seminar 14491). Dagstuhl Reports, 4 (12). pp. 1-28. ISSN 2192-5283
Hall, P. and Heath, C. and Coles-Kemp, L. (2015) Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity, 1 (1). pp. 93-108. ISSN 2057-2085
Hall, P.A. and Heath, C.P. and Coles-Kemp, L. and Tanner, A. (2015) Examining the Contribution of Critical Visualisation to Information Security. In: New Security Paradigm Workshop (NSPW), 8-11 Sept 2015, Twente, The Netherlands. pp. 59-72. ACM. ISBN 978-1-4503-3754-0
Herley, C. and Pieters, W. (2015) “If you were attacked, you’d be sorry”: Counterfactuals as security arguments. In: New Security Paradigm Workshop (NSPW), 8-11 Sept 2015, Twente, Netherlands. pp. 112-123. ACM. ISBN 978-1-4503-3754-0
Ionita, D. and Wieringa, R.J. and Bullee, J.H. and Vasenev, A. (2015) Investigating the usability and utility of tangible modelling of socio-technical architectures. Technical Report TR-CTIT-15-03, Centre for Telematics and Information Technology, University of Twente, Enschede. ISSN 1381-3625
Ionita, D. and Wieringa, R.J. and Bullee, J.H. and Vasenev, A. (2015) Tangible Modelling to Elicit Domain Knowledge: An Experiment and Focus Group. In: 34th International Conference on Conceptual Modeling, ER 2015, 19-22 Oct 2015, Stockholm, Sweden. pp. 558-565. Lecture Notes in Computer Science 9381. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-25263-6
Ionita, D. and Wieringa, R.J. and Wolos, L. and Gordijn, J. and Pieters, W. (2015) Using Value Models for Business Risk Analysis in e-Service Networks. In: 8th IFIP WG 8.1. Working Conference on the Practice of Enterprise Modelling, PoEM 2015, 10-12 Nov 2015, Valencia, Spain. pp. 239-253. Lecture Notes in Business Information Processing 235. Springer Verlag. ISSN 1865-1348 ISBN 978-3-319-25896-6
Ivanova, M.G. and Probst, C.W. and Hansen, R.R. and Kammüller, F. (2015) Transforming Graphical System Models To Graphical Attack Models. In: The Second International Workshop on Graphical Models for Security (GraMSec 2015), 13 Jul 2015, Verona, Italy. pp. 82-96. Lecture Notes in Computer Science 9390. Springer Verlag. ISBN 978-3-319-29967-9
Ivanova, M.G. and Probst, C.W. and Hansen, R.R. and Kammüller, F. (2015) Attack Tree Generation by Policy Invalidation. In: 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, 24-25 Aug 2015, Heraklion, Crete, Greece. pp. 249-259. Lecture Notes in Computer Science 9311. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-24018-3
Jhawar, R. and Kordy, B. and Mauw, S. and Radomirović, S. and Trujillo-Rasua, R. (2015) Attack Trees with Sequential Conjunction. In: International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), 26-28 May 2015, Hamburg, Germany. pp. 339-353. IFIP Advances in Information and Communication Technology 455. Springer. ISBN 978-3-319-18466-1
Junges, S. and Guck, D. and Katoen, J.P. and Rensink, A. and Stoelinga, M.I.A. (2015) Fault Trees on a Diet - Automated Reduction by Graph Rewriting. In: Proceedings of the First International Symposium on Dependable Software Engineering: Theories, Tools, and Applications (SETTA 2015), 4-6 Nov 2015, Nanjing, China. pp. 3-18. Lecture Notes in Computer Science 9409. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-25941-3
Kordy, B.K. and Piètre-Cambacédès, L. and Schweitzer, P. (2015) DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review, 13-14. pp. 1-38. ISSN 1574-0137
Kumar, Rajesh and Guck, D. and Stoelinga, M.I.A. (2015) Time dependent analysis with dynamic counter measure trees. In: Proceedings of the 13th Workshop on Quantitative Aspects of Programming Languages and Systems (QAPL 2015), 11-12 April 2015, London, England. pp. 1-5. Inria. ISSN not assigned ISBN not assigned
