Skip to content

Toggle service links

You are here

  1. Home
  2. Dr Thein Tun

Dr Thein Tun

Profile summary

  • Research Staff
  • Research Associate
  • Faculty of Science, Technology, Engineering & Mathematics
  • School of Computing & Communications
  • thein.tun

Research Activity

Research groups

NameTypeParent Unit
CRC: Software Engineering and DesignGroupFaculty of Mathematics, Computing and Technology


Externally funded projects

Why Johnny doesn’t write secure software? Secure Software Development by the Masses

RoleStart dateEnd dateFunding source
Co-investigator01/Jan/201731/Dec/2019EPSRC (Engineering and Physical Sciences Research Council)
Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. Mobile and web app development and easy to program hardware devices, such as Arduino and Raspberry Pi, have resulted in a wide range of people from diverse backgrounds developing software. Such software can be, and is, used by a potentially global user base. But what are the security implications of such software development by ‘the masses’. Are we moving toward a ‘wild west’ in which a diversity of skills and motives in those developing software will affect its security? This diversity of developers is here to stay and is at the heart of a range of innovations in the digital economy. However, little is currently understood about the security behaviours and decision-making processes of the masses – Johnny – engaging in software development. Without such foundational understanding, we cannot hope to leverage a hitherto untapped resource, Johnny, in developing resilient software that is used by millions around the world. From this foundation, we can consider the implications of their assumptions and design choices and provide new tools and techniques to support them. Such foundational research and advances are the focus of this proposal.

A Roadmap of Research in Cybersecurity: An interdisciplinary perspective

RoleStart dateEnd dateFunding source
Lead15/Mar/201514/Mar/2017British Council
Cybersecurity is a growing international issue that affects citizens and institutions around the world. Although it is a software problem at the heart of it, there are several important facets of it that are related to human psychology, statistics, and natural language analysis. As Qatar moves towards knowledge economy, the need for developing human and technological resources in IT and cybersecurity will become increasingly important. This workshop will bring together UK-based and Qatar-based researchers and educators to explore opportunities for research collaboration and education in cybersecurity. Currently, Qatar spends around 3 percent of its GDP on research, and a significant part of it is devoted to IT and cybersecurity. Furthermore, Qatar's main research funding council QNRF has designated Qatar University as one of the key stakeholders of its IT and cybersecurity objective. Therefore, Qatar offers exciting opportunities for UK-based researchers to develop collaboration and seek funding from funders such as QNRF. UK-based researchers offer cutting-edge research and education expertise. For instance, UK has a number of leading experts on various aspects of cybersecurity who can help develop human resource and technical infrastructure for cybersecurity in Qatar. Furthermore, UK universities such as the Open University has a wealth of experience in public engagement and mass education to help improve the public awareness about cybersecurity issues. The themes of the workshop will centre around the multidisciplinary research on cybersecurity and the development of educational tools for increasing cybersecurity competence. The workshop will also give opportunities for exchanging national experiences about tackling cybercrimes. For instance, there are several public initiatives in UK for public safety online, such as GetSafeOnline and Cyber Emergency Readiness Team (Cert).


