{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T15:30:31Z","timestamp":1767108631122},"publisher-location":"Berlin, Heidelberg","reference-count":33,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642048395"},{"type":"electronic","value":"9783642048401"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-04840-1_10","type":"book-chapter","created":{"date-parts":[[2009,11,9]],"date-time":"2009-11-09T10:09:31Z","timestamp":1257761371000},"page":"99-114","source":"Crossref","is-referenced-by-count":28,"title":["A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations"],"prefix":"10.1007","author":[{"given":"Golnaz","family":"Elahi","sequence":"first","affiliation":[]},{"given":"Eric","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Nicola","family":"Zannone","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"10_CR1","first-page":"1240","volume-title":"Proc. of DAWAM 2008","author":"Y. Asnar","year":"2008","unstructured":"Asnar, Y., Moretti, R., Sebastianis, M., Zannone, N.: Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach. In: Proc. of DAWAM 2008, pp. 1240\u20131248. IEEE Press, Los Alamitos (2008)"},{"issue":"1","key":"10_CR2","first-page":"11","volume":"1","author":"A. Avizienis","year":"2004","unstructured":"Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic Concepts and Taxonomy of Dependable and Secure Computing. TDSC\u00a01(1), 11\u201333 (2004)","journal-title":"TDSC"},{"issue":"1","key":"10_CR3","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s10550-007-0013-9","volume":"25","author":"F. Braber","year":"2007","unstructured":"Braber, F., Hogganvik, I., Lund, M.S., Stolen, K., Vraalsen, F.: Model-based security analysis in seven steps \u2014 a guided tour to the coras method. BT Technology Journal\u00a025(1), 101\u2013117 (2007)","journal-title":"BT Technology Journal"},{"volume-title":"Non-Functional Requirements in Software Engineering","year":"2000","key":"10_CR4","unstructured":"Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J. (eds.): Non-Functional Requirements in Software Engineering. Kluwer Academic Publishing, Dordrecht (2000)"},{"key":"10_CR5","unstructured":"Common Vulnerability Scoring System, \n                    \n                      http:\/\/www.first.org\/cvss\/"},{"key":"10_CR6","unstructured":"Common Weakness Enumeration, \n                    \n                      http:\/\/cwe.mitre.org\/"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stolen, K., Aagedal, J.O.: The CORAS methodology: model-based risk assessment using UML and UP. In: UML and the unified process, pp. 332\u2013357. IGI Publishing (2003)","DOI":"10.4018\/978-1-93177-744-5.ch017"},{"key":"10_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"375","DOI":"10.1007\/978-3-540-75563-0_26","volume-title":"Conceptual Modeling - ER 2007","author":"G. Elahi","year":"2007","unstructured":"Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol.\u00a04801, pp. 375\u2013390. Springer, Heidelberg (2007)"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: Analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Manuscript submitted to Req. Eng. Journal (2009)","DOI":"10.1007\/s00766-009-0090-z"},{"key":"10_CR10","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1145\/1456362.1456368","volume-title":"Proc of QoP 2008","author":"M. Frigault","year":"2008","unstructured":"Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic bayesian network. In: Proc of QoP 2008, pp. 23\u201330. ACM Press, New York (2008)"},{"key":"10_CR11","first-page":"167","volume-title":"Proc. of RE 2005","author":"P. Giorgini","year":"2005","unstructured":"Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proc. of RE 2005, pp. 167\u2013176. IEEE Press, Los Alamitos (2005)"},{"key":"10_CR12","unstructured":"ISO\/IEC. Risk management-vocabulary-guidelines for use in standards. ISO\/IEC Guide 73 (2002)"},{"key":"10_CR13","unstructured":"ISO\/IEC. Management of Information and Communication Technology Security \u2013 Part 1: Concepts and Models for Information and Communication Technology Security Management. ISO\/IEC 13335 (2004)"},{"key":"10_CR14","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1145\/1229285.1229288","volume-title":"Proc. of ASIACCS 2007","author":"S. Jajodia","year":"2007","unstructured":"Jajodia, S.: Topological analysis of network attack vulnerability. In: Proc. of ASIACCS 2007, p. 2. ACM, New York (2007)"},{"key":"10_CR15","volume-title":"Secure Systems Development with