Risks in High-Tech Systems: Models, Methods, Data & Tools

Would it not be great to live in a world where computers never crash, trains always ride and banks are never hacked?

This is the ultimate goal of risk management. In FMT, we work on the risk analysis phase, where one identifies, evaluates and prioritizes risks, to come up with (cost-) effective countermeasures. We use a wide variety of techniques: novel algorithms and data structures, new risk models and visualization techniques. We offer both theoretical projects and applied projects with companies.


Related Modules

Available Project Proposals

The topic of Risks in High-Tech Systems: Models, Methods, Data & Tools encompasses the following:

If you are interested in the general topic of Risks in High-Tech Systems: Models, Methods, Data & Tools, or if have your own project idea related to the topic, please contact us directly. Alternatively, you can also work on one of the following concrete project proposals:

  • Risk Assessment of Water Supply Networks (Industrial case study)

    Supervisors: Moritz Hahn, Matthias Volk


    Water supply networks (WSN) are important systems to maintain because they are one of the fundamental needs for citizens. Therefore tools are needed to help us understand the reliability of such networks and manage their risks. When managing the maintenance of a WSN, an important challenge is to compute the number of households affected by closing sections for maintenance and failure of valves. Recent work introduced first algorithms to compute the number of affected household. However, more efficient algorithms which scale for large WSN are needed.


    In this research project, we aim to improve on existing works by using binary decision diagrams (BDD). BDD are a data structure used to efficiently represent Boolean functions. We aim to represent WSN by BDD and then calculate the number of affected households on the BDD.


    The task in to reach this goal are:

    1. Familiarizing with WSN, BDD and the existing algorithms tackling the problem.
    2. Developing an encoding of WSN in terms of BDDs by building on existing ideas.
    3. Implementing and optimizing the approach.
    4. Evaluating the approach on real-life networks.


    It is beneficial to have previous knowledge on BDD (but is not required).

  • A long awaited marriage: investigating safety/security interactions in real-world scenarios

    Supervisors: Stefano Maria Nicoletti, Christina Kolb

    The introduction and adoption of new technologies implies the rise of new risks, related both to accidental damage (safety) and to malicious attacks (security). Furthermore, safety and security are often intertwined: passwords protect medical data from unauthorized access but are an obstacle for patients' safety during emergencies, IoT sensors can help to monitor the pressure levels of a pipeline but may provide extended attack surfaces for malicious hackers.
    The existence of interdependencies between safety and security calls for a better (formal) understanding of this kind of interactions:

    • At what level do safety and security interact? What interacts with what?
    • Do these interactions regard requirements, countermeasures, factors (etc.)?


    The suggested tasks are the following:

    • Together with your supervisor, decide on a case study of interest and investigate how safety and security interact in this setting
    • Chose a formalism to analyse said case study (by discussing with your supervisors) and understand its modelling capabilities
    • Starting from the chosen case study, investigate which of the different interactions between safety and security are captured by the formalism of choice
    • Investigate at what level these interactions take place

    For this topic, you should have a strong interest in multidisciplinary research.

  • Improving the inference of risk models

    Supervisors: Lisandro A. Jimenez-Roa, Matthias Volk, Marijn Peppelman

    Risk models such as fault trees (FTs) are formalisms typically used in reliability engineering, safety, and risk analysis. A known drawback of FTs is the time-consuming manual construction of these models, making them prone to human errors and incompleteness. Thanks to the ever-increasing availability of inspection and monitoring data, the development of algorithms that take care of this task in a data-driven manner are possible.

    In [1] this challenge was tackled using multi-objective evolutionary algorithms, yielding compact and reliable FT models. Building upon this work, several interesting research directions are possible.

    Possible research directions

    • Bayesian multi-objective evolutionary algorithms: The current algorithm [1] takes a long time to converge when randomly applying genetic operators. One possible research direction is therefore to investigate to what extent knowledge about the models can be included to guide the genetic operators. One possibility is the inclusion of a Bayesian probability could improve the targeted use of genetic operators when inferring FT models.
    • Noisy and incomplete data sets: Current approaches only consider noise-free and complete failure data sets, which is of course not representative of real applications. Thus, it is interesting to investigate how to effectively deal and account for noise and incompleteness in failure data sets when inferring FT models in a data-driven manner.
    • Reinforcement Learning: Other approaches to infer fault tree models can be investigated. One promising approach is to use Reinforcement Learning (RL). RL is a sub-field of machine learning that addresses the problem of automating learning of optimal decisions over time. Literature in this direction is [2] where the authors used RL to discover the optimal architecture of Convolutional Neural Networks. The goal of this project is to construct a Q-learning agent that discovers the optimal and compact FT structure, encoding failure modes in a data-driven manner.


    [1] Jimenez-Roa, L. A., Heskes, T., Tinga, T., & Stoelinga, M. I. A. (2021). Automatic inference of fault tree models via multi-objective evolutionary algorithms. Manuscript available online.

    [2] Baker, B., Gupta, O., Naik, N., & Raskar, R. (2016). Designing neural network architectures using reinforcement learning. arXiv preprint arXiv:1611.02167.


    Most research directions encompass a prototypical implementation. It is therefore advisable to be familiar with the Python programing language.

  • Combining Fault Trees and Bayesian Networks

    Supervisors: Lisandro A. Jimenez-Roa, Matthias Volk

    Fault Tree (FT) models are formalisms typically used in reliability engineering, safety, and risk analysis. A known drawback of FTs is that they assume statistical independence between basic events. Nevertheless, in real engineering complex systems, it is common to have dependencies not only between components but also with environmental and operational conditions.

