{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T11:46:26Z","timestamp":1773402386836,"version":"3.50.1"},"reference-count":67,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T00:00:00Z","timestamp":1740787200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100015963","name":"Scuola IMT Alti Studi Lucca","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100015963","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,4]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>As individuals engage with innovative technologies, including smart cars and smart homes, a comprehensive treatment of the threats to their privacy becomes increasingly urgent. This article recognises the relevance of security and, in particular, privacy threat modelling, especially under the umbrella of GDPR compliance, and addresses the challenge of the pursuit of completeness in eliciting security and privacy threats. The core contribution is SPADA, a methodology for threat modelling revolving around five key variables (whose initials form the acronym that names the methodology). These are: \u201cSource of documentation\u201d, \u201cProperty\u201d, \u201cApplication domain\u201d, \u201cDetail (level of)\u201d and \u201cAgent(s) raising the threats\u201d, and clarify the essential variable elements of the threat modelling activity. SPADA requires the analyst to duly instantiate each variable but offers increased structure and automation in return. The methodology is applied to the domains of smart cars and smart homes, considering both soft and hard privacy. This yields 23 domain-independent threats for soft privacy, and 29 domain-independent threats for hard privacy. Both these lists of threats are then tailored to the smart car domain by appropriate combination with the 43 identified assets, producing a total of 785 privacy threats for smart cars. Similarly, appropriate combination with the 127 assets identified in the smart home domain produces a total of 1502 privacy threats for smart homes.\n<\/jats:p>","DOI":"10.1007\/s10207-025-00999-0","type":"journal-article","created":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T19:31:36Z","timestamp":1740857496000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["The SPADA methodology for threat modelling"],"prefix":"10.1007","volume":"24","author":[{"given":"Mario","family":"Raciti","sequence":"first","affiliation":[]},{"given":"Giampaolo","family":"Bella","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,1]]},"reference":[{"key":"999_CR1","doi-asserted-by":"crossref","first-page":"16","DOI":"10.26483\/ijarcs.v8i7.4529","volume":"8","author":"TJ Ansari","year":"2017","unstructured":"Ansari, T.J., Pandey, D.: An integration of threat modeling with attack pattern and misuse case for effective security requirement elicitation. Int. J. Adv. Res. Comput. Sci. 8, 16\u201320 (2017). (https:\/\/api.semanticscholar.org\/CorpusID:86796612)","journal-title":"Int. J. Adv. Res. Comput. Sci."},{"key":"999_CR2","doi-asserted-by":"publisher","unstructured":"Anwar, M.N., Nazir, M., Mustafa, K. Security threats taxonomy: smart-home perspective. In: 2017 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA) (Fall), pp. 1\u20134, (2017). https:\/\/doi.org\/10.1109\/ICACCAF.2017.8344666","DOI":"10.1109\/ICACCAF.2017.8344666"},{"key":"999_CR3","doi-asserted-by":"publisher","first-page":"100707","DOI":"10.1016\/j.iot.2023.100707","volume":"22","author":"G Bella","year":"2023","unstructured":"Bella, G., Biondi, P., Bognanni, S., et al.: Petiot: penetration testing the internet of things. Internet Things 22, 100707 (2023). https:\/\/doi.org\/10.1016\/j.iot.2023.100707. (https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2542660523000306)","journal-title":"Internet Things"},{"key":"999_CR4","doi-asserted-by":"publisher","unstructured":"Bella, G., Biondi, P., Tudisco, G.: