Publications

This page contains the complete list of my publications. For additional bibliometrics, please see my Google Scholar page and my DBLP list.

Journal papers

J14) Jeffrey Stuckman, James Walden, Riccardo Scandariato, The Effect of Dimensionality Reduction on Software Vulnerability Prediction Models, IEEE Transactions on Reliability, Volume 66, Issue 1, Pages 17-37, 2017 (impact factor: 1.934)

J13) Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, Wouter Joosen, Design Notations for Secure Software: A Systematic Literature Review, Journal of Software and Systems Modeling, Volume 16, Issue 3, Pages 809–831, 2017 (impact factor: 1.250) [read online]

J12) Riccardo Scandariato, Kim Wuyts, Wouter Joosen, A descriptive study of Microsoft's threat modeling technique, Requirements Engineering, Springer, Volume 20, Issue 2, Pages 163-180, 2015 (impact factor: 1.147)

J11) Riccardo Scandariato, James Walden, Aram Hovsepyan, Wouter Joosen, Predicting Vulnerable Software Components via Text Mining, IEEE Transactions on Software Engineering, Volume 40, Issue 10, Pages 993-1006, October 2014 (impact factor: 2.292)

J10) Kim Wuyts, Riccardo Scandariato, Wouter Joosen, Empirical Evaluation of a Privacy-Focused Threat Modeling Methodology, Journal of Systems and Software, Volume 96, Pages 122-138, October 2014 (impact factor: 1.245)

J9) Aram Hovsepyan, Riccardo Scandariato, Maximilian Steff, Wouter Joosen, Design Churn as Predictor of Vulnerabilities?, International Journal of Secure Software Engineering, IGI Global, Volume 5, Issue 3, 2014

J8) Michael Felderer, Basel Katt, Philipp Kalb, Jan Juerjens, Martin Ochoa, Federica Paci, Le Minh Sang Tran, Thein Than Tun, Koen Yskout, Riccardo Scandariato, Frank Piessens, Dries Vanoverberghe, Elizabeta Fourneret, Matthias Gander, Bjornar Solhaug, Ruth Breu, Evolution of Security Engineering Artifacts: A State of the Art Survey, International Journal of Secure Software Engineering, IGI Global, Volume 5, Issue 4, 2014

J7) Koen Yskout, Riccardo Scandariato, Wouter Joosen, Change Patterns: Co-evolving Requirements and Architecture, Software and Systems Modeling, Springer, Volume 13, Issue 2, May 2014 (impact factor: 1.250)

J6) Koen Buyens, Riccardo Scandariato, Wouter Joosen, Least privilege analysis in software architectures, Software and Systems Modeling, Springer, Volume 12, Issue 2, May 2013 (impact factor: 1.250)

J5) Kim Wuyts, Griet Verhenneman, Riccardo Scandariato, Wouter Joosen, Jos Dumortier, What Electronic Health Records don't know just yet. A Privacy Analysis for Patient Communities and Health Records Interaction, Health and Technology, Springer, Volume 2, Issue 3, Pages 159-183, September 2012

J4) Bernard Spitz, Riccardo Scandariato, Wouter Joosen, Extraction of an architecture model for least privilege analysis, International Journal of Secure Software Engineering, IGI Global, Volume 3, Issue 4, October-December 2012

J3) Kim Wuyts, Riccardo Scandariato, Griet Verhenneman, Wouter Joosen, Integrating Patient Consent in e-Health Access Control, International Journal of Secure Software Engineering, IGI Global, Volume 2, Issue 2, Pages 1-24, April-June 2011

J2) Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, Wouter Joosen, A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements, Requirements Engineering, Springer, Volume 16, Issue 1, Pages 3-32, Special Issue on Digital Privacy, March 2011 (impact factor: 1.054)

J1) Bart De Win, Riccardo Scandariato, Koen Buyens, Johan Gregoire, Wouter Joosen, On the secure software development process: CLASP, SDL and Touchpoints compared, Information and Software Technology, Elsevier, Volume 51, Issue 7, Pages 1152-1171, Special Issue on Software Engineering for Secure Systems, July 2009 (impact factor: 1.522)

Book chapters

B2) Koen Yskout, Kim Wuyts, Dimitri Van Landuyt, Riccardo Scandariato, Wouter Joosen, Empirical research on security and privacy by design: What (not) to expect as a researcher or a reviewer, in Empirical Research for Software Security: Foundations and Experience, Lotfi ben Othmane, Martin Gilje Jaatun, Edgar Weippl (Eds.), CRC Press, ISBN 9781498776417, 2017

