{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T06:55:33Z","timestamp":1763535333520,"version":"3.37.3"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2015,5,12]],"date-time":"2015-05-12T00:00:00Z","timestamp":1431388800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["291652"],"award-info":[{"award-number":["291652"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001602","name":"Science Foundation Ireland","doi-asserted-by":"publisher","award":["10\/CE\/I1855","13\/RC\/2094"],"award-info":[{"award-number":["10\/CE\/I1855","13\/RC\/2094"]}],"id":[{"id":"10.13039\/501100001602","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Requirements Eng"],"published-print":{"date-parts":[[2016,11]]},"DOI":"10.1007\/s00766-015-0229-z","type":"journal-article","created":{"date-parts":[[2015,5,11]],"date-time":"2015-05-11T10:12:54Z","timestamp":1431339174000},"page":"481-504","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Automating trade-off analysis of security requirements"],"prefix":"10.1007","volume":"21","author":[{"given":"Liliana","family":"Pasquale","sequence":"first","affiliation":[]},{"given":"Paola","family":"Spoletini","sequence":"additional","affiliation":[]},{"given":"Mazeiar","family":"Salehie","sequence":"additional","affiliation":[]},{"given":"Luca","family":"Cavallaro","sequence":"additional","affiliation":[]},{"given":"Bashar","family":"Nuseibeh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,5,12]]},"reference":[{"issue":"8","key":"229_CR1","doi-asserted-by":"crossref","first-page":"841","DOI":"10.1002\/int.20433","volume":"25","author":"D Amyot","year":"2010","unstructured":"Amyot D, Ghanavati S, Horkoff J, Mussbacher G, Peyton L, Yu ESK (2010) Evaluating goal models within the goal-oriented requirement language. Int J Intell Syst 25(8):841\u2013877","journal-title":"Int J Intell Syst"},{"issue":"2","key":"229_CR2","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1007\/s00766-010-0112-x","volume":"16","author":"Y Asnar","year":"2011","unstructured":"Asnar Y, Giorgini P, Mylopoulos J (2011) Goal-driven risk assessment in requirements engineering. Requir Eng 16(2):101\u2013116","journal-title":"Requir Eng"},{"key":"229_CR3","doi-asserted-by":"crossref","unstructured":"Barone D, Jiang L, Amyot D, Mylopoulos J (2011) Reasoning with key performance indicators. In: Proceedings of the 4th IFIP WG 8.1 working conference on the practice of enterprise modeling, Springer, Berlin, pp 82\u201396","DOI":"10.1007\/978-3-642-24849-8_7"},{"key":"229_CR4","doi-asserted-by":"crossref","unstructured":"Boehm B, Bose P, Horowitz E, Lee MJ (1994) Software requirements as negotiated win conditions. In: Proceeding of the 1st international requirements engineering conference, pp 74\u201383","DOI":"10.1109\/ICRE.1994.292400"},{"issue":"2","key":"229_CR5","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/s00766-013-0168-5","volume":"18","author":"A Cailliau","year":"2013","unstructured":"Cailliau A, van Lamsweerde A (2013) Assessing requirements-related risks through probabilistic goals and obstacles. Requir Eng 18(2):129\u2013146","journal-title":"Requir Eng"},{"key":"229_CR6","doi-asserted-by":"crossref","unstructured":"De Moura L, Bj\u00f8rner N (2008) Z3: an efficient SMT solver. In: Proceedings of the 14th international conference on tools and algorithms for the construction and analysis of systems, pp 337\u2013340","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"229_CR7","doi-asserted-by":"crossref","unstructured":"Elahi G, Yu ESK (2007) A goal oriented approach for modeling and analyzing security trade-offs. In: Proceedings of the 26th international conference on conceptual modeling. Springer, Berlin, pp 375\u2013390","DOI":"10.1007\/978-3-540-75563-0_26"},{"issue":"2","key":"229_CR8","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/MS.2008.29","volume":"25","author":"MS