{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,26]],"date-time":"2025-11-26T16:27:35Z","timestamp":1764174455904,"version":"3.40.3"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319728162"},{"type":"electronic","value":"9783319728179"}],"license":[{"start":{"date-parts":[[2017,12,22]],"date-time":"2017-12-22T00:00:00Z","timestamp":1513900800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-72817-9_4","type":"book-chapter","created":{"date-parts":[[2017,12,21]],"date-time":"2017-12-21T11:44:29Z","timestamp":1513856669000},"page":"47-62","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Towards Security Threats that Matter"],"prefix":"10.1007","author":[{"given":"Katja","family":"Tuma","sequence":"first","affiliation":[]},{"given":"Riccardo","family":"Scandariato","sequence":"additional","affiliation":[]},{"given":"Mathias","family":"Widman","sequence":"additional","affiliation":[]},{"given":"Christian","family":"Sandberg","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,12,22]]},"reference":[{"unstructured":"Connected vehicle reference implementation architecture. http:\/\/local.iteris.com\/cvria\/ . Accessed 25 Aug 2017","key":"4_CR1"},{"unstructured":"E-safety vehicle intrusion protected applications. http:\/\/www.evita-project.org\/index.html . Accessed 25 Nov 2016","key":"4_CR2"},{"unstructured":"Heavens: Healing vulnerabilities to enhance software security and safety. http:\/\/www.vinnova.se\/sv\/Resultat\/Projekt\/Effekta\/HEAVENS-HEAling-Vulnerabilities-to-ENhance-Software-Security-and-Safety\/ . Accessed 25 Nov 2016","key":"4_CR3"},{"unstructured":"Holisec: Holistiskt angreppss\u00e4tt att f\u00f6rb\u00e4ttra datas\u00e4kerhet. http:\/\/www2.vinnova.se\/sv\/Resultat\/Projekt\/Effekta\/2009-02186\/HoliSec-Holistiskt-angreppssatt-att-forbattra-datasakerhet\/ . Accessed 14 June 2017","key":"4_CR4"},{"doi-asserted-by":"crossref","unstructured":"Almorsy, M., Grundy, J., Ibrahim, A.S.: Automated software architecture security risk analysis using formalized signatures. In: Proceedings of the 2013 International Conference on Software Engineering, pp. 662\u2013671. IEEE Press (2013)","key":"4_CR5","DOI":"10.1109\/ICSE.2013.6606612"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-319-30806-7_4","volume-title":"Engineering Secure Software and Systems","author":"BJ Berger","year":"2016","unstructured":"Berger, B.J., Sohr, K., Koschke, R.: Automatically extracting threats from extended data flow diagrams. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 56\u201371. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-30806-7_4"},{"key":"4_CR7","volume-title":"The Security Development Lifecycle","author":"M Howard","year":"2006","unstructured":"Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)"},{"unstructured":"van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 148\u2013157. IEEE Computer Society, Washington, DC (2004). http:\/\/dl.acm.org\/citation.cfm?id=998675.999421","key":"4_CR8"},{"unstructured":"Lin, L., Nuseibeh, B., Ince, D., Jackson, M.: Using abuse frames to bound the scope of security problems. In: Proceedings 12th IEEE International Requirements Engineering Conference, pp. 354\u2013355. IEEE (2004)","key":"4_CR9"},{"key":"4_CR10","volume-title":"Model-Driven Risk Analysis: The CORAS Approach","author":"MS Lund","year":"2010","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer Science & Business Media, Heidelberg (2010)"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-319-45477-1_11","volume-title":"Computer Safety, Reliability, and Security","author":"G Macher","year":"2016","unstructured":"Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A Review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130\u2013141. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45477-1_11"},{"doi-asserted-by":"crossref","unstructured":"Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: Sahara: a security-aware hazard and risk analysis method. In: 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 621\u2013624. IEEE (2015)","key":"4_CR12","DOI":"10.7873\/DATE.2015.0622"},{"doi-asserted-by":"crossref","unstructured":"McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: Proceedings 15th Annual Computer Security Applications Conference, (ACSAC 1999), pp. 55\u201364. IEEE (1999)","key":"4_CR13","DOI":"10.1109\/CSAC.1999.816013"},{"unstructured":"Rauter, T., Kajtazovic, N., Kreiner, C.: Asset-centric security risk assessment of software components. In: 2nd International Workshop on MILS: Architecture and Assurance for Secure Systems (2016)","key":"4_CR14"},{"issue":"4","key":"4_CR15","first-page":"124","volume":"23","author":"V Saini","year":"2008","unstructured":"Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Sci. Coll. 23(4), 124\u2013131 (2008)","journal-title":"J. Comput. Sci. Coll."},{"unstructured":"Saitta, P., Larcom, B., Eddington, M.: Trike v. 1 methodology document [draft] (2005). http:\/\/dymaxion.org\/trike\/Trike_v1_Methodology_Documentdraft.pdf","key":"4_CR16"},{"doi-asserted-by":"crossref","unstructured":"Scandariato, R., Walden, J., Joosen, W.: Static analysis versus penetration testing: a controlled experiment. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 451\u2013460. IEEE (2013)","key":"4_CR17","DOI":"10.1109\/ISSRE.2013.6698898"},{"key":"4_CR18","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/s00766-013-0195-2","volume":"20","author":"R Scandariato","year":"2015","unstructured":"Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of Microsoft\u2019s threat modeling technique. Requir. Eng. 20, 163\u2013180 (2015)","journal-title":"Requir. Eng."},{"unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24(12) (1999)","key":"4_CR19"},{"key":"4_CR20","volume-title":"Threat Modeling: Designing for Security","author":"A Shostack","year":"2014","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. Wiley, Indianapolis (2014)"},{"issue":"1","key":"4_CR21","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34\u201344 (2005). https:\/\/doi.org\/10.1007\/s00766-004-0194-4","journal-title":"Requir. Eng."},{"doi-asserted-by":"crossref","unstructured":"T\u00f8ndel, I.A., Jensen, J., R\u00f8stad, L.: Combining misuse cases with attack trees and security activity models. In: International Conference on Availability, Reliability, and Security, ARES 2010, pp. 438\u2013445. IEEE (2010)","key":"4_CR22","DOI":"10.1109\/ARES.2010.101"},{"key":"4_CR23","doi-asserted-by":"crossref","DOI":"10.1002\/9781118988374","volume-title":"Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis","author":"T UcedaVelez","year":"2015","unstructured":"UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Wiley, Hoboken (2015)"},{"key":"4_CR24","volume-title":"Requirements Engineering: From System Goals to UML Models to Software","author":"A Lamsweerde Van","year":"2009","unstructured":"Van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software, vol. 10. Wiley, Chichester (2009)"},{"key":"4_CR25","doi-asserted-by":"crossref","first-page":"122","DOI":"10.1016\/j.jss.2014.05.075","volume":"96","author":"K Wuyts","year":"2014","unstructured":"Wuyts, K., Scandariato, R., Joosen, W.: Empirical evaluation of a privacy-focused threat modeling methodology. J. Syst. Softw. 96, 122\u2013138 (2014)","journal-title":"J. Syst. Softw."},{"doi-asserted-by":"crossref","unstructured":"Yu, H., Lin, C.W.: Security concerns for automotive communication and software architecture. In: 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 600\u2013603. IEEE (2016)","key":"4_CR26","DOI":"10.1109\/INFCOMW.2016.7562147"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-72817-9_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,8]],"date-time":"2019-10-08T07:44:17Z","timestamp":1570520657000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-72817-9_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,22]]},"ISBN":["9783319728162","9783319728179"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-72817-9_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017,12,22]]}}}