Archives: Publication

Thursday, May 1, 2025

New Publication: An Approach to Determine a System’s Behavioural Security Posture

Our recent paper "An Approach to Determine a System’s Behavioural Security Posture" is now available online. In this paper, we introduce an approach to enhance system security during the early design phase, targeting the creation of a system’s behavioural view. We derived two sound security metrics, Critical Element Risk Index (CERI) and... More

Friday, April 25, 2025

New Publication: Uncovering the DevOps Landscape: A Scoping Review and Conceptualization Framework

Our paper "Uncovering the DevOps Landscape: A Scoping Review and Conceptualization Framework" is now available online. While there has been significant research on individual XOps, there is a lack of systematic, horizontal analysis across all XOps practices. This paper addresses this gap by conducting a scoping review of XOps literature, focusing... More

Thursday, April 17, 2025

New Publication: Formal Security Analysis of Deep Neural Network Architecture

Our paper "Formal Security Analysis of Deep Neural Network Architecture" is now available online. In this paper, we propose a formal approach to verify some security properties of neural networks. The overall approach goes through three steps: (1) specify security objectives as properties of a modeled neural network in a technology-independent... More

Thursday, April 17, 2025

New Publication: A Formal Approach for Verifying and Validating Security Objectives in Software Architecture

Our recent work on "A Formal Approach for Verifying and Validating Security Objectives in Software Architecture" is now available online. This paper proposes an approach for the design and analysis of secure software architecture in the context of a component-port-connector architecture model and message passing communication. We use the Event-B... More

Wednesday, April 9, 2025

New Publication: Reusable Formal Model Libraries for Specifying and Analyzing Security Objectives in Event-B

Our recent work on "A Formal Approach for Verifying and Validating Security Objectives in Software Architecture" is now available online. In this paper, we propose an integrated approach for specifying and verifying security objectives in component-based software architecture models via reusable formal model libraries of security properties and... More

Wednesday, April 9, 2025

New Publication: A Tool-Supported Methodology for Creating Security Cases Using Argument Patterns

Our latest paper on "A Tool-Supported Methodology for Creating Security Cases Using Argument Patterns" is now available online. This paper presents a methodology supported by a domain-specific modeling language (DSML) to create, analyze, and apply security argument patterns for constructing security cases. This paper was presented at the 13th... More

Friday, April 4, 2025

New Publication: Enhancing Security and Efficiency in Vehicle-to-Sensor Authentication: A Multi-Factor Approach with Cloud Assistance

Our recent work on "Enhancing Security and Efficiency in Vehicle-to-Sensor Authentication: A Multi-Factor Approach with Cloud Assistance" is now available online. This paper introduces a secure authentication protocol that enables direct communication between CAVs and roadside sensors, addressing a critical gap in existing research focused on... More

Friday, January 17, 2025

New Publication: Navigating the DevOps Landscape

Our recent work on " Navigating the DevOps Landscape" is now available online as open access in the Journal of Systems and Software. This research constructs a comprehensive picture of the existing DevOps landscape, clarifying the nature and nuances of various DevOps variants (called XOps), to guide effective future studies and implementations.... More

Monday, January 6, 2025

New Publication: Interplay of Attacker Behaviors and Dependability Attributes in Industrial Control System Impact Analysis

Our recent paper "Interplay of Attacker Behaviors and Dependability Attributes in Industrial Control System Impact Analysis" is now available online. In this paper, we adopt the Structured Cyberattack Impact Analysis (SCIA) approach to visualize and quantify, respectively, using simulations and statistical model checking, the potential impact of... More

Tuesday, December 24, 2024

New Publication: Data-Driven Approximation of Formal Implicit Interaction Analysis for Cyber-Physical System Designs

Our latest paper "Data-Driven Approximation of Formal Implicit Interaction Analysis for Cyber-Physical System Designs" is now available online. In this paper, we identify measurements based on graph abstractions of system design models that can be used to produce similar results as the aforementioned formal analyses. We demonstrate this on a model... More

Thursday, November 21, 2024

New Publication: “I’m Getting Information that I Can Act on Now”: Exploring the Level of Actionable Information in Tool-generated Threat Reports

Our publication ""I'm Getting Information that I Can Act on Now": Exploring the Level of Actionable Information in Tool-generated Threat Reports" is now online. Existing threat modeling tools have been investigated primarily for their functionality and features but not for the contents that they automatically generate, i.e., threat reports. This... More

Wednesday, November 6, 2024

New Publication: A Game-Theoretic Approach for Security Control Selection

Our recent work "A Game-Theoretic Approach for Security Control Selection" is now available online. In this paper, we propose a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid... More

Load More →