{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T14:19:11Z","timestamp":1772547551897,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030665036","type":"print"},{"value":"9783030665043","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-66504-3_9","type":"book-chapter","created":{"date-parts":[[2020,12,23]],"date-time":"2020-12-23T06:03:47Z","timestamp":1608703427000},"page":"147-165","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["ICITPM: Integrity Validation of Software in Iterative Continuous Integration Through the Use of Trusted Platform Module (TPM)"],"prefix":"10.1007","author":[{"given":"Antonio","family":"Mu\u00f1oz","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aristeidis","family":"Farao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jordy Ryan Casas","family":"Correia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christos","family":"Xenakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,12,24]]},"reference":[{"key":"9_CR1","unstructured":"Black duck. https:\/\/www.blackducksoftware.com\/. Accessed 3 July 2020"},{"key":"9_CR2","unstructured":"IBM\u2019s TPM 2.0 TSS. https:\/\/sourceforge.net\/projects\/ibmtpm20tss\/. Accessed 19 June 2020"},{"key":"9_CR3","unstructured":"Jfrog. https:\/\/jfrog.com\/. Accessed 3 July 2020"},{"key":"9_CR4","unstructured":"The secure shell (SSH) public key file format. https:\/\/tools.ietf.org\/html\/rfc4716"},{"key":"9_CR5","unstructured":"Security monkey. https:\/\/securitymonkey.readthedocs.io\/en\/latest\/quickstart.html\/. Accessed 3 July 2020"},{"key":"9_CR6","unstructured":"Servico Antibotnet. https:\/\/www.osi.es\/es\/servicio-antibotnet\/info\/mirai. Accessed 19 June 2020"},{"key":"9_CR7","unstructured":"Snyk. https:\/\/snyk.io\/. Accessed 3 July 2020"},{"key":"9_CR8","unstructured":"Harpaz, O., Goldberg, D.: The Nanshou Campaign - Hackers Arsenal Grows Stronger (2013). https:\/\/www.guardicore.com\/2019\/05\/nansh0u-campaign-hackers-arsenal-grows-stronger\/. Accessed 19 June 2020"},{"key":"9_CR9","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/978-1-4302-6584-9_22","volume-title":"A Practical Guide to TPM 2.0","author":"W Arthur","year":"2015","unstructured":"Arthur, W., Challener, D., Goldman, K.: Platform security technologies that use TPM 2.0. A Practical Guide to TPM 2.0, pp. 331\u2013348. Apress, Berkeley, CA (2015). https:\/\/doi.org\/10.1007\/978-1-4302-6584-9_22"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Bass, L., Holz, R., Rimba, P., Tran, A.B., Zhu, L.: Securing a deployment pipeline. In: 2015 IEEE\/ACM 3rd International Workshop on Release Engineering, pp. 4\u20137. IEEE (2015)","DOI":"10.1109\/RELENG.2015.11"},{"key":"9_CR11","unstructured":"Bass, L., Weber, I., Zhu, L.: DevOps: a software architect\u2019s perspective. sei series in software engineering. Addison-Wesley, New York (2015). http:\/\/my.safaribooksonline.com\/9780134049847"},{"key":"9_CR12","unstructured":"Bennetts, S.: Owasp zed attack proxy. AppSec USA (2013)"},{"key":"9_CR13","volume-title":"DevOpsSec: Securing Software Through Continuous Delivery","author":"J Bird","year":"2016","unstructured":"Bird, J.: DevOpsSec: Securing Software Through Continuous Delivery. O\u2019Reilly Media, Sebastopol (2016)"},{"key":"9_CR14","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-0076-6","volume-title":"Pro Git","author":"S Chacon","year":"2014","unstructured":"Chacon, S., Straub, B.: Pro Git. Springer Nature, Switzerland (2014)"},{"key":"9_CR15","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1016\/j.infsof.2016.02.005","volume":"74","author":"G Deepa","year":"2016","unstructured":"Deepa, G., Thilagam, P.S.: Securing web applications from injection and logic vulnerabilities: approaches and challenges. Inf. Softw. Technol. 74, 160\u2013180 (2016)","journal-title":"Inf. Softw. Technol."},{"issue":"5","key":"9_CR16","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/s10916-014-0041-1","volume":"38","author":"M Dheerendra","year":"2014","unstructured":"Dheerendra, M., Sourav, M., Saru, K., Khurram, K.M., Ankita, C.: Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5), 41 (2014)","journal-title":"J. Med. Syst."},{"key":"9_CR17","unstructured":"Felten, E: The Linux Backdoor Attempt of 2003. https:\/\/freedom-to-tinker.com\/2013\/10\/09\/the-linux-backdoor-attempt-of-2003\/"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Guan, H., Chen, W.R., Li, H., Wang, J.: Stride-based risk assessment for web application. In: Applied Mechanics and Materials, vol. 58, pp. 1323\u20131328. Trans Tech Publ (2011)","DOI":"10.4028\/www.scientific.net\/AMM.58-60.1323"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Huang, Y.W., Yu, F., Hang, C., Tsai, C.H., Lee, D.T., Kuo, S.Y.: Securing web application code by static analysis and runtime protection. In: Proceedings of the 13th International Conference on World Wide Web, pp. 40\u201352 (2004)","DOI":"10.1145\/988672.988679"},{"key":"9_CR20","unstructured":"Humble, J., Farley, D.G.: Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation. Addison-Wesley, Upper Saddle River (2010). http:\/\/my.safaribooksonline.com\/9780321601919"},{"key":"9_CR21","unstructured":"Ellingwood, J.: An Introduction to CI\/CD Best Practices (2013). https:\/\/www.digitalocean.com\/community\/tutorials\/an-introduction-to-ci-cd-best-practices. Accessed 19 June 2020"},{"key":"9_CR22","doi-asserted-by":"crossref","unstructured":"Krusche, S., Lichter, H., Riehle, D., Steffens, A.: Report of the 2nd workshop on continuous software engineering. In: CSE@ SE, pp. 1\u20136 (2017)","DOI":"10.1109\/RCoSE.2017.6"},{"key":"9_CR23","unstructured":"Kuusela, J., et al.: Security testing in continuous integration processes (2017)"},{"key":"9_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-642-35606-3_16","volume-title":"Network and Parallel Computing","author":"T Lee","year":"2012","unstructured":"Lee, T., Won, G., Cho, S., Park, N., Won, D.: Detection and mitigation of web application vulnerabilities based on security testing. In: Park, J.J., Zomaya, A., Yeo, S.-S., Sahni, S. (eds.) NPC 2012. LNCS, vol. 7513, pp. 138\u2013144. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-35606-3_16"},{"key":"9_CR25","unstructured":"Lipke, S.: Building a secure software supply chain (2017)"},{"key":"9_CR26","unstructured":"Microsoft: BitLocker most frequenly asked questions. https:\/\/docs.microsoft.com\/es-es\/windows\/security\/information-protection\/bitlocker\/bitlocker-overview-and-requirements-faq. Accessed 19 June 2020"},{"key":"9_CR27","unstructured":"Milka, G.: Anatomy of account takeover. In: Enigma 2018 (Enigma 2018) (2018)"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Mohan, V., Othmane, L.B.: Secdevops: is it a marketing buzzword?-mapping research on security in devops. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 542\u2013547. IEEE (2016)","DOI":"10.1109\/ARES.2016.92"},{"key":"9_CR29","unstructured":"OWASP: pen web application security project (OWASP) howpublished = https:\/\/www.owasp.org\/. Accessed 2 July 2020"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Rahman, A.A.U., Williams, L.: Software security in devops: synthesizing practitioners\u2019 perceptions and practices. In: 2016 IEEE\/ACM International Workshop on Continuous Software Evolution and Delivery (CSED), pp. 70\u201376. IEEE (2016)","DOI":"10.1145\/2896941.2896946"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Rimba, P., Zhu, L., Bass, L., Kuz, I., Reeves, S.: Composing patterns to construct secure systems. In: 2015 11th European Dependable Computing Conference (EDCC), pp. 213\u2013224. IEEE (2015)","DOI":"10.1109\/EDCC.2015.12"},{"issue":"2","key":"9_CR32","doi-asserted-by":"publisher","first-page":"2359","DOI":"10.1007\/s11042-017-4390-x","volume":"77","author":"S Kumari","year":"2017","unstructured":"Kumari, S., Das, A.K., Li, X., Wu, F., Khan, M.K., Jiang, Q., Hafizul Islam, S.K.: A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimed. Tools Appl. 77(2), 2359\u20132389 (2017). https:\/\/doi.org\/10.1007\/s11042-017-4390-x","journal-title":"Multimed. Tools Appl."},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Sathyanarayanan, N., Nanda, M.N.: Two layer cloud security set architecture on hypervisor. In: 2018 Second International Conference on Advances in Electronics, Computers and Communications (ICAECC), pp. 1\u20135. IEEE (2018)","DOI":"10.1109\/ICAECC.2018.8479440"},{"key":"9_CR34","unstructured":"Schneider, C.: Security devops-staying secure in agile projects. OWASP AppSec Europe (2015)"},{"key":"9_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"570","DOI":"10.1007\/978-3-319-63688-7_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"M Stevens","year":"2017","unstructured":"Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570\u2013596. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63688-7_19"},{"key":"9_CR36","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1016\/j.jss.2017.08.046","volume":"133","author":"M Tichy","year":"2017","unstructured":"Tichy, M., Goedicke, M., Bosch, J., Fitzgerald, B.: Rapid continuous software engineering. J. Syst. Softw. 133, 159 (2017)","journal-title":"J. Syst. Softw."},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Ullah, F., Raft, A.J., Shahin, M., Zahedi, M., Babar, M.A.: Security support in continuous deployment pipeline. arXiv preprint arXiv:1703.04277 (2017)","DOI":"10.5220\/0006318200570068"},{"key":"9_CR38","unstructured":"XebiaLabs: Behaviour driven development security. https:\/\/xebialabs.com\/technology\/bdd-security\/. Accessed 3 July 2020"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-66504-3_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T01:02:50Z","timestamp":1766451770000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-66504-3_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030665036","9783030665043"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-66504-3_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"24 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guildford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/esorics2020.sccs.surrey.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"366","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"72","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,16","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9,1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-10 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}