Kumar, Rajesh and Ruijters, E.J.J. and Stoelinga, M.I.A. (2015) Quantitative Attack Tree Analysis via Priced Timed Automata. In: Proceedings of the 13th International Conference on Formal Modeling and Analysis of Timed Systems (FORMATS 2015), 2-4 Sept 2015, Madrid, Spain. pp. 156-171. Lecture Notes in Computer Science 9268 . Springer International Publishing. ISSN 0302-9743 ISBN 978-3-319-22974-4
Lastdrager, E.E.H. and Hartel, P.H. and Junger, M. (2015) Apate: Anti-Phishing Analysing and Triaging Environment (Poster). In: 36th IEEE Symposium on Security and Privacy, 18-21 May 2015, San Jose, CA, USA. IEEE Computer Society. ISBN not assigned
Lenin, A. (2015) Reliable and Efficient Determination of the Likelihood of Rational Attacks. PhD thesis, Tallinn University of Technology. ISBN 978-9949-23-870-5
Lenin, A. and Willemson, J. and Charnamord, A. (2015) Genetic Approximations for the Failure-Free Security Games. In: Decision and Game Theory for Security, 6th International Conference, GameSec 2015, 4-5 Nov 2015, London, UK. pp. 311-321. Lecture Notes in Computer Science 9406. Springer Verlag. ISBN 978-3-319-25593-4
Lenzini, G. and Mauw, S. and Ouchani, S. (2015) Security analysis of socio-technical physical systems. Computers & Electrical Engineering, 47. pp. 258-274. ISSN 0045-7906 *** ISI Impact 1,084 ***
Nidd, M. and Ivanova, M.G. and Probst, C.W. and Tanner, A. (2015) Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems. In: The Cloud Security Ecosystem. Elsevier Science Direct. Elsevier, Syngress, Amsterdam, pp. 495-517. ISBN 978-0-12-801595-7
Pieters, W. and Davarynejad, M. (2015) Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. In: 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), 10-11 Sep 2014, Wroclaw, Poland. pp. 201-215. Lecture Notes in Computer Science 8872 . Springer. ISSN 0302-9743 ISBN 978-3-319-17015-2
Pieters, W. and Padget, J. and Dechesne, F. and Dignum, V. and Aldewereld, H. (2015) Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications, 22. pp. 3-16. ISSN 2214-2126
Probst, C.W. and Kammüller, F. and Rydhof Hansen, R. (2015) Formal Modelling and Analysis of Socio-Technical Systems. In: Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays. Lecture Notes in Computer Science 9560. Springer Verlag, Berlin, pp. 54-73. ISSN 0302-9743 ISBN 978-3-319-27809-4
van der Wagen, W. and Pieters, W. (2015) From Cybercrime to Cyborg Crime: Botnets as Hybrid Criminal Actor-Networks. British journal of Criminology, 55 (2). pp. 1-18. ISSN 0007-0955 *** ISI Impact 1,643 ***

2014

Kordy, B. and Mauw, S. and Pieters, W., ed. (2014) Proceedings First International Workshop on Graphical Models for Security, GraMSec 2014, Grenoble, France, 12th April, 2014. EPTCS 148. EPTCS.ORG. ISSN 2075-2180
Remke, A.K.I. and Stoelinga, M.I.A., ed. (2014) Stochastic Model Checking: Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems. Lecture Notes in Computer Science 8453. Springer Verlag, London. ISSN 0302-9743 ISBN 978-3-662-45488-6
Arnold, F. and Gebler, D. and Guck, D. and Hatefi, H. (2014) A tutorial on interactive Markov chains. In: Stochastic Model Checking. Rigorous Dependability Analysis Using Model Checking Techniques for Stochastic Systems, 22-26 Oct 2012, Vahrn, Italy. pp. 26-66. Lecture Notes in Computer Science 8453. Springer Verlag. ISSN 0302-9743 ISBN 978-3-662-45488-6
Arnold, F. and Hermanns, H. and Pulungan, R. and Stoelinga, M.I.A. (2014) Time-dependent analysis of attacks. In: Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014, April 5-13, 2014, Grenoble, France. pp. 285-305. Lecture Notes in Computer Science 8414. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-54791-1
Arnold, F. and Pieters, W. and Stoelinga, M.I.A. (2014) Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security, 9 (3). pp. 118-127. ISSN 1554-1010
