{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T05:58:57Z","timestamp":1775282337088,"version":"3.50.1"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030043711","type":"print"},{"value":"9783030043728","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-04372-8_7","type":"book-chapter","created":{"date-parts":[[2018,11,22]],"date-time":"2018-11-22T22:32:52Z","timestamp":1542925972000},"page":"73-87","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts"],"prefix":"10.1007","author":[{"given":"Erisa","family":"Karafili","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniele","family":"Sgandurra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emil","family":"Lupu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,11,24]]},"reference":[{"key":"7_CR1","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the Conference on Computer and Communications Security, pp. 217\u2013224 (2002)","DOI":"10.1145\/586110.586140"},{"key":"7_CR2","unstructured":"Baier, C., Katoen, J.P.: Principles of Model Checking (Representation and Mind Series). The MIT Press (2008)"},{"key":"7_CR3","unstructured":"Ben-Meir, E.: Sentry MBA: A Tale of the Most Popular Credential Stuffing Attack Tool (2017). https:\/\/blog.cyberint.com\/sentry-mba-a-tale-of-the-most-popular-credential-stuffing-attack-tool"},{"key":"7_CR4","unstructured":"Bras, T.L.: Online overload - its worse than you thought, July 2015. https:\/\/blog.dashlane.com\/infographic-online-overload-its-worse-than-you-thought\/"},{"key":"7_CR5","unstructured":"Data, S.: 100 worst passwords of 2017 (2017). https:\/\/s13639.pcdn.co\/wp-content\/uploads\/2017\/12\/Top-100-Worst-Passwords-of-2017a.pdf"},{"key":"7_CR6","unstructured":"Gosling, S.D., Gaddis, S., Vazire, S.: Personality impressions based on Facebook profiles. In: ICWSM (2007)"},{"issue":"1","key":"7_CR7","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1109\/TDSC.2010.61","volume":"9","author":"N Idika","year":"2012","unstructured":"Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secure Comput. 9(1), 75\u201385 (2012)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"7_CR8","series-title":"Massive Computing","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/0-387-24230-9_9","volume-title":"Managing Cyber Threats","author":"S Jajodia","year":"2005","unstructured":"Jajodia, S., Noel, S., O\u2019Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats. Massive Computing, vol. 5, pp. 247\u2013266. Springer, Boston (2005). https:\/\/doi.org\/10.1007\/0-387-24230-9_9"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of the Workshop on Computer Security Foundations, pp. 49\u201363 (2002)","DOI":"10.1109\/CSFW.2002.1021806"},{"issue":"15","key":"7_CR10","doi-asserted-by":"publisher","first-page":"5802","DOI":"10.1073\/pnas.1218772110","volume":"110","author":"M. Kosinski","year":"2013","unstructured":"Kosinski, M., Stillwell, D., Graepel, T.: Private traits and attributes are predictable from digital records of human behavior. In: Proceedings of the National Academy of Sciences (2013). https:\/\/doi.org\/10.1073\/pnas.1218772110 , http:\/\/www.pnas.org\/content\/early\/2013\/03\/06\/1218772110","journal-title":"Proceedings of the National Academy of Sciences"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Li, W., Vaughn, R.B.: Cluster security research involving the modeling of network exploitations using exploitation graphs. In: 2006 Sixth IEEE International Symposium on Cluster Computing and the Grid, CCGRID 2006, vol. 2, pp. 26\u201326, May 2006","DOI":"10.1109\/CCGRID.2006.1630921"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Lippmann, R., et al.: Validating and restoring defense in depth using attack graphs. In: Proceedings of the 2006 IEEE Conference on Military Communications, pp. 981\u2013990. MILCOM 2006. IEEE Press, Piscataway, NJ, USA (2006)","DOI":"10.1109\/MILCOM.2006.302434"},{"key":"7_CR13","doi-asserted-by":"publisher","unstructured":"Mu\u00f1oz-Gonz\u00e1lez, L., Sgandurra, D., Barrere, M., Lupu, E.C.: Exact inference techniques for the analysis of bayesian attack graphs. IEEE Trans. Dependable Secure Comput. PP(99), 1 (2017). https:\/\/doi.org\/10.1109\/TDSC.2016.2627033","DOI":"10.1109\/TDSC.2016.2627033"},{"issue":"3","key":"7_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3105760","volume":"20","author":"Luis Mu\u00f1oz-Gonzalez","year":"2017","unstructured":"Mu\u00f1oz-Gonz\u00e1lez, L., Sgandurra, D., Paudice, A., Lupu, E.C.: Efficient attack graph analysis through approximate inference. ACM Trans. Priv. Secur. 20(3), 10:1\u201310:30 (2017). https:\/\/doi.org\/10.1145\/3105760","journal-title":"ACM Transactions on Privacy and Security"},{"issue":"5","key":"7_CR15","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1109\/32.815323","volume":"25","author":"R Ortalo","year":"1999","unstructured":"Ortalo, R., Deswarte, Y., Ka\u00e2niche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633\u2013650 (1999)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 336\u2013345 (2006)","DOI":"10.1145\/1180405.1180446"},{"key":"7_CR17","unstructured":"Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14, SSYM 2005, p. 8. USENIX Association, Berkeley, CA, USA (2005)"},{"key":"7_CR18","unstructured":"Pepitone, J.: Hack attack exposes major gap in Amazon and Apple security, August 2012. http:\/\/money.cnn.com\/2012\/08\/07\/technology\/mat-honan-hacked\/"},{"issue":"1","key":"7_CR19","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/TDSC.2011.34","volume":"9","author":"N Poolsappasit","year":"2012","unstructured":"Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61\u201374 (2012)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Rabkin, A.: Personal knowledge questions for fallback authentication: security questions in the era of Facebook. In: Proceedings of the 4th Symposium on Usable Privacy and Security, SOUPS 2008, pp. 13\u201323. ACM, New York (2008)","DOI":"10.1145\/1408664.1408667"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceeding of 2000 IEEE Symposium on Security and Privacy, S P 2000, pp. 156\u2013165 (2000)","DOI":"10.1109\/SECPRI.2000.848453"},{"key":"7_CR22","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/978-3-319-41483-6_18","volume-title":"Data and Applications Security and Privacy XXX","author":"D Sgandurra","year":"2016","unstructured":"Sgandurra, D., Karafili, E., Lupu, E.: Formalizing threat models for virtualized systems. In: Ranise, S., Swarup, V. (eds.) Data and Applications Security and Privacy XXX, pp. 251\u2013267. Springer International Publishing, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-41483-6_18"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273\u2013284 (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"7_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-540-30101-1_17","volume-title":"Formal Methods for Components and Objects","author":"O Sheyner","year":"2004","unstructured":"Sheyner, O., Wing, J.: Tools for generating and analyzing attack graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344\u2013371. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30101-1_17"}],"container-title":["Lecture Notes in Computer Science","Emerging Technologies for Authorization and Authentication"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-04372-8_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T05:13:13Z","timestamp":1775279593000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-04372-8_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030043711","9783030043728"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-04372-8_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"ETAA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Emerging Technologies for Authorization and Authentication","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"etaa2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.iit.cnr.it\/etaa2018\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}