{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,7]],"date-time":"2025-07-07T22:40:07Z","timestamp":1751928007745,"version":"3.41.2"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030809591"},{"type":"electronic","value":"9783030809607"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-80960-7_6","type":"book-chapter","created":{"date-parts":[[2021,7,8]],"date-time":"2021-07-08T06:02:37Z","timestamp":1625724157000},"page":"88-105","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Provenance-Based Security Audits and Its Application to COVID-19 Contact Tracing Apps"],"prefix":"10.1007","author":[{"given":"Andreas","family":"Schreiber","sequence":"first","affiliation":[]},{"given":"Tim","family":"Sonnekalb","sequence":"additional","affiliation":[]},{"given":"Thomas S.","family":"Heinze","sequence":"additional","affiliation":[]},{"given":"Lynn","family":"von Kurnatowski","sequence":"additional","affiliation":[]},{"given":"Jesus M.","family":"Gonzalez-Barahona","sequence":"additional","affiliation":[]},{"given":"Heather","family":"Packer","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,9]]},"reference":[{"key":"6_CR1","doi-asserted-by":"publisher","first-page":"134577","DOI":"10.1109\/ACCESS.2020.3010226","volume":"8","author":"N Ahmed","year":"2020","unstructured":"Ahmed, N., et al.: A survey of COVID-19 contact tracing apps. IEEE Access 8, 134577\u2013134601 (2020)","journal-title":"IEEE Access"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Baumg\u00e4rtner, L., et al.: Mind the gap: security & privacy risks of contact tracing apps (2020)","DOI":"10.1109\/TrustCom50675.2020.00069"},{"key":"6_CR3","doi-asserted-by":"publisher","first-page":"102186","DOI":"10.1016\/j.ijinfomgt.2020.102186","volume":"55","author":"N Carroll","year":"2020","unstructured":"Carroll, N., Conboy, K.: Normalising the \u201cnew normal\u201d: changing tech-driven work practices under pandemic time pressure. Int. J. Inf. Manag. 55, 102186 (2020)","journal-title":"Int. J. Inf. Manag."},{"key":"6_CR4","doi-asserted-by":"publisher","first-page":"100307","DOI":"10.1016\/j.cosrev.2020.100307","volume":"38","author":"AB Dar","year":"2020","unstructured":"Dar, A.B., Lone, A.H., Zahoor, S., Khan, A.A., Naaz, R.: Applicability of mobile contact tracing in fighting pandemic (COVID-19): issues, challenges and solutions. Comput. Sci. Rev. 38, 100307 (2020)","journal-title":"Comput. Sci. Rev."},{"key":"6_CR5","unstructured":"De Nies, T., et al.: Git2PROV: exposing version control system content as W3C PROV. In: Proceedings of the 12th International Semantic Web Conference (Posters & Demonstrations Track), ISWC-PD 2013, vol. 1035, pp. 125\u2013128. CEUR-WS.org (2013)"},{"issue":"8","key":"6_CR6","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/3338112","volume":"62","author":"D Distefano","year":"2019","unstructured":"Distefano, D., F\u00e4hndrich, M., Logozzo, F., O\u2019Hearn, P.W.: Scaling static analyses at Facebook. Commun. ACM 62(8), 62\u201370 (2019)","journal-title":"Commun. ACM"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Falleri, J., Morandat, F., Blanc, X., Martinez, M., Monperrus, M.: Fine-grained and accurate source code differencing. In: ACM\/IEEE International Conference on Automated Software Engineering, ASE 2014, September 15\u201319, 2014, pp. 313\u2013324. ACM, Vasteras (2014)","DOI":"10.1145\/2642937.2642982"},{"key":"6_CR8","unstructured":"Gvili, Y.: Security analysis of the COVID-19 contact tracing specifications by Apple Inc. and Google Inc., Cryptology ePrint Archive, Report 2020\/428 (2020)"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Habib, A., Pradel, M.: How many of all bugs do we find? A study of static bug detectors. In: Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering, ASE 2018, Montpellier, France, September 3\u20137, 2018, pp. 317\u2013328. ACM (2018)","DOI":"10.1145\/3238147.3238213"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., Bates, A., Marino, D.: Tactical provenance analysis for endpoint detection and response systems. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1172\u20131189 (2020)","DOI":"10.1109\/SP40000.2020.00096"},{"issue":"3","key":"6_CR11","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s10664-020-09934-4","volume":"26","author":"M Hatamian","year":"2021","unstructured":"Hatamian, M., Wairimu, S., Momen, N., Fritsch, L.: A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps. Empir. Softw. Eng. 26(3), 36 (2021)","journal-title":"Empir. Softw. Eng."},{"key":"6_CR12","doi-asserted-by":"publisher","first-page":"102287","DOI":"10.1016\/j.ijinfomgt.2020.102287","volume":"57","author":"W He","year":"2021","unstructured":"He, W., Zhang, Z.J., Li, W.: Information technology solutions, challenges, and suggestions for tackling the COVID-19 pandemic. Int. J. Inf. Manag. 57, 102287 (2021)","journal-title":"Int. J. Inf. Manag."},{"key":"6_CR13","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/s10664-008-9064-x","volume":"14","author":"R Hewett","year":"2009","unstructured":"Hewett, R., Kijsanayothin, P.: On modeling software defect repair time. Empir. Softw. Eng. 14, 165\u2013186 (2009)","journal-title":"Empir. Softw. Eng."