{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T15:31:10Z","timestamp":1770996670751,"version":"3.50.1"},"reference-count":65,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2016,12,26]],"date-time":"2016-12-26T00:00:00Z","timestamp":1482710400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Softw Syst Model"],"published-print":{"date-parts":[[2019,2]]},"DOI":"10.1007\/s10270-016-0572-7","type":"journal-article","created":{"date-parts":[[2016,12,26]],"date-time":"2016-12-26T05:11:02Z","timestamp":1482729062000},"page":"523-556","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["A model-driven approach for vulnerability evaluation of modern physical protection systems"],"prefix":"10.1007","volume":"18","author":[{"given":"Annarita","family":"Drago","sequence":"first","affiliation":[]},{"given":"Stefano","family":"Marrone","sequence":"additional","affiliation":[]},{"given":"Nicola","family":"Mazzocca","sequence":"additional","affiliation":[]},{"given":"Roberto","family":"Nardone","sequence":"additional","affiliation":[]},{"given":"Annarita","family":"Tedesco","sequence":"additional","affiliation":[]},{"given":"Valeria","family":"Vittorini","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,12,26]]},"reference":[{"key":"572_CR1","doi-asserted-by":"crossref","unstructured":"Amalfitano, D., Fasolino, A.R., Scala, S., Tramontana, P.: Towards automatic model-in-the-loop testing of electronic vehicle information centers. In: WISE\u201914, Proceedings of the 2014 ACM International Workshop on Long-term Industrial Collaboration on Software Engineering, Vasteras, Sweden, September 16, 2014, pp. 9\u201312 (2014)","DOI":"10.1145\/2647648.2656427"},{"issue":"2","key":"572_CR2","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/s10796-008-9127-y","volume":"12","author":"E Bagheri","year":"2010","unstructured":"Bagheri, E., Ghorbani, A.A.: UML-CI: a reference model for profiling critical infrastructure systems. Inf. Syst. Front. 12(2), 115\u2013139 (2010)","journal-title":"Inf. Syst. Front."},{"key":"572_CR3","doi-asserted-by":"publisher","unstructured":"Benerecetti, M., De Guglielmo, R., Gentile, U., Marrone, S., Mazzocca, N., Nardone, R., Peron, A., Velardi, L., Vittorini, V.: Dynamic state machines for modelling railway control systems. Sci. Comput. Program. (2016). doi: 10.1016\/j.scico.2016.09.002","DOI":"10.1016\/j.scico.2016.09.002"},{"key":"572_CR4","doi-asserted-by":"crossref","unstructured":"Berkenk\u00f6tter, K., Hannemann, U.: Modeling the railway control domain rigorously with a UML 2.0 profile. In: Computer Safety, Reliability, and Security, pp. 398\u2013411. Springer, Berlin (2006)","DOI":"10.1007\/11875567_30"},{"key":"572_CR5","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1016\/j.ress.2013.06.032","volume":"120","author":"S Bernardi","year":"2013","unstructured":"Bernardi, S., Flammini, F., Marrone, S., Mazzocca, N., Merseguer, J., Nardone, R., Vittorini, V.: Enabling the usage of uml in the verification of railway systems: the DAM-rail approach. Reliab. Eng. Syst. Saf. 120, 112\u2013126 (2013)","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"572_CR6","doi-asserted-by":"crossref","unstructured":"Bernardi, S., Flammini, F., Marrone, S., Merseguer, J., Papa, C., Vittorini, V.: Model-driven availability evaluation of railway control systems. In: Computer Safety, Reliability, and Security. Lecture Notes in Computer Science, vol. 6894, pp. 15\u201328. Springer, Berlin (2011)","DOI":"10.1007\/978-3-642-24270-0_2"},{"issue":"2","key":"572_CR7","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1080\/13623079.2011.587206","volume":"24","author":"S Bistarelli","year":"2012","unstructured":"Bistarelli, S., Fioravanti, F., Peretti, P., Santini, F.: Evaluation of complex security scenarios using defense trees and economic indexes. J. Exp. Theor. Artif. Intell. 