A double assessment of privacy risks aboard top-selling cars. Autom. Innov. \u201318. (2023b). https:\/\/doi.org\/10.1007\/s42154-022-00203-2","DOI":"10.1007\/s42154-022-00203-2"},{"key":"999_CR5","unstructured":"BleepingComputer: Toyota: car location data of 2 million customers exposed for ten years. (2023a). https:\/\/www.bleepingcomputer.com\/news\/security\/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years\/"},{"key":"999_CR6","unstructured":"BleepingComputer: TP-Link smart bulbs can let hackers steal your WiFi password. (2023b). https:\/\/www.bleepingcomputer.com\/news\/security\/tp-link-smart-bulbs-can-let-hackers-steal-your-wifi-password\/"},{"key":"999_CR7","doi-asserted-by":"publisher","first-page":"101952","DOI":"10.1016\/j.ijinfomgt.2019.05.008","volume":"51","author":"P Brous","year":"2020","unstructured":"Brous, P., Janssen, M., Herder, P.: The dual effects of the internet of things (IoT): a systematic review of the benefits and risks of IoT adoption by organizations. Int. J. Inf. Manage. 51, 101952 (2020). https:\/\/doi.org\/10.1016\/j.ijinfomgt.2019.05.008. (https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0268401218309022)","journal-title":"Int. J. Inf. Manage."},{"key":"999_CR8","doi-asserted-by":"publisher","first-page":"107770","DOI":"10.1016\/j.chb.2023.107770","volume":"145","author":"D Buil-Gil","year":"2023","unstructured":"Buil-Gil, D., Kemp, S., Kuenzel, S., et al.: The digital harms of smart home devices: a systematic literature review. Comput. Hum. Behav. 145, 107770 (2023). https:\/\/doi.org\/10.1016\/j.chb.2023.107770. (https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0747563223001218)","journal-title":"Comput. Hum. Behav."},{"key":"999_CR9","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/s00766-022-00382-8","volume":"28","author":"ED Canedo","year":"2022","unstructured":"Canedo, E.D., Bandeira, I.N., Calazans, A.T.S., et al.: Privacy requirements elicitation: a systematic literature review and perception analysis of it practitioners. Requir. Eng. 28, 177\u2013194 (2022). (https:\/\/api.semanticscholar.org\/CorpusID:258570284)","journal-title":"Requir. Eng."},{"key":"999_CR10","doi-asserted-by":"publisher","unstructured":"Chah, B., Lombard, A., Bkakria, A., et\u00a0al.: Privacy threat analysis for connected and autonomous vehicles. Procedia Comput. Sci. 210, 36\u201344. (2022). https:\/\/doi.org\/10.1016\/j.procs.2022.10.117, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1877050922015733, the 13th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN) \/ The 12th International Conference on Current and Future Trends of Information and Communication Technologies in Healthcare (ICTH-2022) \/ Affiliated Workshops","DOI":"10.1016\/j.procs.2022.10.117"},{"key":"999_CR11","unstructured":"CNET: Amazon to pay \\$30M for ring and alexa privacy violations: tips for protecting your smart home data. (2023). https:\/\/www.cnet.com\/tech\/services-and-software\/amazon-to-pay-30-m-for-ring-and-alexa-privacy-violations-tips-for-protecting-your-smart-home-data\/"},{"key":"999_CR12","unstructured":"Cybernews: Bmw exposes clients in italy. (2023). https:\/\/cybernews.com\/security\/bmw-exposes-italy-clients\/"},{"key":"999_CR13","unstructured":"Danezis, G.: Introduction to privacy technology. (2008). http:\/\/www0.cs.ucl.ac.uk\/staff\/G.Danezis\/talks\/Privacy_Technology_cosic.pdf"},{"key":"999_CR14","unstructured":"Danezis, G., Gurses, S.: A critical review of 10 years of privacy technology. In: Proceedings of surveillance cultures: a global surveillance society, pp. 1\u201316, (2010). https:\/\/www.researchgate.net\/publication\/228538295_A_critical_review_of_10_years_of_Privacy_Technology"},{"key":"999_CR15","unstructured":"Deloitte: 2023 global automotive consumer study. (2023). https:\/\/www.deloitte.com\/global\/en\/Industries\/automotive\/perspectives\/global-automotive-consumer-study.html"},{"issue":"1","key":"999_CR16","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","volume":"16","author":"M Deng","year":"2011","unstructured":"Deng, M., Wuyts, K., Scandariato, R., et al.