Publications

Journal papers

J25) Nicolas E. Diaz Ferreyra, Melina Vidoni, Maritta Heisel, Riccardo Scandariato, Cybersecurity Discussions in Stack Overflow: A Developer-Centred Analysis of Engagement and Self-Disclosure Behaviour, Social Network Analysis and Mining, To appear

J24) Quang-Cuong Bui, Ranindya Paramitha, Duc-Ly Vu, Fabio Massacci, Riccardo Scandariato, APR4Vul: An empirical study of automatic program repair techniques on real-world Java vulnerabilities, Empirical Software Engineering, 29(18), 2024 (also presented as Journal First at the International Conference on Software Engineering, ICSE 2024)

J23) Uwe Zdun, Pierre-Jean Queval, Georg Simhandl, Riccardo Scandariato, Somik Chakravarty, Marjan Jelic, Aleksandar Jovanovic, Detection Strategies for Microservice Security Tactics, IEEE Transactions on Dependable and Secure Computing, To appear

J22) Simon Schneider, Riccardo Scandariato, Automatic Extraction of Security-Rich Dataflow Diagrams for Microservice Applications written in Java, Journal of Systems and Software, Volume 202, 2023 (also presented as Journal First at the International Conference on Automated Software Engineering, ASE 2023)

J21) Mazen Mohamad, Rodi Jolak, Örjan Askerdal, Jan-Philipp Steghöfer, Riccardo Scandariato, CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems, ACM Transactions on Cyber-Physical Systems, 7(1), 2023

J20) Uwe Zdun, Pierre-Jean Queval, Georg Simhandl, Riccardo Scandariato, Somik Chakravarty, Marjan Jelic, Aleksandar Jovanovic, Microservice Security Metrics for Secure Communication, Identity Management, and Observability, ACM Transactions on Software Engineering and Methodology, 32(1), 2023

J19) Katja Tuma, Sven Peldszus, Daniel Strüber, Riccardo Scandariato, Jan Jürjens, Checking Security Compliance between Models and Code, Software and Systems Modeling, Volume 22, Springer, 2022

J18) Rodi Jolak, Thomas Rosenstatter, Mazen Mohamad, Kim Strandberg, Behrooz Sangchoolie, Nasser Nowdehi, Riccardo Scandariato, CONSERVE: A Framework for the Selection of Techniques for Monitoring Containers Security, Journal of Systems and Software, Elsevier, Volume 186, April 2022 (also presented as Journal First at the International Conference on Software Architecture, ICSA 2023)

J17) Katja Tuma, Christian Sandberg, Urban Thorsson, Mathias Widman, Thomas Herpel, Riccardo Scandariato, Finding Security Threats That Matter: Two Industrial Case Studies, Journal of Systems and Software, Elsevier, Volume 179, September 2021

J16) Mazen Mohamad, Jan-Philipp Steghöfer, Riccardo Scandariato, Security Assurance Cases – State of the Art of an Emerging Approach, Empirical Software Engineering, 26(70), May 2021

J15) Katja Tuma, Gul Calikli, Riccardo Scandariato, Threat analysis of software systems: A systematic literature review, Journal of Systems and Software, Elsevier, Volume 144, Pages 275-294, 2018

J14) Jeffrey Stuckman, James Walden, Riccardo Scandariato, The Effect of Dimensionality Reduction on Software Vulnerability Prediction Models, IEEE Transactions on Reliability, Volume 66, Issue 1, Pages 17-37, 2017

J13) Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, Wouter Joosen, Design Notations for Secure Software: A Systematic Literature Review, Software and Systems Modeling, Springer, Volume 16, Issue 3, Pages 809–831, 2017

J12) Riccardo Scandariato, Kim Wuyts, Wouter Joosen, A descriptive study of Microsoft's threat modeling technique, Requirements Engineering, Springer, Volume 20, Issue 2, Pages 163-180, 2015

