{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T21:07:15Z","timestamp":1774472835199,"version":"3.50.1"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030590277","type":"print"},{"value":"9783030590284","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-59028-4_5","type":"book-chapter","created":{"date-parts":[[2020,9,13]],"date-time":"2020-09-13T10:02:31Z","timestamp":1599991351000},"page":"48-62","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["An Architecture for Automated Security Test Case Generation for MQTT Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6238-6293","authenticated-orcid":false,"given":"Hannes","family":"Sochor","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2278-8233","authenticated-orcid":false,"given":"Flavio","family":"Ferrarotti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9903-6107","authenticated-orcid":false,"given":"Rudolf","family":"Ramler","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,9,12]]},"reference":[{"issue":"1","key":"5_CR1","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1109\/MS.2003.1159030","volume":"20","author":"IF Alexander","year":"2003","unstructured":"Alexander, I.F.: Misuse cases: use cases with hostile intent. IEEE Softw. 20(1), 58\u201366 (2003)","journal-title":"IEEE Softw."},{"issue":"6","key":"5_CR2","doi-asserted-by":"publisher","first-page":"742","DOI":"10.1109\/TSE.2009.52","volume":"36","author":"S Ali","year":"2009","unstructured":"Ali, S., Briand, L.C., Hemmati, H., Panesar-Walawege, R.K.: A systematic review of the application and empirical investigation of search-based test case generation. IEEE Trans. Softw. Eng. 36(6), 742\u2013762 (2009)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"8","key":"5_CR3","doi-asserted-by":"publisher","first-page":"1978","DOI":"10.1016\/j.jss.2013.02.061","volume":"86","author":"S Anand","year":"2013","unstructured":"Anand, S., et al.: An orchestrated survey of methodologies for automated software test case generation. J. Syst. Softw. 86(8), 1978\u20132001 (2013)","journal-title":"J. Syst. Softw."},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Andy, S., Rahardjo, B., Hanindhito, B.: Attack scenarios and security analysis of MQTT communication protocol in IoT system. In: 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), pp. 1\u20136. IEEE (2017)","DOI":"10.11591\/eecsi.v4.1064"},{"key":"5_CR5","unstructured":"Banks, A., Briggs, E., Borgendale, K., Gupta, R.: MQTT Version 5.0. OASIS Standard. https:\/\/docs.oasis-open.org\/mqtt\/mqtt\/v5.0\/mqtt-v5.0.html"},{"key":"5_CR6","unstructured":"Banks, A., Gupta, R.: MQTT Version 3.1.1. OASIS Standard. http:\/\/docs.oasis-open.org\/mqtt\/mqtt\/v3.1.1\/mqtt-v3.1.1.html"},{"issue":"6","key":"5_CR7","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MSP.2007.159","volume":"5","author":"M Bishop","year":"2007","unstructured":"Bishop, M.: About penetration testing. IEEE Secur. Priv. 5(6), 84\u201387 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Bozic, J., Wotawa, F.: Security testing based on attack patterns. In: Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014 Workshops Proceedings, 31 March\u20134 April 2014, Cleveland, Ohio, USA, pp. 4\u201311. IEEE Computer Society (2014)","DOI":"10.1109\/ICSTW.2014.58"},{"issue":"5","key":"5_CR9","doi-asserted-by":"publisher","first-page":"848","DOI":"10.3390\/app9050848","volume":"9","author":"D Dinculean\u0103","year":"2019","unstructured":"Dinculean\u0103, D., Cheng, X.: Vulnerabilities and limitations of MQTT protocol used between IoT devices. Appl. Sci. 9(5), 848 (2019)","journal-title":"Appl. Sci."},{"issue":"1","key":"5_CR10","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1109\/JIOT.2017.2737630","volume":"6","author":"A Esfahani","year":"2019","unstructured":"Esfahani, A., et al.: A lightweight authentication mechanism for M2M communications in industrial IoT environment. IEEE Internet Things J. 6(1), 288\u2013296 (2019)","journal-title":"IEEE Internet Things J."},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Firdous, S.N., Baig, Z., Valli, C., Ibrahim, A.: Modelling and evaluation of malicious attacks against the IoT MQTT protocol. In: IEEE International Conference on Internet of Things (iThings) and Green Computing and Communications (GreenCom) and Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 748\u2013755. IEEE (2017)","DOI":"10.1109\/iThings-GreenCom-CPSCom-SmartData.2017.115"},{"issue":"3","key":"5_CR12","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1007\/s11277-011-0385-5","volume":"61","author":"T Heer","year":"2011","unstructured":"Heer, T., Morchon, O.G., Hummen, R., Keoh, S.L., Kumar, S.S., Wehrle, K.: Security challenges in the IP-based internet of things. Wireless Pers. Commun. 61(3), 527\u2013542 (2011). https:\/\/doi.org\/10.1007\/s11277-011-0385-5","journal-title":"Wireless Pers. Commun."},{"key":"5_CR13","volume-title":"Exploiting Software: How to Break Code","author":"G Hoglund","year":"2004","unstructured":"Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison Wesley, Boston (2004)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Houimli, M., Kahloul, L., Benaoun, S.: Formal specification, verification and evaluation of the MQTT protocol in the internet of things. In: 2017 International Conference on Mathematics and Information Technology (ICMIT), pp. 214\u2013221. IEEE Computer Society (2017)","DOI":"10.1109\/MATHIT.2017.8259720"},{"issue":"3","key":"5_CR15","doi-asserted-by":"publisher","first-page":"1199","DOI":"10.1109\/TR.2018.2834476","volume":"67","author":"H Liang","year":"2018","unstructured":"Liang, H., Pei, X., Jia, X., Shen, W., Zhang, J.: Fuzzing: state of the art. IEEE Trans. Reliab. 67(3), 1199\u20131218 (2018)","journal-title":"IEEE Trans. Reliab."