Research interests

My main research interests are:

  • security and privacy by design
  • security and privacy threat modeling
  • data protection by design
  • modeling security and privacy concerns at the architectural design level
  • representing security decisions and mechanisms in architectural designs
  • extracting security information from application source code
  • design-level security and privacy risk analysis

Companion sites

Below is a list of companion websites for past publications.

  • Companion site for the EMISAJ journal paper: DPMF: A Modeling Framework for Data Protection by Design
  • Companion site for the ICSA 2018: Engineering Track paper on SPARTA: Security & Privacy Architecture through Risk-driven Threat Assessment
  • Companion site for the SAC 2018: SA-TTA paper on Solution-aware Data Flow Diagrams for Security Threat Modeling
  • Companion site for the SPLC 2016 paper on Systematic Architectural Trade-Off Support in the Software Product-Line Configuration Process


Other relevant project sites:

  • SPARTA Threat Modeling Tool
    Site of the SPARTA security and privacy threat modeling tool for automated threat elicitation and risk-driven threat prioritization.
  • Data Protection Modeling Framework
    Site of the Data Protection Modeling Framework. This tool support the creation of Data Protection Models (DPMs) to comprehensively describe data processing operations, the involved organizations, and affected data subjects. This model can then be analyzed to perform a number of legal assessments in support of compliance with the GDPR.
  • LINDDUN GO Digital Game
    A digital variant I created of the LINDDUN GO card game. This allows you to go through the complete deck or a configurable subset in the context of, for example, an online privacy threat modeling meeting.