Bleikertz, S. and Vogel, C. and Groß, T. (2014) Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. In: Annual Computer Security Applications Conference (ACSAC), 8-12 Dec 2014, New Orleans, Louisiana. pp. 26-35. ACM. ISBN 978-1-4503-3005-3
Boender, J. and Ivanova, M.G. and Kammüller, F. and Primierio, G. (2014) Modeling Human Behaviour with Higher Order Logic: Insider Threats. In: 4th Workshop on Socio-Technical Aspects in Security and Trust (STAST), 18 July 2014, Vienna, Austria. pp. 31-39. IEEE. ISBN 978-1-4799-7901-1
Dechesne, F. and Hadžiosmanović, D. and Pieters, W. (2014) Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy, 12 (6). pp. 59-66. ISSN 1540-7993 *** ISI Impact 0,902 ***
Guck, D. and Timmer, M. and Hatefi, H. and Ruijters, E.J.J. and Stoelinga, M.I.A. (2014) Modelling and analysis of Markov reward automata. In: Proceedings of the 12th International Symposium on Automated Technology for Verification and Analysis, ATVA 2014, 3-7 Nov 2014, Sydney, NSW, Australia. pp. 168-184. Lecture Notes in Computer Science 8837. Springer Verlag. ISSN 0302-9743 ISBN 978-3-319-11935-9
Heath, C.P. and Coles-Kemp, L. and Hall, P.A. (2014) Logical Lego? Co-constructed perspectives on service design. In: Proceedings of NordDesign 2014, 27-29 Aug 2014, Melbourne, Australia. pp. 416-425. Aalto Design Factory. ISBN 978-1-904670-58-2
Huisman, M. and Stoelinga, M.I.A. (2014) Meer vrouwen in de ict, waarom eigenlijk? Bits en chips, 9 (9). pp. 20-21. ISSN 1879-6443
Ionita, D. (2014) Context-sensitive Information security Risk identification and evaluation techniques. In: 22nd IEEE International Requirements Engineering Conference (RE14), 25-29 Aug. 2014, Karlskrona, Sweden. pp. 485-488. IEEE Computer Society. ISBN 978-1-4799-3033-3
Ionita, D. and Bullee, J.H. and Wieringa, R.J. (2014) Argumentation-Based Security Requirements Elicitation: The Next Round. In: Proceedings of the 2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), 25 August 2014, Karlskrona, Sweden. pp. 7-12. IEEE Computer Society. ISBN 978-1-4799-6340-9
Ionita, D. and Koenen, S. K. and Wieringa, R.J. (2014) Modelling telecom fraud with e3value. Technical Report TR-CTIT-14-11, Centre for Telematics and Information Technology, University of Twente, Enschede. ISSN 1381-3625
Kammüller, F. and Probst, C.W. (2014) Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. In: IEEE Security and Privacy Workshops (SPW), 17-18 May 2014, San Jose, California. pp. 229-235. IEEE Computer Society . ISBN not assigned
Kammüller, F. and Probst, C.W. (2014) Invalidating policies using structural information. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 5 (2). pp. 59-79. ISSN 2093-5374 ISBN 978-1-4799-0458-7
Kordy, B. and Pouly, M. and Schweizer, P. (2014) A Probabilistic Framework for Security Scenarios with Dependent Actions. In: 11th International Conference on Integrated Formal Methods, IFM 2014, 09-11 Sep 2014, Bertinoro, Italy. pp. 256-271. Lecture Notes in Computer Science 8739. Springer. ISBN 978-3-319-10180-4
Lastdrager, E.E.H. (2014) Achieving a Consensual Definition of Phishing Based on a Systematic Review of the Literature. Crime Science, 3. 9:1-9:16. ISSN 2193-7680
Lenin, A. and Buldas, A. (2014) Limiting Adversarial Budget in Quantitative Security Assessment. In: 5th International Conference on Decision and Game Theory for Security (GameSec), 6-7 November 2014, Los Angeles, CA, USA. pp. 155-174. Lecture Notes in Computer Science 8840. Springer. ISBN 978-3-319-12600-5
Lenin, A. and Willemson, J. and Sari, D. (2014) Attacker profiling in quantitative security assessment based on attack trees. In: 19th Nordic Conference on Secure IT (NordSec), 15-17 October 2014, Tromsø, Norway. pp. 199-212. Lecture Notes in Computer Science 8788. Springer. ISBN 978-3-319-11598-6
Permata Sari, D. (2014) Attacker Profiling in Quantitative Security Assessment. Master's thesis, Tallinn University of Technology.