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3\u201332 (2011). https:\/\/doi.org\/10.1007\/s00766-010-0115-7","journal-title":"Requir. Eng."},{"key":"999_CR17","unstructured":"ENISA: threat landscape and good practice guide for smart home and converged media. (2014). https:\/\/www.enisa.europa.eu\/publications\/threat-landscape-for-smart-home-and-media-convergence"},{"key":"999_CR18","unstructured":"ENISA. Threat taxonomy. (2016). https:\/\/www.enisa.europa.eu\/topics\/cyber-threats\/threats-and-trends\/enisa-threat-landscape\/threat-taxonomy\/view"},{"key":"999_CR19","unstructured":"ENISA. Good practices for security of smart cars. (2019). https:\/\/www.enisa.europa.eu\/publications\/smart-cars"},{"key":"999_CR20","unstructured":"ENISA. ENISA threat landscape 2022. (2022). https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2022"},{"key":"999_CR21","unstructured":"Europe, A.N.: Tesla escapes fine from dutch watchdog after automaker alters security cameras. (2023). https:\/\/europe.autonews.com\/automakers\/tesla-alters-cameras-avoid-dutch-fine-over-privacy-violations"},{"key":"999_CR22","unstructured":"Forbes: confirmed: 2 billion records exposed in massive smart home device breach. (2019). https:\/\/www.forbes.com\/sites\/daveywinder\/2019\/07\/02\/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach\/"},{"key":"999_CR23","unstructured":"GDPR: Regulation (EU) 2016\/679 general data protection regulation. (2016). https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=celex%3A32016R0679"},{"key":"999_CR24","doi-asserted-by":"publisher","unstructured":"Geneiatakis, D., Kounelis, I., Neisse, R., et\u00a0al.: Security and privacy issues for an IoT based smart home. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1292\u20131297, (2017). https:\/\/doi.org\/10.23919\/MIPRO.2017.7973622","DOI":"10.23919\/MIPRO.2017.7973622"},{"key":"999_CR25","doi-asserted-by":"publisher","unstructured":"Ghirardello, K., Maple, C., Ng, D., et al.: Cyber security of smart homes: development of a reference architecture for attack surface analysis. In: Living in the Internet of Things: Cybersecurity of the IoT\u20132018, pp. 1\u201310 (2018). https:\/\/doi.org\/10.1049\/cp.2018.0045","DOI":"10.1049\/cp.2018.0045"},{"key":"999_CR26","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1016\/j.cose.2018.07.011","volume":"78","author":"R Heartfield","year":"2018","unstructured":"Heartfield, R., Loukas, G., Budimir, S., et al.: A taxonomy of cyber-physical threats and impact in the smart home. Comput. Secur. 78, 398\u2013428 (2018). https:\/\/doi.org\/10.1016\/j.cose.2018.07.011. (https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404818304875)","journal-title":"Comput. Secur."},{"key":"999_CR27","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1016\/j.ijinfomgt.2018.08.008","volume":"43","author":"AP Henriques de Gusm\u00e3o","year":"2018","unstructured":"Henriques de Gusm\u00e3o, A.P., Mendon\u00e7a Silva, M., Poleto, T., et al.: Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory. Int. J. Inf. Manage. 43, 248\u2013260 (2018). https:\/\/doi.org\/10.1016\/j.ijinfomgt.2018.08.008. (https:\/\/www.sciencedirect.com\/science\/article\/pii\/S026840121830077X)","journal-title":"Int. J. Inf. Manage."},{"key":"999_CR28","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"A Hevner","year":"2004","unstructured":"Hevner, A., March, S., Park, J., et al.: Design science in information systems research. Manag. Inf. Syst. Q. 28, 75 (2004)","journal-title":"Manag. Inf. Syst. Q."