{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T02:56:19Z","timestamp":1743044179992,"version":"3.40.3"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031351891"},{"type":"electronic","value":"9783031351907"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-35190-7_2","type":"book-chapter","created":{"date-parts":[[2023,6,7]],"date-time":"2023-06-07T19:02:26Z","timestamp":1686164546000},"page":"9-26","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Threat-Driven Dynamic Security Policies for\u00a0Cyber-Physical Infrastructures"],"prefix":"10.1007","author":[{"given":"Joseph","family":"Hallett","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simon N.","family":"Foley","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Manda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joseph","family":"Gardiner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dimitri","family":"Jonckers","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Awais","family":"Rashid","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,6,8]]},"reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M.: Logic in access control. In: Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science, 2003. pp. 228\u2013233. IEEE, IEEE, Ottawa, Canada (2003)","DOI":"10.1109\/LICS.2003.1210062"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Ahmed, M.S., Al-Shaer, E., Taibah, M.M., Abedin, M., Khan, L.: Towards autonomic risk-aware security configuration. In: IEEE Network Operations and Management Symposium. pp. 722\u2013725. IEEE, IEEE, Piscataway, NJ (2008)","DOI":"10.1109\/NOMS.2008.4575198"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Arcaini, P., Riccobenne, E., Scandurra, P.: Formal design and verification of self-adaptive systems with decentralized control. ACM Trans. Auton. Adapt. Syst. 11(4), 25:1\u201325:35 (2017)","DOI":"10.1145\/3019598"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Barbosa, D.M., de Moura Lima, R.G., Maia, P.H.M., Junior, E.C.: Lotus@Runtime: a tool for runtime monitoring and verification of self-adaptive systems. In: IEEE\/ACM 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems. pp. 24\u201330. IEEE, Buenos Aires, Argentina (2017)","DOI":"10.1109\/SEAMS.2017.18"},{"issue":"4","key":"2_CR5","doi-asserted-by":"publisher","first-page":"619","DOI":"10.3233\/JCS-2009-0364","volume":"18","author":"MY Becker","year":"2010","unstructured":"Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: Design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619\u2013665 (2010)","journal-title":"J. Comput. Secur."},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Cervini, J., Rubin, A., Watkins, L.: Don\u2019t drink the cyber: Extrapolating the possibilities of oldsmar\u2019s water treatment cyberattack. In: Proceedings of the 17th International Conference on Information Warfare and Security (2022)","DOI":"10.34190\/iccws.17.1.29"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Cheng, P.C., Rohatgi, P., Keser, C.: Fuzzy MLS: An experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy. pp. 222\u2013230 (2007)","DOI":"10.1109\/SP.2007.21"},{"key":"2_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2015.09.009","volume":"56","author":"Y Cherdantseva","year":"2016","unstructured":"Cherdantseva, Y., et al.: A review of cyber security risk assessment methods for SCADA systems. Comput. secur. 56, 1\u201327 (2016)","journal-title":"Comput. secur."},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Chromik, J.J., Remke, A., Haverkort, B.R.: Bro in SCADA: dynamic intrusion detection policies based on a system model. In: 5th International Symposium for ICS & SCADA Cyber Security, ICS-CSR 2018. pp. 112\u2013121. British Computer Society, Hamburg, Germany (2018)","DOI":"10.14236\/ewic\/ICS2018.13"},{"issue":"2","key":"2_CR10","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1007\/s10669-015-9540-y","volume":"35","author":"D DiMase","year":"2015","unstructured":"DiMase, D., Collier, Z.A., Heffner, K., Linkov, I.: Systems engineering framework for cyber physical security and resilience. Environ. Syst. Decisions 35(2), 291\u2013300 (2015). https:\/\/doi.org\/10.1007\/s10669-015-9540-y","journal-title":"Environ. Syst. Decisions"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Elkhodary, A., Whittle, J.: A survey of approaches to adaptive application security. In: Software Engineering for Adaptive and Self-Managing Systems, 2007. ICSE Workshops SEAMS\u201907. International Workshop on. pp. 16\u201316. IEEE (2007)","DOI":"10.1109\/SEAMS.2007.2"},{"key":"2_CR12","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet dossier. Tech. rep., Symantec Security Response (2011)"},{"issue":"1","key":"2_CR13","first-page":"14","volume":"18","author":"WM Fitzgerald","year":"2013","unstructured":"Fitzgerald, W.M., Neville, U., Foley, S.N.: MASON: Mobile autonomic security for network access controls. J. Inf. Secur. Appl. 18(1), 14\u201329 (2013)","journal-title":"J. Inf. Secur. Appl."