Archives: Publication

Wednesday, November 6, 2024

New Publication: A Game-Theoretic Approach for Security Control Selection

Our recent work "A Game-Theoretic Approach for Security Control Selection" is now available online. In this paper, we propose a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid... More

Tuesday, October 29, 2024

New Publication: Interplay of Human Factors and Secure Architecture Design using Model-Driven Engineering

Our recent publication "Interplay of Human Factors and Secure Architecture Design using Model-Driven Engineering" is now online. In this paper, we present a model-driven approach for studying the interplay of human factors and secure architecture design. Specifically, we propose a conceptual model for considering direct and indirect human factors... More

Friday, September 27, 2024

New Publication: Requirements for Applying SCIA: A Structured Cyberattack Impact Analysis Approach for ICS

Our latest publication "Requirements for Applying SCIA: A Structured Cyberattack Impact Analysis Approach for ICS" is now available online. This work clarifies the rationale behind 20 requirements for applying SCIA: a Structured Cyberattack Impact Analysis approach with different modeling and simulation platforms. Based on a manufacturing ICS case... More

Tuesday, September 24, 2024

New Publication: A Model-Driven Formal Methods Approach to Software Architectural Security Vulnerabilities Specification and Verification

Our latest publication "A Model-Driven Formal Methods Approach to Software Architectural Security Vulnerabilities Specification and Verification" is now published in the Journal of Systems & Software and is available online. In this work we present a model-driven approach and supporting tools, for specifying, detective, and treating security... More

Saturday, April 27, 2024

New Publication: Hardening Systems Against Data Corruption Attacks at Design Time

Our new publication "Hardening Systems Against Data Corruption Attacks at Design Time " is now available online. This is the work of MASc student, John Breton.In this work, we present a method and tool called Dubhe that can be employed during the design phase of development to harden systems against data corruption attacks. We... More

Thursday, February 22, 2024

New Publication: A Security Compliance-by-Design Framework Utilizing Reusable Formal Models

Our recent work proposing a methodology to enhance the security of software systems by incorporating compliance verification from the early stages of design is now available online! In this work, we present a novel method for modeling a security compliance baseline based on the specification and reuse of analysis models targeting standards,... More

Thursday, February 8, 2024

New Publication: Formal Model-Based Argument Patterns for Security Cases

Our recent paper "Formal Model-Based Argument Patterns for Security Cases" is now available online! This paper proposes an approach to constructing security assurance cases using formal methods. The proposed approach involves the following three steps: (1) decomposing security requirements and deriving security threats; (2) formalizing the system... More

Saturday, December 23, 2023

New Publication: A Formal Metamodel for Software Architectures with Composite Components

Our recent research paper presenting a formal metamodel for describing the high-level concepts of software architectures in a component-port-connector fashion is now online. The metamodel focusses on providing hierarchical modeling capabilities by considering the construction of composite components from existing ones. This work was presented at... More

Monday, November 27, 2023

New Publication: Specification and Verification of Communication Paradigms for CBSE in Event B

Our latest research paper on specifying and verifying communication paradigms in Event B for component-based software systems is now online! It was presented at the 27th International Conference on Engineering of Complex Computer Systems (ICECCS 2023). See Publications for more... More

Monday, November 20, 2023

New Publication: Single and Combined Cyberattack Impact on Industrial Wastewater Systems

Our paper studying the impact of single and combined cyberattacks of industrial wastewater systems is now available online! It was presented at the 10th International Conference on Dependable Systems and Their Applications (DSA 2023). See Publications for more... More

Monday, October 2, 2023

New Publication: Eliciting a Security Architecture Requirements Baseline from Standards and Regulations

Our recent work on eliciting a security requirements baseline from standards and regulations is now available online. It was presented at the 10th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE 2023), co-located with the 31st IEEE International Requirements Engineering Conference (RE 2023). See Publications... More

Monday, September 18, 2023

New Publication: Constructing Security Cases Based on Formal Verification of Security Requirements in Alloy

Our recent paper on constructing security assurance cases based on formal verification using Alloy. This work is the result of a collaboration with with colleagues at IRIT and CEA List. It was presented at the 8th International Workshop on Assurance Cases for Software-intensive Systems (ASSURE 2023) in September 2023. See Publications for more... More

Load More →