},{"key":"999_CR29","doi-asserted-by":"publisher","unstructured":"Hoepman, J.H.: Privacy is hard and seven other myths: achieving privacy through careful design. (2021). https:\/\/doi.org\/10.7551\/mitpress\/12587.001.0001","DOI":"10.7551\/mitpress\/12587.001.0001"},{"key":"999_CR30","doi-asserted-by":"publisher","unstructured":"Howard, M., Lipner, S.: The Security Development Lifecycle, vol 34. Microsoft Press (2006). https:\/\/doi.org\/10.1007\/s11623-010-0021-7","DOI":"10.1007\/s11623-010-0021-7"},{"key":"999_CR31","doi-asserted-by":"crossref","unstructured":"Islam, S., Mouratidis, H., Wagner, S.: Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In: Requirements Engineering: Foundation for Software Quality, (2010). https:\/\/api.semanticscholar.org\/CorpusID:15084158","DOI":"10.1007\/978-3-642-14192-8_23"},{"key":"999_CR32","unstructured":"ISO: ISO\/IEC 21434-road vehicles-cybersecurity engineering (2021)"},{"key":"999_CR33","doi-asserted-by":"publisher","unstructured":"Kavallieratos, G., Chowdhury, N., Katsikas, S., et\u00a0al.: Threat analysis for smart homes. Future Internet 11(10). (2019a). https:\/\/doi.org\/10.3390\/fi11100207, https:\/\/www.mdpi.com\/1999-5903\/11\/10\/207","DOI":"10.3390\/fi11100207"},{"key":"999_CR34","doi-asserted-by":"publisher","unstructured":"Kavallieratos, G., Gkioulos, V., Katsikas, S.K.: Threat analysis in dynamic environments: the case of the smart home. In: 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), pp. 234\u2013240, (2019b). https:\/\/doi.org\/10.1109\/DCOSS.2019.00060","DOI":"10.1109\/DCOSS.2019.00060"},{"key":"999_CR35","unstructured":"Law, B.: New us agency joins fray over Massachusetts repair law, car data. (2023) https:\/\/news.bloomberglaw.com\/privacy-and-data-security\/new-us-agency-joins-fray-over-massachusetts-repair-law-car-data"},{"key":"999_CR36","unstructured":"Magazine, C.: Data breach exposed 2 million Aflac and Zurich insurance policyholders- records. (2023). https:\/\/www.cpomagazine.com\/cyber-security\/data-breach-exposed-2-million-aflac-and-zurich-insurance-policyholders-records\/"},{"key":"999_CR37","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-319-22906-5_17","volume-title":"Trust, Privacy and Security in Digital Business","author":"EL Makri","year":"2015","unstructured":"Makri, E.L., Lambrinoudakis, C.: Privacy principles: towards a common privacy audit methodology. In: Fischer-H\u00fcbner, S., Lambrinoudakis, C., L\u00f3pez, J. (eds.) Trust, Privacy and Security in Digital Business, pp. 219\u2013234. Springer International Publishing, Cham (2015)"},{"key":"999_CR38","unstructured":"Microsoft: the STRIDE threat model. (2009). https:\/\/learn.microsoft.com\/en-us\/previous-versions\/commerce-server\/ee823878%28v=cs.20,"},{"key":"999_CR39","unstructured":"Myagmar, S., Lee, A.J., Yurcik, W.: Threat modeling as a basis for security requirements. (2005). https:\/\/api.semanticscholar.org\/CorpusID:9164059"},{"key":"999_CR40","unstructured":"News, T.H.: Millions of vehicles at risk: api vulnerabilities uncovered in 16 major car brands. (2023). https:\/\/thehackernews.com\/2023\/01\/millions-of-vehicles-at-risk-api.html"},{"key":"999_CR41","unstructured":"NIST: foundations of a security policy for use of the national research and educational network (NISTIR 4734). (1992). https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/IR\/nistir4734.pdf"},{"key":"999_CR42","unstructured":"OWASP: top 10 privacy risks. (2021). https:\/\/owasp.org\/www-project-top-10-privacy-risks\/"},{"key":"999_CR43","unstructured":"OWASP: threat modeling cheat sheet. (2019). https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Threat_Modeling_Cheat_Sheet.html"},{"key":"999_CR44","unstructured":"Pattakou, A., Kalloniatis, C., Gritzalis, S.: Security and privacy requirements engineering methods for traditional and cloud-based systems: a review. In: Proceedings of the 8th International Conference on Cloud Computing, GRIDs, and Virtualization, (2017). https:\/\/api.semanticscholar.org\/CorpusID:252048830"},{"key":"999_CR45","doi-asserted-by":"publisher","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","volume":"24","author":"K Peffers","year":"2007","unstructured":"Peffers, K., Tuunanen, T., Rothenberger, M., et al.