J11) Riccardo Scandariato, James Walden, Aram Hovsepyan, Wouter Joosen, Predicting Vulnerable Software Components via Text Mining, IEEE Transactions on Software Engineering, Volume 40, Issue 10, Pages 993-1006, October 2014

J10) Kim Wuyts, Riccardo Scandariato, Wouter Joosen, Empirical Evaluation of a Privacy-Focused Threat Modeling Methodology, Journal of Systems and Software, Elsevier, Volume 96, Pages 122-138, October 2014

J9) Aram Hovsepyan, Riccardo Scandariato, Maximilian Steff, Wouter Joosen, Design Churn as Predictor of Vulnerabilities?, International Journal of Secure Software Engineering, IGI Global, Volume 5, Issue 3, 2014

J8) Michael Felderer, Basel Katt, Philipp Kalb, Jan Jürjens, Martin Ochoa, Federica Paci, Le Minh Sang Tran, Thein Than Tun, Koen Yskout, Riccardo Scandariato, Frank Piessens, Dries Vanoverberghe, Elizabeta Fourneret, Matthias Gander, Bjornar Solhaug, Ruth Breu, Evolution of Security Engineering Artifacts: A State of the Art Survey, International Journal of Secure Software Engineering, IGI Global, Volume 5, Issue 4, 2014

J7) Koen Yskout, Riccardo Scandariato, Wouter Joosen, Change Patterns: Co-evolving Requirements and Architecture, Software and Systems Modeling, Springer, Elsevier, Volume 13, Issue 2, May 2014

J6) Koen Buyens, Riccardo Scandariato, Wouter Joosen, Least privilege analysis in software architectures, Software and Systems Modeling, Springer, Volume 12, Issue 2, May 2013

J5) Kim Wuyts, Griet Verhenneman, Riccardo Scandariato, Wouter Joosen, Jos Dumortier, What Electronic Health Records don't know just yet. A Privacy Analysis for Patient Communities and Health Records Interaction, Health and Technology, Springer, Volume 2, Issue 3, Pages 159-183, September 2012

J4) Bernard Spitz, Riccardo Scandariato, Wouter Joosen, Extraction of an architecture model for least privilege analysis, International Journal of Secure Software Engineering, IGI Global, Volume 3, Issue 4, October-December 2012

J3) Kim Wuyts, Riccardo Scandariato, Griet Verhenneman, Wouter Joosen, Integrating Patient Consent in e-Health Access Control, International Journal of Secure Software Engineering, IGI Global, Volume 2, Issue 2, Pages 1-24, April-June 2011

J2) Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, Wouter Joosen, A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements, Requirements Engineering, Springer, Volume 16, Issue 1, Pages 3-32, Special Issue on Digital Privacy, March 2011

J1) Bart De Win, Riccardo Scandariato, Koen Buyens, Johan Gregoire, Wouter Joosen, On the secure software development process: CLASP, SDL and Touchpoints compared, Information and Software Technology, Elsevier, Volume 51, Issue 7, Pages 1152-1171, Special Issue on Software Engineering for Secure Systems, July 2009

Book chapters

B2) Koen Yskout, Kim Wuyts, Dimitri Van Landuyt, Riccardo Scandariato, Wouter Joosen, Empirical research on security and privacy by design: What (not) to expect as a researcher or a reviewer, in Empirical Research for Software Security: Foundations and Experience, Lotfi ben Othmane, Martin Gilje Jaatun, Edgar Weippl (Eds.), CRC Press, ISBN 9781498776417, 2017

B1) Riccardo Scandariato, Federica Paci, Le Minh Sang Tran, Katsiaryna Labunets, Koen Yskout, Fabio Massacci, Wouter Joosen, Empirical Assessment of Security Requirements and Architecture: Lessons Learned, in Engineering Secure Future Internet Services and Systems, Maritta Heisel, Wouter Joosen, Javier Lopez, Fabio Martinelli (Eds.), Springer, ISBN 9783319074528, 2014

