{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T03:46:34Z","timestamp":1768016794117,"version":"3.49.0"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030622299","type":"print"},{"value":"9783030622305","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-62230-5_4","type":"book-chapter","created":{"date-parts":[[2020,11,7]],"date-time":"2020-11-07T10:03:04Z","timestamp":1604743384000},"page":"67-86","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["An Attack Simulation Language for the IT Domain"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8287-3160","authenticated-orcid":false,"given":"Sotirios","family":"Katsikeas","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0478-9347","authenticated-orcid":false,"given":"Simon","family":"Hacks","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3293-1681","authenticated-orcid":false,"given":"Pontus","family":"Johnson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3922-9606","authenticated-orcid":false,"given":"Mathias","family":"Ekstedt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3089-3885","authenticated-orcid":false,"given":"Robert","family":"Lagerstr\u00f6m","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joar","family":"Jacobsson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Max","family":"W\u00e4llstedt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Per","family":"Eliasson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,11,8]]},"reference":[{"key":"4_CR1","unstructured":"CVSS v3.1 Specification Document. https:\/\/www.first.org\/cvss\/v3.1\/specification-document"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Almorsy, M., Grundy, J.: Secdsvl: a domain-specific visual language to support enterprise security modelling. In: 2014 23rd Australian Software Engineering Conference (ASWEC), pp. 152\u2013161. IEEE (2014)","DOI":"10.1109\/ASWEC.2014.18"},{"key":"4_CR3","unstructured":"Defense Use Case: Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC) (2016)"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Ekstedt, M., Johnson, P., Lagerstr\u00f6m, R., Gorton, D., Nydr\u00e9n, J., Shahzad, K.: securiCAD by foreseeti: a CAD tool for enterprise cyber security management. In: 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop (EDOCW), pp. 152\u2013155. IEEE (2015)","DOI":"10.1109\/EDOCW.2015.40"},{"key":"4_CR5","unstructured":"Engstr\u00f6m, V., Johnson, P., Lagerstr\u00f6m, R.: Automating Cyber Attack Simulations Against Amazon Web Services Environments (To be published) (2020)"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic bayesian network. In: Proceedings of the 4th ACM workshop on Quality of protection, pp. 23\u201330. ACM (2008)","DOI":"10.1145\/1456362.1456368"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Hasling, B., Goetz, H., Beetz, K.: Model based testing of system requirements using uml use case models. In: 2008 1st International Conference on Software Testing, Verification, and Validation, pp. 367\u2013376. IEEE (2008)","DOI":"10.1109\/ICST.2008.9"},{"issue":"2","key":"4_CR8","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/s11576-006-0028-8","volume":"48","author":"M Bichler","year":"2006","unstructured":"Bichler, M.: Design science in information systems research. WIRTSCHAFTSINFORMATIK 48(2), 133\u2013135 (2006). https:\/\/doi.org\/10.1007\/s11576-006-0028-8","journal-title":"WIRTSCHAFTSINFORMATIK"},{"issue":"6","key":"4_CR9","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1109\/TDSC.2014.2382574","volume":"12","author":"H Holm","year":"2015","unstructured":"Holm, H., Shahzad, K., Buschle, M., Ekstedt, M.: P$$^2$$CySeMoL: predictive, probabilistic cyber security modeling language. IEEE Trans. Dependable Secure Comput. 12(6), 626\u2013639 (2015). https:\/\/doi.org\/10.1109\/TDSC.2014.2382574","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"4_CR10","unstructured":"Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Computer Security Applications Conference, 2009. ACSAC 2009. Annual, pp. 117\u2013126. IEEE (2009)"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Johnson, P., Lagerstr\u00f6m, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, p. 38. ACM (2018)","DOI":"10.1145\/3230833.3232799"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Katsikeas, S., Johnson, P., Hacks, S., Lagerstr\u00f6m, R.: Probabilistic modeling and simulation of vehicular cyber attacks : An application of the meta attack language. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy (2019)","DOI":"10.5220\/0007247901750182"},{"key":"4_CR13","doi-asserted-by":"publisher","unstructured":"Kordy, B., Mauw, S., Radomirovi\u0107, S., Schweitzer, P.: Foundations of attack-defense trees. In: International Workshop on Formal Aspects in Security and Trust, pp. 80\u201395. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-19751-2_6","DOI":"10.1007\/978-3-642-19751-2_6"},{"key":"4_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Schweitzer, P.: Dag-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1\u201338 (2014)","journal-title":"Comput. Sci. Rev."},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, New York (2010)","DOI":"10.1007\/978-3-642-12323-8"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Mauw, S., Oostdijk, M.: Foundations of attack trees. In: International Conference on Information Security and Cryptology. pp. 186\u2013198. Springer (2005)","DOI":"10.1007\/11734727_17"},{"key":"4_CR17","doi-asserted-by":"publisher","unstructured":"Morikawa, I., Yamaoka, Y.: Threat tree templates to ease difficulties in threat modeling. In: 2011 14th International Conference on Network-Based Information Systems, pp. 673\u2013678 (2011). https:\/\/doi.org\/10.1109\/NBiS.2011.113","DOI":"10.1109\/NBiS.2011.113"},{"key":"4_CR18","doi-asserted-by":"publisher","unstructured":"Noel, S., Elder, M., Jajodia, S., Kalapa, P., O\u2019Hare, S., Prole, K.: Advances in topological vulnerability analysis. In: Conference For Homeland Security, 2009. CATCH 2009. Cybersecurity Applications Technology, pp. 124\u2013129 (2009). https:\/\/doi.org\/10.1109\/CATCH.2009.19","DOI":"10.1109\/CATCH.2009.19"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Petermann, T., Bradke, H., L\u00fcllmann, A., Poetzsch, M., Riehm, U.: Was bei einem Blackout geschieht: Folgen eines langandauernden und gro\u00dffl\u00e4chigen Stromausfalls, vol. 662. B\u00fcro f\u00fcr Technikfolgen-Absch\u00e4tzung (2011)","DOI":"10.5771\/9783845270210"},{"issue":"2","key":"4_CR20","first-page":"546","volume":"16","author":"J Petit","year":"2015","unstructured":"Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transport. Syst. 16(2), 546\u2013556 (2015)","journal-title":"IEEE Trans. Intell. Transport. Syst."},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Prokofiev, A.O., Smirnova, Y.S., Silnov, D.S.: The internet of things cybersecurity examination. In: 2017 Siberian Symposium on Data Science and Engineering (SSDSE), pp. 44\u201348 (2017)","DOI":"10.1109\/SSDSE.2017.8071962"},{"issue":"12","key":"4_CR22","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s journal 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s journal"},{"key":"4_CR23","unstructured":"Schneier, S.: Lies: Digital Security in a Networked World. Wiley, New York 21, 318\u2013333 (2000)"},{"issue":"4","key":"4_CR24","doi-asserted-by":"publisher","first-page":"3453","DOI":"10.1109\/COMST.2018.2855563","volume":"20","author":"I Stellios","year":"2018","unstructured":"Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., Lopez, J.: A survey of iot-enabled cyberattacks: assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutorials 20(4), 3453\u20133495 (2018)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"4_CR25","unstructured":"Weiss, J.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 2, pp. 572\u2013581 (1991)"},{"key":"4_CR26","doi-asserted-by":"publisher","unstructured":"Williams, L., Lippmann, R., Ingols, K.: GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85933-8_5","DOI":"10.1007\/978-3-540-85933-8_5"},{"key":"4_CR27","unstructured":"Witty, R.J., Allan, A., Enck, J., Wagner, R.: Identity and access management defined. Research Study SPA-21-3430, Gartner (2003)"},{"key":"4_CR28","unstructured":"Xie, P., Li, J.H., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: 2010 IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 211\u2013220. IEEE (2010)"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Yan, D., Liu, F., Jia, K.: Modeling an information-based advanced persistent threat attack on the internal network. In: ICC 2019\u20132019 IEEE International Conference on Communications (ICC), pp. 1\u20137 (2019)","DOI":"10.1109\/ICC.2019.8761077"}],"container-title":["Lecture Notes in Computer Science","Graphical Models for Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-62230-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T10:44:13Z","timestamp":1619261053000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-62230-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030622299","9783030622305"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-62230-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"8 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"GraMSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Graphical Models for Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Boston, MA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"gramsec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.gramsec.uni.lu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"14","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The workshop was held virtually due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}