Skip to content

Toggle service links

You are here

  1. Home
  2. Dr Thein Tun

Dr Thein Tun

Profile summary

  • Central Academic Staff
  • Lecturer
  • Faculty of Science, Technology, Engineering & Mathematics
  • School of Computing & Communications
  • thein.tun

Externally funded projects

Why Johnny doesn’t write secure software? Secure Software Development by the Masses
RoleStart dateEnd dateFunding source
Co-investigator01 Apr 201731 Dec 2021EPSRC Engineering and Physical Sciences Research Council

Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. Mobile and web app development and easy to program hardware devices, such as Arduino and Raspberry Pi, have resulted in a wide range of people from diverse backgrounds developing software. Such software can be, and is, used by a potentially global user base. But what are the security implications of such software development by ‘the masses’. Are we moving toward a ‘wild west’ in which a diversity of skills and motives in those developing software will affect its security? This diversity of developers is here to stay and is at the heart of a range of innovations in the digital economy. However, little is currently understood about the security behaviours and decision-making processes of the masses – Johnny – engaging in software development. Without such foundational understanding, we cannot hope to leverage a hitherto untapped resource, Johnny, in developing resilient software that is used by millions around the world. From this foundation, we can consider the implications of their assumptions and design choices and provide new tools and techniques to support them. Such foundational research and advances are the focus of this proposal.

A Roadmap of Research in Cybersecurity: An interdisciplinary perspective
RoleStart dateEnd dateFunding source
Lead15 Mar 201514 Mar 2017British Council **DO NOT USE**

Cybersecurity is a growing international issue that affects citizens and institutions around the world. Although it is a software problem at the heart of it, there are several important facets of it that are related to human psychology, statistics, and natural language analysis. As Qatar moves towards knowledge economy, the need for developing human and technological resources in IT and cybersecurity will become increasingly important. This workshop will bring together UK-based and Qatar-based researchers and educators to explore opportunities for research collaboration and education in cybersecurity. Currently, Qatar spends around 3 percent of its GDP on research, and a significant part of it is devoted to IT and cybersecurity. Furthermore, Qatar's main research funding council QNRF has designated Qatar University as one of the key stakeholders of its IT and cybersecurity objective. Therefore, Qatar offers exciting opportunities for UK-based researchers to develop collaboration and seek funding from funders such as QNRF. UK-based researchers offer cutting-edge research and education expertise. For instance, UK has a number of leading experts on various aspects of cybersecurity who can help develop human resource and technical infrastructure for cybersecurity in Qatar. Furthermore, UK universities such as the Open University has a wealth of experience in public engagement and mass education to help improve the public awareness about cybersecurity issues. The themes of the workshop will centre around the multidisciplinary research on cybersecurity and the development of educational tools for increasing cybersecurity competence. The workshop will also give opportunities for exchanging national experiences about tackling cybercrimes. For instance, there are several public initiatives in UK for public safety online, such as GetSafeOnline and Cyber Emergency Readiness Team (Cert).

Publications

The Case for Adaptive Security Interventions (2022-01)
Rauf, Irum; Petre, Marian; Tun, Thein; Lopez, Tamara; Lunn, Paul; Van der Linden, Dirk; Towse, John; Sharp, Helen; Levine, Mark; Rashid, Awais and Nuseibeh, Bashar
ACM Transactions on Software Engineering and Methodology, 31, Article 9(1)

Security Responses in Software Development (2022)
Lopez, Tamara; Sharp, Helen; Thein, Tun; Bandara, Arosha; Levine, Mark and Nuseibeh, Bashar
ACM Transactions on Software Engineering and Methodology ((Early Access))

Taking the Middle Path: Learning about Security Through Online Social Interaction (2020-01-01)
Lopez, Tamara; Tun, Thein; Bandara, Arosha; Levine, Mark; Nuseibeh, Bashar and Sharp, Helen
IEEE Software, 37(1) (pp. 25-30)

Text Filtering and Ranking for Security Bug Report Prediction (2019-06-01)
Peters, Fayola; Tun, Thein; Yu, Yijun and Nuseibeh, Bashar
IEEE Transactions on Software Engineering, 45(6) (pp. 615-631)

Feature-driven Mediator Synthesis: Supporting Collaborative Security in the Internet of Things (2018-07-18)
Bennaceur, Amel; Tun, Thein Than; Bandara, Arosha K.; Yu, Yijun and Nuseibeh, Bashar
ACM Transactions on Cyber-Physical Systems, 2, Article 21(3)

