{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:49:55Z","timestamp":1742914195834,"version":"3.40.3"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031368882"},{"type":"electronic","value":"9783031368899"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-36889-9_5","type":"book-chapter","created":{"date-parts":[[2023,7,15]],"date-time":"2023-07-15T21:01:50Z","timestamp":1689454910000},"page":"45-61","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Tool-Based Attack Graph Estimation and\u00a0Scenario Analysis for\u00a0Software Architectures"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0358-6644","authenticated-orcid":false,"given":"Maximilian","family":"Walter","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9308-6290","authenticated-orcid":false,"given":"Ralf","family":"Reussner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,7,16]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","unstructured":"Alberti, F., Armando, A., Ranise, S.: Efficient symbolic automated analysis of administrative attribute-based RBAC-policies. In: ASIACCS, p. 165 (2011). ISBN 978-1-4503-0564-8. https:\/\/doi.org\/10.1145\/1966913.1966935, https:\/\/portal.acm.org\/citation.cfm?doid=1966913.1966935","DOI":"10.1145\/1966913.1966935"},{"key":"5_CR2","doi-asserted-by":"publisher","unstructured":"Al-Ali, R., Heinrich, R., Hnetynka, P., Juan-Verdejo, A., Seifermann, S., Walter, M.: Modeling of dynamic trust contracts for industry 4.0 systems. In: ECSA-C, ACM (2018). https:\/\/doi.org\/10.1145\/3241403.3241450","DOI":"10.1145\/3241403.3241450"},{"key":"5_CR3","unstructured":"Caldiera, V.R.B.G., Rombach, H.D.: The goal question metric approach. Encyclopedia Softw. Eng. 528\u2013532 (1994)"},{"issue":"5","key":"5_CR4","doi-asserted-by":"publisher","first-page":"815","DOI":"10.1016\/j.infsof.2008.05.011","volume":"51","author":"D Basin","year":"2009","unstructured":"Basin, D., et al.: Automated analysis of security-design models. Inf. Softw. Technol. 51(5), 815\u2013831 (2009)","journal-title":"Inf. Softw. Technol."},{"key":"5_CR5","unstructured":"BloodHound Enterprise. https:\/\/bloodhoundenterprise.io\/. Assessed 05 Oct 2021"},{"key":"5_CR6","unstructured":"Cole, E.: Advanced persistent threat: understanding the danger and how to protect your organization. Newnes (2012). ISBN 978-1597499491"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Mi\u00e8ge, A.: Modelling contexts in the or-bac model. In: ACSAC, pp. 416\u2013425 (2003)","DOI":"10.1109\/CSAC.2003.1254346"},{"key":"5_CR8","unstructured":"CVSS SIG. https:\/\/www.first.org\/cvss\/. Assessed 25 Oct 2021"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-030-54549-9_10","volume-title":"Computer Safety, Reliability, and Security","author":"C Deloglos","year":"2020","unstructured":"Deloglos, C., Elks, C., Tantawy, A.: An attacker modeling framework for the assessment of cyber-physical systems security. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds.) SAFECOMP 2020. LNCS, vol. 12234, pp. 150\u2013163. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-54549-9_10"},{"key":"5_CR10","unstructured":"Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-based access control (RBAC): features and motivations. In: ACSAC, pp. 241\u2013248 (1995)"},{"key":"5_CR11","doi-asserted-by":"publisher","unstructured":"Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: ICSE, p. 196 (2005). https:\/\/doi.org\/10.1145\/1062455.1062502","DOI":"10.1145\/1062455.1062502"},{"key":"5_CR12","doi-asserted-by":"publisher","unstructured":"Gerking, C., Schubert, D.: In: ICSA, pp. 61\u201370, 03. ISBN 978-1-7281-0528-4. https:\/\/doi.org\/10.1109\/ICSA.2019.00015","DOI":"10.1109\/ICSA.2019.00015"},{"key":"5_CR13","first-page":"110722","volume":"169","author":"R Heinrich","year":"2020","unstructured":"Heinrich, R.: Architectural runtime models for integrating runtime observations and component-based models. JSS 169, 110722 (2020)","journal-title":"JSS"},{"key":"5_CR14","doi-asserted-by":"publisher","unstructured":"Heinrich, R., Koch, S., Cha, S., Busch, K., Reussner, R., Vogel-Heuser, B.: Architecture-based change impact analysis in cross-disciplinary automated production systems. JSS 146, 167\u2013185 (2018). ISSN 