},{"key":"2_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-03007-9_3","volume-title":"Data and Applications Security XXIII","author":"SN Foley","year":"2009","unstructured":"Foley, S.N., Fitzgerald, W.M.: An Approach to Security Policy Configuration Using Semantic Threat Graphs. In: Gudes, E., Vaidya, J. (eds.) DBSec 2009. LNCS, vol. 5645, pp. 33\u201348. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03007-9_3"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Foley, S.N., Fitzgerald, W.M.: Management of Security Policy Configuration using a semantic threat graph approach. J. Comput. Secur. 3(19), 567\u2013605 (2011)","DOI":"10.3233\/JCS-2011-0421"},{"issue":"3","key":"2_CR16","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1147\/JRD.2010.2043403","volume":"54","author":"SN Foley","year":"2010","unstructured":"Foley, S.N., Moss, H.: A risk-metric framework for enterprise risk management. IBM J. Res. Dev. 54(3), 3 (2010). https:\/\/doi.org\/10.1147\/JRD.2010.2043403","journal-title":"IBM J. Res. Dev."},{"issue":"1","key":"2_CR17","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/S0167-4048(99)80006-6","volume":"18","author":"SM Furnell","year":"1999","unstructured":"Furnell, S.M., Warren, M.J.: Computer hacking and cyber terrorism: the real threats in the new millennium? Comput. Secur. 18(1), 28\u201334 (1999)","journal-title":"Comput. Secur."},{"key":"2_CR18","unstructured":"Gao, Y., Xie, X., Parekh, M., Bajramovic, E.: SIEM: policy-based monitoring of SCADA systems. In: Informatik 2016. pp. 559\u2013570. Gesellschaft f\u00fcr Informatik eV, Bremen, Germany (2016)"},{"key":"2_CR19","doi-asserted-by":"publisher","unstructured":"Gardiner, J., Craggs, B., Green, B., Rashid, A.: Oops i did it again: Further adventures in the land of ics security testbeds. In: Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy. pp. 75\u201386. CPS-SPC\u201919, ACM, New York, NY, USA (2019). https:\/\/doi.org\/10.1145\/3338499.3357355","DOI":"10.1145\/3338499.3357355"},{"key":"2_CR20","unstructured":"Gibbs, S.: Triton: hackers take out safety systems in \u2019watershed\u2019 attack on energy plant. The Guardian (December 2017), https:\/\/www.theguardian.com\/technology\/2017\/dec\/15\/triton-hackers-malware-attack-safety-systems-energy-plant"},{"issue":"4","key":"2_CR21","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1109\/MDAT.2017.2709310","volume":"34","author":"J Giraldo","year":"2017","unstructured":"Giraldo, J., Sarkar, E., Cardenas, A.A., Maniatakos, M., Kantarcioglu, M.: Security and privacy in cyber-physical systems: a survey of surveys. IEEE Des. Test 34(4), 7\u201317 (2017)","journal-title":"IEEE Des. Test"},{"key":"2_CR22","unstructured":"Higgins, K.J.: Schneider Electric: TRITON\/TRISIS attack used 0-day flaw in its safety controller system, and a RAT (2018)"},{"key":"2_CR23","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MC.2003.1160055","volume":"36","author":"JO Kephart","year":"2003","unstructured":"Kephart, J.O., Chess, D.M.: The vision of autonomic computing. IEEE Comput. 36, 41\u201350 (2003)","journal-title":"IEEE Comput."},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Knowles, W., Prince, D., Hutchinson, D., Ferdinand, J., Disso, P., Jones, K.: Towards real-time assessment of industrial control systems (ICSs): A framework for future research. In: Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research. pp. 106\u2013109. Leicester, UK (2013)","DOI":"10.14236\/ewic\/ICSCSR2013.13"},{"issue":"3","key":"2_CR25","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1109\/MSPEC.2013.6471059","volume":"50","author":"D Kushner","year":"2013","unstructured":"Kushner, D.: The real story of stuxnet. IEEE Spectrum 50(3), 48\u201353 (2013)","journal-title":"IEEE Spectrum"},{"issue":"3","key":"2_CR26","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Privacy 9(3), 49\u201351 (2011)","journal-title":"IEEE Secur. Privacy"},{"key":"2_CR27","unstructured":"Lee, R.M., Assante, M.J., Conway, T.: German steel mill cyber attack. SANS, Technical Report 2014 