Automated analysis of security requirements through risk-based argumentation (2015-08)
Yu, Yijun; Franqueira, Virginia N. L.; Tun, Thein; Wieringa, Roel J. and Nuseibeh, Bashar
Journal of Systems and Software, 106 (pp. 102-116)

“Why can’t I do that?”: tracing adaptive security decisions (2015-01)
Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled M. and Nuseibeh, Bashar
EAI Endorsed Transactions on Self-Adaptive Systems, 1, Article e2(1)

Evolution of security engineering artifacts: a state of the art survey (2014)
Felderer, Michael; Katt, Basel; Kalb, Philipp; Jürjens, Jan; Ochoa, Martín; Paci, Federica; Tran, Le Minh Sang; Tun, Thein; Yskout, Koen; Scandariato, Riccardo; Piessens, Frank; Vanoverberghe, Dries; Fourneret, Elizabeta; Gander, Matthias; Solhaug, Bjørnar and Breu, Ruth
International Journal of Secure Software Engineering, 5(4) (pp. 48-98)

Separation of concerns in feature diagram languages: a systematic survey (2013-08)
Hubaux, Arnaud; Tun, Thein Than and Heymans, Patrick
ACM Computing Surveys, 45, Article 51(4)

Specifying software features for composition: a tool-supported approach (2013)
Tun, Thein; Laney, Robin; Yu, Yijun and Nuseibeh, Bashar
Computer Networks, 57(12) (pp. 2454-2464)

Specifying features of an evolving software system (2009-08-10)
Tun, Thein Than; Trew, Tim; Jackson, Michael; Laney, Robin and Nuseibeh, Bashar
Software: Practice and Experience, 39(11) (pp. 973-1002)

Requirements Engineering (2019-02-25)
Bennaceur, Amel; Tun, Thein Than; Yu, Yijun and Nuseibeh, Bashar
In: Cha, Sungdeok (Steve); Taylor, Richard N. and Kang, Kyo C. eds. Handbook of Software Engineering (pp. 51-92)
ISBN : 978-3-030-00261-9 | Publisher : Springer

Aspect interactions: a requirements engineering perspective (2013-10-31)
Tun, Thein; Yu, Yijun; Jackson, Michael; Laney, Robin and Nuseibeh, Bashar
In: Moreira, Ana; Chitchyan, Ruzanna; Araujo, João and Rashid, Awais eds. Aspect-Oriented Requirements Engineering (pp. 271-286)
ISBN : 978-3-642-38639-8 | Publisher : Springer | Published : Heidelberg

Maintaining security requirements of software systems using evolving crosscutting dependencies (2013)
Saleem, Saad Bin; Montrieux, Lionel; Yu, Yijun; Tun, Thein and Nuseibeh, Bashar
In: Chitchyan, Ruzanna; Moreira, Ana; Araujo, Joao and Rashid, Awais eds. Aspect Oriented Requirements Engineering
ISBN : 9783642386398 | Publisher : Springer

Separating concerns in feature models: retrospective and support for multi-views (2013)
Hubaux, Arnaud; Acher, Mathieu; Tun, Thein Than; Heymans, Patrick; Collet, Philippe and Lahire, Philippe
In: Reinhartz-Berger, Iris; Sturm, Arnon; Clark, Tony; Cohen, Sholom and Bettin, Jorn eds. Domain Engineering: Product Lines, Languages, and Conceptual Models (pp. 3-28)
ISBN : 978-3-642-36653-6 | Publisher : Springer | Published : Berlin

Security patterns: comparing modeling approaches (2010-10)
Bandara, Arosha; Shinpei, Hayashi; Jurjens, Jan; Kaiya, Haruhiko; Kubo, Atsuto; Laney, Robin; Mouratidis, Haris; Nhlabatsi, Armstrong; Nuseibeh, Bashar; Tahara, Yasuyuki; Tun, Thein; Washizaki, Hironori; Yoshioka, Nobukazi and Yu, Yijun
In: Mouratidis, Haris ed. Software Engineering for Secure Systems: Industrial and Research Perspectives (pp. 75-111)
ISBN : 9781615208371 | Publisher : IGI Global | Published : Hershey, PA

Developer requirements in the PF approach (2006)
Tun, Thein and Hall, Jon G.
In: Proceedings of the 2006 international workshop on Advances and applications of problem frames (pp. 87-90)
ISBN : 1-59593-406-5 | Publisher : ACM Press | Published : New York

Security Thinking in Online Freelance Software Development (2023)
Rauf, Irum; Petre, Marian; Tun, Thein; Lopez, Tamara and Nuseibeh, Bashar
In : IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS) (14-20 May 2023, Melbourne, Australia)

