Katja Tuma

I like to forage mushrooms, read and cook.

Short Bio

Katja Tuma obtained her MSc in Computer Science from the University of Ljubljana, Slovenia. During her studies, she spent two semesters abroad at Reykjavik University and Malmö University, where she discovered her curiosity for research. She pursued her Ph.D. degree on the topic of secure software design at Gothenburg University, where under the supervision of Riccardo Scandariato she published in top software engineering conferences and journals, including JSS and MODELS. She was hosted by Jan Jürjens at the RGSE group (at the University of Koblenz-Landau) as a visiting researcher for three months, for which she was awarded the DAAD scholarship. She also took an active role in the community by serving as a PC member for the GraMSec and SecureMDE workshops. In addition to her academic service, Katja has actively contributed to the undergraduate education at Gothenburg University by helping to design a new course from scratch (Mathematical Foundations for Software Engineering), which she taught for four consecutive years.

My research interests are in the area of secure software design with the focus on:

  • Security-by-design. Threat modeling (analysis), modeling and security analysis of software architectures, security compliance between software architecture and implementation.

  • Empirical methods for secure software design. Controled experiments, industrial case studies and studies involving human participants.

Here is my CV (3 pages).


Here is a list of my publications. You can find me on Google Scholar.


1. ``Finding Security Threats That Matter: Two Industrial Case Studies'', K. Tuma, C. Sandberg, U. Thorsson, M. Widman, T. Herpel, R. Scandariato, in submission to Journal of Systems and Software (JSS), 2020, Impact factor 2.450

2. ``Checking Security Compliance between Models and Code'', K. Tuma, S. Peldszus, R. Scandariato, J. Jürjens, in submission to Journal on Software and Systems Modeling (SoSyM), Impact factor 1.915

3. ``Threat Analysis of Software Systems: A Systematic Literature Review'', K. Tuma, G. Calikli, R. Scandariato, Journal of Systems and Software (JSS), 2018, Impact factor 2.559


4. ``Automating the Early Detection of Security Design Flaws'', K. Tuma, L. Sion, R. Scandariato, and K. Yskout, International Conference on Model Driven Engineering Languages and Systems (MODELS), 2020, Acceptance rate 26%

5. ``Security Compliance Checks between Models and Code based on Automated Mappings'', S. Peldszus, K. Tuma, D. Strüber, J. Jürjens, and R. Scandariato, International Conference on Model Driven Engineering Languages and Systems (MODELS), 2019, Acceptance rate 19%

6. ``Flaws in flows: Unveiling design flaws via information flow analysis'', K. Tuma, M. Balliu, R. Scandariato, International Conference on Software Architecture (ICSA), 2019, Acceptance rate 22%

7. ``Two Architectural Threat Analysis Techniques Compared'', K. Tuma, R. Scandariato, European Conference on Software Architecture (ECSA), 2018

8. ``Back to the Drawing Board'', S. Jasser, K. Tuma, R. Scandariato, and M. Riebisch, International Conference on Information Systems Security and Privacy (ICISSP), 2018


9. ``Inspection Guidelines to Identify Security Design Flaws'', K. Tuma, D. Hosseini, K. Malamas, and R. Scandariato, International Workshop on Designing and Measuring CyberSecurity in Software Architecture (DeMeSSA), 2019

10. ``Towards security threats that matter'', K. Tuma, R. Scandariato, M. Widman, C. Sandberg, Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS), 2017

11. ``Towards Automated Security Design Flaw Detection'', L. Sion, K. Tuma, R. Scandariato, K. Yskout, W. Joosen, International Conference on Automated Software Engineering Workshop (ASEW). IEEE, 2019


12. ``Efficiency and Automation in Threat Analysis of Software Systems'', K. Tuma, Department of Computer Science and Engineering (GU), Maritta Heisel (opponent), Grading Committee: Mathias Ekstedt, Jacques Klein, Mehdi Mirakhorli, 2021

13. ``Towards Efficiency and Quality Assurance in Threat Analysis of Software Systems'', K. Tuma, Department of Computer Science and Engineering (GU), Opponent of public defence Ketil Stølen, 2018


Course coordinating

I have been involved in coordinating and assissting the B.Sc course Mathematical Foundations or Software Engineering (DIT022).

With the help of a great team and the course examiner, we have developped this course in 2016 from ground zero borrowing concepts from the flipped classroom approach.

Teaching assistance

Empirical Software Engineering (DIT278)

Thesis supervision

  1. Automatic Extraction of Security Relevant Information from Source Code for Formally Based Security Models. Neda Fahrad (M.Sc)

  2. Towards Automating a Risk-First Threat Analysis Technique. Karanveer Singh, Margit Saal, Andrius Sakalas (B.Sc)

  3. Design Flaws as Security Threats. Danial Hosseini, Kyriakos Malamas (M.Sc), co-supervisor


Department of Computer Science and Engineering,

University of Gothenburg and Chalmers University of Technology



Office phone

+46 (0)31 77 26 814

Hörselgången 5, 41756 Göteborg, Sweden

Jupiter building, 4th floor, room 454