{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,5]],"date-time":"2026-01-05T11:20:46Z","timestamp":1767612046625,"version":"3.40.3"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030127855"},{"type":"electronic","value":"9783030127862"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-12786-2_11","type":"book-chapter","created":{"date-parts":[[2019,1,31]],"date-time":"2019-01-31T00:31:20Z","timestamp":1548894680000},"page":"173-191","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["An Experimental Evaluation of Bow-Tie Analysis for Cybersecurity Requirements"],"prefix":"10.1007","author":[{"given":"Per H\u00e5kon","family":"Meland","sequence":"first","affiliation":[]},{"given":"Karin","family":"Bernsmed","sequence":"additional","affiliation":[]},{"given":"Christian","family":"Fr\u00f8ystad","sequence":"additional","affiliation":[]},{"given":"Jingyue","family":"Li","sequence":"additional","affiliation":[]},{"given":"Guttorm","family":"Sindre","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,1,31]]},"reference":[{"key":"11_CR1","unstructured":"ISO\/IEC 27005 Information technology - Security techniques - Information security risk management. Technical report (2008). \n                      http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=56742"},{"issue":"1","key":"11_CR2","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1109\/JPROC.2011.2165689","volume":"100","author":"A Banerjee","year":"2012","unstructured":"Banerjee, A., Venkatasubramanian, K.K., Mukherjee, T., Gupta, S.K.S.: Ensuring safety, security, and sustainability of mission-critical cyber-physical systems. Proc. IEEE 100(1), 283\u2013299 (2012)","journal-title":"Proc. IEEE"},{"issue":"3","key":"11_CR3","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MSP.2011.2","volume":"9","author":"J Bau","year":"2011","unstructured":"Bau, J., Mitchell, J.C.: Security modeling and analysis. IEEE Secur. Priv. 9(3), 18\u201325 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"11_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1007\/978-3-319-74860-3_3","volume-title":"Graphical Models for Security","author":"K Bernsmed","year":"2018","unstructured":"Bernsmed, K., Fr\u00f8ystad, C., Meland, P.H., Nesheim, D.A., R\u00f8dseth, \u00d8.J.: Visualizing cyber security risks with bow-tie diagrams. In: Liu, P., Mauw, S., St\u00f8len, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 38\u201356. Springer, Cham (2018). \n                      https:\/\/doi.org\/10.1007\/978-3-319-74860-3_3"},{"key":"11_CR5","unstructured":"Carver, J., Jaccheri, L., Morasca, S., Shull, F.: Issues in using students in empirical studies in software engineering education. In: 2003 Proceedings of the Ninth International Software Metrics Symposium, pp. 239\u2013249. IEEE (2004)"},{"issue":"5","key":"11_CR6","first-page":"108","volume":"14","author":"Y Chen","year":"2013","unstructured":"Chen, Y., He, W.: Security risks and protection in online learning: a survey. Int. Rev. Res. Open Distrib. Learn. 14(5), 108\u2013127 (2013)","journal-title":"Int. Rev. Res. Open Distrib. Learn."},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. arXiv preprint \n                      arXiv:1707.02140\n                      \n                     (2017)","DOI":"10.1007\/978-3-319-71368-7_5"},{"issue":"1","key":"11_CR8","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1007\/s10664-017-9523-3","volume":"23","author":"D Falessi","year":"2018","unstructured":"Falessi, D., et al.: Empirical software engineering experts on the use of students and professionals in experiments. Empirical Softw. Eng. 23(1), 452\u2013489 (2018)","journal-title":"Empirical Softw. Eng."},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"H\u00f6st, M., Wohlin, C., Thelin, T.: Experimental context classification: incentives and experience of subjects. In: Proceedings of the 27th International Conference on Software Engineering, pp. 470\u2013478. ACM (2005)","DOI":"10.1145\/1062455.1062539"},{"key":"11_CR10","volume-title":"Object-Oriented Software Engineering: A Use Case Driven Approach","author":"I Jacobson","year":"1993","unstructured":"Jacobson, I.: Object-Oriented Software Engineering: A Use Case Driven Approach. Pearson Education India, Delhi (1993)"},{"key":"11_CR11","first-page":"1","volume":"45","author":"C Johnson","year":"2011","unstructured":"Johnson, C.: Using assurance cases and Boolean logic driven Markov processes to formalise cyber security concerns for safety-critical interaction with global navigation satellite systems. Electron. Commun. EASST 45, 1\u201318 (2011)","journal-title":"Electron. Commun. EASST"},{"key":"11_CR12","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1016\/j.ssci.2013.01.022","volume":"57","author":"N Khakzad","year":"2013","unstructured":"Khakzad, N., Khan, F., Amyotte, P.: Quantitative risk analysis of offshore drilling operations: a Bayesian approach. Saf. Sci. 57, 108\u2013117 (2013)","journal-title":"Saf. Sci."