Influences of developers' perspectives on their engagement with security in code (2022-05)
Rauf, Irum; Lopez, Tamara; Sharp, Helen; Petre, Marian; Tun, Thein; Levine, Mark; Towse, John; Linden, Dirk van der; Rashid, Awais and Nuseibeh, Bashar
In : 15th International Conference on Cooperative and Human Aspects of Software Engineering (CHASE) (CHASE 2022) (18-19 May 2022, USA) (pp. 86-95)

Schrödinger's security: opening the box on app developers' security rationale (2020-12-21)
van der Linden, Dirk; Anthonysamy, Pauline; Nuseibeh, Bashar; Tun, Thein Than; Petre, Marian; Levine, Mark; Towse, John and Rashid, Awais
In : 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE) (6-11 Jul 2020, Online) (pp. 149-160)

OASIS: Weakening User Obligations for Security-critical Systems (2020-10-09)
Tun, Thein Than; Bennaceur, Amel and Nuseibeh, Bashar
In : 28th IEEE International Requirements Engineering Conference (31 Aug - 4 Sep 2020) (pp. 113-124)

An Anatomy of Security Conversations in Stack Overflow (2019-08-15)
Lopez, Tamara; Tun, Thein; Bandara, Arosha; Levine, Mark; Nuseibeh, Bashar and Sharp, Helen
In : 41st ACM/IEEE International Conference on Software Engineering (25 May - 1 Jun 2019, Montréal, Canada) (pp. 31-40)

Talking about Security with Professional Developers (2019-05-28)
Lopez, Tamara; Sharp, Helen; Tun, Thein; Bandara, Arosha; Levine, Mark and Nuseibeh, Bashar
In : 7th International Workshop Series on Conducting Empirical Studies in Industry (CESSER-IP) (28 May 2019, Montréal, Canada)

Hopefully We Are Mostly Secure: Views on Secure Code in Professional Practice (2019-05-27)
Lopez, Tamara; Sharp, Helen; Tun, Thein; Bandara, Arosha; Levine, Mark and Nuseibeh, Bashar
In : 12th International Workshop on Cooperative and Human Aspects of Software Engineering (CHASE) (27 May 2019, Montréal, Canada) (pp. 61-68)

Requirements and Specifications for Adaptive Security: Concepts and Analysis (2018-05-28)
Tun, T. T.; Yang, M.; Bandara, A. K.; Yu, Y.; Nhlabatsi, A.; Khan, N.; Khan, K. M. and Nuseibeh, B.
In : 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (28-29 May 2018, Gothenburg, Sweden) (pp. 161-171)

Agree to Disagree: Security Requirements Are Different, But Mechanisms For Security Adaptation Are Not (2018-05-28)
Tun, Thein and Bennaceur, Amel
In : 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (28-29 May 2018, Gothenburg, Sweden) (pp. 194-195)

An Investigation of Security Conversations in Stack Overflow: Perceptions of Security and Community Involvement (2018)
Lopez, Tamara; Tun, Thein T.; Bandara, Arosha; Levine, Mark; Nuseibeh, Bashar and Sharp, Helen
In : First International Workshop on Security Awareness from Design to Deployment (SEAD'18) (27 May 2018, Gothenburg) (pp. 26-32)

Towards forensic-ready software systems (2018)
Pasquale, Liliana; Alrajeh, Dalal; Peersman, Claudia; Tun, Thein; Nuseibeh, Bashar and Rashid, Awais
In : 40th International Conference on Software Engineering: New Ideas and Emerging Results (27 May 2018, Gothenburg, Sweden) (pp. 9-12)

Snap Forensics: A Tradeoff between Ephemeral Intelligence and Persistent Evidence Collection (2017-09-04)
Yu, Yijun and Tun, Thein
In : 1st International Workshop on Software Engineering and Digital Forensics (4 Sep 2017, Padeborn, Germany) (pp. 10-11)

Verifiable Limited Disclosure: Reporting and Handling Digital Evidence in Police Investigations (2016-09-12)
Tun, Thein; Price, Blaine; Bandara, Arosha; Yu, Yijun and Nuseibeh, Bashar
In : iRENIC: 1st International Workshop on Requirements Engineering for Investigating and Countering Crime (12 Sep 2016, Beijing, China)

Managing security control assumptions using causal traceability (2015-07-17)
Nhlabatsi, Armstrong; Yu, Yijun; Zisman, Andrea; Tun, Thein; Khan, Niamul; Bandara, Arosha; Khan, Khaled and Nuseibeh, Bashar
In : 8th International Symposium on Software and Systems Traceability (SST 2015) (17 Jul 2015, Florence, Italy)

