Professor of Risk Management for High-tech systems
How do we design our robots, nuclear plants, railway systems and heart monitors such that they are safe and reliable? How do we make sure that data centers and water supply systems are aways available?
I am developing quantitative risk assessments methods that ensure that the risks related to high tech systems lie within acceptable boundaries. I develop techniques to analyze, predict, improve reliability of complex systems, using fault trees, model-based testing, and architectural reliability modeling.
Technically, distinguishing feature of my techniques is compositionality: I derive risk profiles from a complex systems from component risk profiles, using powerful techniques from model checking. This makes life easy, flexible and fast.
Further, I am the director of Life Long Learning at EEMCS.
I also hold a 0.2 appointment as a full professor at the Radboud University Nijmegen.
Expertise
Computer Science
- Fault Tree
- Models
- Attack
- Model Checking
- model based testing
- Automaton
- Case Study
- Algorithms
Organisations
Ancillary activities
- Radboud UniversityFull professor (part-time)
- Schouten & Nelissen University of Applied SciencesAdvisory council Master Quality Management at Schouten & Nelissen
- PLANETARTSupervisory board PLANETART
- Nyenrode UniversityAdvisory council, Executive Insurance Program, Nyenrode
Publications
2025
Fuzzy Fault Trees: The Fast and the Formal (2025)[Contribution to conference › Paper] QEST+FORMATS 2025 (E-pub ahead of print/First online). Dang, T. K. N., Peterseim, B., Lopuhaä-Zwakenberg, M. & Stoelinga, M. I. A.https://doi.org/10.1007/978-3-032-05792-1_14Time for Quiescence: Modelling quiescent behaviour in testing via time-outs in timed automata (2025)[Working paper › Preprint]. ArXiv.org. Briones, L. B., Gerhold, M., van den Bos, P. & Stoelinga, M.https://doi.org/10.48550/arXiv.2507.18205BayesL: Towards a Logical Framework for Bayesian Networks (2025)[Working paper › Preprint]. ArXiv.org. Nicoletti, S. M. & Stoelinga, M.https://doi.org/10.48550/arXiv.2506.23773Querying Attack-Fault-Defense Trees: Property Specification in Smart Grid and Aerospace Case Studies (2025)[Working paper › Preprint]. ArXiv.org. Soltani, R., Nicoletti, S. M., Lopuhaä-Zwakenberg, M. & Stoelinga, M.https://doi.org/10.48550/arXiv.2506.23789Fuzzy Fault Trees: the Fast and the Formal (2025)[Working paper › Preprint]. ArXiv.org. Dang, T. K. N., Peterseim, B., Lopuhaä-Zwakenberg, M. & Stoelinga, M.https://doi.org/10.48550/arXiv.2507.02886WATCHDOG: an ontology-aWare risk AssessmenT approaCH via object-oriented DisruptiOn Graphs (2025)In Advanced Information Systems Engineering: 37th International Conference, CAiSE 2025, Vienna, Austria, June 16-20, 2025. Proceedings, Part II (pp. 314-331) (Lecture Notes in Computer Science; Vol. 15702 LNCS). Springer (E-pub ahead of print/First online). Nicoletti, S. M., Hahn, E. M., Fumagalli, M., Guizzardi, G. & Stoelinga, M.https://doi.org/10.1007/978-3-031-94571-7_18Conformance in the railway industry: Single-Input-Change testing a EULYNX controller (2025)International journal on software tools for technology transfer, 27(3), 377-395. Wal, D. v., Gerhold, M., Stoelinga, M. & Rensink, A.https://doi.org/10.1007/s10009-025-00790-5Optimal spare management via statistical model checking: a case study in research reactors (2025)International journal on software tools for technology transfer, 27(3), 361-376. Soltani, R., Volk, M., Diamonte, L., Lopuhaä-Zwakenberg, M. & Stoelinga, M.https://doi.org/10.1007/s10009-025-00791-4Safety and Security Risk Mitigation in Satellite Missions via Attack-Fault-Defense Trees (2025)[Working paper › Preprint]. ArXiv.org. Soltani, R., Diale, P., Lopuhaä-Zwakenberg, M. & Stoelinga, M.https://doi.org/10.48550/arXiv.2504.00988What is... the point?: Single-input-change testing a EULYNX controller (2025)[Thesis › PhD Thesis - Research UT, graduation UT]. University of Twente. van der Wal, D.https://doi.org/10.3990/1.9789036565042Supporting software for the paper: Conformance in the Railway Industry: Single-Input-Change Testing a EULYNX Controller (Extended Version) (2025)[Dataset Types › Dataset]. 4TU.Centre for Research Data. van der Wal, D., Gerhold, M., Rensink, A. & Stoelinga, M.https://doi.org/10.4121/49fe4e0a-a92a-4fd6-b567-9dd408ff9867Reliability and maintenance for engineering systems: Faulttrees, degradation modelling and maintenance optimisation (2025)[Thesis › PhD Thesis - Research UT, graduation UT]. University of Twente. Jimenez, L.https://doi.org/10.3990/1.9789036564076Modular Criticality Analysis for Dynamic Fault Trees (2025)In Principles of Verification: Cycling the Probabilistic Landscape: Essays Dedicated to Joost-Pieter Katoen on the Occasion of His 60th Birthday, Part III (pp. 274-293) (Lecture Notes in Computer Science; Vol. 15262). Springer. Sher, F., Stoelinga, M. & Volk, M.https://doi.org/10.1007/978-3-031-75778-5_13No Risk, No Fun: A Tutorial on Risk Management (2025)In Formal Methods: 26th International Symposium, FM 2024, Milan, Italy, September 9–13, 2024, Proceedings, Part II (pp. 447-468) (Lecture Notes in Computer Science; Vol. 14934). Springer. Stoelinga, M.https://doi.org/10.1007/978-3-031-71177-0_26With a little help from your friends: semi-cooperative games via Joker moves (2025)Logical methods in computer science, 21(1), 1-39. van den Bos, P. & Stoelinga, M.https://doi.org/10.46298/lmcs-21(1:26)2025