B1) Riccardo Scandariato, Federica Paci, Le Minh Sang Tran, Katsiaryna Labunets, Koen Yskout, Fabio Massacci, Wouter Joosen, Empirical Assessment of Security Requirements and Architecture: Lessons Learned, in Engineering Secure Future Internet Services and Systems, Maritta Heisel, Wouter Joosen, Javier Lopez, Fabio Martinelli (Eds.), Springer, ISBN 9783319074528, 2014

As editor

E4) Martin Gilje Jaatun, Riccardo Scandariato, Lillian Røstad, Special Issue of the International Journal of Secure Software Engineering, Vol. 5, No. 2, April-June 2014

E3) Jan Jürjens, Ben Livshits, Riccardo Scandariato, Engineering Secure Software and Systems, Springer LNCS 7781, 2013

E2) Gilles Barthe, Ben Livshits, Riccardo Scandariato, Engineering Secure Software and Systems, Springer LNCS 7159, 2012

E1) Alessandro Moschitti, Riccardo Scandariato, Eternal Systems, Springer CCIS 255, 2011

Conference and workshop papers

C57) Stefanie Jasser, Katja Tuma, Riccardo Scandariato, Matthias Riebisch, Back to the Drawing Board: Bringing Security Constraints in an Architecture-centric Software Development Process, International Conference on Information Systems Security and Privacy (ICISSP), 2018

C56) Katja Tuma, Riccardo Scandariato, Mathias Widman, Christian Sandberg, Towards security threats that matter, Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS), 2017

C55) Vasileios Theodorou, Ilias Gerostathopoulos, Sasan Amini, Riccardo Scandariato, Christian Prehofer, Miroslaw Staron, Theta Architecture: Preserving the Quality of Analytics in Data-Driven Systems, Workshop on Novel Techniques for Integrating Big Data (BigNovelTI), 2017

C54) Laurens Sion, Koen Yskout, Riccardo Scandariato, Wouter Joosen, A modular meta-model for security solutions, Modularity in Modelling Workshop (MOMO), Brussels, Belgium, April 2017

C53) Alexander van den Berghe, Koen Yskout, Riccardo Scandariato, Wouter Joosen, A Model for Provably Secure Software Design, Workshop on Formal Models in Software Engineering (FormaliSE), Buenos Aires, Argentina, May 2017

C52) Bashar Nassar, Riccardo Scandariato, Traceability Metrics as Early Predictors of Software Defects?, IEEE International Conference on Software Architecture (ICSA), Gothenburg, Sweden, April 2017

C51) Thibaud Antignac, Riccardo Scandariato, Gerardo Schneider, A Privacy-Aware Conceptual Model for Handling Personal Data, International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (ISoLA), Corfu, Greece, October 2016

C50) Mariano Ceccato, Riccardo Scandariato, Static Analysis and Penetration Testing from the Perspective of Maintenance Teams, International Symposium on Empirical Software Engineering and Measurement (ESEM), Ciudad Real, Spain, September 2016

C49) Aram Hovsepyan, Riccardo Scandariato, Wouter Joosen, Is Newer Always Better? The Case of Vulnerability Prediction Models, International Symposium on Empirical Software Engineering and Measurement (ESEM), Ciudad Real, Spain, September 2016

C48) Miroslaw Staron, Riccardo Scandariato, Data veracity in intelligent transportation systems: the slippery road warning scenario, IEEE Intelligent Vehicles Symposium, Gothenburg, Sweden, June 2016

C47) Bashar Nassar, Ali Shahrokni, Riccardo Scandariato, Traceability Data in Early Development Phases as an Enabler for Decision Support, International Workshop on Emerging Trends in DevOps and Infrastructure, Edinburgh, UK, May 2016

C46) Rakesh Rana, Miroslaw Staron, Christian Berger, Agneta Nilsson, Riccardo Scandariato, Alexandra Weilenmann, Martin Rydmark, On the role of cross-disciplinary research and SSE in addressing the challenges of the digitalization of society, IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, September 2015

C45) Phu Nguyen, Koen Yskout, Thomas Heyman, Jacques Klein, Riccardo Scandariato, Yves Le Traon, Model-Driven Security based on A Unified System of Security Design Patterns, International Conference on Model Driven Engineering Languages and Systems (MODELS), Ottawa, Canada, September 2015

C44) Laurens Sion, Koen Yskout, Alexander van den Berghe, Riccardo Scandariato, Wouter Joosen, MASC: Modelling Architectural Security Concerns, International Workshop on Modeling in Software Engineering (MiSE), Florence, Italy, May 2015

C43) Koen Yskout, Riccardo Scandariato, Wouter Joosen, Do Security Patterns Really Help Designers? International Conference on Software Engineering (ICSE), Florence, Italy, May 2015