Automated analysis of security requirements through risk-based argumentation (2015-08)
Yu, Yijun; Franqueira, Virginia N. L.; Tun, Thein; Wieringa, Roel J. and Nuseibeh, Bashar
Journal of Systems and Software, 106 (pp. 102-116)
“Why can’t I do that?”: tracing adaptive security decisions (2015-01)
Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled M. and Nuseibeh, Bashar
EAI Endorsed Transactions on Self-Adaptive Systems, 1, Article e2(1)
Evolution of security engineering artifacts: a state of the art survey (2014)
Felderer, Michael; Katt, Basel; Kalb, Philipp; Jürjens, Jan; Ochoa, Martín; Paci, Federica; Tran, Le Minh Sang; Tun, Thein; Yskout, Koen; Scandariato, Riccardo; Piessens, Frank; Vanoverberghe, Dries; Fourneret, Elizabeta; Gander, Matthias; Solhaug, Bjørnar and Breu, Ruth
International Journal of Secure Software Engineering, 5(4) (pp. 48-98)
Separation of concerns in feature diagram languages: a systematic survey (2013-08)
Hubaux, Arnaud; Tun, Thein Than and Heymans, Patrick
ACM Computing Surveys, 45, Article 51(4)
Specifying software features for composition: a tool-supported approach (2013)
Tun, Thein; Laney, Robin; Yu, Yijun and Nuseibeh, Bashar
Computer Networks, 57(12) (pp. 2454-2464)
Specifying features of an evolving software system (2009-08-10)
Tun, Thein Than; Trew, Tim; Jackson, Michael; Laney, Robin and Nuseibeh, Bashar
Software: Practice and Experience, 39(11) (pp. 973-1002)
From model-driven software development processes to problem diagnoses at runtime (2014)
Yu, Yijun; Tun, Thein Than; Bandara, Arosha K.; Zhang, Tian and Nuseibeh, Bashar
In: Bencome, Nelly; France, Robert; Cheng, Betty H.C. and Aßmann, Uwe eds. Models@run.time -- Foundations, Applications, and Roadmaps. Lecture Notes in Computer Science (8378) (pp. 188-207)
ISBN : 978-3-319-08914-0 | Publisher : Springer International Publishing | Published : Cham
Aspect interactions: a requirements engineering perspective (2013-10-31)
Tun, Thein; Yu, Yijun; Jackson, Michael; Laney, Robin and Nuseibeh, Bashar
In: Moreira, Ana; Chitchyan, Ruzanna; Araujo, João and Rashid, Awais eds. Aspect-Oriented Requirements Engineering (pp. 271-286)
ISBN : 978-3-642-38639-8 | Publisher : Springer | Published : Heidelberg
Maintaining security requirements of software systems using evolving crosscutting dependencies (2013)
Saleem, Saad Bin; Montrieux, Lionel; Yu, Yijun; Tun, Thein and Nuseibeh, Bashar
In: Chitchyan, Ruzanna; Moreira, Ana; Araujo, Joao and Rashid, Awais eds. Aspect Oriented Requirements Engineering
ISBN : 9783642386398 | Publisher : Springer
Separating concerns in feature models: retrospective and support for multi-views (2013)
Hubaux, Arnaud; Acher, Mathieu; Tun, Thein Than; Heymans, Patrick; Collet, Philippe and Lahire, Philippe
In: Reinhartz-Berger, Iris; Sturm, Arnon; Clark, Tony; Cohen, Sholom and Bettin, Jorn eds. Domain Engineering: Product Lines, Languages, and Conceptual Models (pp. 3-28)
ISBN : 978-3-642-36653-6 | Publisher : Springer | Published : Berlin
Security patterns: comparing modeling approaches (2010-10)
Bandara, Arosha; Shinpei, Hayashi; Jurjens, Jan; Kaiya, Haruhiko; Kubo, Atsuto; Laney, Robin; Mouratidis, Haris; Nhlabatsi, Armstrong; Nuseibeh, Bashar; Tahara, Yasuyuki; Tun, Thein; Washizaki, Hironori; Yoshioka, Nobukazi and Yu, Yijun
In: Mouratidis, Haris ed. Software Engineering for Secure Systems: Industrial and Research Perspectives (pp. 75-111)
ISBN : 9781615208371 | Publisher : IGI Global | Published : Hershey, PA
Early identification of problem interactions: A tool-supported approach (2009)
Tun, Thein Than; Yu, Yijun; Laney, Robin and Nuseibeh, Bashar
In: Glinz, Martin and Heymans, Patrick eds. Requirements Engineering: Foundation for Software Quality, 15th International Working Conference. Lecture Notes in Computer Science (5512) (pp. 74-88)
ISBN : 9783642020490 | Publisher : Springer Verlag | Published : Germany
Developer requirements in the PF approach (2006)
Tun, Thein and Hall, Jon G.
In: Proceedings of the 2006 international workshop on Advances and applications of problem frames (pp. 87-90)
ISBN : 1-59593-406-5 | Publisher : ACM Press | Published : New York
Snap Forensics: A Tradeoff between Ephemeral Intelligence and Persistent Evidence Collection (2017-09-04)
Yu, Yijun and Tun, Thein
