{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,2]],"date-time":"2025-11-02T14:26:47Z","timestamp":1762093607166,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031425912"},{"type":"electronic","value":"9783031425929"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-42592-9_3","type":"book-chapter","created":{"date-parts":[[2023,9,7]],"date-time":"2023-09-07T23:04:03Z","timestamp":1694127843000},"page":"37-53","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Architecture-Based Attack Path Analysis for\u00a0Identifying Potential Security Incidents"],"prefix":"10.1007","author":[{"given":"Maximilian","family":"Walter","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robert","family":"Heinrich","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ralf","family":"Reussner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,9,8]]},"reference":[{"key":"3_CR1","doi-asserted-by":"crossref","unstructured":"Aksu, M.U., et al.: Automated generation of attack graphs using NVD. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (CODASPY), pp. 135\u2013142. ACM (2018)","DOI":"10.1145\/3176258.3176339"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Alhebaishi, N., et al.: Threat modeling for cloud data center infrastructures. In: Foundations and Practice of Security, pp. 302\u2013319 (2016)","DOI":"10.1007\/978-3-319-51966-1_20"},{"key":"3_CR3","unstructured":"Basili, G., et al.: The goal question metric approach. Encyclopedia of Software Engineering (1994)"},{"key":"3_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-319-30806-7_4","volume-title":"Engineering Secure Software and Systems","author":"BJ Berger","year":"2016","unstructured":"Berger, B.J., Sohr, K., Koschke, R.: Automatically extracting threats from extended data flow diagrams. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 56\u201371. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-30806-7_4"},{"key":"3_CR5","unstructured":"CVE. https:\/\/cve.mitre.org\/. Accessed 11 Jan 2022"},{"key":"3_CR6","unstructured":"CVSS SIG. https:\/\/www.first.org\/cvss\/. Accessed 11 Jan 2022"},{"key":"3_CR7","unstructured":"CWE. https:\/\/cwe.mitre.org\/. Accessed 11 Jan 2022"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Fisler, K., et al.: Verification and change-impact analysis of access-control policies. In: International Conference on Software Engineering 2005, p. 196 (2005)","DOI":"10.1145\/1062455.1062502"},{"key":"3_CR9","unstructured":"Hamilton, B.A.: Industrial Cybersecurity Threat Briefing. Tech. rep., p. 82"},{"key":"3_CR10","first-page":"167","volume":"146","author":"R Heinrich","year":"2018","unstructured":"Heinrich, R., et al.: Architecture-based change impact analysis in cross-disciplinary automated production systems. JSS 146, 167\u2013185 (2018)","journal-title":"JSS"},{"key":"3_CR11","unstructured":"ISO: Information technology. en. Standard ISO\/IEC 27000:2018, Geneva, CH (2018)"},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Johns, E.: Cyber Security Breaches Survey 2021: Statistical Release (2021)","DOI":"10.1016\/S1353-4858(21)00036-2"},{"key":"3_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/3-540-45800-X_32","volume-title":"UML 2002 \u2014 The Unified Modeling Language","author":"J J\u00fcrjens","year":"2002","unstructured":"J\u00fcrjens, J.: UMLsec: extending UML for secure systems development. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412\u2013425. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45800-X_32"},{"key":"3_CR14","unstructured":"Katkalov, K.: Ein modellgetriebener Ansatz zur Entwicklung informationsflusssicherer Systeme. doctoral thesis, Universit\u00e4t Augsburg (2017)"},{"key":"3_CR15","doi-asserted-by":"crossref","unstructured":"Kirschner, Y.R., et al.: Automatic Derivation of Vulnerability Models for Software Architectures. In: IEEE 20th International Conference on Software Architecture Companion (ICSA-C), pp. 276\u2013283 (2023)","DOI":"10.1109\/ICSA-C57050.2023.00065"},{"key":"3_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13\u201314","author":"B Kordy","year":"2014","unstructured":"Kordy, B., et al.: DAG-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput. Sci. Rev. 13\u201314, 1\u201338 (2014)","journal-title":"Comput. Sci. Rev."},{"key":"3_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"426","DOI":"10.1007\/3-540-45800-X_33","volume-title":"UML 2002 \u2014 The Unified Modeling Language","author":"Torsten Lodderstedt","year":"2002","unstructured":"Lodderstedt, Torsten, Basin, David, Doser, J\u00fcrgen.: SecureUML: a UML-based modeling language for model-driven security. In: J\u00e9z\u00e9quel, Jean-Marc., Hussmann, Heinrich, Cook, Stephen (eds.) UML 2002. LNCS, vol. 2460, pp. 426\u2013441. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45800-X_33"},{"key":"3_CR18","unstructured":"OWASP Top Ten Web Application Security Risks | OWASP. https:\/\/owasp.org\/www-project-top-ten\/. Accessed 11 Jan 2022"},{"issue":"1","key":"3_CR19","first-page":"11","volume":"29","author":"M Plachkinova","year":"2018","unstructured":"Plachkinova, M., Maurer, C.: Security breach at target. J. Inf. Syst. Educ. 29(1), 11\u201320 (2018)","journal-title":"J. Inf. Syst. Educ."