Conference and workshop papers

C93) Simon Schneider, Alexander Bakhtin, Xiaozhou Li, Jacopo Soldani, Antonio Brogi, Tomas Cerny, Riccardo Scandariato, Davide Taibi, Comparison of Static Analysis Architecture Recovery Tools for Microservice Applications, International Conference on Mining Software Repositories - Registered Reports Track (MSR), 2024

C92) Nicolas E. Diaz Ferreyra, Mojtaba Shahin, Mansooreh Zahedi, Sodiq Quadri, Riccardo Scandariato, What Can Self-Admitted Technical Debt Tell Us About Security? A Mixed-Methods Study, International Conference on Mining Software Repositories (MSR), 2024

C91) Clinton Cao, Simon Schneider, Nicolas E. Diaz Ferreyra, Sicco Verwer, Annibale Panichella, Riccardo Scandariato, CATMA: Conformance Analysis Tool For Microservice Applications, International Conference on Software Engineering - Demonstrations Track (ICSE Demo), 2024

C90) Simon Schneider, Nicolas E. Diaz Ferreyra, Pierre-Jean Queval, Georg Simhandl, Uwe Zdun and Riccardo Scandariato, How Dataflow Diagrams Impact Software Security Analysis: an Empirical Experiment, International Conference on Software Analysis, Evolution and Reengineering (SANER), 2024

C89) Quang-Cuong Bui, Malte Laukötter and Riccardo Scandariato, DockerCleaner: Automatic Repair of Security Smells in Dockerfiles, International Conference on Software Maintenance and Evolution (ICSME), 2023

C88) Simon Schneider, Tufan Özen, Michael Chen, Riccardo Scandariato, microSecEnD: A Dataset of Security-Enriched Dataflow Diagrams for Microservice Applications, International Conference on Mining Software Repositories - Data and Tool Showcase (MSR), 2023

C87) Catherine Tony, Markus Mutas, Nicolas E. Diaz Ferreyra, Riccardo Scandariato, LLMSecEval: A Dataset of Natural Language Prompts for Security Evaluations, International Conference on Mining Software Repositories - Data and Tool Showcase (MSR), 2023

C86) Nicolas E. Diaz Ferreyra, Abdessamad Imine, Melina Vidoni, Riccardo Scandariato, Developers Need Protection, Too: Perspectives and Research Challenges for Privacy in Social Coding Platforms, International Conference on Cooperative and Human Aspects of Software Engineering (CHASE), 2023

C85) Nicolas E. Diaz Ferreyra, Gautam Kishore Shahi, Catherine Tony, Stefan Stieglitz, Riccardo Scandariato, Regret, Delete, (Do Not) Repeat: An Analysis of Self-Cleaning Practices on Twitter After the Outbreak of the COVID-19 Pandemic, ACM CHI Conference on Human Factors in Computing Systems (CHI), 2023

C84) Catherine Tony, Nicolas E. Diaz Ferreyra, Riccardo Scandariato, GitHub Considered Harmful? Analyzing Open-Source Projects for the Automatic Generation of Cryptography API Call Sequences, International Conference on Software Quality, Reliability, and Security (QRS), 2022

C83) Mazen Mohamad, Jan-Philipp Steghöfer, Alexander Åström, Riccardo Scandariato, Identifying security-related requirements in regulatory documents based on cross-project classification, International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE), 2022

C82) Anusha Bambhore Tukaram, Simon Schneider, Nicolas E. Diaz Ferreyra, Georg Simhandl, Uwe Zdun, Riccardo Scandariato, Towards a Security Benchmark for the Architectural Design of Microservice Applications, International Workshop on Continuous Software Evaluation and Certification (IWCSEC), 2022

C81) Rodi Jolak, Thomas Rosenstatter, Saif Aldaghistani, Riccardo Scandariato, RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems, Euromicro Conference Series on Software Engineering and Advanced Applications (SEAA), 2022