Feather","year":"2008","unstructured":"Feather MS, Cornford SL, Hicks KA, Kiper JD, Menzies T (2008) A broad, quantitative model for making early requirements decisions. IEEE Softw 25(2):49\u201356","journal-title":"IEEE Softw"},{"issue":"1","key":"229_CR9","doi-asserted-by":"crossref","first-page":"61","DOI":"10.5381\/jot.2004.3.1.c6","volume":"3","author":"D Firesmith","year":"2004","unstructured":"Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1):61\u201375","journal-title":"J Object Technol"},{"key":"229_CR10","doi-asserted-by":"crossref","unstructured":"Franqueira VNL, Tun TT, Yu Y, Wieringa R, Nuseibeh B (2011) Risk and argument: a risk-based argumentation method for practical security. In: Proceedings of the 19th international requirements engineering conference, pp 239\u2013248","DOI":"10.1109\/RE.2011.6051659"},{"key":"229_CR11","doi-asserted-by":"crossref","unstructured":"Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) Modeling security requirements through ownership, permission and delegation. In: Proceedings of the 13th international requirements engineering conference. IEEE Computer Society, pp 167\u2013176","DOI":"10.1109\/RE.2005.43"},{"key":"229_CR12","series-title":"Lecture notes in computer science","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/978-3-540-39733-5_1","volume-title":"Journal on data semantics I","author":"P Giorgini","year":"2003","unstructured":"Giorgini P, Mylopoulos J, Nicchiarelli E, Sebastiani R (2003) Formal reasoning techniques for goal models. In: Spaccapietra S, March S, Aberer K (eds) Journal on data semantics I. Lecture notes in computer science. Springer, Heidelberg, pp 1\u201320"},{"key":"229_CR13","doi-asserted-by":"crossref","unstructured":"Glinz M (2007) On non-functional requirements. In: Proceedings of the 15th international requirements engineering conference. IEEE Computer Society, pp 21\u201326","DOI":"10.1109\/RE.2007.45"},{"issue":"1","key":"229_CR14","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1109\/TSE.2007.70754","volume":"34","author":"CB Haley","year":"2008","unstructured":"Haley CB, Laney RC, Moffett JD, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133\u2013153","journal-title":"IEEE Trans Softw Eng"},{"key":"229_CR15","doi-asserted-by":"crossref","unstructured":"Heaven W, Letier E (2011) Simulating and optimising design decisions in quantitative goal models. In: Proceedings of the 19th international requirements engineering conference, pp 79\u201388","DOI":"10.1109\/RE.2011.6051653"},{"key":"229_CR16","unstructured":"Hoffman S (2012) Kaspersky: malware attachments up 50 percent. http:\/\/channelnomics.com\/2012\/08\/24\/kaspersky-malicious-attachments-50-percent\/"},{"issue":"3","key":"229_CR17","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1007\/s00766-011-0143-y","volume":"18","author":"J Horkoff","year":"2013","unstructured":"Horkoff J, Yu ESK (2013) Comparison and evaluation of goal-oriented satisfaction analysis techniques. Requir Eng 18(3):199\u2013222","journal-title":"Requir Eng"},{"key":"229_CR18","doi-asserted-by":"crossref","unstructured":"Houmb S, Georg G, J\u00fcrjens J, France R (2007) An integrated security verification and security solution design trade-off analysis approach. In: Integrating security and software engineering: advances and future visions, pp 190\u2013219","DOI":"10.4018\/978-1-59904-147-6.ch009"},{"issue":"4","key":"229_CR19","first-page":"306","volume":"10","author":"HP In","year":"2004","unstructured":"In HP, Olson D (2004) Requirements negotiation using multi-criteria preference analysis. J Univ Comput Sci 10(4):306\u2013325","journal-title":"J Univ Comput Sci"},{"key":"229_CR20","unstructured":"ISO\/IEC 13335\u20131:2004: Information Technology (2008) Security