2024
Next Generation Vulnerability Detection with LLMs.
ERCIM News, 2024
Enhancing Safety and Privacy in Industry 4.0: The ICE Laboratory Case Study.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
IEEE Access, 2024
2023
A new, evidence-based, theory for knowledge reuse in security risk analysis.
Empir. Softw. Eng., 2023
Towards A High-interaction Physics-aware Honeynet for Industrial Control Systems.
Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, 2023
A Comprehensive Study on Third-Party User Tracking in Mobile Applications.
Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023
Mitigating Privilege Misuse in Access Control through Anomaly Detection.
Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023
HoneyICS: A High-interaction Physics-aware Honeynet for Industrial Control Systems.
Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023
2021
Connecting Regulatory Requirements to Audit Outcomes: A Model-driven Approach to Auditable Compliance.
Proceedings of the ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion, 2021
Verifiable Hierarchical Key Assignment Schemes.
Proceedings of the Data and Applications Security and Privacy XXXV, 2021
2020
Fuzzy-based approach to assess and prioritize privacy risks.
Soft Comput., 2020
Selecting a Secure Cloud Provider - An Empirical Study and Multi Criteria Approach.
Inf., 2020
Riskio: A Serious Game for Cyber Security Awareness and Education.
Comput. Secur., 2020
Proceedings of the Emerging Technologies for Authorization and Authentication, 2020
A real world study on employees' susceptibility to phishing attacks.
Proceedings of the ARES 2020: The 15th International Conference on Availability, 2020
2019
Access control in Internet-of-Things: A survey.
J. Netw. Comput. Appl., 2019
2018
Survey on Access Control for Community-Centered Collaborative Systems.
ACM Comput. Surv., 2018
Towards Adaptive Access Control.
Proceedings of the Data and Applications Security and Privacy XXXII, 2018
2017
Model comprehension for security risk assessment: an empirical comparison of tabular vs. graphical representations.
Empir. Softw. Eng., 2017
On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment.
Proceedings of the Requirements Engineering: Foundation for Software Quality, 2017
Decentralised Runtime Monitoring for Access Control Systems in Cloud Federations.
Proceedings of the 37th IEEE International Conference on Distributed Computing Systems, 2017
A Distributed Access Control System for Cloud Federations.
Proceedings of the 37th IEEE International Conference on Distributed Computing Systems, 2017
Privacy-Preserving Access Control in Cloud Federations.
Proceedings of the 2017 IEEE 10th International Conference on Cloud Computing (CLOUD), 2017
2016
Formal Modelling of Data Integration Systems Security Policies.
Data Sci. Eng., 2016
EEVi - framework for evaluating the effectiveness of visualization in cyber-security.
Proceedings of the 11th International Conference for Internet Technology and Secured Transactions, 2016
Towards Empirical Evaluation of Automated Risk Assessment Methods.
Proceedings of the Risks and Security of Internet and Systems, 2016
2015
Preventing Information Inference in Access Control.
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, 2015
The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals.
Proceedings of the Requirements Engineering: Foundation for Software Quality, 2015
Which security catalogue is better for novices?
Proceedings of the 2015 IEEE Fifth International Workshop on Empirical Requirements Engineering, 2015
2014
Empirical Assessment of Security Requirements and Architecture: Lessons Learned.
Proceedings of the Engineering Secure Future Internet Services and Systems, 2014
Assessing a requirements evolution approach: Empirical studies in the air traffic management domain.
J. Syst. Softw., 2014
Evolution of Security Engineering Artifacts: A State of the Art Survey.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
Int. J. Secur. Softw. Eng., 2014
PriMa: a comprehensive approach to privacy protection in social network sites.
Ann. des Télécommunications, 2014
An experiment on comparing textual vs. visual industrial methods for security risk assessment.
Proceedings of the 4th IEEE International Workshop on Empirical Requirements Engineering, 2014
Security triage: A report of a lean security requirements methodology for cost-effective security analysis.
Proceedings of the 4th IEEE International Workshop on Empirical Requirements Engineering, 2014
Security triage: an industrial case study on the effectiveness of a lean methodology to identify security requirements.
Proceedings of the 2014 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, 2014
EMFASE - An Empirical Framework for Security Design and Economic Trade-off.
Proceedings of the Ninth International Conference on Availability, 2014
2013
Privacy-Aware Web Service Composition and Ranking.
Int. J. Web Serv. Res., 2013
PERSONA - A Personalized Data Protection Framework.
Proceedings of the Trust Management VII - 7th IFIP WG 11.11 International Conference, 2013
An Experimental Comparison of Two Risk-Based Security Methods.
Proceedings of the 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, 2013
Detecting Insider Threats: A Trust-Aware Framework.
Proceedings of the 2013 International Conference on Availability, Reliability and Security, 2013
Combining Goal-Oriented and Problem-Oriented Requirements Engineering Methods.
Proceedings of the Availability, Reliability, and Security in Information Systems and HCI, 2013
2012
Assessing a requirements evolution approach: Empirical studies in the Air Traffic Management domain.