},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Johnson, B., Song, Y., Murphy-Hill, E.R., Bowdidge, R.W.: Why don\u2019t software developers use static analysis tools to find bugs? In: Notkin, D., Cheng, B.H.C., Pohl, K. (eds.) 35th International Conference on Software Engineering, ICSE 2013, San Francisco, CA, USA, May 18\u201326, 2013, pp. 672\u2013681. IEEE Computer Society (2013)","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"6_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1007\/978-3-030-66172-4_8","volume-title":"Data Privacy Management, Cryptocurrencies and Blockchain Technology","author":"F Kamm\u00fcller","year":"2020","unstructured":"Kamm\u00fcller, F., Lutz, B.: Modeling and analyzing the corona-virus warning app with the Isabelle infrastructure framework. In: Garcia-Alfaro, J., Navarro-Arribas, G., Herrera-Joancomarti, J. (eds.) DPM\/CBT -2020. LNCS, vol. 12484, pp. 128\u2013144. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-66172-4_8"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Krishnamurthy, R., Heinze, T.S., Haupt, C., Schreiber, A., Meinel, M.: Scientific developers v\/s static analysis tools: vision and position paper. In: Proceedings of the 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE@ICSE 2019, Montr\u00e9al, QC, Canada, 27 May 2019, pp. 89\u201390. IEEE\/ACM (2019)","DOI":"10.1109\/CHASE.2019.00029"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Krishnamurthy, R., Meinel, M., Haupt, C., Schreiber, A., M\u00e4der, P.: DLR secure software engineering: position and vision paper. In: Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment, SEAD 2018, pp. 49\u201350. ACM (2018)","DOI":"10.1145\/3194707.3194716"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Kuhn, C., Beck, M., Strufe, T.: Covid notions: towards formal definitions\u2013and documented understanding\u2013of privacy goals and claimed protection in proximity-tracing services. CoRR abs\/2004.07723 (2020)","DOI":"10.1016\/j.osnem.2021.100125"},{"issue":"6","key":"6_CR19","doi-asserted-by":"publisher","first-page":"1631","DOI":"10.1016\/j.dsx.2020.08.029","volume":"14","author":"E Mbunge","year":"2020","unstructured":"Mbunge, E.: Integrating emerging technologies into COVID-19 contact tracing: opportunities, challenges and pitfalls. Diabetes Metab. Syndr.: Clin. Res. Rev. 14(6), 1631\u20131636 (2020)","journal-title":"Diabetes Metab. Syndr.: Clin. Res. Rev."},{"issue":"1","key":"6_CR20","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1002\/hbe2.237","volume":"3","author":"E Mbunge","year":"2021","unstructured":"Mbunge, E., Akinnuwesi, B., Fashoto, S.G., Metfula, A.S., Mashwama, P.: A critical review of emerging technologies for tackling COVID-19 pandemic. Hum. Behav. Emerg. Technol. 3(1), 25\u201339 (2021)","journal-title":"Hum. Behav. Emerg. Technol."},{"key":"6_CR21","unstructured":"McPhillips, T., Bowers, S., Belhajjame, K., Lud\u00e4scher, B.: Retrospective provenance without a runtime provenance recorder. In: Proceedings of the 7th USENIX Conference on Theory and Practice of Provenance, TaPP 2015. USENIX Association, USA (2015)"},{"issue":"4","key":"6_CR22","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1145\/1330311.1330323","volume":"51","author":"L Moreau","year":"2008","unstructured":"Moreau, L., et al.: The provenance of electronic data. Commun. ACM 51(4), 52\u201358 (2008)","journal-title":"Commun. ACM"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Nagappan, N., Ball, T.: Static analysis tools as early indicators of pre-release defect density. In: Proceedings of 27th International Conference on Software Engineering, 2005, ICSE 2005, pp. 580\u2013586. ACM (2005)","DOI":"10.1109\/ICSE.2005.1553604"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Nagappan, N., Ball, T.: Use of relative code churn measures to predict system defect density. In: 27th International Conference on Software Engineering (ICSE 2005), 15\u201321 May 2005, pp. 284\u2013292. ACM, St. Louis (2005)","DOI":"10.1145\/1062455.1062514"},{"key":"6_CR25","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-319-91602-6_6","volume-title":"Agile Processes in Software Engineering and Extreme Programming","author":"TD Oyetoyan","year":"2018","unstructured":"Oyetoyan, T.D., Milosheska, B., Grini, M., Soares Cruzes, D.: Myths and facts about static application security testing tools: an action research at telenor digital. In: Garbajosa, J., Wang, X., Aguiar, A. (eds.) XP 2018. LNBIP, vol. 314, pp. 86\u2013103. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-91602-6_6"},{"key":"6_CR26","unstructured":"Packer, H.S., Chapman, A., Carr, L.: GitHub2PROV: provenance for supporting software project management. In: 11th International Workshop on Theory and Practice of Provenance (TaPP 2019). USENIX Association, Philadelphia (June 2019)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Pasquier, T., et al.: Runtime analysis of whole-system provenance. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1601\u20131616. ACM, New York (2018)","DOI":"10.1145\/3243734.3243776"},{"issue":"9","key":"6_CR28","doi-asserted-by":"publisher","first-page":"1233","DOI":"10.1016\/j.jss.2006.02.048","volume":"79","author":"G Robles","year":"2006","unstructured":"Robles, G., Gonzalez-Barahona, J.M., Merelo, J.J.: Beyond source code: the importance of other artifacts in software development (a case study). J. Syst. Softw. 79(9), 1233\u20131248 (2006). Fourth Source Code Analysis and Manipulation Workshop (SCAM 2004)","journal-title":"J. Syst. Softw."},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"Schreiber, A., de Boer, C.: Modelling knowledge about software processes using provenance graphs and its application to git-based version control systems. In: 42nd International Conference on Software Engineering Workshops. IEEE\/ACM, Seoul, Republic of Korea (May 2020)","DOI":"10.1145\/3387940.3392220"},{"key":"6_CR30","unstructured":"Schreiber, A., de Boer, C., von Kurnatowski, L.: GitLab2PROV\u2013provenance of software projects hosted on GitLab. In: 13th International Workshop on Theory and Practice of Provenance (TaPP 2021). USENIX Association (July 2021)"},{"issue":"1","key":"6_CR31","doi-asserted-by":"publisher","first-page":"12","DOI":"10.3390\/computers7010012","volume":"7","author":"A Schreiber","year":"2018","unstructured":"Schreiber, A., Struminski, R.: Visualizing the provenance of personal data using comics. Computers 7(1), 12 (2018)","journal-title":"Computers"},{"key":"6_CR32","unstructured":"Smith, J., Do, L.N.Q., Murphy-Hill, E.R.: Why can\u2019t Johnny fix vulnerabilities: a usability evaluation of static analysis tools for security. In: Sixteenth Symposium on Usable Privacy and Security (SOUPS) (2020)"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Sonnekalb, T., Heinze, T.S., von Kurnatowski, L., Schreiber, A., Gonzalez-Barahona, J.M., Packer, H.: Towards automated, provenance-driven security audit for git-based repositories: applied to Germany\u2019s Corona-Warn-App. In: Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment (SEAD 2020). ACM, New York (2020)","DOI":"10.1145\/3416507.3423190"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Sun, R., Wang, W., Xue, M., Tyson, G., Camtepe, S., Ranasinghe, D.C.: An empirical assessment of global COVID-19 contact tracing applications. In: Proceedings of the 43rd International Conference on Software Engineering (ICSE 2021) (June 2021)","DOI":"10.1109\/ICSE43902.2021.00101"},{"issue":"6","key":"6_CR35","doi-asserted-by":"publisher","first-page":"5137","DOI":"10.1007\/s10664-020-09880-1","volume":"25","author":"A Trautsch","year":"2020","unstructured":"Trautsch, A., Herbold, S., Grabowski, J.: A longitudinal study of static analysis warning evolution and the effects of PMD on software quality in apache open source projects. Empir. Softw. Eng. 25(6), 5137\u20135192 (2020)","journal-title":"Empir. Softw. Eng."},{"key":"6_CR36","unstructured":"Vaudenay, S.: Analysis of DP3T: between scylla and charybdis. Cryptology ePrint Archive, Report 2020\/399 (2020)"},{"key":"6_CR37","unstructured":"Vaudenay, S.: Centralized or decentralized? The contact tracing dilemma. Cryptology ePrint Archive, Report 2020\/531 (2020)"},{"key":"6_CR38","doi-asserted-by":"publisher","unstructured":"Verborgh, R., Magliacane, S., Schreiber, A., Korolev, V.: GIT2PROV: improved error handling (July 2020). https:\/\/doi.org\/10.5281\/zenodo.3942169","DOI":"10.5281\/zenodo.3942169"},{"issue":"3","key":"6_CR39","first-page":"1","volume":"29","author":"Z Wang","year":"2020","unstructured":"Wang, Z., Feng, Y., Wang, Y., Jones, J.A., Redmiles, D.: Unveiling elite developers\u2019 activities in open source projects. ACM Trans. Softw. Eng. Methodol. 29(3), 1\u201335 (2020)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Zimmermann, T., Weisgerber, P., Diehl, S., Zeller, A.: Mining version histories to guide software changes. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 563\u2013572. IEEE (2004)","DOI":"10.1109\/ICSE.2004.1317478"}],"container-title":["Lecture Notes in Computer Science","Provenance and Annotation of Data and Processes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-80960-7_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,7]],"date-time":"2025-07-07T22:02:17Z","timestamp":1751925737000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-80960-7_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030809591","9783030809607"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-80960-7_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"9 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IPAW","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Provenance and Annotation Workshop","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ipaw2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iitdbgroup.github.io\/ProvenanceWeek2021\/ipaw.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"47% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"In addition, 6 posters and system demonstrations were accepted for publication","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}