24(2), 161\u2013192 (2012)","journal-title":"J. Exp. Theor. Artif. Intell."},{"key":"572_CR8","doi-asserted-by":"crossref","unstructured":"Brown, G., Carlyle, M., Salmeron, J., Wood, K.: Analyzing the vulnerability of critical infrastructure to attack and planning defenses. In: Tutorials in Operations Research, INFORMS, pp. 102\u2013123. INFORMS (2005)","DOI":"10.1287\/educ.1053.0018"},{"key":"572_CR9","unstructured":"Chao, L., Tao, T.: Epsilon-based model transformation and verification of train control system specification. In: 2011 30th Chinese Control Conference (CCC), pp. 5562\u20135567 (2011)"},{"issue":"3","key":"572_CR10","doi-asserted-by":"publisher","first-page":"621","DOI":"10.1147\/sj.453.0621","volume":"45","author":"K Czarnecki","year":"2006","unstructured":"Czarnecki, K., Helsen, S.: Feature-based survey of model transformation approaches. IBM Syst. J. 45(3), 621\u2013645 (2006)","journal-title":"IBM Syst. J."},{"key":"572_CR11","unstructured":"Department of Homeland Security: NIPP 2013-partnering for critical infrastructure security and resilience. Tech. rep., U.S. Department of Homeland Security (2013)"},{"key":"572_CR12","doi-asserted-by":"crossref","unstructured":"Drago, A., Marrone, S., Mazzocca, N., Tedesco, A., Vittorini, V.: Model-Driven estimation of distributed vulnerability in complex railway networks. In: Proceedings of the IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 10th International Conference on Autonomic and Trusted Computing (UIC\/ATC), pp. 380\u2013387 (2013)","DOI":"10.1109\/UIC-ATC.2013.78"},{"issue":"3","key":"572_CR13","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1111\/j.1539-6924.2007.00907.x","volume":"27","author":"BC Ezell","year":"2007","unstructured":"Ezell, B.C.: Infrastructure vulnerability assessment model (I-VAM). Risk Anal. 27(3), 571\u2013583 (2007)","journal-title":"Risk Anal."},{"key":"572_CR14","volume-title":"Critical Infrastructure Security: Assessment, Prevention, Detection, Response","author":"F Flammini","year":"2012","unstructured":"Flammini, F.: Critical Infrastructure Security: Assessment, Prevention, Detection, Response. Information & Communication Technologies, WIT Press, Southampton (2012)"},{"key":"572_CR15","doi-asserted-by":"crossref","unstructured":"Flammini, F., Gaglione, A., Mazzocca, N., Pragliola, C.: Quantitative security risk assessment and management for railway transportation infrastructures. In: Critical Information Infrastructure Security. Lecture Notes in Computer Science, vol. 5508, pp. 180\u2013189. Springer, Berlin (2009)","DOI":"10.1007\/978-3-642-03552-4_16"},{"key":"572_CR16","doi-asserted-by":"crossref","unstructured":"Flammini, F., Gentile, U., Marrone, S., Nardone, R., Vittorini, V.: A petri net pattern-oriented approach for the design of physical protection systems. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), LNCS vol. 8666, pp. 230\u2013245 (2014)","DOI":"10.1007\/978-3-319-10506-2_16"},{"issue":"01","key":"572_CR17","doi-asserted-by":"publisher","first-page":"1450001","DOI":"10.1142\/S0218539314500016","volume":"21","author":"F Flammini","year":"2014","unstructured":"Flammini, F., Marrone, S., Iacono, M., Mazzocca, N., Vittorini, V.: A multiformalism modular approach to ERTMS\/ETCS falure modeling. Int. J. Reliab. Qual. Saf. Eng. 21(01), 1450001 (2014). doi: 10.1142\/S0218539314500016","journal-title":"Int. J. Reliab. Qual. Saf. Eng."},{"key":"572_CR18","doi-asserted-by":"crossref","unstructured":"Flammini, F., Marrone, S., Mazzocca, N., Vittorini, V.: Petri net modelling of physical vulnerability. In: Critical Information Infrastructure Security. Lecture Notes in Computer Science, vol. 6983, pp. 128\u2013139. Springer, Berlin (2013)","DOI":"10.1007\/978-3-642-41476-3_11"},{"issue":"1","key":"572_CR19","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1504\/IJSSE.2010.035379","volume":"2","author":"F Flammini","year":"2010","unstructured":"Flammini, F., Mazzocca, N., Moscato, F., Pappalardo, A., Pragliola, C., Vittorini, V.: Multiformalism techniques for critical infrastructure modelling. J. Syst. Syst. Eng. 2(1), 19\u201337 (2010)","journal-title":"J. Syst. Syst. Eng."