},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Ma, L., Artho, C., Zhang, C., Sato, H., Gmeiner, J., Ramler, R.: GRT: program-analysis-guided random testing (T). In: 2015 30th IEEE\/ACM International Conference on Automated Software Engineering (ASE), pp. 212\u2013223. IEEE (2015)","DOI":"10.1109\/ASE.2015.49"},{"key":"5_CR17","series-title":"Computer Communications and Networks","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-33124-9_1","volume-title":"Connectivity Frameworks for Smart Devices","author":"A Manzoor","year":"2016","unstructured":"Manzoor, A.: Securing device connectivity in the industrial Internet of Things (IoT). In: Mahmood, Z. (ed.) Connectivity Frameworks for Smart Devices. CCN, pp. 3\u201322. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-33124-9_1"},{"key":"5_CR18","unstructured":"Marksteiner, S., Ramler, R., Sochor, H.: Integrating threat modeling and automated test case generation into industrialized software security testing. In: Proceedings of the Third Central European Cybersecurity Conference, CECC 2019, Munich, Germany, 14\u201315 November 2019, pp. 25:1\u201325:3. ACM (2019)"},{"key":"5_CR19","unstructured":"Mladenov, K.: Formal verification of the implementation of the MQTT protocol in IoT devices. Technical report, University of Amsterdam, Faculty of Physics, Mathematics and Informatics (2017)"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Moore, A., Ellison, R., Linger, R.: Attack modeling for information security and survivability. Technical report, Technical Note CMU\/SEI-2001-TN-001, Carnegie Mellon University (2001)","DOI":"10.21236\/ADA387544"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Nagy, S., Hicks, M.: Full-speed fuzzing: reducing fuzzing overhead through coverage-guided tracing. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 787\u2013802 (2019)","DOI":"10.1109\/SP.2019.00069"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Neisse, R., Steri, G., Baldini, G.: Enforcement of security policy rules for the Internet of Things. In: IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2014, pp. 165\u2013172. IEEE Computer Society (2014)","DOI":"10.1109\/WiMOB.2014.6962166"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Pacheco, C., Ernst, M.D.: Randoop: feedback-directed random testing for java. In: Companion to the 22nd ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications Companion, pp. 815\u2013816 (2007)","DOI":"10.1145\/1297846.1297902"},{"key":"5_CR24","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1016\/j.infsof.2017.07.005","volume":"93","author":"R Ramler","year":"2018","unstructured":"Ramler, R., Buchgeher, G., Klammer, C.: Adapting automated test generation to GUI testing of industry applications. Inf. Softw. Technol. 93, 248\u2013263 (2018)","journal-title":"Inf. Softw. Technol."},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Ramos, S.H., Villalba, M.T., Lacuesta, R.: MQTT security: a novel fuzzing approach. Wireless Communications and Mobile Computing 2018 (2018)","DOI":"10.1155\/2018\/8261746"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Shin, S., Kobara, K., Chuang, C., Huang, W.: A security framework for MQTT. In: 2016 IEEE Conference on Communications and Network Security, CNS 2016, Philadelphia, PA, USA, 17\u201319 October 2016, pp. 432\u2013436. IEEE (2016)","DOI":"10.1109\/CNS.2016.7860532"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Singh, M., Rajan, M.A., Shivraj, V.L., Balamuralidhar, P.: Secure MQTT for Internet of Things (IoT). In: Fifth International Conference on Communication Systems and Network Technologies, pp. 746\u2013751. IEEE (2015)","DOI":"10.1109\/CSNT.2015.16"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Su, W., Chen, W., Chen, C.: An extensible and transparent thing-to-thing security enhancement for MQTT protocol in IotTenvironment. In: 2019 Global IoT Summit, GIoTS 2019, Aarhus, Denmark, 17\u201321 June 2019, pp. 1\u20134. IEEE (2019)","DOI":"10.1109\/GIOTS.2019.8766412"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Sudhodanan, A., Armando, A., Carbone, R., Compagna, L.: Attack patterns for black-box security testing of multi-party web applications. In: 23rd Network and Distributed System Security Symposium, NDSS 2016, San Diego, CA, 21\u201324 February 2016. The Internet Society (2016)","DOI":"10.14722\/ndss.2016.23286"},{"key":"5_CR30","volume-title":"Fuzzing for Software Security Testing and Quality Assurance","author":"A Takanen","year":"2008","unstructured":"Takanen, A., DeMott, J., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance, 1st edn. Artech House, Inc., Norwood (2008)","edition":"1"},{"key":"5_CR31","doi-asserted-by":"crossref","unstructured":"Tappler, M., Aichernig, B.K., Bloem, R.: Model-based testing IoT communication via active automata learning. In: IEEE International Conference on Software Testing, Verification and Validation, ICST 2017, Tokyo, Japan, March 2017, pp. 276\u2013287. IEEE (2017)","DOI":"10.1109\/ICST.2017.32"}],"container-title":["Communications in Computer and Information Science","Database and Expert Systems Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-59028-4_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T08:40:46Z","timestamp":1619253646000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-59028-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030590277","9783030590284"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-59028-4_5","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"12 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DEXA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Database and Expert Systems Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bratislava","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovakia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dexa2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dexa.org\/dexa2020","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"190","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4-6","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the COVID-19 pandemic the conference was held online. DEXA Workshops volume: submissions sent - 15, full papers accepted - 6, short papers accepted - 4, reviewers per paper 3, papers per reviewer 1-2","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}