In : 1st International Workshop on Software Engineering and Digital Forensics (4 September, 2017, Padeborn, Germany)
Verifiable Limited Disclosure: Reporting and Handling Digital Evidence in Police Investigations (2016-09-12)
Tun, Thein; Price, Blaine; Bandara, Arosha; Yu, Yijun and Nuseibeh, Bashar
In : iRENIC: 1st International Workshop on Requirements Engineering for Investigating and Countering Crime (12th September 2016, Beijing, China)
Managing security control assumptions using causal traceability (2015-07-17)
Nhlabatsi, Armstrong; Yu, Yijun; Zisman, Andrea; Tun, Thein; Khan, Niamul; Bandara, Arosha; Khan, Khaled and Nuseibeh, Bashar
In : 8th International Symposium on Software and Systems Traceability (SST 2015) (17 July 2015, Florence, Italy)
The Role of Environmental Assumptions in Failures of DNA Nanosystems (2015-05)
Tun, Thein; Lutz, Robyn; Nakayama, Brian; Yu, Yijun; Mathur, Divita and Nuseibeh, Bashar
In : International Workshop on Complex Faults and Failures in Large Software Systems (COUFLESS) (23 May 2015, Florence, Italy) (pp. 27-33)
Towards explaining rebuttals in security arguments (2014-12-10)
Yu, Yijun; Piwek, Paul; Tun, Thein Than and Nuseibeh, Bashar
In : 14th Workshop on Computational Models of Natural Argument (10 December 2014, Krakow, Poland)
Traceability for adaptive information security in the cloud (2014-06-27)
Nhlabatsi, Armstrong; Tun, Thein; Khan, Niamul; Yu, Yijun; Bandara, Arosha; Khan, Khaled and Nuseibeh, Bashar
In : 7th IEEE International Conference on Cloud Computing (27 June - 2 July 2014, Alaska, USA) (pp. 958-959)
Requirements-driven mediation for collaborative security (2014)
Bennaceur, Amel; Bandara, Arosha; Jackson, Michael; Liu, Wei; Montrieux, Lionel; Tun, Thein; Yu, Yijun and Nuseibeh, Bashar
In : SEAMS'14 - The 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (2-3 June 2014, Hyderabad)
Requirements-driven adaptive digital forensics (2013-07-15)
Pasquale, Liliana; Yu, Yijun; Salehie, Mazeiar; Cavallaro, Luca; Tun, Thein Than and Nuseibeh, Bashar
In : 21st IEEE Requirements Engineering Conference (15-19 July, 2013, Rio de Janeiro, Brazil)
An aspect-oriented approach to relating security requirements and access control (2012-06)
Alebrahim, Azadeh; Tun, Thein Than; Yu, Yijun; Heisel, Maritta and Nuseibeh, Bashar
In : CAiSE'12 Forum (28 June 2012, Gdansk, Poland)
Privacy arguments: analysing selective disclosure requirements for mobile applications (2012)
Tun, Thein Than; Bandara, Arosha K.; Price, Blaine A.; Yu, Yijun; Haley, Charles; Omoronyia, Inah and Nuseibeh, Bashar
In : 20th IEEE International Requirements Engineering Conference (24-28 September 2012 , Chicago, Illinois) (pp. 131-140)
Specifying and detecting meaningful changes in programs (2011-11-06)
Yu, Yijun; Tun, Thein and Nuseibeh, Bashar
In : 26th IEEE/ACM International Conference On Automated Software Engineering (6-10 Nov 2011, Lawrence, Kansas, USA ) (pp. 273-282)
Towards learning to detect meaningful changes in software (2011-11)
Yu, Yijun; Bandara, Arosha; Tun, Thein Than and Nuseibeh, Bashar
In : Proceedings of the International Workshop on Machine Learning Technologies in Software Engineering (12 November 2011, Lawrence, Kansas) (pp. 51-54)
SeCMER: a tool to gain control of security requirements Evolution (2011-10-26)
Bergmann, Gábor; Massacci, Fabio; Paci, Federica; Tun, Thein; Varró, Dániel and Yu, Yijun
In : ServiceWave 2011 (26-28 Oct 2011, Poznan, Poland) (pp. 321-322)
Towards agile security risk management in RE and beyond (2011-09)
Franqueira, Virginia N. L.; Bakalova, Zornitza; Tun, Thein Than and Daneva, Maya
In : International Workshop on Empirical Requirements Engineering (30 August 2011, Trento, Italy) (pp. 33-36)
Risk and argument: a risk-based argumentation method for practical security (2011-08-29)
Franqueira, Virginia Nunes Leas; Tun, Thein Than; Yu, Yijun; Wieringa, Roel and Nuseibeh, Bashar
In : 19th IEEE International Conference on Requirements Engineering (29 Aug - 2 Sep 2011, Trento, Italy) (pp. 239-248)
OpenArgue: supporting argumentation to evolve secure software systems (2011-08-29)
Yu, Yijun; Tun, Thein; Tedeschi, Alessandra; Franqueira, Virginia N. L. and Nuseibeh, Bashar
In : 19th IEEE International Requirements Engineering Conference (29 Aug - 02 Sep 2011 ) (pp. 351-352)
An extended ontology for security requirements (2011-06-20)