C42) James Walden, Jeffrey Stuckman, Riccardo Scandariato, Predicting Vulnerable Components: Software Metrics vs Text Mining, IEEE International Symposium on Software Reliability Engineering (ISSRE), Naples, Italy, November 2014 (Best Paper Award)

C41) Riccardo Scandariato, James Walden, Wouter Joosen, Static Analysis Versus Penetration Testing: a Controlled Experiment, IEEE International Symposium on Software Reliability Engineering (ISSRE), Pasadena, CA, USA, November 2013

C40) Alexander van den Berghe, Riccardo Scandariato, Wouter Joosen, Towards a Systematic Literature Review on Secure Software Design, Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS), Paris, France, February 2013

C39) Riccardo Scandariato, James Walden, Predicting vulnerable classes in an Android application, International Workshop on Security Measurements and Metrics (MetriSec), Lund, Sweden, September 2012

C38) Aram Hovsepyan, Riccardo Scandariato, Wouter Joosen, James Walden, Software Vulnerability Prediction using Text Analysis Techniques, International Workshop on Security Measurements and Metrics (MetriSec), Lund, Sweden, September 2012

C37) Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Reusable formal models for secure software architectures, Working IEEE/IFIP Conference on Software Architecture (WICSA), Helsinki, Finland, August 2012

C36) Koen Yskout, Riccardo Scandariato, Wouter Joosen, Does Organizing Security Patterns Focus Architectural Choices?, International Conference on Software Engineering (ICSE), Zurich, Switzerland, June 2012

C35) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Wouter Joosen, Serge Demeyer, Preserving aspects via automation: a maintainability study, International Symposium on Empirical Software Engineering and Measurement (ESEM), Banff, Alberta, Canada, September 2011

C34) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Yolande Berbers, Serge Demeyer, Wouter Joosen, Maintainability Studies Investigating Aspect Preservation via Automation: Lessons Learned, International Workshop onEmpirical Evaluation of Software Composition Techniques (ESCOT), Lancaster, UK, July 2011

C33) Koen Buyens Riccardo Scandariato Wouter Joosen, Composition of least privilege analysis results in software architectures, International Workshop on Software Engineering for Secure Systems (SESS), Honolulu, Hawaii, USA, May 2011

C32) Koen Yskout, Olivier-Nathanael Ben David, Riccardo Scandariato, Benoit Baudry, Requirements-driven runtime reconfiguration for security, International Workshop on Eternal Systems (EternalS), Budapest, Hungary, May 2011

C31) Thomas Heyman, Koen Yskout, Riccardo Scandariato, Holger Schmidt, Yijun Yu, The security twin peaks, International Symposium on Engineering Secure Software and Systems (ESSoS), Madrid, Spain, February 2011

C30) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Yolande Berbers, Serge Demeyer, Wouter Joosen, An Experimental Design for Evaluating the Maintainability of Aspect-Oriented Models Enhanced with Domain-Specific Constructs, International Workshop on Aspect-Oriented Modeling (AOM), Oslo, Norway, October 2010

C29) Riccardo Scandariato, Fabio Massacci, SecureChange: Security engineering for lifelong evolvable systems, International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISOLA), Crete, Greece, October 2010 (invited)

C28) Riccardo Scandariato, Koen Buyens, Wouter Joosen, Automated detection of least privilege violations in software architectures, European Conference on Software Architecture (ECSA), Copenhagen, Denmark, August 2010

C27) Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Security in context: Analysis and refinement of software architectures, Annual IEEE Computer Software and Applications Conference (COMPSAC), Seoul, Republic of Korea, July 2010

C26) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Yolande Berbers, Wouter Joosen, From Aspect-Oriented Models to Aspect-Oriented Code? The Maintenance Perspective, International Conference on Aspect-Oriented Software Development (AOSD), Rennes, France, March 2010

C25) Koen Buyens, Riccardo Scandariato, Wouter Joosen, Measuring the interplay of security principles in software architectures, International Workshop on Security Measurements and Metrics (MetriSec), Lake Buena Vista, Florida, USA, October 2009

C24) Kim Wuyts, Riccardo Scandariato, Bart De Decker, Wouter Joosen, Linking privacy solutions to developer goals, International Workshop on Secure Software Engineering (SecSE), Fukuoka, Japan, March 2009

C23) Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Risk-driven architectural decomposition, International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan, March 2009

C22) Mina Deng, Riccardo Scandariato, Danny De Cock, Bart Preneel, Wouter Joosen, Identity in federated electronic healthcare, IFIP Wireless Days Conference, Dubai, United Arab Emirates, November 2008

