{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:04:52Z","timestamp":1755839092654,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030688868"},{"type":"electronic","value":"9783030688875"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-68887-5_9","type":"book-chapter","created":{"date-parts":[[2021,2,11]],"date-time":"2021-02-11T15:22:40Z","timestamp":1613056960000},"page":"149-163","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Asset-Driven Approach for Security Risk Assessment in IoT Systems"],"prefix":"10.1007","author":[{"given":"Salim","family":"Chehida","sequence":"first","affiliation":[]},{"given":"Abdelhakim","family":"Baouya","sequence":"additional","affiliation":[]},{"given":"Diego Fern\u00e1ndez","family":"Alonso","sequence":"additional","affiliation":[]},{"given":"Paul-Emmanuel","family":"Brun","sequence":"additional","affiliation":[]},{"given":"Guillemette","family":"Massot","sequence":"additional","affiliation":[]},{"given":"Marius","family":"Bozga","sequence":"additional","affiliation":[]},{"given":"Saddek","family":"Bensalem","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,2,12]]},"reference":[{"unstructured":"MEHARI: Method for Harmonized Analysis of Risk (2010). https:\/\/en.wikipedia.org\/wiki\/MEHARI","key":"9_CR1"},{"unstructured":"Risk assessment in water management infrastructure (2020). https:\/\/github.com\/SafetyAnalysis\/Asset-driven-Approach-for-Security-Risk-Assessment-in-IoT-Systems\/blob\/master\/EMALCSA-RiskAssessment.xlsx","key":"9_CR2"},{"doi-asserted-by":"publisher","unstructured":"den Braber, F., Hogganvik, I., Lund, M.S., St\u00f8len, K., Vraalsen, F.: Model-based security analysis in seven steps \u2013 a guided tour to theCORAS method. BT Technol. J. 25(1), 101\u2013117 (2007). https:\/\/doi.org\/10.1007\/s10550-007-0013-9, http:\/\/link.springer.com\/10.1007\/s10550-007-0013-9","key":"9_CR3","DOI":"10.1007\/s10550-007-0013-9"},{"doi-asserted-by":"crossref","unstructured":"Chehida, S., Baouya, A., Bozga, M., Bensalem, S.: Exploration of impactful countermeasures on IoT attacks. In: 2020 9th Mediterranean Conference on Embedded Computing (MECO) (2020)","key":"9_CR4","DOI":"10.1109\/MECO49872.2020.9134200"},{"unstructured":"Ekelhart, A., Fenz, S., Neubauer, T.: AURUM: a framework for information security risk management. In: 2009 42nd Hawaii International Conference on System Sciences, pp. 1\u201310 (2009)","key":"9_CR5"},{"doi-asserted-by":"crossref","unstructured":"Haller, S., Serbanati, A., Bauer, M., Carrez, F.: A domain model for the internet of things. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 411\u2013417 (2013)","key":"9_CR6","DOI":"10.1109\/GreenCom-iThings-CPSCom.2013.87"},{"unstructured":"ISO\/IEC 27001:2013: Information technology \u2013 Security techniques \u2013 Information security management systems \u2013 Requirements (2013). https:\/\/www.iso.org\/standard\/54534.html","key":"9_CR7"},{"unstructured":"ISO\/IEC 27002:2013: Information technology \u2013 Security techniques \u2013 Code of practice for information security controls (2013). https:\/\/www.iso.org\/standard\/54533.html","key":"9_CR8"},{"unstructured":"ISO\/IEC 27005:2011: Information technology \u2013 Security techniques \u2013 Information security risk management (2011). https:\/\/www.iso.org\/standard\/56742.html","key":"9_CR9"},{"key":"9_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-19751-2_6","volume-title":"Formal Aspects of Security and Trust","author":"B Kordy","year":"2011","unstructured":"Kordy, B., Mauw, S., Radomirovi\u0107, S., Schweitzer, P.: Foundations of attack\u2013defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80\u201395. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19751-2_6"},{"issue":"5","key":"9_CR11","doi-asserted-by":"publisher","first-page":"1125","DOI":"10.1109\/JIOT.2017.2683200","volume":"4","author":"J Lin","year":"2017","unstructured":"Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., Zhao, W.: A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Int. Things J. 4(5), 1125\u20131142 (2017)","journal-title":"IEEE Int. Things J."