Pieters, W. and Hadžiosmanović, D. and Dechesne, F. (2014) Cyber Security as Social Experiment. In: NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, 15-18 Sep. 2014, Victoria, BC, Canada. pp. 15-24. ACM. ISBN 978-1-4503-3062-6
Pieters, W. and Hadžiosmanović, D. and Lenin, A. and Montoya Morales, A.L. and Willemson, J. (2014) TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). In: 35th IEEE Symposium on Security and Privacy, May 17-18, 2014, San Jose, California. IEEE Computer Society. ISBN not assigned
Pieters, W. and Lukszo, Z. and Hadžiosmanović, D. and van den Berg, Jan (2014) Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security, 4 (2). pp. 4-26. ISSN 2182-2069
Pieters, W. and Probst, C.W. and Lukszo, S. and Montoya Morales, A.L. (2014) Cost-effectiveness of Security Measures: A model-based Framework. In: Approaches and Processes for Managing the Economics of Information Systems. IGI Global, Hershey, PA, pp. 139-156. ISBN 978-1-4666-4983-5
Probst, C.W. and Hansen, R.R. (2014) Model-based Abstraction of Data Provenance. In: 6th USENIX Workshop on the Theory and Practice of Provenance, 12-13 Jun 2014, Cologne, Germany. Article 3. Usenix Association. ISBN not assigned
Schaff, G. and Harpes, C. and Aubigny, M. and Junger, M. and Martin, R. (2014) RISK-DET: ICT Security Awareness Aspect Combining Education and Cognitive Sciences. In: Ninth International Multi-Conference on Computing in the Global Information Technology, ICCGI 2014, 22-26 Jun 2014, Seville, Spain. pp. 51-53. IARIA. ISBN 978-1-61208-346-9
Song, Lei and Zhang, Lijun and Hermanns, H. and Godskesen, J.C. (2014) Incremental Bisimulation Abstraction Refinement. ACM Transactions on Embedded Computing Systems (TECS), 13 (4s). Artcle No. 142. ISSN 1539-9087 *** ISI Impact 0,714 ***
Sytema, M. and Belinfante, A.F.E. and Stoelinga, M.I.A. and Marinelli, L. (2014) Experiences with formal engineering: model-based specification, implementation and testing of a software bus at Neopost. Science of computer programming, 80 (Part A). pp. 188-209. ISSN 0167-6423 *** ISI Impact 0,828 ***
Uebelacker, S. and Quiel, S. (2014) The Social Engineering Personality Framework. In: 4th Workshop on Socio-Technical Aspects in Security and Trust (STAST), 18 July 2014, Vienna, Austria. pp. 24-30. IEEE. ISBN 978-1-4799-7901-1

2013

Arnold, F. and Belinfante, A.F.E. and Van der Berg, F.I. and Guck, D. and Stoelinga, M.I.A. (2013) DFTCalc: a tool for efficient fault tree analysis (extended version). Technical Report TR-CTIT-13-13, Centre for Telematics and Information Technology, University of Twente, Enschede. ISSN 1381-3625