},{"issue":"3","key":"3_CR20","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1007\/s12530-018-9234-z","volume":"11","author":"N Polatidis","year":"2020","unstructured":"Polatidis, N., et al.: From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks. Evolving Syst. 11(3), 479\u2013490 (2020)","journal-title":"Evolving Syst."},{"key":"3_CR21","unstructured":"Reussner, R., et al.: Modeling and Simulating Software Architectures - The Palladio Approach. MIT Press, Cambridge (2016). isbn: 9780262034760"},{"issue":"2","key":"3_CR22","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/s10664-008-9102-8","volume":"14","author":"P Runeson","year":"2008","unstructured":"Runeson, P., H\u00f6st, M.: Guidelines for conducting and reporting case study research in software engineering. Empirical Softw. .ineering 14(2), 131 (2008)","journal-title":"Empirical Softw. .ineering"},{"issue":"12","key":"3_CR23","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"key":"3_CR24","unstructured":"Securing the Software Supply Chain: Recommended Practices Guide for Developers, p. 64. Cybersecurity and Infrastructure Security Agency (CISA) (2022)"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Seifermann, S., et al.: detecting violations of access control and information flow policies in data flow diagrams. J. Syst. Softw. 184, 111138 (2021)","DOI":"10.1016\/j.jss.2021.111138"},{"key":"3_CR26","unstructured":"Shu, X., et al.: Breaking the Target: An Analysis of Target Data Breach and Lessons Learned. arXiv:1701.04940 [cs] (2017)"},{"key":"3_CR27","doi-asserted-by":"crossref","unstructured":"Sion, L., et al.: Solution-aware data flow diagrams for security threat modeling. In: Symposium on Applied Computing, pp. 1425\u20131432. ACM (2018)","DOI":"10.1145\/3167132.3167285"},{"issue":"3","key":"3_CR28","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1109\/JSYST.2012.2221853","volume":"7","author":"T Sommestad","year":"2012","unstructured":"Sommestad, T., et al.: The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures. IEEE Syst. J. 7(3), 363\u2013373 (2012)","journal-title":"IEEE Syst. J."},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Tuma, K., et al.: Flaws in flows: unveiling design flaws via information flow analysis. In: International Conference on Software Architecture, pp. 191\u2013200 (2019)","DOI":"10.1109\/ICSA.2019.00028"},{"key":"3_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-662-46666-7_7","volume-title":"Principles of Security and Trust","author":"F Turkmen","year":"2015","unstructured":"Turkmen, F., den Hartog, J., Ranise, S., Zannone, N.: Analysis of XACML policies with SMT. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 115\u2013134. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46666-7_7"},{"key":"3_CR31","unstructured":"Van Rijsbergen, C., and Van Rijsbergen, C.: Information Retrieval. Butterworths (1979). isbn: 9780408709293"},{"key":"3_CR32","doi-asserted-by":"crossref","unstructured":"Walter, M., and Reussner, R.: Tool-based attack graph estimation and scenario analysis for software architectures. In: European Conference on Software Architecture 2022 Tracks and Workshops (accepted, to appear)","DOI":"10.1007\/978-3-031-36889-9_5"},{"key":"3_CR33","doi-asserted-by":"crossref","unstructured":"Walter, M., et al.: Architectural attack propagation analysis for identifying confidentiality issues. In: International Conference on Software Architecture (2022)","DOI":"10.1109\/ICSA53651.2022.00009"},{"key":"3_CR34","doi-asserted-by":"crossref","unstructured":"Walter, M., et al.: Architecture-based attack propagation and variation analysis for identifying confidentiality issues in Industry 4.0. at - Automatisierungstechnik 71(6), 443\u2013452 (2023)","DOI":"10.1515\/auto-2022-0135"},{"key":"3_CR35","doi-asserted-by":"publisher","unstructured":"Walter, M., et al.: Dataset: Architecture-based Attack Path Analysis for Identifying Potential Security Incidents. https:\/\/doi.org\/10.5281\/zenodo.7900356","DOI":"10.5281\/zenodo.7900356"},{"key":"3_CR36","doi-asserted-by":"crossref","unstructured":"Yuan, B., et al.: An attack path generation methods based on graph database. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp. 1905\u20131910 (2020)","DOI":"10.1109\/ITNEC48623.2020.9085039"}],"container-title":["Lecture Notes in Computer Science","Software Architecture"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-42592-9_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,7]],"date-time":"2023-09-07T23:06:54Z","timestamp":1694128014000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-42592-9_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031425912","9783031425929"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-42592-9_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"8 September 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ECSA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Conference on Software Architecture","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Istanbul","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"T\u00fcrkiye","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecsa2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}