The Role of Environmental Assumptions in Failures of DNA Nanosystems (2015-05)
Tun, Thein; Lutz, Robyn; Nakayama, Brian; Yu, Yijun; Mathur, Divita and Nuseibeh, Bashar
In : International Workshop on Complex Faults and Failures in Large Software Systems (COUFLESS) (23 May 2015, Florence, Italy) (pp. 27-33)

Towards explaining rebuttals in security arguments (2014-12-10)
Yu, Yijun; Piwek, Paul; Tun, Thein Than and Nuseibeh, Bashar
In : 14th Workshop on Computational Models of Natural Argument (10 Dec 2014, Krakow, Poland)

Traceability for adaptive information security in the cloud (2014-06-27)
Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled and Nuseibeh, Bashar
In : 7th IEEE International Conference on Cloud Computing (27 Jun - 2 Jul 2014, Alaska, USA) (pp. 958-959)

Requirements-driven mediation for collaborative security (2014)
Bennaceur, Amel; Bandara, Arosha; Jackson, Michael; Liu, Wei; Montrieux, Lionel; Tun, Thein; Yu, Yijun and Nuseibeh, Bashar
In : SEAMS'14 - The 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (2-3 Jun 2014, Hyderabad)

From model-driven software development processes to problem diagnoses at runtime (2014)
Yu, Yijun; Tun, Thein Than; Bandara, Arosha K.; Zhang, Tian and Nuseibeh, Bashar
In : Dagstuhl Seminar 11481 (2011) (pp. 188-207)

Requirements-driven adaptive digital forensics (2013-07-15)
Pasquale, Liliana; Yu, Yijun; Salehie, Mazeiar; Cavallaro, Luca; Tun, Thein Than and Nuseibeh, Bashar
In : 21st IEEE Requirements Engineering Conference (15-19 Jul 2013, Rio de Janeiro, Brazil)

An aspect-oriented approach to relating security requirements and access control (2012-06)
Alebrahim, Azadeh; Tun, Thein Than; Yu, Yijun; Heisel, Maritta and Nuseibeh, Bashar
In : CAiSE'12 Forum (28 Jun 2012, Gdansk, Poland)

Privacy arguments: analysing selective disclosure requirements for mobile applications (2012)
Tun, Thein Than; Bandara, Arosha K.; Price, Blaine A.; Yu, Yijun; Haley, Charles; Omoronyia, Inah and Nuseibeh, Bashar
In : 20th IEEE International Requirements Engineering Conference (24-28 Sep 2012, Chicago, Illinois) (pp. 131-140)

Specifying and detecting meaningful changes in programs (2011-11-06)
Yu, Yijun; Tun, Thein and Nuseibeh, Bashar
In : 26th IEEE/ACM International Conference On Automated Software Engineering (6-10 Nov 2011, Lawrence, Kansas, USA) (pp. 273-282)

Towards learning to detect meaningful changes in software (2011-11)
Yu, Yijun; Bandara, Arosha; Tun, Thein Than and Nuseibeh, Bashar
In : Proceedings of the International Workshop on Machine Learning Technologies in Software Engineering (12 Nov 2011, Lawrence, Kansas) (pp. 51-54)

SeCMER: a tool to gain control of security requirements Evolution (2011-10-26)
Bergmann, Gábor; Massacci, Fabio; Paci, Federica; Tun, Thein; Varró, Dániel and Yu, Yijun
In : ServiceWave 2011 (26-28 Oct 2011, Poznan, Poland) (pp. 321-322)

Towards agile security risk management in RE and beyond (2011-09)
Franqueira, Virginia N. L.; Bakalova, Zornitza; Tun, Thein Than and Daneva, Maya
In : International Workshop on Empirical Requirements Engineering (30 Aug 2011, Trento, Italy) (pp. 33-36)

Risk and argument: a risk-based argumentation method for practical security (2011-08-29)
Franqueira, Virginia Nunes Leas; Tun, Thein Than; Yu, Yijun; Wieringa, Roel and Nuseibeh, Bashar
In : 19th IEEE International Conference on Requirements Engineering (29 Aug - 2 Sep 2011, Trento, Italy) (pp. 239-248)

OpenArgue: supporting argumentation to evolve secure software systems (2011-08-29)
Yu, Yijun; Tun, Thein; Tedeschi, Alessandra; Franqueira, Virginia N. L. and Nuseibeh, Bashar
In : 19th IEEE International Requirements Engineering Conference (29 Aug - 02 Sep 2011) (pp. 351-352)