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24, 45\u201377 (2007)","journal-title":"J. Manag. Inf. Syst."},{"key":"999_CR46","unstructured":"Pfitzmann, A., Hansen, M. (2010).: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. http:\/\/dud.inf.tu-dresden.de\/literatur\/Anon_Terminology_v0.34.pdf, v0.34"},{"key":"999_CR47","doi-asserted-by":"publisher","first-page":"100986","DOI":"10.1016\/j.jestch.2021.04.005","volume":"25","author":"A Pompigna","year":"2022","unstructured":"Pompigna, A., Mauro, R.: Smart roads: a state of the art of highways innovations in the smart age. Eng. Sci. Technol. Int. J. 25, 100986 (2022). https:\/\/doi.org\/10.1016\/j.jestch.2021.04.005. (https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2215098621000872)","journal-title":"Eng. Sci. Technol. Int. J."},{"key":"999_CR48","unstructured":"Raciti, M., Bella, G.: Github repository with complete outcomes. (2023a). https:\/\/github.com\/tsumarios\/Privacy-Threat-Modelling-Research\/tree\/main\/SPADA"},{"key":"999_CR49","doi-asserted-by":"publisher","unstructured":"Raciti, M., Bella, G.: How to model privacy threats in the automotive domain. In: Proceedings of the 9th International Conference on Vehicle Technology and Intelligent Transport Systems\u2013VEHITS, INSTICC. SciTePress, pp. 394\u2013401, (2023b). https:\/\/doi.org\/10.5220\/0011998800003479","DOI":"10.5220\/0011998800003479"},{"key":"999_CR50","doi-asserted-by":"publisher","unstructured":"Raciti, M., Bella, G.: A threat model for soft privacy on smart cars. In: In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW)., (2023c). https:\/\/doi.org\/10.1109\/EuroSPW59978.2023.00005","DOI":"10.1109\/EuroSPW59978.2023.00005"},{"key":"999_CR51","doi-asserted-by":"publisher","unstructured":"Raciti, M., Bella, G.: Up-to-date threat modelling for soft privacy on smart cars. In: Katsikas, S., Cuppens, F., Cuppens-Boulahia, N., et\u00a0al. (eds) Computer Security. ESORICS 2023 International Workshops. Springer Nature Switzerland, Cham, pp. 454\u2013473, (2024). https:\/\/doi.org\/10.1007\/978-3-031-54204-6_27","DOI":"10.1007\/978-3-031-54204-6_27"},{"key":"999_CR52","unstructured":"Reuters: Toyota\u2019s Indian unit warns of a possible customer data breach. (2023). https:\/\/www.reuters.com\/technology\/toyotas-indian-unit-warns-possible-customer-data-breach-2023-01-01\/"},{"key":"999_CR53","unstructured":"SAE: taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles (J3016_202104). (2021). https:\/\/www.sae.org\/standards\/content\/j3016_201806\/"},{"issue":"12","key":"999_CR54","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr Dobb\u2019s J. 24(12), 21\u201329 (1999)","journal-title":"Dr Dobb\u2019s J."},{"issue":"13","key":"999_CR55","doi-asserted-by":"publisher","first-page":"11224","DOI":"10.1109\/JIOT.2023.3252594","volume":"10","author":"YR Siwakoti","year":"2023","unstructured":"Siwakoti, Y.R., Bhurtel, M., Rawat, D.B., et al.: Advances in IoT security: vulnerabilities, enabled criminal services, attacks, and countermeasures. IEEE Internet Things J. 10(13), 11224\u201311239 (2023). https:\/\/doi.org\/10.1109\/JIOT.2023.3252594","journal-title":"IEEE Internet Things J."