I am a post-doctoral researcher at the DistriNet research group. My current research activities involve benchmarking and monitoring non-functional qualities of large-scale distributed deployments.
My PhD research focused on formally modeling software architectures, and semi-automatically analyzing their security requirements. By leveraging model relaxation and model finding techniques, attack scenarios are generated that point to security weaknesses in the architectural models. By systematically adding constraints to the model, the modeller builds up an explicit description of the security assumptions on the deployment environment of the modelled system. In order to improve reusability of the verification results, we leverage security patterns.
I'm also responsible for other work on using these security patterns constructively in a secure development process, and study the interplay of requirements engineering and architectural design (i.e., the "twin peaks" process), together with my colleagues Koen Yskout and Riccardo Scandariato.
- Security metrics
- Monitoring security requirements
- Security engineering using reusable security components, such as security patterns
- Formal modeling of security components, such as security patterns
- Model checking with the Alloy analyzer
- Thomas Heyman, Davy Preuveneers, Wouter Joosen, Scalar: Systematic scalability analysis with the Universal Scalability Law, 2014 International Conference on Future Internet of Things and Cloud, pages 497-504, Barcelona, 27-29 August 2014
- Thomas Heyman, (supervisors: Wouter Joosen, Riccardo Scandariato), A Formal Analysis Technique for Secure Software Architectures (Een formele analysetechniek voor veilige softwarearchitecturen), Ph.D. Thesis, 06 March 2013
- Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Reusable formal models for secure software architectures, Working IEEE/IFIP Conference on Software Architecture (WICSA) and the 6th European Conference on Software Architecture (ECSA), Helsinki, Finland, 20-24 August 2012
- Thomas Heyman, Riccardo Scandariato, Wouter Joosen, Security in context: analysis and refinement of software architectures, Annual IEEE Computer Software and Applications Conference, Seoul, Republic of Korea, 19-23 July 2010
- Thomas Heyman, Koen Yskout, Riccardo Scandariato, Holger Schmidt, Yijun Yu, The security twin peaks, ENGINEERING SECURE SOFTWARE AND SYSTEMS, volume 6542, pages 167-180, Madrid, Spain, 9-10 February, 2011