{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:39:00Z","timestamp":1773157140377,"version":"3.50.1"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319957289","type":"print"},{"value":"9783319957296","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-95729-6_21","type":"book-chapter","created":{"date-parts":[[2018,7,9]],"date-time":"2018-07-09T13:19:16Z","timestamp":1531142356000},"page":"330-348","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Assessing Attack Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency Graphs"],"prefix":"10.1007","author":[{"given":"Chen","family":"Cao","sequence":"first","affiliation":[]},{"given":"Lun-Pin","family":"Yuan","sequence":"additional","affiliation":[]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Xiaoyan","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Sencun","family":"Zhu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,7,10]]},"reference":[{"key":"21_CR1","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217\u2013224. ACM (2002)","DOI":"10.1145\/586110.586140"},{"key":"21_CR2","unstructured":"Chen, X., Zhang, M., Mao, Z.M., Bahl, P.: Automating network application dependency discovery: experiences, limitations, and new solutions. In: OSDI, vol. 8, pp. 117\u2013130 (2008)"},{"key":"21_CR3","doi-asserted-by":"crossref","unstructured":"Dai, J., Sun, X., Liu, P., Giacobe, N.: Gaining big picture awareness through an interconnected cross-layer situation knowledge reference model. In: 2012 International Conference on Cyber Security (CyberSecurity), pp. 83\u201392. IEEE (2012)","DOI":"10.1109\/CyberSecurity.2012.18"},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 204\u2013213. ACM (2007)","DOI":"10.1145\/1315245.1315272"},{"key":"21_CR5","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L.: Measuring network security using Bayesian network-based attack graphs. In: Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference, pp. 698\u2013703. IEEE Computer Society (2008)","DOI":"10.1109\/COMPSAC.2008.88"},{"key":"21_CR6","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection, pp. 23\u201330. ACM (2008)","DOI":"10.1145\/1456362.1456368"},{"key":"21_CR7","doi-asserted-by":"publisher","unstructured":"Jajodia, S., Noel, S., O\u2019Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats. Massive Computing, vol. 5, pp. 247\u2013266. Springer, Boston, MA (2005). https:\/\/doi.org\/10.1007\/0-387-24230-9_9","DOI":"10.1007\/0-387-24230-9_9"},{"key":"21_CR8","unstructured":"Jakobson, G.: Mission cyber security situation assessment using impact dependency graphs. In: 2011 Proceedings of the 14th International Conference on Information Fusion (FUSION), pp. 1\u20138. IEEE (2011)"},{"key":"21_CR9","unstructured":"NIST: Cvss score (2017). https:\/\/nvd.nist.gov\/vuln-metrics\/cvss"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S., O\u2019Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: 2003 Proceedings of 19th Annual Computer Security Applications Conference, pp. 86\u201395. IEEE (2003)","DOI":"10.1109\/CSAC.2003.1254313"},{"key":"21_CR11","doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336\u2013345. ACM (2006)","DOI":"10.1145\/1180405.1180446"},{"key":"21_CR12","doi-asserted-by":"crossref","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71\u201379. ACM (1998)","DOI":"10.1145\/310889.310919"},{"issue":"1","key":"21_CR13","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/TDSC.2011.34","volume":"9","author":"N Poolsappasit","year":"2012","unstructured":"Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Sec. Comput. 9(1), 61\u201374 (2012)","journal-title":"IEEE Trans. Dependable Sec. Comput."},{"key":"21_CR14","unstructured":"Racket: Datalog (2017). https:\/\/docs.racket-lang.org\/datalog\/"},{"key":"21_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/11555827_14","volume-title":"Computer Security \u2013 ESORICS 2005","author":"I Ray","year":"2005","unstructured":"Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231\u2013246. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11555827_14"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 280\u2013288. IEEE (2010)","DOI":"10.1109\/CLOUD.2010.22"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: 2002 Proceedings of IEEE Symposium on Security and Privacy, pp. 273\u2013284. IEEE (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"21_CR18","doi-asserted-by":"crossref","unstructured":"Sun, X., Singhal, A., Liu, P.: Who touched my mission: towards probabilistic mission impact assessment. In: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, pp. 21\u201326. ACM (2015)","DOI":"10.1145\/2809826.2809834"},{"key":"21_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/978-3-319-61176-1_14","volume-title":"Data and Applications Security and Privacy XXXI","author":"X Sun","year":"2017","unstructured":"Sun, X., Singhal, A., Liu, P.: Towards actionable mission impact assessment in the context of cloud computing. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 259\u2013274. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61176-1_14"},{"issue":"4","key":"21_CR20","doi-asserted-by":"publisher","first-page":"1304","DOI":"10.1109\/JSYST.2014.2344048","volume":"10","author":"Y Sun","year":"2016","unstructured":"Sun, Y., Wu, T.Y., Liu, X., Obaidat, M.S.: Multilayered impact evaluation model for attacking missions. IEEE Syst. J. 10(4), 1304\u20131315 (2016)","journal-title":"IEEE Syst. J."}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-95729-6_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,5]],"date-time":"2025-07-05T17:22:09Z","timestamp":1751736129000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-95729-6_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319957289","9783319957296"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-95729-6_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"10 July 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bergamo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 July 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 July 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"32","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dbsec18.unibg.it\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}