{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T00:31:12Z","timestamp":1742949072333,"version":"3.40.3"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031430329"},{"type":"electronic","value":"9783031430336"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-43033-6_23","type":"book-chapter","created":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T05:01:47Z","timestamp":1697864507000},"page":"228-242","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Determining an\u00a0Economic Value of\u00a0High Assurance for\u00a0Commodity Software Security"],"prefix":"10.1007","author":[{"given":"Virgil","family":"Gligor","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adrian","family":"Perrig","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Basin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,10,21]]},"reference":[{"key":"23_CR1","unstructured":"Common Criteria. Evaluation Assurance Levels (EALs). https:\/\/en.wikipedia.org\/wiki\/Evaluation_Assurance_Level"},{"key":"23_CR2","unstructured":"Finances Online. 119 Impressive Cybersecurity Statistics: $$2021\/2022$$ Data & Market Analysis, Cybermarket Statistics. https:\/\/financesonline.com\/cybersecurity-statistics\/"},{"key":"23_CR3","unstructured":"Smith, Z.M., Lostri, E., Lewis, J.A.: The Hidden Costs of Cybercrime. McAfee Report for Center for Strategic and International Studies (2020). https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-hidden-costs-of-cybercrime.pdf"},{"key":"23_CR4","doi-asserted-by":"crossref","unstructured":"Klein, G., et al.: Comprehensive formal verification of an OS microkernel. ACM Trans. Comput. Syst. 32(1), 1\u201370 (2014)","DOI":"10.1145\/2560537"},{"key":"23_CR5","unstructured":"Hawblitzel, C., et al.: Ironclad apps: end-to-end security via automated full-system verification. In: Proceedings of USENIX OSDI, pp. 165\u2013181 (2014)"},{"key":"23_CR6","doi-asserted-by":"crossref","unstructured":"Protzenko, J., et al.: EverCrypt: a fast, verified, cross-platform cryptographic provider. In: Proceedings of the IEEE Symposium on Security and Privacy (2020)","DOI":"10.1109\/SP40000.2020.00114"},{"key":"23_CR7","doi-asserted-by":"crossref","unstructured":"Yu, M., Gligor, V., Jia, L.: An I\/O separation model for formal verification of kernel implementations. In: Proceedings of the IEEE Symposium on Security and Privacy (2021)","DOI":"10.1109\/SP40001.2021.00101"},{"key":"23_CR8","doi-asserted-by":"publisher","unstructured":"Gligor, V.: Security limitations of virtualization and how to overcome them (transcript of discussion). In: Christianson, B., Malcolm, J. (eds.) Security Protocols 2010. LNCS, vol. 7061, pp. 252\u2013265. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45921-8_35","DOI":"10.1007\/978-3-662-45921-8_35"},{"key":"23_CR9","doi-asserted-by":"publisher","unstructured":"Lampson, B.W.: Software components: only the giants survive. In: Spark-Jones, K., Herbert, A. (eds.) Computer Systems: Theory, Technology, and Applications, Chapter 20, vol. 9, pp. 137\u2013146. Springer, New York (2004). https:\/\/doi.org\/10.1007\/0-387-21821-1_21","DOI":"10.1007\/0-387-21821-1_21"},{"key":"23_CR10","doi-asserted-by":"crossref","unstructured":"Lampson, B.W.: Computer security in the real world. In: Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC 2000), IEEE Computer, vol. 37, pp. 37\u201346 (2004). https:\/\/www.acsac.org\/2000\/papers\/lampson.pdf","DOI":"10.1109\/MC.2004.17"},{"issue":"11","key":"23_CR11","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1145\/1592761.1592773","volume":"52","author":"BW Lampson","year":"2009","unstructured":"Lampson, B.W.: Usable security: how to get it. Commun. ACM 52(11), 25\u201327 (2009)","journal-title":"Commun. ACM"},{"key":"23_CR12","unstructured":"Finances Online. 119 Impressive Cybersecurity Statistics: 2021\/2022 Data & Market Analysis, Cybermarket Statistics. https:\/\/financesonline.com\/cybersecurity-statistics\/"},{"key":"23_CR13","doi-asserted-by":"crossref","unstructured":"IBM Corporation and Ponemon Institute. Cost of a Data Breach Report 2021\u20132022. https:\/\/www.ibm.com\/security\/data-breach","DOI":"10.12968\/S1353-4858(22)70049-9"},{"key":"23_CR14","unstructured":"HP Enterprise Security and Ponemon Institute. 2012 Cost of Cyber Crime Study: United States. https:\/\/www.ponemon.org\/local\/upload\/file\/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf"},{"key":"23_CR15","doi-asserted-by":"publisher","unstructured":"Gligor, V.: Dancing with the adversary: a tale of wimps and giants (transcript of discussion). In: Christianson, B., Malcolm, J., Maty\u00e1\u0161, V., \u0160venda, P., Stajano, F., Anderson, J. (eds.) Security Protocols 2014. LNCS, vol. 8809, pp. 116\u2013129. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-12400-1_12","DOI":"10.1007\/978-3-319-12400-1_12"},{"key":"23_CR16","doi-asserted-by":"crossref","unstructured":"Fehr, E.: The economics and biology of trust. J. Eur. Econ. Assoc. 7 (2009)","DOI":"10.2139\/ssrn.1361689"},{"key":"23_CR17","doi-asserted-by":"publisher","unstructured":"Gligor, V., Wing, J.M.: Towards a theory of trust in networks of humans and computers. In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 223\u2013242. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25867-1_22","DOI":"10.1007\/978-3-642-25867-1_22"},{"key":"23_CR18","unstructured":"VentureBeat Staff. Report: US businesses experience-42-cyberattacks-per-year (2022). https:\/\/venturebeat.com\/security\/report-u-s-businesses-experience-42-cyberattacks-per-year\/"},{"key":"23_CR19","unstructured":"National Security Agency. Embracing a Zero Trust Security Model (2021). https:\/\/media.defense.gov\/2021\/Feb\/25\/2002588479\/1\/1\/0CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF"},{"key":"23_CR20","unstructured":"Future Market Insights. Cybersecurity Insurance Market Snapshot (2022\u20132032). https:\/\/www.futuremarketinsights.com\/reports\/cybersecurity-insurance-market"},{"key":"23_CR21","unstructured":"Adrian Mak. Cyber Insurance Cost by Industry. AdvisorSmith (2021). https:\/\/advisorsmith.com\/business-insurance\/cyber-liability-insurance\/cost-by-industry\/"},{"key":"23_CR22","unstructured":"NAIC Staff. Report on the Cyber Insurance Market, Memorandum (2022). https:\/\/content.naic.org\/sites\/default\/files\/cmte-c-cyber-supplement-report-2022-for-data-year-2021.pdf"},{"key":"23_CR23","unstructured":"Rezilion and Ponemon Institute. The State of Vulnerability Management in DevSecOps (2022). https:\/\/www.rezilion.com\/wp-content\/uploads\/2022\/09\/Ponemon-Rezilion-Report-Final.pdf"},{"key":"23_CR24","unstructured":"Keary, T.: Vulnerability management: Most orgs have a backlog of 100K vulnerabilities. In: VentureBeat (2022). https:\/\/venturebeat.com\/security\/vulnerability-management-most-orgs-have-a-backlog-of-100k-vulnerabilities"},{"key":"23_CR25","unstructured":"Torres, R.: Enterprise App Sprawl with most apps outside IT control. In: CIO Dive (2021). https:\/\/www.ciodive.com\/news\/app-sprawl-saas-data-shadow-it-productiv\/606872\/"},{"key":"23_CR26","unstructured":"Vittorio, A.: Merck\u2019s \\$1.4 Billion Insurance Win Splits Cyber From \u201cAct of War\u201d. In: Bloomberg Law (2022). https:\/\/news.bloomberglaw.com\/privacy-and-data-security\/mercks-1-4-billion-insurance-win-splits-cyber-from-act-of-war"},{"key":"23_CR27","unstructured":"Yehezkel, S.: The cost of cybersecurity insurance is soaring-and state-backed attacks will be harder to cover. It\u2019s time for companies to take threats more seriously. In: Fortune (2023). https:\/\/fortune.com\/2023\/02\/15\/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel\/"},{"key":"23_CR28","unstructured":"Joyce, R.: Disrupting Nation State Hackers. Invited Keynote at USENIX Enigma Conference (2016). https:\/\/www.youtube.com\/watch?v=bDJb8WOJYdA"},{"key":"23_CR29","unstructured":"Gupta, S., Gligor, V.D.: Towards a theory of penetration-resistant computer systems. J. Comput. Secur. 1(2), 133\u2013158 (1992) (also in Proceedings of 4th IEEE Computer Security Foundations Workshop, Franconia, New Hampshire, pp. 62\u201378 (1991)). https:\/\/content.iospress.com\/articles\/journal-of-computer-security\/jcs1-2-02"},{"key":"23_CR30","unstructured":"Gupta, S., Gligor, V.D.: Experience with a penetration analysis method and tool. In: Proceedings of the 15th National Computer security Conference, Baltimore, pp. 165\u2013183 (1992). https:\/\/csrc.nist.rip\/publications\/history\/nissc\/1992-15th-NCSC-proceedings-vol-1.pdf"},{"key":"23_CR31","doi-asserted-by":"publisher","unstructured":"Cook, B.: Formal reasoning about the security of Amazon web services. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 38\u201347. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96145-3_3","DOI":"10.1007\/978-3-319-96145-3_3"},{"issue":"6","key":"23_CR32","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/MS.2019.2930609","volume":"36","author":"J Backes","year":"2019","unstructured":"Backes, J., et al.: One-click formal methods. IEEE Software 36(6), 61\u201365 (2019). https:\/\/doi.org\/10.1109\/MS.2019.2930609","journal-title":"IEEE Software"},{"key":"23_CR33","doi-asserted-by":"publisher","unstructured":"Chuat, L., et al.: The Complete Guide to SCION: From Design Principles to Formal Verification. Springer, Cham (2022). doi: https:\/\/doi.org\/10.1007\/978-3-031-05288-0","DOI":"10.1007\/978-3-031-05288-0"},{"key":"23_CR34","unstructured":"Gligor, V.D.: Zero Trust in Zero Trust? CMU CyLab Technical Report 22\u2013002 December 17 (2022). https:\/\/www.cylab.cmu.edu\/_files\/pdfs\/tech_reports\/CMUCyLab22002.pdf"},{"key":"23_CR35","unstructured":"Bradley, T.: Shifting cybersecurity to a prevention-first mindset. In: Forbes (2023). https:\/\/www.forbes.com\/sites\/tonybradley\/2023\/03\/26\/shifting-cybersecurity-to-a-prevention-first-mindset\/?sh=209bbc4359cc"}],"container-title":["Lecture Notes in Computer Science","Security Protocols XXVIII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-43033-6_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T05:03:47Z","timestamp":1697864627000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-43033-6_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031430329","9783031430336"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-43033-6_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"21 October 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Security Protocols","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge International Workshop on Security Protocols","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 March 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 March 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spw2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cl.cam.ac.uk\/events\/spw\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"CMT3","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"13","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"57% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}