C80) Eduard Pinconschi, Quang-Cuong Bui, Rui Abreu, Pedro Adão, Riccardo Scandariato, Maestro: A Platform for Benchmarking Automatic Program Repair Tools on Software Vulnerabilities, International Symposium on Software Testing and Analysis - Tool Demonstration Track (ISSTA), 2022

C79) Kamakshi Srikumar, Komal Kashish, Kolja Eggers, Nicolas E. Diaz Ferreyra, Julian Koch, Thorsten Schüppstuhl, Riccardo Scandariato, STRIPED: A Threat Analysis Method for IoT Systems, International Workshop on Security and Forensics of IoT (IoT-SECFOR), 2022

C78) Priyanka Billawa, Anusha Bambhore Tukaram, Nicolas Diaz Ferreyra, Jan-Philipp Steghöfer, Riccardo Scandariato, Georg Simhandl, SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices, International Conference on Availability, Reliability and Security (ARES), 2022

C77) Hanaa Alshareef, Katja Tuma, Sandro Stucki, Gerardo Schneider, Riccardo Scandariato, Precise Analysis of Purpose Limitation in Data Flow Diagrams, International Conference on Availability, Reliability and Security (ARES), 2022

C76) Catherine Tony, Mohana Balasubramanian, Nicolas E. Diaz Ferreyra, Riccardo Scandariato, Conversational DevBots for Secure Programming: An Empirical Study on SKF Chatbot, International Conference on Evaluation and Assessment in Software Engineering (EASE), 2022

C75) Quang-Cuong Bui, Riccardo Scandariato, Nicolas Diaz Ferreyra, Vul4J: A Dataset of Reproducible Java Vulnerabilities Geared Towards the Study of Program Repair Techniques, International Conference on Mining Software Repositories (MSR), 2022 (Best Data and Tool Showcase Paper Award)

C74) Mazen Mohamad, Örjan Askerdal, Rodi Jolak, Jan-Philipp Steghöfer, Riccardo Scandariato, Asset-driven Security Assurance Cases with Built-in Quality Assurance, International Workshop on Engineering and Cybersecurity of Critical Systems (ENCYCRIS), 2021

C73) Ivan Pashchenko, Riccardo Scandariato, Antonino Sabetta, Fabio Massacci, Secure Software Development in the Era of Fluid Multi-party Open Software and Services, International Conference on Software Engineering - New Ideas and Emerging Results Track (ICSE NIER), 2021

C72) Katja Tuma, Laurens Sion, Riccardo Scandariato, Koen Yskout, Automating the Early Detection of Security Design Flaws, International Conference on Model Driven Engineering Languages and Systems (MODELS), 2020

C71) Thomas Rosenstatter, Kim Strandberg, Rodi Jolak, Riccardo Scandariato, Tomas Olovsson, REMIND: A Framework for the Resilient Design of Automotive Systems, IEEE Secure Development Conference (SecDev), 2020

C70) Mazen Mohamad, Alexander Åström, Örjan Askerdal, Jörgen Borg, Riccardo Scandariato, Security Assurance Cases for Road Vehicles: an Industry Perspective, International Conference on Availability, Reliability and Security (ARES), 2020

C69) Shamal Faily, Riccardo Scandariato, Adam Shostack, Laurens Sion, Duncan Ki-Aries, Contextualisation of Data Flow Diagrams for security analysis, International Workshop on Graphical Models for Security (GraMSec), 2020

C68) Stefan Carl Peiser, Ludwig Friborg, Riccardo Scandariato, JavaScript malware detection using locality sensitive hashing, International Conference on ICT Systems Security and Privacy Protection (IFIP SEC), 2020

C67) Marvin Wyrich, Regina Hebig, Stefan Wagner, Riccardo Scandariato, Perception and Acceptance of an Autonomous Refactoring Bot, International Conference on Agents and Artificial Intelligence (ICAART), 2020