},{"key":"9_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1007\/978-3-030-03421-4_25","volume-title":"Leveraging Applications of Formal Methods, Verification and Validation. Verification","author":"BL Mediouni","year":"2018","unstructured":"Mediouni, B.L., Nouri, A., Bozga, M., Legay, A., Bensalem, S.: Mitigating security risks through attack strategies exploration. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11245, pp. 392\u2013413. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03421-4_25"},{"unstructured":"Object Management Group: Unified Modeling Language (UML): Superstructure, version 2.0 (2005)","key":"9_CR13"},{"key":"9_CR14","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1016\/j.iot.2018.11.003","volume":"5","author":"PI Radoglou Grammatikis","year":"2019","unstructured":"Radoglou Grammatikis, P.I., Sarigiannidis, P.G., Moscholios, I.D.: Securing the internet of things: challenges, threats and solutions. Internet Things 5, 41\u201370 (2019). https:\/\/doi.org\/10.1016\/j.iot.2018.11.003","journal-title":"Internet Things"},{"key":"9_CR15","doi-asserted-by":"publisher","first-page":"102481","DOI":"10.1016\/j.jnca.2019.102481","volume":"149","author":"J Sengupta","year":"2020","unstructured":"Sengupta, J., Ruj, S., Das Bit, S.: A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. J. Netw. Comput. Appl. 149, 102481 (2020). https:\/\/doi.org\/10.1016\/j.jnca.2019.102481","journal-title":"J. Netw. Comput. Appl."},{"doi-asserted-by":"publisher","unstructured":"Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14\u201330 (2016). https:\/\/doi.org\/10.1016\/j.cose.2015.11.001,https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404815001650","key":"9_CR16","DOI":"10.1016\/j.cose.2015.11.001"},{"key":"9_CR17","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1016\/j.comnet.2014.11.008","volume":"76","author":"S Sicari","year":"2015","unstructured":"Sicari, S., Rizzardi, A., Grieco, L., Coen-Porisini, A.: Security, privacy and trust in internet of things: the road ahead. Comput. Netw. 76, 146\u2013164 (2015). https:\/\/doi.org\/10.1016\/j.comnet.2014.11.008","journal-title":"Comput. Netw."},{"unstructured":"Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. Nist Spec. Publ. 800(30), 800-830 (2002)","key":"9_CR18"},{"unstructured":"The European Union Agency for Cybersecurity: Mehari (2010). https:\/\/www.enisa.europa.eu\/topics\/threat-risk-management\/risk-management\/current-risk\/risk-management-inventory\/rm-ra-methods\/m_mehari.html","key":"9_CR19"},{"unstructured":"The National Cybersecurity Agency of France (ANSSI): EBIOS 2010 - Expression of Needs and Identifiation of Security objectives. (2010). https:\/\/www.ssi.gouv.fr\/guide\/ebios-2010-expression-des-besoins-et-identification-des-objectifs-de-securite\/","key":"9_CR20"},{"key":"9_CR21","first-page":"12","volume":"11","author":"Z Yazar","year":"2002","unstructured":"Yazar, Z.: A qualitative risk analysis and management tool-CRAMM. SANS InfoSec Reading Room White Paper 11, 12\u201332 (2002)","journal-title":"SANS InfoSec Reading Room White Paper"},{"doi-asserted-by":"crossref","unstructured":"Zahra, B.F., Abdelhamid, B.: Risk analysis in Internet of things using EBIOS. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1\u20137. IEEE (2017)","key":"9_CR22","DOI":"10.1109\/CCWC.2017.7868444"}],"container-title":["Lecture Notes in Computer Science","Risks and Security of Internet and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-68887-5_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T16:10:01Z","timestamp":1619280601000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-68887-5_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030688868","9783030688875"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-68887-5_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"12 February 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRiSIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Risks and Security of Internet and Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Paris","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crisis2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.crisis-conference.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}