0164-1212. https:\/\/doi.org\/10.1016\/j.jss.2018.08.058, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0164121218301717","DOI":"10.1016\/j.jss.2018.08.058"},{"key":"5_CR15","doi-asserted-by":"publisher","unstructured":"Hu, V., et al.: Attribute-based access control. Computer 48(2), 85\u201388 (2015). ISSN 0018\u20139162. https:\/\/doi.org\/10.1109\/MC.2015.33","DOI":"10.1109\/MC.2015.33"},{"key":"5_CR16","doi-asserted-by":"publisher","unstructured":"Jabal, A.A., et al.: Methods and tools for policy analysis. ACM Comput. Surv. 51(6), 1\u201335 (2019.) ISSN 03600300. https:\/\/doi.org\/10.1145\/3295749","DOI":"10.1145\/3295749"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Johns, E.: Cyber security breaches survey 2021: Statistical release. Media & Sport, UK and Ipsos Mori, Technical report, Department for Digital, Culture (2021)","DOI":"10.1016\/S1353-4858(21)00036-2"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/3-540-45800-X_32","volume-title":"UML 2002 \u2014 The Unified Modeling Language","author":"J J\u00fcrjens","year":"2002","unstructured":"J\u00fcrjens, J.: UMLsec: extending UML for secure systems development. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412\u2013425. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45800-X_32"},{"key":"5_CR19","doi-asserted-by":"publisher","unstructured":"Kalam, A., et al.: In: POLICY 2003, 06. https:\/\/doi.org\/10.1109\/POLICY.2003.1206966","DOI":"10.1109\/POLICY.2003.1206966"},{"key":"5_CR20","doi-asserted-by":"publisher","unstructured":"Katkalov, K., Stenzel, K., Borek, M., Reif, W.: Model-driven development of information flow-secure systems with iflow. In: SOCIALCOM 2013, pp. 51\u201356. https:\/\/doi.org\/10.1109\/SocialCom.2013.14","DOI":"10.1109\/SocialCom.2013.14"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Kirschner, Y.R., et al.: Automatic derivation of vulnerability models for software architectures. In: ICSA-C (accepted, to appear) (2023)","DOI":"10.1109\/ICSA-C57050.2023.00065"},{"key":"5_CR22","unstructured":"Kramer, M.E., Hecker, M., Greiner, S., Bao, K., Yurchenko, K.: Model-driven specification and analysis of confidentiality in component-based systems. Technical Report 12, KIT-Department of Informatics (2017)"},{"issue":"5323","key":"5_CR23","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1038\/234034a0","volume":"234","author":"M Levandowsky","year":"1971","unstructured":"Levandowsky, M., Winter, D.: Distance between sets. Nature 234(5323), 34\u201335 (1971)","journal-title":"Nature"},{"key":"5_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"426","DOI":"10.1007\/3-540-45800-X_33","volume-title":"UML 2002 \u2014 The Unified Modeling Language","author":"T Lodderstedt","year":"2002","unstructured":"Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426\u2013441. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45800-X_33"},{"key":"5_CR25","unstructured":"MITRE: CVE. https:\/\/cve.mitre.org\/. Assessed 25 Oct 2021"},{"key":"5_CR26","unstructured":"MITRE: CWE. https:\/\/cwe.mitre.org\/. Assessed 25 Oct 2021"},{"key":"5_CR27","unstructured":"MITRE: CWE-312. https:\/\/cwe.mitre.org\/data\/definitions\/312.html. Assessed 25 Oct 10 2021"},{"key":"5_CR28","doi-asserted-by":"publisher","unstructured":"Nguyen, P.H., Kramer, M., Klein, J., Le Traon, Y.: An extensive systematic review on the model-driven development of secure systems. Inf. Softw. Technol. 68, 62\u201381 (2015). ISSN 09505849. https:\/\/doi.org\/10.1016\/j.infsof.2015.08.006","DOI":"10.1016\/j.infsof.2015.08.006"},{"key":"5_CR29","unstructured":"NIST. Cve-2021-28374. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28374"},{"key":"5_CR30","unstructured":"NVD. https:\/\/nvd.nist.gov\/vuln. Assessed 25 Oct 2021"},{"key":"5_CR31","unstructured":"Reussner, R., et al.: Modeling and Simulating Software Architectures - The Palladio Approach. MIT Press, Cambridge, MA, October 2016. ISBN 9780262034760. https:\/\/mitpress.mit.edu\/books\/modeling-and-simulating-software-architectures"},{"key":"5_CR32","doi-asserted-by":"publisher","unstructured":"Runeson, P., H\u00f6st, M.: Guidelines for conducting and reporting case study research in software engineering 14(2), 131 (2009). ISSN 