Archives: Publication

Friday, January 17, 2025

New Publication: Navigating the DevOps Landscape

Our recent work on " Navigating the DevOps Landscape" is now available online as open access in the Journal of Systems and Software. This research constructs a comprehensive picture of the existing DevOps landscape, clarifying the nature and nuances of various DevOps variants (called XOps), to guide effective future studies and implementations.... More

Monday, January 6, 2025

New Publication: Interplay of Attacker Behaviors and Dependability Attributes in Industrial Control System Impact Analysis

Our recent paper "Interplay of Attacker Behaviors and Dependability Attributes in Industrial Control System Impact Analysis" is now available online. In this paper, we adopt the Structured Cyberattack Impact Analysis (SCIA) approach to visualize and quantify, respectively, using simulations and statistical model checking, the potential impact of... More

Tuesday, December 24, 2024

New Publication: Data-Driven Approximation of Formal Implicit Interaction Analysis for Cyber-Physical System Designs

Our latest paper "Data-Driven Approximation of Formal Implicit Interaction Analysis for Cyber-Physical System Designs" is now available online. In this paper, we identify measurements based on graph abstractions of system design models that can be used to produce similar results as the aforementioned formal analyses. We demonstrate this on a model... More

Thursday, November 21, 2024

New Publication: “I’m Getting Information that I Can Act on Now”: Exploring the Level of Actionable Information in Tool-generated Threat Reports

Our publication ""I'm Getting Information that I Can Act on Now": Exploring the Level of Actionable Information in Tool-generated Threat Reports" is now online. Existing threat modeling tools have been investigated primarily for their functionality and features but not for the contents that they automatically generate, i.e., threat reports. This... More

Wednesday, November 6, 2024

New Publication: A Game-Theoretic Approach for Security Control Selection

Our recent work "A Game-Theoretic Approach for Security Control Selection" is now available online. In this paper, we propose a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid... More

Tuesday, October 29, 2024

New Publication: Interplay of Human Factors and Secure Architecture Design using Model-Driven Engineering

Our recent publication "Interplay of Human Factors and Secure Architecture Design using Model-Driven Engineering" is now online. In this paper, we present a model-driven approach for studying the interplay of human factors and secure architecture design. Specifically, we propose a conceptual model for considering direct and indirect human factors... More

Friday, September 27, 2024

New Publication: Requirements for Applying SCIA: A Structured Cyberattack Impact Analysis Approach for ICS

Our latest publication "Requirements for Applying SCIA: A Structured Cyberattack Impact Analysis Approach for ICS" is now available online. This work clarifies the rationale behind 20 requirements for applying SCIA: a Structured Cyberattack Impact Analysis approach with different modeling and simulation platforms. Based on a manufacturing ICS case... More

Tuesday, September 24, 2024

New Publication: A Model-Driven Formal Methods Approach to Software Architectural Security Vulnerabilities Specification and Verification

Our latest publication "A Model-Driven Formal Methods Approach to Software Architectural Security Vulnerabilities Specification and Verification" is now published in the Journal of Systems and Software and is available online. In this work we present a model-driven approach and supporting tools, for specifying, detective, and treating security... More

Saturday, April 27, 2024

New Publication: Hardening Systems Against Data Corruption Attacks at Design Time

Our new publication "Hardening Systems Against Data Corruption Attacks at Design Time " is now available online. This is the work of MASc student, John Breton.In this work, we present a method and tool called Dubhe that can be employed during the design phase of development to harden systems against data corruption attacks. We... More

Thursday, February 22, 2024

New Publication: A Security Compliance-by-Design Framework Utilizing Reusable Formal Models

Our recent work proposing a methodology to enhance the security of software systems by incorporating compliance verification from the early stages of design is now available online! In this work, we present a novel method for modeling a security compliance baseline based on the specification and reuse of analysis models targeting standards,... More

Thursday, February 8, 2024

New Publication: Formal Model-Based Argument Patterns for Security Cases

Our recent paper "Formal Model-Based Argument Patterns for Security Cases" is now available online! This paper proposes an approach to constructing security assurance cases using formal methods. The proposed approach involves the following three steps: (1) decomposing security requirements and deriving security threats; (2) formalizing the system... More

Saturday, December 23, 2023

New Publication: A Formal Metamodel for Software Architectures with Composite Components

Our recent research paper presenting a formal metamodel for describing the high-level concepts of software architectures in a component-port-connector fashion is now online. The metamodel focusses on providing hierarchical modeling capabilities by considering the construction of composite components from existing ones. This work was presented at... More

Load More →