C66) Laurens Sion, Katja Tuma, Riccardo Scandariato, Koen Yskout, Wouter Joosen, Towards Automated Security Design Flaw Detection, International Workshop on Software Security from Design to Deployment (SEAD), 2019

C65) Katja Tuma, Daniel Hosseini, Kyriakos Malamas, Riccardo Scandariato, Inspection Guidelines to Identify Security Design Flaws, International Workshop on Designing and Measuring CyberSecurity in Software Architecture (DeMeSSA), 2019

C64) Sven Peldszus, Katja Tuma, Daniel Strüber, Jan Jürjens, Riccardo Scandariato, Secure Data-Flow Compliance Checks between Models and Code based on Automated Mappings, International Conference on Model Driven Engineering Languages and Systems (MODELS), 2019

C63) Linda Erlenhov, Francisco Gomes de Oliveira Neto, Riccardo Scandariato, Philipp Leitner, Current and Future Bots in Software Development, First Workshop on Bots in Software Engineering, (BotSE @ICSE), 2019

C62) Katja Tuma, Musard Balliu, Riccardo Scandariato, Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis, International Conference on Software Architecture (ICSA), 2019

C61) Katja Tuma, Riccardo Scandariato, Two Architectural Threat Analysis Techniques Compared, European Conference on Software Architecture (ECSA), 2018

C60) Alexander van den Berghe, Koen Yskout, Riccardo Scandariato, Wouter Joosen, A Lingua Franca for Security by Design, IEEE Secure Development Conference (SecDev), 2018

C59) Thibaud Antignac, Riccardo Scandariato, Gerardo Schneider, Privacy Compliance via Model Transformations, International Workshop on Privacy Engineering (IWPE), 2018

C58) Riccardo Scandariato, Jennifer Horkhoff, Robert Feldt, Generative Secure Design, Defined, International Conference on Software Engineering - New Ideas and Emerging Results Track (ICSE NIER), 2018

C57) Stefanie Jasser, Katja Tuma, Riccardo Scandariato, Matthias Riebisch, Back to the Drawing Board: Bringing Security Constraints in an Architecture-centric Software Development Process, International Conference on Information Systems Security and Privacy (ICISSP), 2018 (also presented as poster, which received the Best Poster award)

C56) Katja Tuma, Riccardo Scandariato, Mathias Widman, Christian Sandberg, Towards security threats that matter, Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS), 2017

C55) Vasileios Theodorou, Ilias Gerostathopoulos, Sasan Amini, Riccardo Scandariato, Christian Prehofer, Miroslaw Staron, Theta Architecture: Preserving the Quality of Analytics in Data-Driven Systems, Workshop on Novel Techniques for Integrating Big Data (BigNovelTI), 2017

C54) Laurens Sion, Koen Yskout, Riccardo Scandariato, Wouter Joosen, A modular meta-model for security solutions, Modularity in Modelling Workshop (MOMO), Brussels, Belgium, April 2017

C53) Alexander van den Berghe, Koen Yskout, Riccardo Scandariato, Wouter Joosen, A Model for Provably Secure Software Design, Workshop on Formal Models in Software Engineering (FormaliSE), Buenos Aires, Argentina, May 2017

C52) Bashar Nassar, Riccardo Scandariato, Traceability Metrics as Early Predictors of Software Defects?, IEEE International Conference on Software Architecture (ICSA), Gothenburg, Sweden, April 2017

C51) Thibaud Antignac, Riccardo Scandariato, Gerardo Schneider, A Privacy-Aware Conceptual Model for Handling Personal Data, International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (ISoLA), Corfu, Greece, October 2016

C50) Mariano Ceccato, Riccardo Scandariato, Static Analysis and Penetration Testing from the Perspective of Maintenance Teams, International Symposium on Empirical Software Engineering and Measurement (ESEM), Ciudad Real, Spain, September 2016

C49) Aram Hovsepyan, Riccardo Scandariato, Wouter Joosen, Is Newer Always Better? The Case of Vulnerability Prediction Models, International Symposium on Empirical Software Engineering and Measurement (ESEM), Ciudad Real, Spain, September 2016