    Thus, the goal of this project is to investigate to what extend it is possible to deal with this limitation by making an interconnection with a Bayesian Network (BN). BN are probabilistic graphical models widely used to model dependencies between random variables. Useful literature in this direction is [1] and [2].

    General research question

    To what extend is it possible to account for dependencies of random variables via a Bayesian Network connected to the basic events of a Fault Tree model?


    [1] Thomas, S., & Groth, K. M. (2021). Toward a hybrid causal framework for autonomous vehicle safety analysis. Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, 1748006X211043310. https://doi.org/10.1177/1748006X211043310

    [2] Moradi, R., & Groth, K. M. (2020). Modernizing risk assessment: A systematic integration of PRA and PHM techniques. Reliability Engineering & System Safety, 204, 107194. https://doi.org/10.1016/j.ress.2020.107194


    • Learn about Bayesian Networks and Fault Trees
    • Investigate how to combine these models to account for statistical dependency
    • Implement the approach, for example as a Python script.


    It is advisable to have the following knowledge:

    • Knowledge in probability theory.
    • Knowing about Bayesian Networks is a plus.
    • Familiarity with the Python programming language.
  • Shortcomings of the Common Vulnerability Scoring System (CVSS): Prioritizing Vulnerability Response

    Keywords: Vulnerability, CVE, CVSS, Vulnerability Scoring System, Security, Applied research

    Topics: Risk in High Tech Systems, Case Studies and Applications, Security

    Committee: Jeroen van der HamErnst Moritz Hahn, Stefano Maria Nicoletti 

    Project Description:

    The correct prioritization of actions to take after the discovery of new vulnerabilities is a key step in vulnerability management, analysis, handling and response. For many organizations this translates into using the Common Vulnerability Scoring System (CVSS) as a priority guide, paying particular attention to the technical severity of each vulnerability. Unfortunately, CVSS scores and their re-adaptations share a number of  issues that may undermine the choice of CVSS as the only parameter for actions prioritization: among these, it has been shown [1] that a high CVSS score does not always translate to publicly released exploits for that vulnerability or to high frequency of exploitation.

    To address this issue, [2] proposes a testable Stakeholder-Specific Vulnerability Categorization (SSVC) based on decision trees. The authors argue that decisions are a more useful output than severity as different organizations can make different decisions on how to react to vulnerabilities based on their different priorities.

    Although promising, this strategy leaves the door open to further refinement, mainly due to its preliminary nature. In particular, more testing is needed in order to assess decision trees' reliability, i.e., “reliable means that two analysts, given the same vulnerability description and decision process description, will reach the same decision.” In order for the decision trees to be reliable, the methodology proposed in [2] should be repeated with different groups, from diverse backgrounds and experiences.


    The topic will be developed alongside the student, however suggested tasks are the following:

    1. Understand the capabilities of decision trees and the SSVC
    2. Get in touch with different analyst groups with a chosen vulnerability description and decision process description
    3. Assess the reliability of the proposed framework
    4. Highlight possible shortcomings and suggest possible improvements


    Interest in cybersecurity, vulnerability management and problem solving.

    What will you gain?

    You will gain an understanding of the Common Vulnerability Scoring System (CVSS), its flaws and potential solutions to address them.

    Curious? Please, feel free to contact us for further discussion, even if you are still undecided.


    [1] Allodi, Luca and Fabio Massacci. A Preliminary Analysis of Vulnerability Scores for Attacks in Wild: The EKITS and SYM Datasets. BADGERS’12, Oct 5, 2012, Raleigh, North Carolina, USA.

    [2] Spring, Jonathan M., et al. Prioritizing Vulnerability Response: A Stakeholder Specific Vulnerability Categorization. Carnegie-Mellon University Pittsburgh, Pittsburgh United States, 2019.

  • Visualization of risks

    Supervisor: Mariëlle Stoelinga

    Fault trees are a popular model in risk analysis: they describe how failures propagate from components to system level: system components are modelled as leaves of the tree, and gates (like AND, OR, priority-AND) in a fault tree model how failures propagate to the top of the tree, which represents that the system has failed.
    A wide number of techniques is available to analyse fault trees, both in a qualitative and in a quantitative way: cut sets, BDDs, probabilistic analysis, etc.
    The goal of this project is to visualize the outcomes of such analyses: while standard GUIs exist to draw fault trees, and to add the information needed for the analysis, this is not true for the outcomes of the analysis: presentation of the results is usually done via simple plots. This can be done much better and nicer!
    Hence, we would like to develop more sophisticated and interactive means to visualize a fault tree: various visualization tools and frameworks can be deployed here --- making fault tree analysis a joy to look at.


    Your tasks will include:

    • study fault tree models
    • investigate state-of-the-art visualization tools
    • implement a fault tree visualizer
  • Software fault trees

    Supervisor: Matthias Volk, Mariëlle Stoelinga

    Fault trees are an important formalism to assess the reliability of systems. Typically, they model how failures propagate from component failures to system level failures, via gates like AND and OR.

    Fault trees have been very successfully applied to complex hardware systems, like railroads or chemical plants. However, software is getting more and more important. Hence, software fault trees have been developed to account for software failures as well.

    Research directions:

    The key idea of this project is to find out how Software fault trees work, and how they perform. Possible research directions are:

    • Developing methods to estimate the failure rates for software components.
    • Developing methods to automatically create fault trees for software, for example by a translation from specification languages such as UML.