Dr. Carmen Cheh

• Cyber-physical System Security
• Threat Modeling
• Critical Infrastructure Resilience

• 2026 – 2027 Intelligent and Accessible Threat Modelling, Principal Investigator
• 2023 – 2024 Integrative Threat Modeling, Risk Assessment, and Security Control Management for Government Settings, Co-Principal Investigator
• 2022 – 2025 Real-Time Deep Learning Networks for Fraud Detection in Modern E-Marketplace Systems, Co-Principal Investigator

• Lowering the Barrier: An Automatic Flow Generation Framework for Non-Security Experts. C. Cheh, N. S. K. Shing, E. C. J. Ang, B. Chen, D. Cher, F. Liauw, and R. L. Y. Lim. Proceedings of the 17th International Symposium on Foundations and Practice of Security (FPS 2024), Montreal, Canada, December 9-11, 2024, pp. 77-93.
• Generating Abuse Stories and Misuse Cases using Large Language Models. C. Cheh, N.S.K. Shing, R. Lim, and B. Chen. Proceedings of Annual Computer Security Applications Conference Workshops (WAITI), Honolulu, HI, USA, December 9-10, 2024, pp. 208-215.
• Water Supply System Dataset: Non-Invasive Sensor Data for Smart Water Pumps. C. Cheh, A. Tay, Z. W. Ng, B. Chen, X. Lou, Z. Masood, and D. K.Y. Yau. Proceedings of 11th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation, Hangzhou, China, November 7-8, 2024, pp. 302-306.
• Repairing Infrastructure-as-Code using Large Language Models. L. En, C. Cheh, and B. Chen. Proceedings of the IEEE Secure Development Conference (SecDev 2024), Pittsburgh, USA, October 7-9, 2024, pp. 20-27.
• Water Pump Operation Optimization under Dynamic Market and Consumer Behaviour. C. Cheh, J. Albrethsen, Z. W. Ng, B. Chen, X. Lou, Z. Masood, and D. Yau. Proceedings of the 15th ACM International Conference on Future and Sustainable Energy Systems (e-Energy 2024), Singapore, Singapore, June 4-7, 2024, pp. 335-346.
• From Hindsight to Foresight: Enhancing Design Artifacts for Business Logic Flaw Discovery. C. Cheh, N. Tay, and B. Chen. Proceedings of the 38th Annual Computer Security Applications Conference (ACSAC 2022), Austin, Texas, December 5-9, 2022, pp. 400-411.
• Design and User Study of a Constraint-based Framework for Business Logic Flaw Discovery. C. Cheh, N. Tay, and B. Chen. Proceedings of the IEEE Secure Development Conference (SecDev 2022), Atlanta, Georgia, October 18-20, 2022, pp. 91-99.
• CyberSAGE: The Cyber Security Argument Graph Evaluation Tool. W. G. Temple, Y. Wu, C. Cheh, Y. Li, B. Chen, Z. T. Kalbarczyk, W. H. Sanders, and D. Nicol. Empirical Software Engineering, vol. 28, no. 1, article no. 18, December 2022.
• CoToRu: Automatic Generation of Network Intrusion Detection Rules from Code. H. Tan, C. Cheh, and B. Chen. Proceedings of the IEEE International Conference on Computer Communications (INFOCOM 2022), pp. 720-729.
• From Application Security Verification Standard (ASVS) to Regulation Compliance: A Case Study in Financial Services Sector. V. Tan, C. Cheh, and B. Chen. Proceedings of the 11th IEEE International Workshop on Software Certification (IWSC 2021), Wuhan, China, October 25, 2021, pp. 69-76.
• Analyzing OpenAPI Specifications for Security Design Issues. C. Cheh and B. Chen. Proceedings of the IEEE Secure Development Conference (SecDev 2021), Atlanta, Georgia, October 18-20, 2021, pp. 15-22.
• Data-Driven Model-Based Detection of Malicious Insiders via Physical Access Logs. C. Cheh, U. Thakore, A. Fawaz, B. Chen, W. Temple, and W. H. Sanders. ACM Transactions on Modeling and Computer Simulation 2019, vol. 29, no. 4, article no. 26, December 2019.
• Determining the Tolerable Attack Surface that Preserves Safety of Cyber-Physical Systems. C. Cheh, A. Fawaz, M. A. Noureddine, B. Chen, W. Temple, and W. H. Sanders. Proceedings of the 23rd IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2018), Taipei, Taiwan, December 4-7, 2018, pp. 125-134.
• Developing Models for Physical Attacks in Cyber-Physical Systems. C. Cheh, K. Keefe, B. Feddersen, B. Chen, W. G. Temple, and W. H. Sanders. Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC), Dallas, Texas, Nov. 3, 2017, pp. 49-55.

Co-founder of OverArX: a startup spun off from SUTD and Illinois ARCS that provides overarching cyber-defence solutions through threat modelling.