{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,7]],"date-time":"2025-05-07T04:14:29Z","timestamp":1746591269963,"version":"3.40.5"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031874987"},{"type":"electronic","value":"9783031874994"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-87499-4_7","type":"book-chapter","created":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T11:13:23Z","timestamp":1746184403000},"page":"94-110","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Approach to\u00a0Determine a\u00a0System\u2019s Behavioural Security Posture"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4558-8173","authenticated-orcid":false,"given":"John","family":"Breton","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6316-3040","authenticated-orcid":false,"given":"Jason","family":"Jaskolka","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6002-5101","authenticated-orcid":false,"given":"George O. M.","family":"Yee","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,1]]},"reference":[{"key":"7_CR1","unstructured":"Albrecht, A.J.: Measuring application development productivity. In: Proceedings of the IBM Applications Development Symposium, pp. 83\u201392 (1979)"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Alshammari, B., Fidge, C., Corney, D.: Security metrics for object-oriented class designs. In: 2009 Ninth International Conference on Quality Software, pp. 11\u201320. IEEE (2009)","DOI":"10.1109\/QSIC.2009.11"},{"key":"7_CR3","doi-asserted-by":"publisher","first-page":"62738","DOI":"10.1109\/ACCESS.2020.2981742","volume":"8","author":"M Alshayeb","year":"2020","unstructured":"Alshayeb, M., Mumtaz, H., Mahmood, S., Niazi, M.: Improving the security of UML sequence diagram using genetic algorithm. IEEE Access 8, 62738\u201362761 (2020)","journal-title":"IEEE Access"},{"key":"7_CR4","unstructured":"Apple: CVE-2023-32435. Available from MITRE, CVE-2023-32435 (2023). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-32435"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Breton, J., Jaskolka, J., Yee, G.O.M.: Hardening systems against data corruption attacks at design time. In: Mosbah, M., S\u00e8des, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds.) 16th International Symposium on Foundations & Practice of Security. LNCS, vol. 14551, pp. 391\u2013407. Cham (2024)","DOI":"10.1007\/978-3-031-57537-2_24"},{"issue":"3","key":"7_CR6","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1016\/j.sysarc.2010.06.003","volume":"57","author":"I Chowdhury","year":"2011","unstructured":"Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Architect. 57(3), 294\u2013313 (2011)","journal-title":"J. Syst. Architect."},{"key":"7_CR7","doi-asserted-by":"publisher","DOI":"10.21236\/ADA455842","volume-title":"The Architecture Analysis & Design Language (AADL): An Introduction","author":"PH Feiler","year":"2006","unstructured":"Feiler, P.H., Gluch, D.P., Hudak, J.J.: The Architecture Analysis & Design Language (AADL): An Introduction. Software Engineering Institute, Carnegie Mellon University (February, Tech. rep. (2006)"},{"key":"7_CR8","unstructured":"Google: CVE-2023-3079. Available from MITRE, CVE-2023-3079 (2023). https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-3079"},{"key":"7_CR9","unstructured":"Grinberg, M.: Flask Web Development: Developing Web Applications with Python. O\u2019Reilly Media, Inc. (2018)"},{"key":"7_CR10","doi-asserted-by":"publisher","unstructured":"Honnibal, M., Montani, I., Van Landeghem, S., Boyd, A.: spaCy: Industrial-strength Natural Language Processing in Python. GitHub (2020). https:\/\/doi.org\/10.5281\/zenodo.1212303","DOI":"10.5281\/zenodo.1212303"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Jansen, W.: Directions in Security Metrics Research. Diane Publishing (2010)","DOI":"10.6028\/NIST.IR.7564"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Jaskolka, J.: Recommendations for effective security assurance of software-dependent systems. In: Intelligent Computing: Proceedings of the 2020 Computing Conference, Volume 3, pp. 511\u2013531. Springer (2020)","DOI":"10.1007\/978-3-030-52243-8_37"},{"issue":"4","key":"7_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2492248.2492268","volume":"38","author":"C Jones","year":"2013","unstructured":"Jones, C.: Function points as a universal software metric. ACM SIGSOFT Softw. Eng. Notes 38(4), 1\u201327 (2013)","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J.: UMLsec: extending UML for secure systems development. In: J\u00e9z\u00e9quel, J.M., Hussmann, H., Cook, S. (eds.) UML 2002 \u2014 The Unified Modeling Language, pp. 412\u2013425. Springer (2002)","DOI":"10.1007\/3-540-45800-X_32"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: J\u00e9z\u00e9quel, J.M., Hussmann, H., Cook, S. (eds.) UML 2002 \u2014 The Unified Modeling Language, pp. 426\u2013441. Springer (2002)","DOI":"10.1007\/3-540-45800-X_33"},{"key":"7_CR16","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1109\/TSE.1976.233837","volume":"4","author":"TJ McCabe","year":"1976","unstructured":"McCabe, T.J.: A complexity measure. IEEE Trans. Software Eng. 4, 308\u2013320 (1976)","journal-title":"IEEE Trans. Software Eng."},{"issue":"239","key":"7_CR17","first-page":"2","volume":"2014","author":"D Merkel","year":"2014","unstructured":"Merkel, D.: Docker: lightweight Linux containers for consistent development and deployment. Linux J. 2014(239), 2 (2014)","journal-title":"Linux J."},{"key":"7_CR18","unstructured":"Microsoft: Microsoft outlook elevation of privilege vulnerability (2023). https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-23397"},{"key":"7_CR19","unstructured":"Object Management Group: XML metadata interchange (2015). https:\/\/www.omg.org\/spec\/XMI\/2.5.1\/PDF, version 2.5.1"},{"key":"7_CR20","unstructured":"Object Management Group: Unified modeling language (2017). https:\/\/www.omg.org\/spec\/UML\/2.5.1\/PDF, version 2.5.1"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Samuel, J., Jaskolka, J., Yee, G.O.M.: Analyzing structural security posture to evaluate system design decisions. In: 21st IEEE International Conference on Software Quality, Reliability, and Security, pp. 8\u201317. QRS 2021 (2021)","DOI":"10.1109\/QRS54544.2021.00012"},{"key":"7_CR22","unstructured":"The MITRE Corporation: ATT &CK - Adversarial tactics, techniques, and common knowledge. https:\/\/attack.mitre.org\/"},{"key":"7_CR23","unstructured":"The MITRE Corporation: CAPEC - Common attack pattern enumerations and classifications. https:\/\/capec.mitre.org\/"},{"key":"7_CR24","unstructured":"The MITRE Corporation: D3FEND - Develop, deploy, and defend. https:\/\/d3fend.mitre.org\/"},{"key":"7_CR25","unstructured":"The MITRE Corporation: Denial of service, technique T0814. https:\/\/attack.mitre.org\/techniques\/T0814\/"},{"key":"7_CR26","unstructured":"The MITRE Corporation: Filter network traffic, mitigation M1037. https:\/\/attack.mitre.org\/mitigations\/M1037\/"},{"key":"7_CR27","unstructured":"The MITRE Corporation: Network traffic filtering - technique D3-NTF. https:\/\/d3fend.mitre.org\/technique\/d3f:NetworkTrafficFiltering\/"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-87499-4_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,6]],"date-time":"2025-05-06T08:33:31Z","timestamp":1746520411000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-87499-4_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031874987","9783031874994"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-87499-4_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"1 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Montr\u00e9al, QC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/fps-2024.hec.ca\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}