Katja Tuma

I like to forage mushrooms, read and cook.

Short Bio

I'm a PhD candiate at the Department of Computer Science and Engineering, University of Gothenburg and Chalmers University of Technology. I started my doctoral studies in 2016 under the supervision of Riccardo Scandariato. Here is my CV.

My research interests are in the area of secure software design with the focus on:

  • Security-by-design. Threat modeling (analysis), modeling and security analysis of software architectures, security compliance between software architecture and implementation.
  • Empirical methods for secure software design. Controled experiments, industrial case studies and studies involving human participants.


Here is a list of my publications. You can find me on Google Scholar.


1. ``Threat Analysis of Software Systems: A Systematic Literature Review'', K. Tuma, G. Calikli, R. Scandariato, Journal of Systems and Software (JSS), 2018, Impact factor 2.559


2. ``Security Compliance Checks between Models and Code based on Automated Mappings'', S. Peldszus, K. Tuma, D. Strüber, J. Jürjens, and R. Scandariato, International Conference on Model Driven Engineering Languages and Systems (MODELS), 2019, Acceptance rate 19%

3. ``Flaws in flows: Unveiling design flaws via information flow analysis'', K. Tuma, M. Balliu, R. Scandariato, International Conference on Software Architecture (ICSA), 2019, Acceptance rate 22%

4. ``Two Architectural Threat Analysis Techniques Compared'', K. Tuma, R. Scandariato, European Conference on Software Architecture (ECSA), 2018

5. ``Back to the Drawing Board'', S. Jasser, K. Tuma, R. Scandariato, and M. Riebisch, International Conference on Information Systems Security and Privacy (ICISSP), 2018


6. ``Inspection Guidelines to Identify Security Design Flaws'', K. Tuma, D. Hosseini, K. Malamas, and R. Scandariato, International Workshop on Designing and Measuring CyberSecurity in Software Architecture (DeMeSSA), 2019

7. ``Towards security threats that matter'', K. Tuma, R. Scandariato, M. Widman, C. Sandberg, Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS), 2017

8. ``Towards Automated Security Design Flaw Detection'', L. Sion, K. Tuma, R. Scandariato, K. Yskout, W. Joosen, International Conference on Automated Software Engineering Workshop (ASEW). IEEE, 2019

Licentiate thesis

9. ``Towards Efficiency and Quality Assurance in Threat Analysis of Software Systems'', K. Tuma, Department of Computer Science and Engineering (GU), Opponent of public defence Ketil Stølen, 2018


Course coordinating

I have been involved in coordinating and assissting the B.Sc course Mathematical Foundations or Software Engineering (DIT022).

With the help of a great team and the course examiner, we have developped this course in 2016 from ground zero borrowing concepts from the flipped classroom approach.

Teaching assistance

Empirical Software Engineering (DIT278)

Thesis supervision

  1. Automatic Extraction of Security Relevant Information from Source Code for Formally Based Security Models. Neda Fahrad (M.Sc)
  2. Towards Automating a Risk-First Threat Analysis Technique. Karanveer Singh, Margit Saal, Andrius Sakalas (B.Sc)
  3. Design Flaws as Security Threats. Danial Hosseini, Kyriakos Malamas (M.Sc), co-supervisor


Department of Computer Science and Engineering,

University of Gothenburg and Chalmers University of Technology



Office phone

+46 (0)31 772 1000

Hörselgången 5, 41756 Göteborg, Sweden

Jupiter building, 4th floor, room 454