Sorry! De informatie die je zoekt, is enkel beschikbaar in het Engels.
This programme is saved into My study choice.
This programme cannot be saved.
You are not logged in yet to My study choice Portal. Login or create an account to save your programmes.
Something went wrong, try again later.

Foundational and Experimental Security

The group focuses on the foundational and experimental nature of security to assess digital risks.

The underpinnings of the research we conduct are scientific rigour and sound empirical evaluation of security methodologies and solutions from risk assessment and threat analysis to mining software vulnerabilities and analysing Java and cloud microservices. We promote a foundational approach for conducting research in the intersection between Security, Software Engineering and Risk Analysis. The empirical approach allows us to solve security problems and defends against adversaries that are real instead of our own making.

We work from the mathematical foundations and models of risk analysis to their empirical validation with either large scale retrospective studies on software repositories or controlled experiments with students and professionals. The broad goal of the group is to provide industry and society with evidence-based advice about security risks.

To see who is who, check below.

Foundational and Experimental Security: Staff, Papers, Analyses

  • Staff members, Post-Doc students, PhD students

    Staff members  

    Fabio Massacci - Check on Scholar
    Katja Tuma - Check on Scholar
    This could be you (check for vacancies)

    Post-doc students
    This could be you (contact us)

    PhD students

    Francesco Minna 

    This could be you (contact us)

    This could be you (contact us)

  • Magazine papers

    Technical Leverage: dependencies mixed blessing at IEEE S&P Magazine - LINK.
    Distributed Financial Exchanges: Security Challenges and Design Principles at IEEE S&P Magazine - LINK

  • Selected papers

    (find more on the individual web pages)
    Software Vulnerabilities

    • Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks (ACM/IEEE ICSE’21) - LINK.
    • Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies (IEEE TSE’20) - LINK.

    Security by Design

    • Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings (ACM/IEEE MODELS’19) - LINK.
    • Automating the early detection of security design flaws (ACM/IEEE MODELS’20) - LINK.

    Case studies

    • A Qualitative Study of Dependency Management and Its Security Implications (ACM CCS-2020) - LINK.
    •  Finding Security Threats That Matter: Two Industrial Case Studies (JSS-2021 Preprint) - LINK.

    Risk analysis

    • Security Events and Vulnerability Data for Cyber Security Risk Estimation. (Risk AnalysisJournal 2018) - LINK.
    • The Work-Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures. (Risk Analysis 2021) -LINK.