An extended ontology for security requirements (2011-06-20)
Massacci, Fabio; Mylopoulos, John; Paci, Federica; Tun, Thein and Yu, Yijun
In : International Workshop on Information Systems Security Engineering (20-24 Jun 2011) (pp. 622-636)

Miki: a wiki for synchronous modeling of software requirements (2011)
Yu, Yijun; Petre, Marian and Tun, Thein Than
In : 4th FlexiTools workshop @ ICSE 2011 (22 May 2011, Waikiki, Honolulu, Hawaii)

A tool for managing evolving security requirements (2011)
Bergmann, Gábor; Massacci, Fabio; Paci, Federica; Tun, Thein; Varró, Dániel and Yu, Yijun
In : CAiSE Forum (22-24 Jun 2011, London) (pp. 49-56)

Model-Based argument analysis for evolving security requirements (2010-06-09)
Tun, Thein Than; Yu, Yijun; Haley, C. and Nuseibeh, B.
In : Fourth International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2010 (9-11 Sep 2010, Singapore) (pp. 88-97)

An NFR pattern approach to dealing with NFRs (2010)
Supakkul, Sam; Hill, Tom; Chung, Lawrence; Tun, Thein Than and do Prado Leite, Julio Cesar Sampaio
In : 18th IEEE International Requirements Engineering Conference (27 Sep - 1 Oct 2010, Sydney, Australia) (pp. 179-188)

Are your lights off? Using problem frames to diagnose system failures (2009-08)
Tun, Thein; Jackson, Michael; Laney, Robin; Nuseibeh, Bashar and Yu, Yijun
In : 17th IEEE International Requirements Engineering Conference (31 Aug - 4 Sep 2009, Atlanta, Georgia, USA)

A framework for developing feature-rich software systems (2009)
Tun, Thein; Chapman, Rod; Haley, Charles; Laney, Robin and Nuseibeh, Bashar
In : 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS 2009) (14-16 Apr 2009, San Francisco, California, USA)

Towards safer composition (2009)
Classen, Andreas; Heymans, Patrick; Tun, Thein and Nuseibeh, Bashar
In : 31st International Conference on Software Engineering (16-24 May 2009, Vancouver, BC) (pp. 227-230)

Relating requirements and feature configurations: a systematic approach (2009)
Tun, Thein; Boucher, Quentin; Classen, Andreas; Hubaux, Arnaud and Heymans, Patrick
In : Proceedings of the 13th International Software Product Line Conference (24-28 Aug 2009, Carnegie Mellon University Pittsburgh, PA, USA) (pp. 201-210)

Early identification of problem interactions: A tool-supported approach (2009)
Tun, Thein Than; Yu, Yijun; Laney, Robin and Nuseibeh, Bashar
(pp. 74-88)

Concerns and their separation in feature diagram languages: An informal survey (2009)
Tun, Thein and Heymans, Patrick
In : Workshop on Scalable Modelling Techniques for Software Product Lines (24 Aug 2009, San Francisco, CA, USA)

Using the event calculus to reason about problem diagrams (2008)
Classen, Andreas; Laney, Robin; Tun, Thein Than; Heymans, Patrick and Hubaux, Arnaud
In : Proceedings of the 3rd international workshop on applications and advances of problem frames (May 2008, Leipzig, Germany)

3rd international workshop on advances and applications of problem frames (2008)
Tun, Thein Than; Hall, Jon G.; Rapanotti, Lucia; Cox, Karl and Jin, Zhi
In : International Conference on Software Engineering (10 May 2008, Leipzig, Germany) (pp. 1029-1030)

On the structure of problem variability: From feature diagrams to problem frames (2007-01)
Classen, Andreas; Heymans, Patrick; Laney, Robin; Nuseibeh, Bashar and Tun, Thein Than
In : Proceedings of International workshop on Variability Modeling of Software-intensive Systems (16-18 Jan 2007, Limerick, Ireland) (pp. 109-118)

Using problem descriptions to represent variabilities for context-aware applications (2007-01)
Salifu, Mohammed; Nuseibeh, Bashar; Rapanotti, Lucia and Tun, Thein Than
In : Proceedings of 1st International workshop on Variability Modeling of Software-intensive Systems (VaMoS 2007) (16-18 Jan 2007, Limerick, Ireland) (pp. 149-156)

Composing features by managing inconsistent requirements (2007)
Laney, Robin; Tun, Thein Than; Jackson, Michael and Nuseibeh, Bashar
In : Proceedings of 9th International Conference on Feature Interactions in Software and Communication Systems (ICFI 2007) (3-5 Sep 2007, Grenoble, France) (pp. 141-156)