2024
Dodge: Ontology-Aware Risk Assessment via Object-Oriented Disruption Graphs (2024)[Working paper › Preprint]. ArXiv.org. Nicoletti, S. M., Hahn, E. M., Fumagalli, M., Guizzardi, G. & Stoelinga, M.https://doi.org/10.48550/arXiv.2412.13964How hard can it be? Quantifying MITRE attack campaigns with attack trees and cATM logic (experimental reproduction package) (2024)[Dataset Types › Dataset]. Zenodo. Nicoletti, S. M., Lopuhaä-Zwakenberg, M., Stoelinga, M., Massacci, F. & Budde, C. E.https://doi.org/10.5281/zenodo.14193935Principles of Verification: Cycling the Probabilistic Landscape - Essays Dedicated to Joost-Pieter Katoen on the Occasion of His 60th Birthday, Part III (2024)[Book/Report › Book editing]. Springer. Jansen, N., Junges, S., Kaminski, B. L., Matheja, C., Noll, T., Quatmann, T., Stoelinga, M. & Volk, M.https://doi.org/10.1007/978-3-031-75778-5Principles of Verification: Cycling the Probabilistic Landscape - Essays Dedicated to Joost-Pieter Katoen on the Occasion of His 60th Birthday, Part I (2024)[Book/Report › Book editing]. Springer. Jansen, N., Junges, S., Kaminski, B. L., Matheja, C., Noll, T., Quatmann, T., Stoelinga, M. & Volk, M.https://doi.org/10.1007/978-3-031-75783-9Principles of Verification: Cycling the Probabilistic Landscape - Essays Dedicated to Joost-Pieter Katoen on the Occasion of His 60th Birthday, Part II (2024)[Book/Report › Book editing]. Springer. Jansen, N., Junges, S., Kaminski, B. L., Matheja, C., Noll, T., Quatmann, T., Stoelinga, M. & Volk, M.https://doi.org/10.1007/978-3-031-75775-4Artifact for "Modular criticality analysis for dynamic fault trees" (2024)[Dataset Types › Dataset]. Zenodo. Sher, F., Stoelinga, M. & Volk, M.https://doi.org/10.5281/zenodo.13338380If a Tree Falls in the Forest: Risk Logics for Safety-Security Analysis (2024)[Thesis › PhD Thesis - Research UT, graduation UT]. University of Twente. Nicoletti, S. M.https://doi.org/10.3990/1.9789036563437Uomo Digitalis (2024)In Ongefilterde expertadviezen voor de digitale overheid (pp. 11-12). Ministerie BZK. Stoelinga, M. & Waser, J.How hard can it be?: Quantifying MITRE attack campaigns with attack trees and cATM logic (2024)[Working paper › Preprint]. ArXiv.org. Nicoletti, S. M., Lopuhaä-Zwakenberg, M., Stoelinga, M., Massacci, F. & Budde, C. E.https://doi.org/10.48550/arXiv.2410.06692Safety-Security Analysis via Attack-Fault-Defense Trees: Semantics and Cut Set Metrics (2024)In Computer Safety, Reliability, and Security: 43rd International Conference, SAFECOMP 2024, Florence, Italy, September 18–20, 2024, Proceedings (pp. 218-232) ( Lecture Notes in Computer Science; Vol. 14988). Springer. Soltani, R., Lopuhaä-Zwakenberg, M. & Stoelinga, M.https://doi.org/10.1007/978-3-031-68606-1_14
Research profiles
Affiliated study programs
Courses academic year 2025/2026
Courses in the current academic year are added at the moment they are finalised in the Osiris system. Therefore it is possible that the list is not yet complete for the whole academic year.
Courses academic year 2024/2025
Zorro: Engineering for Zero Downtime in Cyber-Physical Systems via Intelligent Diagnostics
- funded by NWO
- Collaboration between TNO-ESI, Saxion, VU
- See https://zorro-project.nl/
PrimaVera: Predictive Maintenance for Very effective asset management.
- funded by National Science Agenda
- See https://primavera-project.com/
CAESAR: Integrating Safety and Security through stochastic model checking
- funded by ERC Consolidator grant
FORMASIG:
- funded by ProRail and Deutsche Bahn
- Formal methods in railways signaling infrastructure standardisation processes
- https://www.utwente.nl/en/eemcs/fmt/research/projects/formasig/
SEQUOIA: Smart maintenance optimization via big data and fault tree analysis
In the press
- https://www.nu.nl/tech/6256732/gegevens-uit-je-smartwatch-zijn-een-goudmijn-voor-techbedrijven.html
- https://www.tubantia.nl/enschede/even-een-appje-achter-het-stuur-mij-gebeurt-niks-toch~adc31db4/
- https://www.tubantia.nl/enschede/verstrooide-professor-loopt-per-ongeluk-halve-marathon-in-enschede-mijn-man-belde-al-bijna-de-politie~a838c5e7/
Address
University of Twente
Zilverling (building no. 11), room 3063
Hallenweg 19
7522 NH Enschede
Netherlands
University of Twente
Zilverling 3063
P.O. Box 217
7500 AE Enschede
Netherlands
Scan the QR code or