C48) Miroslaw Staron, Riccardo Scandariato, Data veracity in intelligent transportation systems: the slippery road warning scenario, IEEE Intelligent Vehicles Symposium, Gothenburg, Sweden, June 2016

C47) Bashar Nassar, Ali Shahrokni, Riccardo Scandariato, Traceability Data in Early Development Phases as an Enabler for Decision Support, International Workshop on Emerging Trends in DevOps and Infrastructure, Edinburgh, UK, May 2016

C46) Rakesh Rana, Miroslaw Staron, Christian Berger, Agneta Nilsson, Riccardo Scandariato, Alexandra Weilenmann, Martin Rydmark, On the role of cross-disciplinary research and SSE in addressing the challenges of the digitalization of society, IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, September 2015

C45) Phu Nguyen, Koen Yskout, Thomas Heyman, Jacques Klein, Riccardo Scandariato, Yves Le Traon, SoSPa: A system of Security design Patterns for systematically engineering secure systems, International Conference on Model Driven Engineering Languages and Systems (MODELS), Ottawa, Canada, September 2015

C44) Laurens Sion, Koen Yskout, Alexander van den Berghe, Riccardo Scandariato, Wouter Joosen, MASC: Modelling Architectural Security Concerns, International Workshop on Modeling in Software Engineering (MiSE), Florence, Italy, May 2015

C43) Koen Yskout, Riccardo Scandariato, Wouter Joosen, Do Security Patterns Really Help Designers? International Conference on Software Engineering (ICSE), Florence, Italy, May 2015

C42) James Walden, Jeffrey Stuckman, Riccardo Scandariato, Predicting Vulnerable Components: Software Metrics vs Text Mining, IEEE International Symposium on Software Reliability Engineering (ISSRE), Naples, Italy, November 2014 (Best Paper Award)

C41) Riccardo Scandariato, James Walden, Wouter Joosen, Static Analysis Versus Penetration Testing: a Controlled Experiment, IEEE International Symposium on Software Reliability Engineering (ISSRE), Pasadena, CA, USA, November 2013

C40) Alexander van den Berghe, Riccardo Scandariato, Wouter Joosen, Towards a Systematic Literature Review on Secure Software Design, Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS), Paris, France, February 2013

C39) Riccardo Scandariato, James Walden, Predicting vulnerable classes in an Android application, International Workshop on Security Measurements and Metrics (MetriSec), Lund, Sweden, September 2012

C38) Aram Hovsepyan, Riccardo Scandariato, Wouter Joosen, James Walden, Software Vulnerability Prediction using Text Analysis Techniques, International Workshop on Security Measurements and Metrics (MetriSec), Lund, Sweden, September 2012

C37) Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Reusable formal models for secure software architectures, Working IEEE/IFIP Conference on Software Architecture (WICSA), Helsinki, Finland, August 2012

C36) Koen Yskout, Riccardo Scandariato, Wouter Joosen, Does Organizing Security Patterns Focus Architectural Choices?, International Conference on Software Engineering (ICSE), Zurich, Switzerland, June 2012

C35) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Wouter Joosen, Serge Demeyer, Preserving aspects via automation: a maintainability study, International Symposium on Empirical Software Engineering and Measurement (ESEM), Banff, Alberta, Canada, September 2011

C34) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Yolande Berbers, Serge Demeyer, Wouter Joosen, Maintainability Studies Investigating Aspect Preservation via Automation: Lessons Learned, International Workshop onEmpirical Evaluation of Software Composition Techniques (ESCOT), Lancaster, UK, July 2011

C33) Koen Buyens Riccardo Scandariato, Wouter Joosen, Composition of least privilege analysis results in software architectures, International Workshop on Software Engineering for Secure Systems (SESS), Honolulu, Hawaii, USA, May 2011