Massacci, Fabio; Mylopoulos, John; Paci, Federica; Tun, Thein and Yu, Yijun
In : International Workshop on Information Systems Security Engineering (20-24 June 2011) (pp. 622-636)
Miki: a wiki for synchronous modeling of software requirements (2011)
Yu, Yijun; Petre, Marian and Tun, Thein Than
In : 4th FlexiTools workshop @ ICSE 2011 (22 May 2011, Waikiki, Honolulu, Hawaii)
A tool for managing evolving security requirements (2011)
Bergmann, Gábor; Massacci, Fabio; Paci, Federica; Tun, Thein; Varró, Dániel and Yu, Yijun
In : CAiSE Forum (22-24 June 2011, London) (pp. 49-56)
Model-Based argument analysis for evolving security requirements (2010-06-09)
Tun, Thein Than; Yu, Yijun; Haley, C. and Nuseibeh, B.
In : Fourth International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2010 (9-11 September 2010, Singapore) (pp. 88-97)
An NFR pattern approach to dealing with NFRs (2010)
Supakkul, Sam; Hill, Tom; Chung, Lawrence; Tun, Thein Than and do Prado Leite, Julio Cesar Sampaio
In : 18th IEEE International Requirements Engineering Conference (27 Sep - 1 Oct 2010, Sydney, Australia) (pp. 179-188)
Are your lights off? Using problem frames to diagnose system failures (2009-08)
Tun, Thein; Jackson, Michael; Laney, Robin; Nuseibeh, Bashar and Yu, Yijun
In : 17th IEEE International Requirements Engineering Conference (31 August - 4 September 2009, Atlanta, Georgia, USA)
A framework for developing feature-rich software systems (2009)
Tun, Thein; Chapman, Rod; Haley, Charles; Laney, Robin and Nuseibeh, Bashar
In : 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS 2009) (14-16 April 2009, San Francisco, California, USA)
Towards safer composition (2009)
Classen, Andreas; Heymans, Patrick; Tun, Thein and Nuseibeh, Bashar
In : 31st International Conference on Software Engineering (16-24 May 2009, Vancouver, BC) (pp. 227-230)
Relating requirements and feature configurations: a systematic approach (2009)
Tun, Thein; Boucher, Quentin; Classen, Andreas; Hubaux, Arnaud and Heymans, Patrick
In : Proceedings of the 13th International Software Product Line Conference (24-28 Aug 2009, Carnegie Mellon University Pittsburgh, PA, USA) (pp. 201-210)
Concerns and their separation in feature diagram languages: An informal survey (2009)
Tun, Thein and Heymans, Patrick
In : Workshop on Scalable Modelling Techniques for Software Product Lines (August 24, 2009, San Francisco, CA, USA)
Using the event calculus to reason about problem diagrams (2008)
Classen, Andreas; Laney, Robin; Tun, Thein Than; Heymans, Patrick and Hubaux, Arnaud
In : Proceedings of the 3rd international workshop on applications and advances of problem frames (May 2008, Leipzig, Germany)
3rd international workshop on advances and applications of problem frames (2008)
Tun, Thein Than; Hall, Jon G.; Rapanotti, Lucia; Cox, Karl and Jin, Zhi
In : International Conference on Software Engineering (10 May 2008, Leipzig, Germany) (pp. 1029-1030)
On the structure of problem variability: From feature diagrams to problem frames (2007-01)
Classen, Andreas; Heymans, Patrick; Laney, Robin; Nuseibeh, Bashar and Tun, Thein Than
In : Proceedings of International workshop on Variability Modeling of Software-intensive Systems (16-18 January 2007, Limerick, Ireland) (pp. 109-118)
Using problem descriptions to represent variabilities for context-aware applications (2007-01)
Salifu, Mohammed; Nuseibeh, Bashar; Rapanotti, Lucia and Tun, Thein Than
In : Proceedings of 1st International workshop on Variability Modeling of Software-intensive Systems (VaMoS 2007) (16-18 Jan 2007, Limerick, Ireland) (pp. 149-156)
Composing features by managing inconsistent requirements (2007)
Laney, Robin; Tun, Thein Than; Jackson, Michael and Nuseibeh, Bashar
In : Proceedings of 9th International Conference on Feature Interactions in Software and Communication Systems (ICFI 2007) (3-5 September 2007, Grenoble, France) (pp. 141-156)

Meet our Academics

Head and shoulders of male OU academic

In addition to teaching on Open University modules our academics are engaged in ground breaking research that benefits individuals and society.

Request your prospectus

Request a prospectus icon

Explore our qualifications and courses by requesting one of our prospectuses today.

Request prospectus

Are you already an OU student?

Go to StudentHome