C21) Koen Yskout, Riccardo Scandariato, Bart De Win, Wouter Joosen, Transforming security requirements into architecture, Symposium on Requirements Engineering for Information Security (SREIS), Barcelona, Spain, March 2008

C20) Eryk Kulikowski, Riccardo Scandariato, Wouter Joosen, Using multi-level security annotations to improve software assurance, IEEE High Assurance Systems Engineering Symposium (HASE), Nanjing, China, December 2008

C19) Riccardo Scandariato, Yoram Ofek, Paolo Falcarin, Mario Baldi, Application-oriented trust in distributed computing, International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain, March 2008

C18) Thomas Heyman, Riccardo Scandariato, Christophe Huygens, Wouter Joosen, Using security patterns to combine security metrics, International Workshop on Secure Software Engineering (SecSE), Barcelona, Spain, March 2008

C17) Kim Wuyts, Riccardo Scandariato, Geert Claeys, Wouter Joosen, Hardening XDS-based architectures, International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain, March 2008

C16) Artsiom Yautsiukhin, Riccardo Scandariato, Thomas Heyman, Fabio Massacci, Wouter Joosen, Towards a quantitative assessment of security in software architectures, Nordic Workshop on Secure IT Systems (NordSec), Copenhagen, Denmark, October 2008

C15) Koen Buyens, Riccardo Scandariato, Wouter Joosen, Process activities supporting security principles, IEEE International Workshop on Security in Software Engineering (IWSSE), Beijing, China, July 2007

C14) Thomas Heyman, Koen Yskout, Riccardo Scandariato, Wouter Joosen, An analysis of the security patterns landscape, IEEE Workshop on Software Engineering for Secure Systems (SESS), Minneapolis, MN, USA, May 2007

C13) Johan Gregoire, Koen Buyens, Bart De Win, Riccardo Scandariato, Wouter Joosen, On the secure software development process: CLASP and SDL compared, IEEE Workshop on Software Engineering for Secure Systems (SESS), Minneapolis, MN, USA, May 2007

C12) Steven Op de beeck, Dimitri Van Landuyt, Johan Gregoire, Riccardo Scandariato, Wouter Joosen, Andrew Jackson, Siobhan Clarke, Aspectual vs. component-based decomposition: A quantitative study, First Workshop on Aspects in Architectural Description (AARCH), Vancouver, British Columbia, Canada, March 2007

C11) Dimitri Van Landuyt, Steven Op de beeck, Johan Gregoire, Riccardo Scandariato, Wouter Joosen, Andrew Jackson, Siobhan Clarke, Comparing aspect-oriented and component based design: a quantitative study, First Workshop on Assessment of Aspect-Oriented Technologies (ASAT), Vancouver, British Columbia, Canada, March 2007

C10) Riccardo Scandariato, Bart De Win, Wouter Joosen, Towards a measuring framework for security properties of software, ACM Workshop on Quality of Protection (QoP), Alexandria, VA, USA, October 2006

C9) Paolo Falcarin, Riccardo Scandariato, Mario Baldi, Remote trust with aspect-oriented programming, IEEE International Conference on Advanced Information Networking and Applications (AINA), Vienna, Austria, April 2006

C8) Riccardo Scandariato, John C. Knight, The design and evaluation of a defense system for Internet worms, IEEE Symposium on Reliable Distributed Systems (SRDS), Florianopolis, Brazil, October 2004

C7) Riccardo Scandariato, Fulvio Risso, Advanced VPN support on FreeBSD systems, European BSD Conference (EuroBSD), Amsterdam, Netherlands, November 2002

C6) Riccardo Scandariato, Patricia Lago, Luigi Ciminiera, Policy-based control of VPNs, TINA Workshop, Petaling Jaya, Malaysia, October 2002

C5) Patricia Lago, Riccardo Scandariato, The gate to virtual communities, TINA Workshop, Petaling Jaya, Malaysia, October 2002

C4) Riccardo Scandariato, Fulvio Risso, Patricia Lago, LMAP: a protocol to automate the setup of logical networks, IEEE International Conference on Networks (ICON), Singapore, August 2002

C3) Riccardo Scandariato, Patricia Lago, An architecture for dynamic provisioning of virtual networks, ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD), Madrid, Spain, June 2002

C2) Patricia Lago, Riccardo Scandariato, Maurizio Morisio, An approach to evolution control in component-based software product lines, ACM Workshop on Software Product Line, Orlando, FL, May 2002

C1) Patricia Lago, Riccardo Scandariato, A TINA-based solution for dynamic VPN provisioning on heterogeneous networks, IEEE Telecommunications Information Networking Architecture Conference (TINA), Paris, France, September 2000