C32) Koen Yskout, Olivier-Nathanael Ben David, Riccardo Scandariato, Benoit Baudry, Requirements-driven runtime reconfiguration for security, International Workshop on Eternal Systems (EternalS), Budapest, Hungary, May 2011

C31) Thomas Heyman, Koen Yskout, Riccardo Scandariato, Holger Schmidt, Yijun Yu, The security twin peaks, International Symposium on Engineering Secure Software and Systems (ESSoS), Madrid, Spain, February 2011

C30) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Yolande Berbers, Serge Demeyer, Wouter Joosen, An Experimental Design for Evaluating the Maintainability of Aspect-Oriented Models Enhanced with Domain-Specific Constructs, International Workshop on Aspect-Oriented Modeling (AOM), Oslo, Norway, October 2010

C29) Riccardo Scandariato, Fabio Massacci, SecureChange: Security engineering for lifelong evolvable systems, International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISOLA), Crete, Greece, October 2010 (invited)

C28) Riccardo Scandariato, Koen Buyens, Wouter Joosen, Automated detection of least privilege violations in software architectures, European Conference on Software Architecture (ECSA), Copenhagen, Denmark, August 2010

C27) Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Security in context: Analysis and refinement of software architectures, Annual IEEE Computer Software and Applications Conference (COMPSAC), Seoul, Republic of Korea, July 2010

C26) Aram Hovsepyan, Riccardo Scandariato, Stefan Van Baelen, Yolande Berbers, Wouter Joosen, From Aspect-Oriented Models to Aspect-Oriented Code? The Maintenance Perspective, International Conference on Aspect-Oriented Software Development (AOSD), Rennes, France, March 2010

C25) Koen Buyens, Riccardo Scandariato, Wouter Joosen, Measuring the interplay of security principles in software architectures, International Workshop on Security Measurements and Metrics (MetriSec), Lake Buena Vista, Florida, USA, October 2009

C24) Kim Wuyts, Riccardo Scandariato, Bart De Decker, Wouter Joosen, Linking privacy solutions to developer goals, International Workshop on Secure Software Engineering (SecSE), Fukuoka, Japan, March 2009

C23) Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Risk-driven architectural decomposition, International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan, March 2009

C22) Mina Deng, Riccardo Scandariato, Danny De Cock, Bart Preneel, Wouter Joosen, Identity in federated electronic healthcare, IFIP Wireless Days Conference, Dubai, United Arab Emirates, November 2008

C21) Koen Yskout, Riccardo Scandariato, Bart De Win, Wouter Joosen, Transforming security requirements into architecture, Symposium on Requirements Engineering for Information Security (SREIS), Barcelona, Spain, March 2008

C20) Eryk Kulikowski, Riccardo Scandariato, Wouter Joosen, Using multi-level security annotations to improve software assurance, IEEE High Assurance Systems Engineering Symposium (HASE), Nanjing, China, December 2008

C19) Riccardo Scandariato, Yoram Ofek, Paolo Falcarin, Mario Baldi, Application-oriented trust in distributed computing, International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain, March 2008

C18) Thomas Heyman, Riccardo Scandariato, Christophe Huygens, Wouter Joosen, Using security patterns to combine security metrics, International Workshop on Secure Software Engineering (SecSE), Barcelona, Spain, March 2008

C17) Kim Wuyts, Riccardo Scandariato, Geert Claeys, Wouter Joosen, Hardening XDS-based architectures, International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain, March 2008

C16) Artsiom Yautsiukhin, Riccardo Scandariato, Thomas Heyman, Fabio Massacci, Wouter Joosen, Towards a quantitative assessment of security in software architectures, Nordic Workshop on Secure IT Systems (NordSec), Copenhagen, Denmark, October 2008

C15) Koen Buyens, Riccardo Scandariato, Wouter Joosen, Process activities supporting security principles, IEEE International Workshop on Security in Software Engineering (IWSSE), Beijing, China, July 2007

