Thomas Heyman

Thomas Heyman


I am a post-doctoral researcher at the DistriNet research group. My current research activities involve benchmarking and monitoring non-functional qualities of large-scale distributed deployments.

My PhD research focused on formally modeling software architectures, and semi-automatically analyzing their security requirements. By leveraging model relaxation and model finding techniques, attack scenarios are generated that point to security weaknesses in the architectural models. By systematically adding constraints to the model, the modeller builds up an explicit description of the security assumptions on the deployment environment of the modelled system. In order to improve reusability of the verification results, we leverage security patterns.

I'm also responsible for other work on using these security patterns constructively in a secure development process, and study the interplay of requirements engineering and architectural design (i.e., the "twin peaks" process), together with my colleagues Koen Yskout and Riccardo Scandariato.

Previously, I have been involved in iMinds projects IDEM and WTE+.

Research interests:

  • Security metrics
  • Monitoring security requirements
  • Security engineering using reusable security components, such as security patterns
  • Formal modeling of security components, such as security patterns
  • Model checking with the Alloy analyzer

Key publications:

  1. Thomas Heyman, Davy Preuveneers, Wouter Joosen, Scalar: Systematic scalability analysis with the Universal Scalability Law, 2014 International Conference on Future Internet of Things and Cloud, pages 497-504, Barcelona, 27-29 August 2014 download0 460752bibtex
  2. Thomas Heyman, (supervisors: Wouter Joosen, Riccardo Scandariato), A Formal Analysis Technique for Secure Software Architectures (Een formele analysetechniek voor veilige softwarearchitecturen), Ph.D. Thesis, 06 March 2013 download0 389365bibtex
  3. Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Reusable formal models for secure software architectures, Working IEEE/IFIP Conference on Software Architecture (WICSA) and the 6th European Conference on Software Architecture (ECSA), Helsinki, Finland, 20-24 August 2012 download0 350066bibtex
  4. Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Security in context: analysis and refinement of software architectures, Annual IEEE Computer Software and Applications Conference, Seoul, Republic of Korea, 19-23 July 2010 download0 266760bibtex
  5. Thomas Heyman, Koen Yskout, Riccardo Scandariato, Holger Schmidt, Yijun Yu, The security twin peaks, ENGINEERING SECURE SOFTWARE AND SYSTEMS, volume 6542, pages 167-180, Madrid, Spain, 9-10 February, 2011 download0 286022bibtex


Contact info

  • Office: 04.151
  • Address:
    Dept. Computer Science
    Celestijnenlaan 200A
    B-3001 Heverlee
  • Tel: +3216330981
  • Fax: +32 16 327996
  • Email: Thomas Heyman
  • Personal homepage