},{"issue":"8","key":"11_CR13","doi-asserted-by":"publisher","first-page":"721","DOI":"10.1109\/TSE.2002.1027796","volume":"28","author":"BA Kitchenham","year":"2002","unstructured":"Kitchenham, B.A., et al.: Preliminary guidelines for empirical research in software engineering. IEEE Trans. Softw. Eng. 28(8), 721\u2013734 (2002)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"1","key":"11_CR14","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1093\/logcom\/exs029","volume":"24","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Mauw, S., Radomirovi\u0107, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55\u201387 (2014)","journal-title":"J. Log. Comput."},{"key":"11_CR15","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1016\/j.ress.2015.02.008","volume":"139","author":"S Kriaa","year":"2015","unstructured":"Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156\u2013178 (2015)","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25\u201332. IEEE (2017)","DOI":"10.1109\/HASE.2017.12"},{"key":"11_CR17","unstructured":"Lewis, S., Smith, K.: Lessons learned from real world application of the bow-tie method. In: 6th Global Congress on Process Safety. American Institute of Chemical Engineers (2010)"},{"key":"11_CR18","unstructured":"London, M.: 5 ways to cheat on online exams, September 2017. \n                      https:\/\/www.insidehighered.com\/digital-learning\/views\/2017\/09\/20\/creative-ways-students-try-cheat-online-exams"},{"key":"11_CR19","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1016\/j.jngse.2015.04.029","volume":"25","author":"L Lu","year":"2015","unstructured":"Lu, L., Liang, W., Zhang, L., Zhang, H., Lu, Z., Shan, J.: A comprehensive risk evaluation method for natural gas pipelines by combining a risk matrix with a bow-tie model. J. Nat. Gas Sci. Eng. 25, 124\u2013133 (2015)","journal-title":"J. Nat. Gas Sci. Eng."},{"key":"11_CR20","unstructured":"Maggi, F., Quarta, D., Pogliani, M., Polino, M., Zanchettin, A.M., Zanero, S.: Rogue robots: testing the limits of an industrial robot\u2019s security. Technical report, Trend Micro, Politecnico di Milano (2017)"},{"key":"11_CR21","unstructured":"Marsh, S.: More university students are using tech to cheat in exams, April 2017. \n                      https:\/\/www.theguardian.com\/education\/2017\/apr\/10\/more-university-students-are-using-tech-to-in-exams"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Matulevicius, R., Mayer, N., Heymans, P.: Alignment of misuse cases with security risk management. In: 2008 Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 1397\u20131404. IEEE (2008)","DOI":"10.1109\/ARES.2008.88"},{"issue":"2","key":"11_CR23","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1016\/j.jhazmat.2011.05.035","volume":"192","author":"K Mokhtari","year":"2011","unstructured":"Mokhtari, K., Ren, J., Roberts, C., Wang, J.: Application of a generic bow-tie based risk analysis framework on risk management of sea ports and offshore terminals. J. Hazard. Mater. 192(2), 465\u2013475 (2011)","journal-title":"J. Hazard. Mater."},{"key":"11_CR24","unstructured":"Moody, D.L.: The method evaluation model: a theoretical model for validating information systems design methods. In: ECIS 2003 Proceedings, p. 79 (2003)"},{"key":"11_CR25","volume-title":"Safety and Security Review for the Process Industries: Application of HAZOP, PHA, What-IF and SVA Reviews","author":"DP Nolan","year":"2014","unstructured":"Nolan, D.P.: Safety and Security Review for the Process Industries: Application of HAZOP, PHA, What-IF and SVA Reviews. Elsevier, Amsterdam (2014)"},{"issue":"4","key":"11_CR26","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1145\/190679.190680","volume":"19","author":"SL Pfleeger","year":"1994","unstructured":"Pfleeger, S.L.: Design and analysis in software engineering: the language of case studies and formal experiments. SIGSOFT Softw. Eng. Notes 19(4), 16\u201320 (1994)","journal-title":"SIGSOFT Softw. Eng. Notes"},{"key":"11_CR27","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1016\/j.ress.2012.09.011","volume":"110","author":"L Pi\u00e8tre-Cambac\u00e9d\u00e8s","year":"2013","unstructured":"Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110\u2013126 (2013)","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"11_CR28","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"347","DOI":"10.1007\/978-3-642-31072-0_24","volume-title":"Enterprise, Business-Process and Information Systems Modeling","author":"C Raspotnig","year":"2012","unstructured":"Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., et al. (eds.) BPMDS\/EMMSAD -2012. LNBIP, vol. 113, pp. 347\u2013361. Springer, Heidelberg (2012). \n                      https:\/\/doi.org\/10.1007\/978-3-642-31072-0_24"},{"key":"11_CR29","unstructured":"R\u00f8stad, L.: An extended misuse case notation: including vulnerabilities and the insider threat. Ph.D. thesis, Access Control in Healthcare Information Systems, pp. 66\u201377 (2008)"},{"key":"11_CR30","unstructured":"Runeson, P.: Using students as experiment subjects-an analysis on graduate and freshmen student data. In: Proceedings of the 7th International Conference on Empirical Assessment in Software Engineering, pp. 95\u2013102. Citeseer (2003)"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Salman, I., Misirli, A.T., Juristo, N.: Are students representatives of professionals in software engineering experiments? In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 666\u2013676. IEEE Press (2015)","DOI":"10.1109\/ICSE.2015.82"},{"key":"11_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-319-10557-4_31","volume-title":"Computer Safety, Reliability, and Security","author":"C Schmittner","year":"2014","unstructured":"Schmittner, C., Ma, Z., Smith, P.: FMVEA for safety and security analysis of intelligent and cooperative vehicles. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 282\u2013288. Springer, Cham (2014). \n                      https:\/\/doi.org\/10.1007\/978-3-319-10557-4_31"},{"issue":"12","key":"11_CR33","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Dr. Dobb\u2019s J. Attack trees 24(12), 21\u201329 (1999)","journal-title":"Attack trees"},{"key":"11_CR34","unstructured":"Shostack, A.: Experiences threat modeling at microsoft. In: Modeling Security Workshop. Department of Computing, Lancaster University, UK (2008)"},{"key":"11_CR35","volume-title":"Threat Modeling: Designing for Security","author":"A Shostack","year":"2014","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)"},{"issue":"1","key":"11_CR36","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34\u201344 (2005)","journal-title":"Requirements Eng."},{"issue":"9","key":"11_CR37","doi-asserted-by":"publisher","first-page":"733","DOI":"10.1109\/TSE.2005.97","volume":"31","author":"DIK Sjoeberg","year":"2005","unstructured":"Sjoeberg, D.I.K., Hannay, J.E., Hansen, O., Kampenes, V.B., Karahasanovic, A., Liborg, N.K., Rekdal, A.C.: A survey of controlled experiments in software engineering. IEEE Trans. Softw. Eng. 31(9), 733\u2013753 (2005)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Svahnberg, M., Aurum, A., Wohlin, C.: Using students as subjects-an empirical evaluation. In: Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 288\u2013290. ACM (2008)","DOI":"10.1145\/1414004.1414055"},{"issue":"5","key":"11_CR39","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/2.675631","volume":"31","author":"WF Tichy","year":"1998","unstructured":"Tichy, W.F.: Should computer scientists experiment more? Computer 31(5), 32\u201340 (1998)","journal-title":"Computer"},{"issue":"1\u20133","key":"11_CR40","doi-asserted-by":"publisher","first-page":"467","DOI":"10.1016\/S0304-3894(99)00094-1","volume":"71","author":"VM Trbojevic","year":"2000","unstructured":"Trbojevic, V.M., Carr, B.J.: Risk based methodology for safety improvements in ports. J. Hazard. Mater. 71(1\u20133), 467\u2013480 (2000)","journal-title":"J. Hazard. Mater."},{"key":"11_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1007\/3-540-45416-0_2","volume-title":"Computer Safety, Reliability and Security","author":"R Winther","year":"2001","unstructured":"Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14\u201324. Springer, Heidelberg (2001). \n                      https:\/\/doi.org\/10.1007\/3-540-45416-0_2"},{"key":"11_CR42","unstructured":"World Maritime News: IMB: Shipping Next Playground for Hackers (2014). \n                      http:\/\/worldmaritimenews.com\/archives\/134727\/imb-shipping-next-playground-for-hackers\/"},{"key":"11_CR43","unstructured":"Zalewski, J., Drager, S., McKeever, W., Kornecki, A.J.: Towards experimental assessment of security threats in protecting the critical infrastructure. In: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2012, Wroclaw, Poland (2012)"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-12786-2_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T06:56:11Z","timestamp":1558335371000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-12786-2_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030127855","9783030127862"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-12786-2_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"31 January 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CyberICPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cyberics2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ds.unipi.gr\/cybericps2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"15","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"8","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"53% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}