C14) Thomas Heyman, Koen Yskout, Riccardo Scandariato, Wouter Joosen, An analysis of the security patterns landscape, IEEE Workshop on Software Engineering for Secure Systems (SESS), Minneapolis, MN, USA, May 2007

C13) Johan Gregoire, Koen Buyens, Bart De Win, Riccardo Scandariato, Wouter Joosen, On the secure software development process: CLASP and SDL compared, IEEE Workshop on Software Engineering for Secure Systems (SESS), Minneapolis, MN, USA, May 2007

C12) Steven Op de beeck, Dimitri Van Landuyt, Johan Gregoire, Riccardo Scandariato, Wouter Joosen, Andrew Jackson, Siobhan Clarke, Aspectual vs. component-based decomposition: A quantitative study, First Workshop on Aspects in Architectural Description (AARCH), Vancouver, British Columbia, Canada, March 2007

C11) Dimitri Van Landuyt, Steven Op de beeck, Johan Gregoire, Riccardo Scandariato, Wouter Joosen, Andrew Jackson, Siobhan Clarke, Comparing aspect-oriented and component based design: a quantitative study, First Workshop on Assessment of Aspect-Oriented Technologies (ASAT), Vancouver, British Columbia, Canada, March 2007

C10) Riccardo Scandariato, Bart De Win, Wouter Joosen, Towards a measuring framework for security properties of software, ACM Workshop on Quality of Protection (QoP), Alexandria, VA, USA, October 2006

C9) Paolo Falcarin, Riccardo Scandariato, Mario Baldi, Remote trust with aspect-oriented programming, IEEE International Conference on Advanced Information Networking and Applications (AINA), Vienna, Austria, April 2006

C8) Riccardo Scandariato, John C. Knight, The design and evaluation of a defense system for Internet worms, IEEE Symposium on Reliable Distributed Systems (SRDS), Florianopolis, Brazil, October 2004

C7) Riccardo Scandariato, Fulvio Risso, Advanced VPN support on FreeBSD systems, European BSD Conference (EuroBSD), Amsterdam, Netherlands, November 2002

C6) Riccardo Scandariato, Patricia Lago, Luigi Ciminiera, Policy-based control of VPNs, TINA Workshop, Petaling Jaya, Malaysia, October 2002

C5) Patricia Lago, Riccardo Scandariato, The gate to virtual communities, TINA Workshop, Petaling Jaya, Malaysia, October 2002

C4) Riccardo Scandariato, Fulvio Risso, Patricia Lago, LMAP: a protocol to automate the setup of logical networks, IEEE International Conference on Networks (ICON), Singapore, August 2002

C3) Riccardo Scandariato, Patricia Lago, An architecture for dynamic provisioning of virtual networks, ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD), Madrid, Spain, June 2002

C2) Patricia Lago, Riccardo Scandariato, Maurizio Morisio, An approach to evolution control in component-based software product lines, ACM Workshop on Software Product Line, Orlando, FL, May 2002

C1) Patricia Lago, Riccardo Scandariato, A TINA-based solution for dynamic VPN provisioning on heterogeneous networks, IEEE Telecommunications Information Networking Architecture Conference (TINA), Paris, France, September 2000

As editor

E5) Michael Felderer, Riccardo Scandariato, Exploring Security in Software Architecture and Design, IGI Global, 2019

E4) Martin Gilje Jaatun, Riccardo Scandariato, Lillian Røstad, Special Issue of the International Journal of Secure Software Engineering, Vol. 5, No. 2, April-June 2014

E3) Jan Jürjens, Ben Livshits, Riccardo Scandariato, Engineering Secure Software and Systems, Springer LNCS 7781, 2013

E2) Gilles Barthe, Ben Livshits, Riccardo Scandariato, Engineering Secure Software and Systems, Springer LNCS 7159, 2012

E1) Alessandro Moschitti, Riccardo Scandariato, Eternal Systems, Springer CCIS 255, 2011