{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,1]],"date-time":"2025-02-01T05:31:25Z","timestamp":1738387885363,"version":"3.35.0"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T00:00:00Z","timestamp":1221609600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Softw Syst Model"],"published-print":{"date-parts":[[2009,2]]},"DOI":"10.1007\/s10270-008-0102-3","type":"journal-article","created":{"date-parts":[[2008,9,16]],"date-time":"2008-09-16T16:58:24Z","timestamp":1221584304000},"page":"45-65","source":"Crossref","is-referenced-by-count":5,"title":["Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies"],"prefix":"10.1007","volume":"8","author":[{"given":"Fredrik","family":"Seehusen","sequence":"first","affiliation":[]},{"given":"Bj\u00f8rnar","family":"Solhaug","sequence":"additional","affiliation":[]},{"given":"Ketil","family":"St\u00f8len","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2008,9,17]]},"reference":[{"key":"102_CR1","doi-asserted-by":"crossref","unstructured":"Aagedal, J.O., Milo\u0161evi\u0107, Z.: ODP enterprise language: UML perspective. In: Proceedings of the 3rd International Conference on Enterprise Distributed Object Computing (EDOC\u201999), pp. 60\u201371. IEEE Computer Society (1999)","DOI":"10.1109\/EDOC.1999.792050"},{"issue":"4","key":"102_CR2","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1016\/0020-0190(85)90056-0","volume":"21","author":"B. Alpern","year":"1985","unstructured":"Alpern B., Schneider F.B.: Defining liveness. Inform. Process. Lett. 21(4), 181\u2013185 (1985)","journal-title":"Inform. Process. Lett."},{"issue":"2\u20133","key":"102_CR3","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.scico.2004.04.003","volume":"54","author":"M. Broy","year":"2005","unstructured":"Broy M.: A semantic and methodological essence of message sequence charts. Sci. Computer Program. 54(2\u20133), 213\u2013256 (2005)","journal-title":"Sci. Computer Program."},{"key":"102_CR4","doi-asserted-by":"crossref","unstructured":"Broy, M., St\u00f8len, K.: Specification and development of interactive systems. FOCUS on Streams, Interface, and Refinement. Springer, Berlin (2001)","DOI":"10.1007\/978-1-4613-0091-5"},{"issue":"1","key":"102_CR5","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1023\/A:1011227529550","volume":"19","author":"W. Damm","year":"2001","unstructured":"Damm W., Harel D.: LSCs: Breathing life into message sequence charts. Formal Methods Syst. Des. 19(1), 45\u201380 (2001)","journal-title":"Formal Methods Syst. Des."},{"key":"102_CR6","doi-asserted-by":"crossref","unstructured":"Grosu, R., Smolka, S.A.: Safety-liveness semantics for UML 2.0 sequence diagrams. In: Proceedings of Applications of Concurrency to System Design (ACSD\u201905), pp. 6\u201314. IEEE Computer Society (2005)","DOI":"10.1109\/ACSD.2005.31"},{"issue":"2","key":"102_CR7","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1007\/s10270-007-0054-z","volume":"7","author":"D. Harel","year":"2008","unstructured":"Harel D., Maoz S.: Assert and negate revisited: modal semantics for UML sequence diagrams. Softw. Syst. Model. 7(2), 237\u2013252 (2008)","journal-title":"Softw. Syst. Model."},{"key":"102_CR8","doi-asserted-by":"crossref","unstructured":"Harel, D., Marelly, R.: Come, Let\u2019s Play: Scenario-Based Programming Using LSCs and the Play-Engine. Springer, Berlin (2003)","DOI":"10.1007\/978-3-642-19029-2"},{"key":"102_CR9","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1007\/s10270-005-0087-0","volume":"4","author":"O. Haugen","year":"2005","unstructured":"Haugen O., Husa K.E., Runde R.K., St\u00f8len K.: STAIRS towards formal design with sequence diagrams. Softw. Syst. Model. 4, 355\u2013367 (2005)","journal-title":"Softw. Syst. Model."},{"key":"102_CR10","doi-asserted-by":"crossref","unstructured":"Haugen, O., Husa, K.E., Runde, R.K., St\u00f8len, K.: Why timed sequence diagrams require three-event semantics. In: Scenarios: models, transformations and tools, vol. 3466 of LNCS, pp. 1\u201325. Springer, Berlin (2005)","DOI":"10.1007\/11495628_1"},{"key":"102_CR11","unstructured":"Hoare, C.A.R.: Communicating Sequential Processes. Series in computer science. Prentice-Hall, Englewood Cliffs, NJ (1985)"},{"key":"102_CR12","unstructured":"International Telecommunication Union. Recommendation Z.120 Annex B\u2014Semantics of Message Sequence Chart (MSC) (1998)"},{"key":"102_CR13","unstructured":"International Telecommunication Union. Recommendation Z.120\u2014Message Sequence Chart (MSC) (2004)"},{"key":"102_CR14","unstructured":"ISO\/IEC. FCD 15414, Information Technology\u2014Open Distributed