{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,10]],"date-time":"2025-06-10T19:40:03Z","timestamp":1749584403536,"version":"3.41.0"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319459301"},{"type":"electronic","value":"9783319459318"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45931-8_8","type":"book-chapter","created":{"date-parts":[[2016,9,16]],"date-time":"2016-09-16T07:26:19Z","timestamp":1474010779000},"page":"120-135","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Towards Automatic Risk Analysis and Mitigation of Software Applications"],"prefix":"10.1007","author":[{"given":"Leonardo","family":"Regano","sequence":"first","affiliation":[]},{"given":"Daniele","family":"Canavese","sequence":"additional","affiliation":[]},{"given":"Cataldo","family":"Basile","sequence":"additional","affiliation":[]},{"given":"Alessio","family":"Viticchi\u00e9","sequence":"additional","affiliation":[]},{"given":"Antonio","family":"Lioy","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,9,17]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Basile, C., Canavese, D., D\u2019Annoville, J., De Sutter, B., Valenza, F.: Automatic discovery of software attacks via backward reasoning. In: Proceedings of SPRO 2015: The 1st International Workshop on Software Protection, pp. 52\u201358 (2015)","DOI":"10.1109\/SPRO.2015.17"},{"key":"8_CR2","unstructured":"Shields, T.: Anti-debugging - a developers view. Technical report, Veracode (2009)"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"Anckaert, B., Madou, M., De Sutter, B., Bus, B.D., Bosschere, K., Preneel, B.: Program obfuscation: a quantitative approach. In: Proceedings of QOP 2007: The 3rd Workshop on Quality of Protection, pp. 15\u201320 (2007)","DOI":"10.1145\/1314257.1314263"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"De Sutter, B.: D2.08 ASPIRE Offline Code Protection Report (2015)","DOI":"10.1109\/SPRO.2015.9"},{"key":"8_CR5","doi-asserted-by":"crossref","unstructured":"Ceccato, M., Preda, M.D., Nagra, J., Collberg, C., Tonella, P.: Barrier slicing for remote software trusting. In: Proceedings of 7th IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 27\u201336 (2007)","DOI":"10.1109\/SCAM.2007.27"},{"key":"8_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/3-540-47870-1_10","volume-title":"Security and Privacy in Digital Rights Management","author":"H Chang","year":"2002","unstructured":"Chang, H., Atallah, M.J.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160\u2013175. Springer, Heidelberg (2002)"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Falcarin, P., Carlo, S.D., Cabutto, A., Garazzino, N., Barberis, D.: Exploiting code mobility for dynamic binary obfuscation. In: Proceedings of the WorldCIS 2011: 1st World Congress on Internet Security, pp. 114\u2013120 (2011)","DOI":"10.1109\/WorldCIS17046.2011.5749894"},{"key":"8_CR8","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformation. Technical report, University of Auckland (1997)"},{"key":"8_CR9","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/s10207-011-0124-7","volume":"10","author":"G Coker","year":"2011","unstructured":"Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O\u2019Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int. J. Inf. Secur. 10, 63\u201381 (2011)","journal-title":"Int. J. Inf. Secur."},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Ekelhart, A., Fenz, S., Neubauer, T.: Ontology-based decision support for information security risk management. In: Proceedings of ICONS 2009: The 4th International Conference on Systems, pp. 80\u201385 (2009)","DOI":"10.1109\/ICONS.2009.8"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Fenz, S., Neubauer, T., Accorsi, R., Koslowski, T.: Forisk: formalizing information security risk and compliance management. In: Proceedings of DSN-W 2013: The 3D Conference on Dependable Systems and Networks Workshop, pp. 1\u20134 (2013)","DOI":"10.1109\/DSNW.2013.6615533"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Ekelhart, S.F.A.: Formalizing information security knowledge. In: Proceedings of CCS 2009: The 4th International Symposium on Information, Computer, and Communications Security, pp. 183\u2013194 (2009)","DOI":"10.1145\/1533057.1533084"},{"key":"8_CR13","first-page":"329","volume":"28","author":"S Fenz","year":"2011","unstructured":"Fenz, S., Ekelhart, A., Neubauer, T.: Information security risk management: in which security solutions is it worth investing? Commun. Assoc. Inf. Syst. 28, 329\u2013356 (2011)","journal-title":"Commun. Assoc. Inf. Syst."},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Dalton, G.C., Mills, R.F., Colombi, J.M., Raines, R.A.: Analyzing attack trees using generalized stochastic Petri nets. In: Proceedings of IAW 2006: The 4th Information Assurance Workshop, pp. 116\u2013123 (2006)","DOI":"10.1109\/IAW.2006.1652085"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Dahl, O.M., Wolthusen, S.D.: Modeling and execution of complex attack scenarios using interval timed colored Petri nets. In: Proceedings of IWIA 2006: The 4th International Workshop on Information Assurance, pp. 157\u2013168 (2006)","DOI":"10.1109\/IWIA.2006.17"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Yao, L., Dong, P., Zheng, T., Zhang, H., Du, X., Guizani, M.: Network security analyzing and modeling based on Petri net and attack tree for SDN. In: Proceedings of ICNC 2016: The 5th International Conference on Computing, Networking and Communications, pp. 1\u20135 (2016)","DOI":"10.1109\/ICCNC.2016.7440631"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Xie, P., Li, J.H., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: Proceedings of DSN 2010: The 40th International Conference on Dependable Systems and Networks, pp. 211\u2013220 (2010)","DOI":"10.1109\/DSN.2010.5544924"},{"key":"8_CR18","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/TDSC.2011.34","volume":"9","author":"N Poolsappasit","year":"2012","unstructured":"Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9, 61\u201374 (2012)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Steffan, J., Schumacher, M.: Collaborative attack modeling. In: Proceedings of SAC 2002: The 17th ACM Symposium on Applied Computing, pp. 253\u2013259 (2002)","DOI":"10.1145\/508791.508843"},{"key":"8_CR20","unstructured":"Bassett, G.: System and method for cyber security analysis and human behavior prediction Patent US 9292695 (2016)"}],"container-title":["Lecture Notes in Computer Science","Information Security Theory and Practice"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45931-8_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,10]],"date-time":"2025-06-10T19:13:31Z","timestamp":1749582811000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-45931-8_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319459301","9783319459318"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45931-8_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"17 September 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"WISTP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Information Security Theory and Practice","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Heraklion","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"wistp2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}