{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T22:06:29Z","timestamp":1761948389094,"version":"3.41.0"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319893624"},{"type":"electronic","value":"9783319893631"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-89363-1_4","type":"book-chapter","created":{"date-parts":[[2018,4,3]],"date-time":"2018-04-03T13:04:43Z","timestamp":1522760683000},"page":"56-73","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Effective Analysis of Attack Trees: A Model-Driven Approach"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8151-4673","authenticated-orcid":false,"given":"Rajesh","family":"Kumar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4945-1473","authenticated-orcid":false,"given":"Stefano","family":"Schivo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5855-5282","authenticated-orcid":false,"given":"Enno","family":"Ruijters","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bu\u01e7ra Mehmet","family":"Yildiz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9921-5604","authenticated-orcid":false,"given":"David","family":"Huistra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jacco","family":"Brandt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1714-6319","authenticated-orcid":false,"given":"Arend","family":"Rensink","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6793-8165","authenticated-orcid":false,"given":"Mari\u00eblle","family":"Stoelinga","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,4,4]]},"reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/978-3-642-40793-2_25","volume-title":"Computer Safety, Reliability, and Security","author":"EC Andrade","year":"2013","unstructured":"Andrade, E.C., Alves, M., Matos, R., Silva, B., Maciel, P.: OpenMADS: an open source tool for modeling and analysis of distributed systems. In: Bitsch, F., Guiochet, J., Ka\u00e2niche, M. (eds.) SAFECOMP 2013. LNCS, vol. 8153, pp. 277\u2013284. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40793-2_25"},{"key":"4_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-40793-2_27","volume-title":"Computer Safety, Reliability, and Security","author":"F Arnold","year":"2013","unstructured":"Arnold, F., Belinfante, A., Van der Berg, F., Guck, D., Stoelinga, M.: DFTCalc: a tool for efficient fault tree analysis. In: Bitsch, F., Guiochet, J., Ka\u00e2niche, M. (eds.) SAFECOMP 2013. LNCS, vol. 8153, pp. 293\u2013301. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40793-2_27"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1007\/978-3-319-24249-1_25","volume-title":"Computer Safety, Reliability, and Security","author":"F Arnold","year":"2015","unstructured":"Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 291\u2013299. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-24249-1_25"},{"key":"4_CR4","doi-asserted-by":"publisher","unstructured":"Aslanyan, Z., Nielson, F., Parker, D.: Quantitative verification and synthesis of attack-defence scenarios. In: Computer Security Foundations (CSF), pp. 105\u2013119 (2016). https:\/\/doi.org\/10.1109\/CSF.2016.15","DOI":"10.1109\/CSF.2016.15"},{"key":"4_CR5","unstructured":"Aslanyan, Z.: Attack Tree Evaluator, developed for EU project TREsPASS, Technical University of Denmark. https:\/\/vimeo.com\/145070436"},{"issue":"2","key":"4_CR6","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1080\/13623079.2011.587206","volume":"24","author":"S Bistarelli","year":"2012","unstructured":"Bistarelli, S., Fioravanti, F., Peretti, P., Santini, F.: Evaluation of complex security scenarios using defense trees and economic indexes. J. Exp. Theor. Artif. Intell. 24(2), 161\u2013192 (2012). https:\/\/doi.org\/10.1080\/13623079.2011.587206","journal-title":"J. Exp. Theor. Artif. Intell."},{"key":"4_CR7","unstructured":"Byres, E.J., Franz, M., Miller, D.: The use of attack trees in assessing vulnerabilities in SCADA systems. In: Proceedings of Infrastructure Survivability Workshop. IEEE (2004)"},{"key":"4_CR8","doi-asserted-by":"publisher","unstructured":"Dalton, G.C.I., Mills, R.F., Colombi, J.M., Raines, R.A.: Analyzing attack trees using generalized stochastic petri nets. In: 2006 IEEE Information Assurance Workshop, pp. 116\u2013123, June 2006. https:\/\/doi.org\/10.1109\/IAW.2006.1652085","DOI":"10.1109\/IAW.2006.1652085"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"592","DOI":"10.1007\/978-3-319-63390-9_31","volume-title":"Computer Aided Verification","author":"C Dehnert","year":"2017","unstructured":"Dehnert, C., Junges, S., Katoen, J.-P., Volk, M.: A Storm is coming: a modern probabilistic model checker. In: Majumdar, R., Kun\u010dak, V. (eds.) CAV 2017. LNCS, vol. 10427, pp. 592\u2013600. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63390-9_31"},{"key":"4_CR10","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-319-48393-1_24","volume-title":"The Practice of Enterprise Modeling","author":"M Fraile","year":"2016","unstructured":"Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326\u2013334. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48393-1_24"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-319-44878-7_3","volume-title":"Formal Modeling and Analysis of Timed Systems","author":"O Gadyatskaya","year":"2016","unstructured":"Gadyatskaya, O., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Poulsen, D.B.: Modelling attack-defense trees using timed automata. In: Fr\u00e4nzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 35\u201350. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-44878-7_3"},{"key":"4_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-319-43425-4_10","volume-title":"Quantitative Evaluation of Systems","author":"O Gadyatskaya","year":"2016","unstructured":"Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159\u2013162. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-43425-4_10"},{"key":"4_CR13","doi-asserted-by":"publisher","unstructured":"Gribaudo, M., Iacono, M., Marrone, S.: Exploiting Bayesian networks for the analysis of combined attack trees. In: Proceedings of PASM. ENTCS, vol. 310, pp. 91\u2013111 (2015). https:\/\/doi.org\/10.1016\/j.entcs.2014.12.014","DOI":"10.1016\/j.entcs.2014.12.014"},{"key":"4_CR14","doi-asserted-by":"publisher","unstructured":"Hendriks, M., Verhoef, M.: Timed automata based analysis of embedded system architectures. In: Proceedings of 20th International Conference on Parallel and Distributed Processing (IPDPS), p. 179. IEEE (2006). https:\/\/doi.org\/10.1109\/IPDPS.2006.1639422","DOI":"10.1109\/IPDPS.2006.1639422"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-662-49635-0_9","volume-title":"Principles of Security and Trust","author":"H Hermanns","year":"2016","unstructured":"Hermanns, H., Kr\u00e4mer, J., Kr\u010d\u00e1l, J., Stoelinga, M.: The value of attack-defence diagrams. In: Piessens, F., Vigan\u00f2, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 163\u2013185. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49635-0_9"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/3-540-45800-X_32","volume-title":"UML 2002 \u2014 The Unified Modeling Language","author":"J J\u00fcrjens","year":"2002","unstructured":"J\u00fcrjens, J.: UMLsec: extending UML for secure systems development. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412\u2013425. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45800-X_32"},{"key":"4_CR17","unstructured":"Kolovos, D., Rose, L., Garc\u00eda-Dom\u0144guez, A., Paige, R.: The Epsilon Book (2016). http:\/\/www.eclipse.org\/epsilon\/doc\/book"},{"key":"4_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-19751-2_6","volume-title":"Formal Aspects of Security and Trust","author":"B Kordy","year":"2011","unstructured":"Kordy, B., Mauw, S., Radomirovi\u0107, S., Schweitzer, P.: Foundations of attack\u2013defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80\u201395. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19751-2_6"},{"key":"4_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/978-3-642-37682-5_5","volume-title":"Information Security and Cryptology \u2013 ICISC 2012","author":"B Kordy","year":"2013","unstructured":"Kordy, B., Mauw, S., Schweitzer, P.: Quantitative questions on attack\u2013defense trees. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 49\u201364. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-37682-5_5"},{"key":"4_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13\u201314","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Schweitzer, P.: DAG-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput. Sci. Rev. 13\u201314, 1\u201338 (2014). https:\/\/doi.org\/10.1016\/j.cosrev.2014.07.001","journal-title":"Comput. Sci. Rev."},{"key":"4_CR21","doi-asserted-by":"publisher","unstructured":"Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: Proceedings of IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25\u201332, January 2017. https:\/\/doi.org\/10.1109\/HASE.2017.12","DOI":"10.1109\/HASE.2017.12"},{"key":"4_CR22","unstructured":"Kumar, R., Guck, D., Stoelinga, M.: Time dependent analysis with dynamic counter measure trees. In: Proceedings of 13th Workshop on Quantitative Aspects of Programming Languages (QAPL) (2015). http:\/\/arxiv.org\/abs\/1510.00050"},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/978-3-319-22975-1_11","volume-title":"Formal Modeling and Analysis of Timed Systems","author":"R Kumar","year":"2015","unstructured":"Kumar, R., Ruijters, E., Stoelinga, M.: Quantitative attack tree analysis via priced timed automata. In: Sankaranarayanan, S., Vicario, E. (eds.) FORMATS 2015. LNCS, vol. 9268, pp. 156\u2013171. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-22975-1_11"},{"key":"4_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"585","DOI":"10.1007\/978-3-642-22110-1_47","volume-title":"Computer Aided Verification","author":"M Kwiatkowska","year":"2011","unstructured":"Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585\u2013591. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22110-1_47"},{"key":"4_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/11734727_17","volume-title":"Information Security and Cryptology - ICISC 2005","author":"S Mauw","year":"2006","unstructured":"Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186\u2013198. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11734727_17"},{"key":"4_CR26","unstructured":"Mead, N.: SQUARE Process (2013). https:\/\/buildsecurityin.us-cert.gov\/articles\/best-practices\/requirements-engineering\/square-process"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Roudier, Y., Apvrille, L.: SysML-Sec: a model driven approach for designing safe and secure systems. In: Proceedings of 3rd International Conference on Model-Driven Engineering and Software Development (MODELSWARD), pp. 655\u2013664 (2015)","DOI":"10.5220\/0005402006550664"},{"key":"4_CR28","doi-asserted-by":"publisher","unstructured":"Ruijters, E., Schivo, S., Stoelinga, M.I.A., Rensink, A.: Uniform analysis of fault trees through model transformations. In: Proceedings of IEEE 63rd Annual Reliability and Maintainability Symposium (RAMS), January 2017. https:\/\/doi.org\/10.1109\/RAM.2017.7889759","DOI":"10.1109\/RAM.2017.7889759"},{"key":"4_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-319-69483-2_19","volume-title":"Dependable Software Engineering. Theories, Tools, and Applications","author":"S Schivo","year":"2017","unstructured":"Schivo, S., Yildiz, B.M., Ruijters, E., Gerking, C., Kumar, R., Dziwok, S., Rensink, A., Stoelinga, M.: How to efficiently build a front-end tool for UPPAAL: a model-driven approach. In: Larsen, K.G., Sokolsky, O., Wang, J. (eds.) SETTA 2017. LNCS, vol. 10606, pp. 319\u2013336. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-69483-2_19"},{"issue":"2","key":"4_CR30","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1109\/MC.2006.58","volume":"39","author":"DC Schmidt","year":"2006","unstructured":"Schmidt, D.C.: Guest editor\u2019s introduction: model-driven engineering. Computer 39(2), 25\u201331 (2006). https:\/\/doi.org\/10.1109\/MC.2006.58","journal-title":"Computer"},{"issue":"12","key":"4_CR31","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s J."},{"key":"4_CR32","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1016\/j.cl.2015.06.001","volume":"43","author":"AR Silva da","year":"2015","unstructured":"da Silva, A.R.: Model-driven engineering: a survey supported by the unified conceptual model. Comput. Lang. Syst. Struct. 43, 139\u2013155 (2015). https:\/\/doi.org\/10.1016\/j.cl.2015.06.001","journal-title":"Comput. Lang. Syst. Struct."},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-16277-0_3","volume-title":"Model-Based Engineering of Embedded Real-Time Systems","author":"J Sprinkle","year":"2010","unstructured":"Sprinkle, J., Rumpe, B., Vangheluwe, H., Karsai, G.: Chapter 3: Metamodelling. In: Giese, H., Karsai, G., Lee, E., Rumpe, B., Sch\u00e4tz, B. (eds.) MBEERTS 2007. LNCS, vol. 6100, pp. 57\u201376. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-16277-0_3"},{"key":"4_CR34","volume-title":"Model-Driven Software Development: Technology, Engineering, Management","author":"T Stahl","year":"2006","unstructured":"Stahl, T., Voelter, M., Czarnecki, K.: Model-Driven Software Development: Technology, Engineering, Management. Wiley, Chichester (2006)"},{"key":"4_CR35","volume-title":"EMF: Eclipse Modeling Framework 2.0","author":"D Steinberg","year":"2009","unstructured":"Steinberg, D., Budinsky, F., Paternostro, M., Merks, E.: EMF: Eclipse Modeling Framework 2.0, 2nd edn. Addison-Wesley Professional, Reading (2009)","edition":"2"},{"key":"4_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-319-24249-1_10","volume-title":"Computer Safety, Reliability, and Security","author":"M Steiner","year":"2015","unstructured":"Steiner, M., Liggesmeyer, P.: Qualitative and quantitative analysis of CFTs taking security causes into account. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 109\u2013120. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-24249-1_10"},{"key":"4_CR37","volume-title":"Model-Driven Software Development: Technology, Engineering, Management","author":"M V\u00f6lter","year":"2006","unstructured":"V\u00f6lter, M., Stahl, T., Bettin, J., Haase, A., Helsen, S.: Model-Driven Software Development: Technology, Engineering, Management. Wiley, Chichester (2006)"}],"container-title":["Lecture Notes in Computer Science","Fundamental Approaches to Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-89363-1_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T11:16:29Z","timestamp":1751541389000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-89363-1_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319893624","9783319893631"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-89363-1_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}