Processing\u2014Reference Model\u2014Enterprise Viewpoint (2000)"},{"key":"102_CR15","doi-asserted-by":"crossref","unstructured":"Jacob, J.: On the derivation of secure components. In: Proceedings of the IEEE Symposium on Security and Privacy (SP\u201989), pp. 242\u2013247. IEEE Computer Society (1989)","DOI":"10.1109\/SECPRI.1989.36298"},{"key":"102_CR16","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J.: Secrecy-preserving refinement. In: Proceedings of Formal Methods Europe (FME\u201901), vol. 2021 of LNCS, pp. 135\u2013152. Springer, Berlin (2001)","DOI":"10.1007\/3-540-45251-6_8"},{"key":"102_CR17","doi-asserted-by":"crossref","unstructured":"Kagal, L., Finin, T., Joshi, A.: A policy language for a pervasive computing environment. In: Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks (POLICY\u201903), pp. 63\u201374. IEEE Computer Society (2003)","DOI":"10.1109\/POLICY.2003.1206958"},{"key":"102_CR18","unstructured":"Katoen, J.-P., Lambert, L.: Pomsets for message sequence charts. In: Formale Beschreibungstechniken f\u00fcr verteilte Systeme, pp. 197\u2013208. Shaker, Germany (1998)"},{"key":"102_CR19","unstructured":"Kr\u00fcger, I.H.: Distributed System Design with Message Sequence Charts. PhD thesis, Institut f\u00fcr Informatik, Ludwig-Maximilians-Universit\u00e4t M\u00fcnchen (2000)"},{"key":"102_CR20","unstructured":"Lund, M.S.: Operational analysis of sequence diagram specifications. PhD thesis, University of Oslo (2008)"},{"key":"102_CR21","doi-asserted-by":"crossref","unstructured":"Lund, M.S., St\u00f8len, K.: A fully general operational semantics for UML 2.0 sequence diagrams with potential and mandatory choice. In: Proceedings of the 14th International Symposium on Formal Methods (FM\u201906), number 4085 in LNCS, pp. 380\u2013395. Springer, Berlin (2006)","DOI":"10.1007\/11813040_26"},{"key":"102_CR22","doi-asserted-by":"crossref","unstructured":"Mantel, H.: Possibilistic definitions of security\u2014an assembly kit. In: Proceedings of IEEE Compuer Security Foundations Workshop (CSFW\u201900), pp. 185\u2013199. IEEE Computer Society (2000)","DOI":"10.1109\/CSFW.2000.856936"},{"key":"102_CR23","doi-asserted-by":"crossref","unstructured":"Mauw, S., Reniers, M.A.: High-level message sequence charts. In: Proceedings of the 8th SDL Forum, pp. 291\u2013306. Elsevier, Amsterdam (1997)","DOI":"10.1016\/B978-044482816-3\/50020-4"},{"issue":"17","key":"102_CR24","doi-asserted-by":"crossref","first-page":"1785","DOI":"10.1016\/S1389-1286(99)00060-2","volume":"31","author":"S. Mauw","year":"1999","unstructured":"Mauw S., Reniers M.A.: Operational semantics for MSC\u201996. Computer Netw. ISDN Syst. 31(17), 1785\u20131799 (1999)","journal-title":"Computer Netw. ISDN Syst."},{"key":"102_CR25","doi-asserted-by":"crossref","unstructured":"McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 79\u201393. IEEE Computer Society (1994)","DOI":"10.1109\/RISP.1994.296590"},{"key":"102_CR26","doi-asserted-by":"crossref","unstructured":"McNamara, P.: Deontic logic. In: Gabbay, D.M., Woods, J. (eds) Logic and the Modalities in the Twentieth Century, vol. 7 of Handbook of the History of Logic, pp. 197\u2013288. Elsevier, Amsterdam (2006)","DOI":"10.1016\/S1874-5857(06)80029-4"},{"key":"102_CR27","unstructured":"Object Management Group. Unified Modeling Language: Superstructure, version 2.1.1 (2007)"},{"key":"102_CR28","unstructured":"O\u2019Halloran, C.: A calculus of information flow. In: Proceedings of European Symposium on Research in Computer Security (ESORICS\u201990), pp. 147\u2013159. AFCET (1990)"},{"key":"102_CR29","doi-asserted-by":"crossref","unstructured":"Refsdal, A., Husa, K.E., St\u00f8len, K.: Specification and refinement of soft real-time requirements using sequence diagrams. In: Proceedings of the 3rd International Conference on Formal Modelling and Analysis of Timed Systems (FORMATS\u201905), vol. 3829 of LNCS, pp. 32\u201348. Springer, Berlin (2005)","DOI":"10.1007\/11603009_4"},{"key":"102_CR30","doi-asserted-by":"crossref","unstructured":"Refsdal, A., Runde, R.K., St\u00f8len, K.: Underspecification, inherent nondeterminism and probability in sequence diagrams. In: Proceedings of the 8th IFIP International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS\u201906), vol. 4037 of LNCS, pp, 138\u2013155. Springer, Berlin (2006)","DOI":"10.1007\/11768869_12"},{"key":"102_CR31","doi-asserted-by":"crossref","unstructured":"Roscoe, A.: CSP and determinism in security modelling. In: Proceedings of IEEE Symposium on Security and Privacy (SP\u201995), pp. 114\u2013127. IEEE Computer Society (1995)","DOI":"10.1109\/SECPRI.1995.398927"},{"key":"102_CR32","unstructured":"Runde, R.K., Haugen, O., St\u00f8len, K.: How to transform UML neg into a useful construct. In: Proceedings of Norsk Informatikkonferanse, pp. 55\u201366. Tapir, Trondheim (2005)"},{"issue":"2","key":"102_CR33","first-page":"157","volume":"12","author":"R.K. Runde","year":"2005","unstructured":"Runde R.K., Haugen O., St\u00f8len K.: Refining UML interactions with underspecification and nondeterminism. Nordic J. Comput. 