},{"key":"999_CR56","unstructured":"TechCrunch: Toyota japan exposed millions of vehicles\u2019 location data for a decade. (2023). https:\/\/techcrunch.com\/2023\/05\/12\/toyota-japan-exposed-millions-locations-videos\/"},{"key":"999_CR57","unstructured":"Threatpost: bugs in samsung IoT Hub leave smart home open to attack. (2018). https:\/\/threatpost.com\/bugs-in-samsung-iot-hub-leave-smart-home-open-to-attack\/134454\/"},{"key":"999_CR58","doi-asserted-by":"publisher","unstructured":"Toh CSanguesa, M.: Advances in smart roads for future smart cities. In: Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences, (2020). https:\/\/doi.org\/10.1098\/rspa.2019.0439","DOI":"10.1098\/rspa.2019.0439"},{"key":"999_CR59","unstructured":"Underscored, C.: The ring car cam takes ring\u2019s great security smarts on the road. (2023). https:\/\/edition.cnn.com\/cnn-underscored\/reviews\/ring-car-cam"},{"key":"999_CR60","doi-asserted-by":"publisher","unstructured":"Van\u00a0Landuyt, D., Joosen, W.: A descriptive study of assumptions made in linddun privacy threat elicitation. In: Proceedings of the 35th Annual ACM Symposium on Applied Computing. Association for Computing Machinery, New York, NY, USA, SAC \u201920, pp. 1280\u20131287, (2020). https:\/\/doi.org\/10.1145\/3341105.3375762,","DOI":"10.1145\/3341105.3375762"},{"key":"999_CR61","doi-asserted-by":"publisher","unstructured":"Vasenev, A., Stahl, F., Hamazaryan, H., et\u00a0al.: Practical security and privacy threat analysis in the automotive domain: long term support scenario for over-the-air updates. In: Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems\u2013VEHITS,, INSTICC. SciTePress, pp. 550\u2013555, (2019). https:\/\/doi.org\/10.5220\/0007764205500555","DOI":"10.5220\/0007764205500555"},{"issue":"3","key":"999_CR62","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/s42154-021-00140-6","volume":"4","author":"Y Wang","year":"2021","unstructured":"Wang, Y., Wang, Y., Qin, H., et al.: A systematic risk assessment framework of automotive cybersecurity. Automot. Innov. 4(3), 253\u2013261 (2021). https:\/\/doi.org\/10.1007\/s42154-021-00140-6","journal-title":"Automot. Innov."},{"key":"999_CR63","unstructured":"Wikipedia: Semantic Relations. (2023). https:\/\/en.wiktionary.org\/wiki\/Wiktionary:Semantic_relations"},{"key":"999_CR64","unstructured":"Wuyts, K., Joosen, W.: Linddun privacy threat modeling: a tutorial. Technical Report (CW Reports), (2015)"},{"key":"999_CR65","doi-asserted-by":"publisher","unstructured":"Wuyts, K., Van\u00a0Landuyt, D., Hovsepyan, A., et\u00a0al.: Effective and efficient privacy threat modeling through domain refinements. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing. Association for Computing Machinery, New York, NY, USA, SAC \u201918, pp. 1175\u20131178, (2018). https:\/\/doi.org\/10.1145\/3167132.3167414,","DOI":"10.1145\/3167132.3167414"},{"key":"999_CR66","doi-asserted-by":"publisher","unstructured":"Wuyts, K., Sion, L., Van\u00a0Landuyt, D., et\u00a0al.: Knowledge is power: systematic reuse of privacy knowledge for threat elicitation. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 80\u201383, (2019). https:\/\/doi.org\/10.1109\/SPW.2019.00025","DOI":"10.1109\/SPW.2019.00025"},{"key":"999_CR67","doi-asserted-by":"publisher","unstructured":"Ziegeldorf, J.H., Morchon, O.G., Wehrle, K.: Privacy in the internet of things: threats and challenges. Secur. Commun. Netw. 7(12), 2728\u20132742 (2014). https:\/\/doi.org\/10.1002\/sec.795","DOI":"10.1002\/sec.795"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-00999-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-00999-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-00999-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T08:04:30Z","timestamp":1743321870000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-00999-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,1]]},"references-count":67,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,4]]}},"alternative-id":["999"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-00999-0","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,3,1]]},"assertion":[{"value":"1 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence this work.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"86"}}