techniques\u2014management of information and communications technology security\u2014part 1: concepts and models for information and communications technology security management. http:\/\/www.iso.org\/iso\/catalogue_detail.htm?csnumber=39066"},{"key":"229_CR21","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens J (2002) UMLsec: extending UML for secure systems development. In: Proceedings of the 5th international conference on the unified modeling language, pp 412\u2013425","DOI":"10.1007\/3-540-45800-X_32"},{"key":"229_CR22","doi-asserted-by":"crossref","unstructured":"Kaiya H, Horai H, Saeki M (2002) AGORA: attributed goal-oriented requirements analysis method. In: Proceedings of the 20th international requirements engineering conference","DOI":"10.1109\/ICRE.2002.1048501"},{"issue":"5","key":"229_CR23","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/52.605933","volume":"14","author":"J Karlsson","year":"1997","unstructured":"Karlsson J, Ryan K (1997) A cost-value approach for prioritizing requirements. IEEE Softw 14(5):67\u201374","journal-title":"IEEE Softw"},{"key":"229_CR24","volume-title":"Non-functional requirements in software engineering","author":"C Lawrence","year":"1999","unstructured":"Lawrence C, Nixon BA, Mylopoulos J (1999) Non-functional requirements in software engineering. Kluwer, Dordrecht"},{"key":"229_CR25","doi-asserted-by":"crossref","unstructured":"Lee S (2011) Probabilistic risk assessment for security requirements: a preliminary study. In: Proceedings of the 5th international conference on secure software integration and reliability improvement. IEEE Computer Society, pp 11\u201320","DOI":"10.1109\/SSIRI.2011.12"},{"key":"229_CR26","doi-asserted-by":"crossref","unstructured":"Letier E, van Lamsweerde A (2004) Reasoning about partial goal satisfaction for requirements and design engineering. In: Proceedings of the international symposium on foundation of software engineering, pp 53\u201362","DOI":"10.1145\/1041685.1029905"},{"key":"229_CR27","doi-asserted-by":"crossref","unstructured":"Liu L, Yu ESK, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: Proceedings of the 11th international requirements engineering conference. IEEE Computer Society, pp 151\u2013161","DOI":"10.1109\/ICRE.2003.1232746"},{"key":"229_CR28","doi-asserted-by":"crossref","unstructured":"Lodderstedt T, Basin DA, Doser J (2002) SecureUML: a UML-based modeling language for model-driven security. In: Proceedings of the 5th international conference on the unified modeling language, pp 426\u2013441","DOI":"10.1007\/3-540-45800-X_33"},{"key":"229_CR29","volume-title":"Selected works by Jan \u0141ukasiewicz, chap. on three-valued logic","author":"J \u0141ukasiewicz","year":"1970","unstructured":"\u0141ukasiewicz J (1970) Selected works by Jan \u0141ukasiewicz, chap. on three-valued logic. North-Holland, Amsterdam"},{"key":"229_CR30","doi-asserted-by":"crossref","unstructured":"McDermott JP, Fox C (1999) Using abuse case models for security requirements analysis. In: Proceedings of the 15th annual computer security applications conference. IEEE Computer Society, pp 55\u201364","DOI":"10.1109\/CSAC.1999.816013"},{"key":"229_CR31","unstructured":"Messaging Anti-Abuse Working Group (MAAWG): Email Metrics Program: The Network Operators\u2019 Perspective, Report 15\u2014first, second and third quarter 2011 (2012). http:\/\/www.maawg.org\/sites\/maawg\/files\/news\/MAAWG_2011_Q1Q2Q3_Metrics_Report_15.pdf"},{"key":"229_CR32","unstructured":"Mills E (2010) The unvarnished truth about unsecured Wi-Fi. http:\/\/news.cnet.com\/8301-27080_3-20021188-245.html"},{"issue":"2","key":"229_CR33","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285\u2013309","journal-title":"Int J Softw Eng Knowl Eng"},{"key":"229_CR34","doi-asserted-by":"crossref","unstructured":"Nieuwenhuis