12(2), 157\u2013188 (2005)","journal-title":"Nordic J. Comput."},{"key":"102_CR34","doi-asserted-by":"crossref","unstructured":"Runde, R.K., Refsdal, A., St\u00f8len, K.: Relating computer systems to sequence diagrams with underspecification, inherent nondeterminism and probabilistic choice. Part 1. Underspecification and inherent nondeterminism. Technical Report, vol. 346. Department of Informatics, University of Oslo (2007)","DOI":"10.1007\/11768869_12"},{"issue":"1","key":"102_CR35","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1145\/353323.353382","volume":"3","author":"F.B. Schneider","year":"2000","unstructured":"Schneider F.B.: Enforceable security policies. ACM Trans. Inform. Syst. Security 3(1), 30\u201350 (2000)","journal-title":"ACM Trans. Inform. Syst. Security"},{"issue":"8","key":"102_CR36","doi-asserted-by":"crossref","first-page":"587","DOI":"10.1109\/TSE.2006.82","volume":"32","author":"B. Sengupta","year":"2006","unstructured":"Sengupta B., Cleaveland R.: Triggered message sequence charts. IEEE Trans. Softw. Eng. 32(8), 587\u2013607 (2006)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"4","key":"102_CR37","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1007\/BF02283186","volume":"2","author":"M. Sloman","year":"1994","unstructured":"Sloman M.: Policy driven management for distributed systems. Netw. Syst. Manage. 2(4), 333\u2013360 (1994)","journal-title":"Netw. Syst. Manage."},{"issue":"2","key":"102_CR38","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1109\/65.993218","volume":"16","author":"M. Sloman","year":"2002","unstructured":"Sloman M., Lupu E.: Security and management policy specification. IEEE Netw. 16(2), 10\u201319 (2002)","journal-title":"IEEE Netw."},{"key":"102_CR39","doi-asserted-by":"crossref","unstructured":"Solhaug, B., Elgesem, D., St\u00f8len, K.: Specifying policies using UML sequence diagrams \u2013 An evaluation based on a case study. In: Proceedings of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY\u201907), pp. 19\u201328. IEEE Computer Society (2007)","DOI":"10.1109\/POLICY.2007.42"},{"key":"102_CR40","doi-asserted-by":"crossref","unstructured":"Steen, M., Derrick, J.: Formalising ODP enterprise policies. In: Proceedings of the 3rd International Conference on Enterprise Distributed Object Computing (EDOC\u201999), pp. 84\u201393. IEEE Computer Society (1999)","DOI":"10.1109\/EDOC.1999.792052"},{"key":"102_CR41","unstructured":"St\u00f6rrle, H.: Trace semantics of interactions in UML 2.0. Technical Report TR 0403, University of Munich (2004)"},{"key":"102_CR42","doi-asserted-by":"crossref","unstructured":"Uchitel, S., Brunet, G., Chechik, M.: Behaviour model synthesis from properties and scenarios. In: Proceedings of the 29th International Conference in Software Engineering (ISCE\u201907), pp. 34\u201343. IEEE Computer Society (2007)","DOI":"10.1109\/ICSE.2007.21"},{"key":"102_CR43","unstructured":"Wies, R.: Policy definition and classification: Aspects, criteria, and examples. In: Proceedings of the IFIP\/IEEE International Workshop on Distributed Systems: Operation and Management (1994)"},{"key":"102_CR44","doi-asserted-by":"crossref","unstructured":"Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 94\u2013102. IEEE Computer Society (1997)","DOI":"10.1109\/SECPRI.1997.601322"}],"container-title":["Software &amp; Systems Modeling"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-008-0102-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10270-008-0102-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-008-0102-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T23:19:18Z","timestamp":1738365558000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10270-008-0102-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,9,17]]},"references-count":44,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2009,2]]}},"alternative-id":["102"],"URL":"https:\/\/doi.org\/10.1007\/s10270-008-0102-3","relation":{},"ISSN":["1619-1366","1619-1374"],"issn-type":[{"type":"print","value":"1619-1366"},{"type":"electronic","value":"1619-1374"}],"subject":[],"published":{"date-parts":[[2008,9,17]]}}}