Proceedings of the Second IEEE International Workshop on Empirical Requirements Engineering, 2012
How to Select a Security Requirements Method? A Comparative Study with Students and Practitioners.
Proceedings of the Secure IT Systems - 17th Nordic Conference, 2012
Managing Evolution by Orchestrating Requirements and Testing Engineering Processes.
Proceedings of the Fifth IEEE International Conference on Software Testing, 2012
2011
ACConv - An Access Control Model for Conversational Web Services.
ACM Trans. Web, 2011
Trust establishment in the formation of Virtual Organizations.
Comput. Stand. Interfaces, 2011
Computer Aided Threat Identification.
Proceedings of the 13th IEEE Conference on Commerce and Enterprise Computing, 2011
Orchestrating Security and System Engineering for Evolving Systems - (Invited Paper).
,
,
,
,
,
,
,
,
,
,
,
Proceedings of the Towards a Service-Based Internet - 4th European Conference, 2011
SeCMER: A Tool to Gain Control of Security Requirements Evolution.
Proceedings of the Towards a Service-Based Internet - 4th European Conference, 2011
A Load Time Policy Checker for Open Multi-application Smart Cards.
Proceedings of the POLICY 2011, 2011
Managing changes with legacy security engineering processes.
Proceedings of the 2011 IEEE International Conference on Intelligence and Security Informatics, 2011
An Extended Ontology for Security Requirements.
Proceedings of the Advanced Information Systems Engineering Workshops, 2011
A Tool for Managing Evolving Security Requirements.
Proceedings of the CAiSE Forum 2011, London, UK, June 22-24, 2011, 2011
2010
Group-Based Negotiations in P2P Systems.
IEEE Trans. Parallel Distributed Syst., 2010
Java Card Architecture for Autonomous Yet Secure Evolution of Smart Cards Applications.
Proceedings of the Information Security Technology for Applications, 2010
Efficient and privacy-preserving enforcement of attribute-based access control.
Proceedings of the 9th Symposium on Identity and Trust on the Internet, 2010
A privacy-preserving approach to policy-based content dissemination.
Proceedings of the 26th International Conference on Data Engineering, 2010
PriMa: an effective privacy protection mechanism for social networks.
Proceedings of the 5th ACM Symposium on Information, 2010
Security for Web Services and Service-Oriented Architectures.
Springer, ISBN: 978-3-540-87741-7, 2010
2009
An Overview of VeryIDX - A Privacy-Preserving Digital Identity Management System for Mobile Devices.
J. Softw., 2009
Privacy-preserving Digital Identity Management for Cloud Computing.
IEEE Data Eng. Bull., 2009
An Interoperable Approach to Multifactor Identity Verification.
Computer, 2009
Collective privacy management in social networks.
Proceedings of the 18th International Conference on World Wide Web, 2009
VeryIDX - A Privacy Preserving Digital Identity Management System for Mobile Devices.
Proceedings of the MDM 2009, 2009
Privacy-preserving management of transactions' receipts for mobile environments.
Proceedings of the IDtrust 2009, 2009
Identity Attribute-Based Role Provisioning for Human WS-BPEL Processes.
Proceedings of the IEEE International Conference on Web Services, 2009
2008
An Access-Control Framework for WS-BPEL.
Int. J. Web Serv. Res., 2008
VeryIDX - A Digital Identity Management System for Pervasive Computing Environments.
Proceedings of the Software Technologies for Embedded and Ubiquitous Systems, 2008
Authorization and User Failure Resiliency for WS-BPEL Business Processes.
Proceedings of the Service-Oriented Computing, 2008
Minimal credential disclosure in trust negotiations.
Proceedings of the 4th Workshop on Digital Identity Management, 2008
Monitoring Contract Enforcement within Virtual Organizations.
Proceedings of the Collaborative Computing: Networking, 2008
A Federated Digital Identity Management Approach for Business Processes.
Proceedings of the Collaborative Computing: Networking, 2008
Verification of Access Control Requirements in Web Services Choreography.
Proceedings of the 2008 IEEE International Conference on Services Computing (SCC 2008), 2008
2007
PP-trust-X: A system for privacy preserving trust negotiations.
ACM Trans. Inf. Syst. Secur., 2007
A system for securing push-based distribution of XML documents.
Int. J. Inf. Sec., 2007
User Tasks and Access Control overWeb Services.
Proceedings of the 2007 IEEE International Conference on Web Services (ICWS 2007), 2007
2006
An Adaptive Access Control Model for Web Services.
Int. J. Web Serv. Res., 2006
A secure framework for publishing virtual community contracts.
Int. J. Web Based Communities, 2006
Access control enforcement for conversation-based web services.
Proceedings of the 15th international conference on World Wide Web, 2006
Access Control and Authorization Constraints for WS-BPEL.
Proceedings of the 2006 IEEE International Conference on Web Services (ICWS 2006), 2006