UML","author":"J. J\u00fcrjens","year":"2004","unstructured":"J\u00fcrjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Krogstie, J., Opdahl, A.L., Brinkkemper, S.: Capturing dependability threats in conceptual modelling. Conceptual Modelling in Information Systems Engineering, 247\u2013260 (2007)","DOI":"10.1007\/978-3-540-72677-7"},{"issue":"3","key":"10_CR17","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1145\/185403.185412","volume":"26","author":"C.E. Landwehr","year":"1994","unstructured":"Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. CSUR\u00a026(3), 211\u2013254 (1994)","journal-title":"CSUR"},{"key":"10_CR18","first-page":"151","volume-title":"Proc. of RE 2003","author":"L. Liu","year":"2003","unstructured":"Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proc. of RE 2003, p. 151. IEEE Press, Los Alamitos (2003)"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Liu, Y., Man, H.: Network vulnerability assessment using bayesian networks. In: Data mining, intrusion detection, information assurance, and data networks security. Society of Photo-Optical Instrumentation Engineers, pp. 61\u201371 (2005)","DOI":"10.1117\/12.604240"},{"key":"10_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1007\/978-3-540-69534-9_40","volume-title":"Advanced Information Systems Engineering","author":"R. Matulevi\u010dius","year":"2008","unstructured":"Matulevi\u010dius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In: Bellahs\u00e8ne, Z., L\u00e9onard, M. (eds.) CAiSE 2008. LNCS, vol.\u00a05074, pp. 541\u2013555. Springer, Heidelberg (2008)"},{"key":"10_CR21","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/366173.366183","volume-title":"Proc. of NSPW 2000","author":"J.P. McDermott","year":"2000","unstructured":"McDermott, J.P.: Attack net penetration testing. In: Proc. of NSPW 2000, pp. 15\u201321. ACM, New York (2000)"},{"key":"10_CR22","unstructured":"Meyer, N., Rifaut, A., Dubois, E.: Towards a Risk-Based Security Requirements Engineering Framework. In: Proc. of REFSQ 2005 (2005)"},{"key":"10_CR23","unstructured":"National Vulnerability Database, \n                    \n                      http:\/\/nvd.nist.gov\/"},{"key":"10_CR24","volume-title":"To Engineer is Human: The Role of Failure in Successful Design","author":"H. Petroski","year":"1985","unstructured":"Petroski, H.: To Engineer is Human: The Role of Failure in Successful Design. St. Martin\u2019s Press, New York (1985)"},{"key":"10_CR25","first-page":"71","volume-title":"Proc. of NSPW 1998","author":"P. Cynthia","year":"1998","unstructured":"Cynthia, P., Painton, S.L.: A graph-based system for network-vulnerability analysis. In: Proc. of NSPW 1998, pp. 71\u201379. ACM, New York (1998)"},{"key":"10_CR26","unstructured":"Rostad, L.: An extended misuse case notation: Including vulnerabilities and the insider threat. In: Proc. of REFSQ 2006 (2006)"},{"key":"10_CR27","unstructured":"SANS, \n                    \n                      http:\/\/www.sans.org\/"},{"key":"10_CR28","unstructured":"Schneider, F.B. (ed.): Trust in Cyberspace. National Academy Press (1998)"},{"issue":"12","key":"10_CR29","first-page":"21","volume":"24","author":"B. Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s Journal\u00a024(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s Journal"},{"key":"10_CR30","volume-title":"Beyond Fear","author":"B. Schneier","year":"2003","unstructured":"Schneier, B.: Beyond Fear. Springer, Heidelberg (2003)"},{"issue":"1","key":"10_CR31","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G. Sindre","year":"2005","unstructured":"Sindre, G., Opdahl, L.: Eliciting security requirements with misuse cases. Requir. Eng.\u00a010(1), 34\u201344 (2005)","journal-title":"Requir. Eng."},{"key":"10_CR32","first-page":"148","volume-title":"Proc. of ICSE 2004","author":"A. Lamsweerde van","year":"2004","unstructured":"van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proc. of ICSE 2004, pp. 148\u2013157. IEEE Press, Los Alamitos (2004)"},{"key":"10_CR33","unstructured":"Yu, E.: Modeling Strategic Relationships for Process Reengineering. PhD thesis, University of Toronto (1995)"}],"container-title":["Lecture Notes in Computer Science","Conceptual Modeling - ER 2009"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04840-1_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T12:37:45Z","timestamp":1558269465000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04840-1_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642048395","9783642048401"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04840-1_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}