Arnold, F. and Belinfante, A.F.E. and Van der Berg, F.I. and Guck, D. and Stoelinga, M.I.A. (2013) DFTCalc: a tool for efficient fault tree analysis. In: Proceedings of the 32nd International Conference on Computer Safety, Reliability, and Security (SAFECOMP), 24-27 Sep 2013, Toulouse, France. pp. 293-301. Lecture Notes in Computer Science 8153. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-40793-2
Arnold, F. and Pieters, W. and Stoelinga, M.I.A. (2013) Quantitative penetration testing with item response theory (extended version). Technical Report TR-CTIT-13-20, Centre for Telematics and Information Technology, University of Twente, Enschede. ISSN 1381-3625
Arnold, F. and Pieters, W. and Stoelinga, M.I.A. (2013) Quantitative penetration testing with item response theory. In: 9th International Conference on Information Assurance and Security, IAS 2013, 4-6 Dec 2013, Gammarth, Tunisia. pp. 49-54. IEEE. ISBN 978-1-4799-2989-4
Bleikertz, S. and Mastelic, T. and Pape, S. and Pieters, W. and Dimkov, T. (2013) Defining the cloud battlefield - supporting security assessments by cloud customers. In: International Conference on Cloud Engineering (IC2E 2013), 25-27 Mar 2013 , Redwood City, CA . pp. 78-87. IEEE Computer Society. ISBN 978-1-4673-6473-7
Buldas, A. and Lenin, A. (2013) New efficient utility upper bounds for the fully adaptive model of attack trees. In: 4th International Conference on Decision and Game Theory for Security (GameSec), 11-12 Nov 2013, Fort Worth, TX. pp. 192-205. Lecture Notes in Computer Science 8252. Springer. ISBN 9783319027852
Eisentraut, C. and Hermanns, H. and Krämer, J.P. and Turini, A. and Zhang, Lijun (2013) Deciding Bisimilarities on Distributions. In: 10th International Conference on Quantitative Evaluation of Systems (QEST), 27-30 Aug 2013, Buenos Aires, Argentina. pp. 72-88. Lecture Notes in Computer Science 8054. Springer. ISBN 978-3-642-40195-4
Eisentraut, C.W. and Hermanns, H. and Schuster, J. and Turini, A. and Zhang, Lijun (2013) The Quest for Minimal Quotients for Probabilistic Automata. In: 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), March 16-24, 2013, Rome, Italy. pp. 16-31. Lecture Notes in Computer Science 7795. Springer. ISBN 978-3-642-36741-0
Feng, Yang and Zhang, Lijun (2013) A tighter bound for the self-stabilization time in Herman's algorithm. Information processing letters, 113 (13). pp. 486-488. ISSN 0020-0190 *** ISI Impact 0,605 ***
Ionita, D. (2013) Current established Risk Assessment methodologies and tools. Master's thesis, University of Twente.
