I like to forage mushrooms, read and cook.
I'm a PhD candiate at the Department of Computer Science and Engineering, University of Gothenburg and Chalmers University of Technology. I started my doctoral studies in 2016 under the supervision of Riccardo Scandariato. Here is my CV.
My research interests are in the area of secure software design with the focus on:
- Security-by-design. Threat modeling (analysis), modeling and security analysis of software architectures, security compliance between software architecture and implementation.
- Empirical methods for secure software design. Controled experiments, industrial case studies and studies involving human participants.
Here is a list of my publications. You can find me on Google Scholar.
1. ``Threat Analysis of Software Systems: A Systematic Literature Review'', K. Tuma, G. Calikli, R. Scandariato, Journal of Systems and Software (JSS), 2018, Impact factor 2.559
2. ``Security Compliance Checks between Models and Code based on Automated Mappings'', S. Peldszus, K. Tuma, D. Strüber, J. Jürjens, and R. Scandariato, International Conference on Model Driven Engineering Languages and Systems (MODELS), 2019, Acceptance rate 19%
3. ``Flaws in flows: Unveiling design flaws via information flow analysis'', K. Tuma, M. Balliu, R. Scandariato, International Conference on Software Architecture (ICSA), 2019, Acceptance rate 22%
4. ``Two Architectural Threat Analysis Techniques Compared'', K. Tuma, R. Scandariato, European Conference on Software Architecture (ECSA), 2018
5. ``Back to the Drawing Board'', S. Jasser, K. Tuma, R. Scandariato, and M. Riebisch, International Conference on Information Systems Security and Privacy (ICISSP), 2018
6. ``Inspection Guidelines to Identify Security Design Flaws'', K. Tuma, D. Hosseini, K. Malamas, and R. Scandariato, International Workshop on Designing and Measuring CyberSecurity in Software Architecture (DeMeSSA), 2019
7. ``Towards security threats that matter'', K. Tuma, R. Scandariato, M. Widman, C. Sandberg, Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS), 2017
8. ``Towards Automated Security Design Flaw Detection'', L. Sion, K. Tuma, R. Scandariato, K. Yskout, W. Joosen, International Conference on Automated Software Engineering Workshop (ASEW). IEEE, 2019
9. ``Towards Efficiency and Quality Assurance in Threat Analysis of Software Systems'', K. Tuma, Department of Computer Science and Engineering (GU), Opponent of public defence Ketil Stølen, 2018
I have been involved in coordinating and assissting the B.Sc course Mathematical Foundations or Software Engineering (DIT022).
With the help of a great team and the course examiner, we have developped this course in 2016 from ground zero borrowing concepts from the flipped classroom approach.
Empirical Software Engineering (DIT278)
- Automatic Extraction of Security Relevant Information from Source Code for Formally Based Security Models. Neda Fahrad (M.Sc)
- Towards Automating a Risk-First Threat Analysis Technique. Karanveer Singh, Margit Saal, Andrius Sakalas (B.Sc)
- Design Flaws as Security Threats. Danial Hosseini, Kyriakos Malamas (M.Sc), co-supervisor
Hörselgången 5, 41756 Göteborg, Sweden
Jupiter building, 4th floor, room 454