In 2021 I joined the Foundational and Experimental Security research group as Assistant Professor (Universitair docent 2) and am working at the Department of Computer Science at Vrije Universiteit Amsterdam within the Computer Systems group. I hold a Ph.D. in Computer Science and Engineering, which I completed at the University of Gothenburg. I am an active member of EUGAIN (WG3: From Ph.D. to Professor), and diversity co-officer for CSE department at the VU.
Hack4her: Are you curious about hackathons and want to create something cool? Read more here and join us in 2023!
I am passionate about building and evaluating methods for analyzing security threats and vulnerabilities in software systems. I like to work on solving practical problems with direct impact to the society. I particularly focus on:
Are you interested to do a thesis with me? Find the current thesis topics here!
Empirical methods for security. Designing and conducting controlled experiments, industrial case studies and studies involving human participants.
Measuring human aspects (e.g., diversity) in security threat analysis. Risk perception, gender bias, diversity processes in technical (i.e., security) domain.
Security-by-design. Threat modeling and risk analysis, automating security analysis of software architecture, compliance of code to the intended security.
I have the pleasure to work closely with Winnie Mbaka, but also co-supervise Samina Kanwal, Aurora Papotti, and Francesco Minna, all brilliant young minds undertaking their PhD studies at the VU.
- November 2021, invited talk at research seminar organised by DIGISEC at the Technical University of Denmark (DTU).
- October 2021, invited talk at research seminar organised by the RGSE group at the University of Koblenz Landau.
- September 2021, speaker at the Aurora Research Conference on the Digital Society and Global Citizenship. Watch video.
- Seven pain points of threat analysis & risk assessment in the automotive domain (IEEE), K. Tuma and M. Widman, in IEEE Security & Privacy Magazine.
- Checking Security Compliance between Models and Code (PDF), K. Tuma, S. Peldszus, R. Scandariato, J. Jürjens, in Journal on Software and Systems Modeling (SoSyM)
- Finding Security Threats That Matter: Two Industrial Case Studies (PDF), K. Tuma, C. Sandberg, U. Thorsson, M. Widman, T. Herpel, R. Scandariato, in Journal of Systems and Software (JSS), 2021.
- Human Aspect of Threat Analysis: A Replication (PDF), K. Tuma, and W. Mbaka, in submission to International Symposium on Empirical Software Engineering and Measurement (ESEM)
- Automating the Early Detection of Security Design Flaws (PDF), K. Tuma, L. Sion, R. Scandariato, and K. Yskout, International Conference on Model Driven Engineering Languages and Systems (MODELS), 2020, Acceptance rate 26%
- Flaws in flows: Unveiling design flaws via information flow analysis (PDF), K. Tuma, M. Balliu, R. Scandariato, International Conference on Software Architecture (ICSA), 2019, Acceptance rate 22%
- The Role of Diversity in Cybersecurity Risk Analysis: An Experimental Plan (PDF), K. Tuma, R. Van der Lee, Third Workshop on Gender Equality, Diversity, and Inclusion in Software Engineering (GE@ICSE), 2022
- Towards security threats that matter (PDF), K. Tuma, R. Scandariato, M. Widman, C. Sandberg, Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS), 2017
- Inspection Guidelines to Identify Security Design Flaws (PDF), K. Tuma, D. Hosseini, K. Malamas, and R. Scandariato, International Workshop on Designing and Measuring CyberSecurity in Software Architecture (DeMeSSA), 2019
Efficiency and Automation in Threat Analysis of Software Systems (PDF), K. Tuma, Department of Computer Science and Engineering (University of Gothenburg), defended in January 2021
Course design and teaching
- Data Structures and Algorithms, taught to BSc of AI
- Software Threat Analysis: Build-It-Break-It-Fix-It, taught to MSc of Computer Security
Co-teaching at the VU:
- Security and Safety Engineering, taught by Fabio Massacci to BSc of CS
- Security Experiments and Measures, taught by Fabio Massacci to MSc of Computer Security
- Guest lecture in the M.Sc course Software Oriented Design (405061) coordinated and taught by Patricia Lago from the Software and Sustainability (S2) research group.
Co-creation, coordination and assistance in teaching the B.Sc flipped classroom course Mathematical Foundations or Software Engineering (DIT022).
Previous teaching assistance
- Empirical Software Engineering (DIT278)
- Software Analysis and Design (DIT184)
- Automatic Extraction of Security Relevant Information from Source Code for Formally Based Security Models. Neda Fahrad (M.Sc)
- Towards Automating a Risk-First Threat Analysis Technique. Karanveer Singh, Margit Saal, Andrius Sakalas (B.Sc)
- Design Flaws as Security Threats. Danial Hosseini, Kyriakos Malamas (M.Sc), co-supervisor
- The International Workshop on Designing and Measuring Security in Software Architecture, DeMeSSA 2022
- International Conference on Evaluation and Assessment in Software Engineering (EASE) 2022
- the Information and Software Technology journal (IST)
- the Journal of Systems and Software (JSS)
- the International Journal on Software and Systems Modeling (SoSyM)
- the Software Quality journal
- IEEE Vehicular Technology
- ESEC/FSE Industry Track 2022
- International Workshop on Continuous Software Evaluation and Certification, IWCSEC 2022 at ARES
- ACM Cloud Computing Security Workshop (CCSW'21) in conjunction with CCS'21
- International Workshop on Graphical Models for Security (GraMSec'20)
- International Workshop on Security for and by Model-Driven Engineering (SecureMDE'20)
- Mining Software Repositories Conference (MSR'21)
Where to find me
New University (NU) Building, Take entrance 1111, 11th floor, room 11A-57.
Vrije Universiteit Amsterdam
Faculty of Sciences,
Dept. of Computer Science,
De Boelelaan 1111,
1081 HV Amsterdam, The Netherlands
Foraging mushrooms. This is what I see when I look at a forest. Recently, also rock-climbing.