https:\/\/ics.sans.org\/media\/ICS-CPPE-case-Study-2-German-Steelworks_Facility.pdf(2014)"},{"issue":"2","key":"2_CR28","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1145\/66926.66946","volume":"18","author":"D McCarthy","year":"1989","unstructured":"McCarthy, D., Umeshwar, D.: The architecture of an active database management system. ACM Sigmod Record 18(2), 215\u2013224 (1989)","journal-title":"ACM Sigmod Record"},{"key":"2_CR29","doi-asserted-by":"crossref","unstructured":"Miller, B., Rowe, D.: A survey SCADA of and critical infrastructure incidents. In: Proceedings of the 1st Annual conference on Research in information technology. pp. 51\u201356. ACM (2012)","DOI":"10.1145\/2380790.2380805"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Montemaggio, A., Iannucci, S., Bhowmik, T., Hamilton, J.: Designing a methodological framework for the empirical evaluation of self-protecting systems. In: 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C). pp. 218\u2013223. IEEE (2020)","DOI":"10.1109\/ACSOS-C51401.2020.00059"},{"key":"2_CR31","unstructured":"New York Independent System Operator, Inc: 2018 load & capacity data \u201cgold book\u201d. Tech. rep., ISO (2018)"},{"key":"2_CR32","doi-asserted-by":"crossref","unstructured":"Pandey, A., Ruchkin, I., Schmerl, B., C\u00e1mara, J.: Towards a formal framework for hybrid planning in self-adaptation. In: IEEE\/ACM 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems. pp. 109\u2013115. IEEE (2017)","DOI":"10.1109\/SEAMS.2017.14"},{"issue":"2","key":"2_CR33","first-page":"546","volume":"16","author":"J Petit","year":"2015","unstructured":"Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Trans. Syst. 16(2), 546\u2013556 (2015)","journal-title":"IEEE Trans. Intell. Trans. Syst."},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Radmand, P., Talevski, A., Petersen, S., Carlsen, S.: Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications. pp. 949\u2013957. IEEE (2010)","DOI":"10.1109\/AINA.2010.175"},{"key":"2_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-37670-3_1","volume-title":"Critical Information Infrastructures Security","author":"A Rashid","year":"2020","unstructured":"Rashid, A., Gardiner, J., Green, B., Craggs, B.: Everything Is Awesome! or Is It? Cyber Security Risks in Critical Infrastructure. In: Nadjm-Tehrani, S. (ed.) CRITIS 2019. LNCS, vol. 11777, pp. 3\u201317. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-37670-3_1"},{"key":"2_CR36","doi-asserted-by":"crossref","unstructured":"da Silva, C.E., da Silva, J.D.S., Paterson, C., Calinescu, R.: Self-adaptive role-based access control for business processes. In: IEEE\/ACM 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems. pp. 193\u2013203. Buenos Aires, Argentina (2017)","DOI":"10.1109\/SEAMS.2017.13"},{"key":"2_CR37","unstructured":"of Sponsoring Organizations of the Treadway Commission (COSO), C.: Enterprise Risk Management-Integrated Framework. Jersey City, NJ (2004)"},{"key":"2_CR38","doi-asserted-by":"crossref","unstructured":"Tsuchida, S., Nakagawa, H., Tramontana, E., Fornaia, A., Tsuchiya, T.: A framework for updating functionalities based on the MAPE loop mechanism. In: 42nd IEEE International Conference on Computer Software & Applications. pp. 38\u201347 (2018)","DOI":"10.1109\/COMPSAC.2018.00014"},{"key":"2_CR39","doi-asserted-by":"crossref","unstructured":"Waltermire, D., Quinn, S., Scarfone, K., Halbardier, A.: The Technical Specification for the Security Content Automation Protocol: SCAP Version 1.2. Recommendations of the National Institute of Standards and Technology, NIST-800-126 (2011)","DOI":"10.6028\/NIST.SP.800-126r2"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-35190-7_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,21]],"date-time":"2024-10-21T22:44:58Z","timestamp":1729550698000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-35190-7_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031351891","9783031351907"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-35190-7_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"8 June 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRITIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Information Infrastructures Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Munich","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"critis2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/critis2022.comtessa.org\/welcome","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"62% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2-3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1-2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}