R, Oliveras A (2006) On SAT modulo theories and optimization problems. In: Proceedings of the 9th international conference on theory and applications of satisfiability testing, pp 156\u2013169","DOI":"10.1007\/11814948_18"},{"key":"229_CR35","volume-title":"Security in computing","author":"CP Pfleeger","year":"2003","unstructured":"Pfleeger CP, Pfleeger SL (2003) Security in computing. Prentice Hall Professional, Englewood Cliffs"},{"key":"229_CR36","doi-asserted-by":"crossref","unstructured":"Salehie M, Pasquale L, Inah O, Ali R, Nuseibeh B (2012) Requirements-driven adaptive security: protecting variable assets at runtime. In: Proceedings of the 20th international requirements engineering conference. IEEE Computer Society, pp 111\u2013120","DOI":"10.1109\/RE.2012.6345794"},{"issue":"30","key":"229_CR37","first-page":"800","volume":"800","author":"G Stoneburner","year":"2002","unstructured":"Stoneburner G, Goguen A, Feringa A (2002) Risk management guide for information technology systems. Nist Spec Publ 800(30):800\u2013830","journal-title":"Nist Spec Publ"},{"key":"229_CR38","doi-asserted-by":"crossref","first-page":"45","DOI":"10.6028\/NIST.SP.800-45","volume-title":"Guidelines on electronic mail security","author":"M Tracy","year":"2002","unstructured":"Tracy M, Jansen W, Bisker S (2002) Guidelines on electronic mail security. NIST Special Publication, Gaithersburg, pp 45\u2013800"},{"key":"229_CR39","unstructured":"US General Services Administration: Email as a Service (EaaS) Blanket Purchase Agreement (BPA) Requirements Document. (2013). www.gsa.gov\/portal\/content\/112223"},{"key":"229_CR40","doi-asserted-by":"crossref","unstructured":"van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th international conference on software engineering. IEEE Computer Society, pp 148\u2013157","DOI":"10.1109\/ICSE.2004.1317437"},{"key":"229_CR41","volume-title":"Requirements engineering\u2014from system goals to UML models to software specifications","author":"A Lamsweerde van","year":"2009","unstructured":"van Lamsweerde A (2009) Requirements engineering\u2014from system goals to UML models to software specifications. Wiley, London"},{"key":"229_CR42","doi-asserted-by":"crossref","unstructured":"Wunder J, Halbardier A, Waltermire D (2011) Specification for asset identification 1.1. Tech. Rep. 7693, NIST","DOI":"10.6028\/NIST.IR.7693"},{"key":"229_CR43","doi-asserted-by":"crossref","unstructured":"Yen J, Tiao W (1997) A systematic tradeoff analysis for conflicting imprecise requirements. In: Proceedings of the 3rd international symposium on requirements engineering, pp 87\u201396","DOI":"10.1109\/ISRE.1997.566845"},{"issue":"3","key":"229_CR44","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1016\/S0019-9958(65)90241-X","volume":"8","author":"LA Zadeh","year":"1965","unstructured":"Zadeh LA (1965) Fuzzy sets. Inf Control 8(3):338\u2013353","journal-title":"Inf Control"}],"container-title":["Requirements Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-015-0229-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00766-015-0229-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-015-0229-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-015-0229-z","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,24]],"date-time":"2019-08-24T18:44:45Z","timestamp":1566672285000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00766-015-0229-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,5,12]]},"references-count":44,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,11]]}},"alternative-id":["229"],"URL":"https:\/\/doi.org\/10.1007\/s00766-015-0229-z","relation":{},"ISSN":["0947-3602","1432-010X"],"issn-type":[{"type":"print","value":"0947-3602"},{"type":"electronic","value":"1432-010X"}],"subject":[],"published":{"date-parts":[[2015,5,12]]}}}