1573\u20137616. https:\/\/doi.org\/10.1007\/s10664-008-9102-8","DOI":"10.1007\/s10664-008-9102-8"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Seifermann, S., Heinrich, R., Werle, D., Reussner, R.: Detecting violations of access control and information flow policies in data flow diagrams. JSS 184, 1873\u20131228 (2021). ISSN 0164\u20131212","DOI":"10.1016\/j.jss.2021.111138"},{"key":"5_CR34","unstructured":"Xiaokui, S., Ke, T., Andrew, C., Danfeng, Y.: Breaking the target: an analysis of target data breach and lessons learned (2017). https:\/\/arxiv.org\/abs\/1701.04940"},{"key":"5_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-540-73031-6_27","volume-title":"Requirements Engineering: Foundation for Software Quality","author":"G Sindre","year":"2007","unstructured":"Sindre, G.: Mal-activity diagrams for capturing attacks on business processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355\u2013366. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-73031-6_27"},{"key":"5_CR36","doi-asserted-by":"publisher","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34\u201344 (2005). ISSN 0947\u20133602, 1432\u2013010X. https:\/\/doi.org\/10.1007\/s00766-004-0194-4","DOI":"10.1007\/s00766-004-0194-4"},{"key":"5_CR37","doi-asserted-by":"publisher","unstructured":"Tuma, K., Scandariato, R., Balliu, M.: Flaws in flows: unveiling design flaws via information flow analysis. In: ICSA, pp. 191\u2013200 (2019). https:\/\/doi.org\/10.1109\/ICSA.2019.00028","DOI":"10.1109\/ICSA.2019.00028"},{"key":"5_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-662-46666-7_7","volume-title":"Principles of Security and Trust","author":"F Turkmen","year":"2015","unstructured":"Turkmen, F., den Hartog, J., Ranise, S., Zannone, N.: Analysis of XACML policies with SMT. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 115\u2013134. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46666-7_7"},{"key":"5_CR39","unstructured":"Walter, M., Seifermann, S., Heinrich, R.: A taxonomy of dynamic changes affecting confidentiality. In: 11th Workshop Design For Future - Langlebige Softwaresysteme (2020)"},{"key":"5_CR40","doi-asserted-by":"publisher","unstructured":"Walter, M., Heinrich, R., Reussner, R.: Architectural attack propagation analysis for identifying confidentiality issues. In: IEEE ICSA, pp. 1\u201312 (2022). https:\/\/doi.org\/10.1109\/ICSA53651.2022.00009","DOI":"10.1109\/ICSA53651.2022.00009"},{"key":"5_CR41","unstructured":"Walter, M., et al.: Architectural attack propagation in industry 4.0. at - Automatisierungstechnik (accepted, to appear) (2023)"},{"key":"5_CR42","doi-asserted-by":"publisher","unstructured":"Walter, M., et al.: Dataset: palladio context-based scenario analysis (2022). https:\/\/doi.org\/10.5281\/zenodo.7431562","DOI":"10.5281\/zenodo.7431562"},{"key":"5_CR43","unstructured":"XACML. https:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-osen.html. Accessed 25 Oct 2021"},{"key":"5_CR44","doi-asserted-by":"crossref","unstructured":"Yuan, B., et al.: An attack path generation methods based on graph database. In: ITNEC, pp. 1905\u20131910 (2020)","DOI":"10.1109\/ITNEC48623.2020.9085039"}],"container-title":["Lecture Notes in Computer Science","Software Architecture. ECSA 2022 Tracks and Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-36889-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,24]],"date-time":"2024-10-24T06:48:53Z","timestamp":1729752533000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-36889-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031368882","9783031368899"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-36889-9_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"16 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ECSA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Conference on Software Architecture","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Prague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Czech Republic","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecsa2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conf.researchr.org\/home\/ecsa-2022","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"61","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"43% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2 tutorial papers","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}