Ionita, D. and Hartel, P.H. and Pieters, W. and Wieringa, R.J. (2013) Current established risk assessment methodologies and tools. Technical Report TR-CTIT-14-04, Centre for Telematics and Information Technology, University of Twente, Enschede. ISSN 1381-3625
Ivanova, M.G. and Probst, C.W. and Hansen, R.R. and Kammüller, F. (2013) Externalizing Behaviour for Analysing System Models. Journal of Internet Services and Information Security, 3 (3/4). pp. 52-62. ISSN 2182-2069
Kammüller, F. and Probst, C.W. (2013) Invalidating policies using structural information. In: IEEE Security and Privacy Workshops (SPW 2013), 23-24 May 2013, San Francisco, CA. pp. 76-81. IEEE Computer Society. ISBN 978-1-4799-0458-7
Kordy, B. and Kordy, P. and Mauw, S. and Schweitzer, P. (2013) ADTool: Security Analysis with Attack-Defense Trees. In: 10th International Conference on Quantitative Evaluation of Systems (QEST), 27-30 August 2013, Buenos Aires, Argentina. pp. 173-176. Lecture Notes in Computer Science 8054. Springer. ISBN 978-3-642-40195-4
Lastdrager, E.E.H. and Montoya Morales, A.L. and Hartel, P.H. and Junger, M. (2013) Applying the Lost-Letter Technique to Assess IT Risk Behaviour. In: Proceedings of the 3rd Workshop on Socio-Technical Aspects in Security and Trust, 29 Jun 2013, New Orleans, USA. pp. 2-9. IEEE Computer Society. ISBN 978-0-7695-5065-7
Montoya Morales, A.L. (2013) The TREsPASS project. In: ICTOpen2013, 27-28 November 2013, Eindhoven. pp. 1-1. ICTopen. ISBN not assigned
Pieters, W. (2013) On thinging things and serving services: technological mediation and inseparable goods. Ethics and information technology, 15 (3). pp. 195-208. ISSN 1388-1957 *** ISI Impact 0,739 ***
Pieters, W. (2013) Defining "The Weakest Link" Comparative Security in Complex Systems of Systems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, 2-5 Dec 2013, Bristol, United Kingdom. pp. 39-44. IEEE Computer Society. ISBN 978-0-7695-5095-4
Pieters, W. and Padget, J. and Dechesne, F. and Dignum, V. and Aldewereld, H. (2013) Obligations to enforce prohibitions: on the adequacy of security policies. In: SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks, 26-28 Nov 2013, Aksaray, Turkey. pp. 54-61. Proceeding. ACM. ISBN 978-1-4503-2498-4
Prakken, H. and Ionita, D. and Wieringa, R.J. (2013) Risk assessment as an argumentation game. In: 14th International Workshop on Computational Logic in Multi-Agent Systems, CLIMA XIV, 16-18 Sep 2013, Corunna, Spain. pp. 357-373. Lecture Notes in Computer Science 8143. Springer Verlag. ISBN 978-3-642-40623-2
Probst, C.W. and Hansen, R.R. (2013) Reachability-based impact as a measure for insiderness. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 4 (4). pp. 38-48. ISSN 2093-5374
Schaff, G. and Harpes, C. and Martin, R. and Junger, M. (2013) An application to estimate the cyber-risk detection skill of mobile device users (IDEA). In: Sixth International Conference on Advances in Human oriented and Personalized Mechanisms, Technologies, and Services (CENTRIC), 27 Oct - 01 Nov 2013, Venice, Italy. Article 7. IARIA. ISBN 978-1-62993-302-3
Schweitzer, P.R.J. (2013) Attack–Defense Trees. PhD thesis, Université du Luxembourg. ISBN not assigned
Stoelinga, M.I.A. and Pieters, W. (2013) Attack navigator vindt en verhelpt zwakke plekken. Bits en chips, 4. ISSN 1879-6443
Timmer, M. and van de Pol, J.C. and Stoelinga, M.I.A. (2013) Confluence reduction for Markov automata (extended version). Technical Report TR-CTIT-13-14, Centre for Telematics and Information Technology, University of Twente, Enschede. ISSN 1381-3625
Timmer, M. and van de Pol, J.C. and Stoelinga, M.I.A. (2013) Confluence Reduction for Markov Automata. In: Proceedings of the 11th International Conference on Formal Modeling and Analysis of Timed Systems (FORMATS), 29-31 Aug 2013, Buenos Aires, Argentina. pp. 243-257. Lecture Notes in Computer Science 8053. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-40228-9
Uebelacker, S. (2013) Security-aware organisational cultures as a starting point for mitigating socio-technical risks. In: Informatik 2013, 16-20 Sep 2013, University of Koblenz-Landau, Koblenz, Germany. pp. 2046-2057. Lecture Notes in Informatics (LNI) P-220. Gesellschaft fuer Informatik e.V. ISBN 978-3-88579-614-5