},{"key":"572_CR20","doi-asserted-by":"crossref","unstructured":"Flammini, F., Vittorini, V., Mazzocca, N., Pragliola, C.: A Study on multiformalism modeling of critical infrastructures. In: Critical Information Infrastructure Security. Lecture Notes in Computer Science, vol. 5508, pp. 336\u2013343. Springer, Berlin (2009)","DOI":"10.1007\/978-3-642-03552-4_32"},{"key":"572_CR21","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L.: Measuring network security using Bayesian network-based attack graphs. In: Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference, COMPSAC 2008, 28 July\u20131 August 2008, Turku, Finland, pp. 698\u2013703 (2008)","DOI":"10.1109\/COMPSAC.2008.88"},{"key":"572_CR22","doi-asserted-by":"crossref","unstructured":"Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection (QoP 2008), Alexandria, VA, USA, October 27, 2008, pp. 23\u201330 (2008)","DOI":"10.1145\/1456362.1456368"},{"key":"572_CR23","volume-title":"Vulnerability Assessment of Physical Protection Systems","author":"ML Garcia","year":"2005","unstructured":"Garcia, M.L.: Vulnerability Assessment of Physical Protection Systems. Butterworth-Heinemann, Oxford (2005)"},{"key":"572_CR24","volume-title":"Design and Evaluation of Physical Protection Systems","author":"ML Garcia","year":"2007","unstructured":"Garcia, M.L.: Design and Evaluation of Physical Protection Systems. Butterworth-Heinemann, Oxford (2007)"},{"key":"572_CR25","doi-asserted-by":"publisher","unstructured":"Gentile, U., Marrone, S., Mele, G., Nardone, R., Peron, A.: Test specification patterns for automatic generation of test sequences. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), LNCS, vol. 8718, 170\u2013184 (2014). doi: 10.1007\/978-3-319-10702-8_12","DOI":"10.1007\/978-3-319-10702-8_12"},{"issue":"3","key":"572_CR26","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1109\/TSE.2010.36","volume":"36","author":"G Georg","year":"2010","unstructured":"Georg, G., Anastasakis, K., Bordbar, B., Houmb, S.H., Ray, I., Toahchoodee, M.: Verification and trade-off analysis of security properties in UML system models. IEEE Trans. Softw. Eng. 36(3), 338\u2013356 (2010)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"572_CR27","doi-asserted-by":"crossref","unstructured":"Gribaudo, M., Iacono, M., Marrone, S.: Exploiting bayesian networks for the analysis of combined attack trees. Electron. Theor. Comput. Sci. 310, 91\u2013111 (2015). In: Proceedings of the Seventh International Workshop on the Practical Application of Stochastic Modelling (PASM)","DOI":"10.1016\/j.entcs.2014.12.014"},{"key":"572_CR28","doi-asserted-by":"crossref","unstructured":"Heckerman, D.: A tutorial on learning with Bayesian networks. In: Learning in Graphical Models, pp. 301\u2013354. MIT Press, Cambridge (1999)","DOI":"10.1007\/978-94-011-5014-9_11"},{"key":"572_CR29","doi-asserted-by":"crossref","unstructured":"Hei, X., Chang, L., Ma, W., Gao, J., Xie, G.: Automatic transformation from UML statechart to petri nets for safety analysis and verification. In: 2011 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (ICQR2MSE), pp. 948\u2013951 (2011)","DOI":"10.1109\/ICQR2MSE.2011.5976760"},{"key":"572_CR30","unstructured":"Holm, H., Ekstedt, M., Sommestad, T., Korman, M.: A manual for the cyber security modeling language. Royal Institute of Technology (KTH), Technical Report (2013)"},{"issue":"6","key":"572_CR31","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1109\/TDSC.2014.2382574","volume":"12","author":"H Holm","year":"2015","unstructured":"Holm, H., Shahzad, K., Buschle, M., Ekstedt, M.: P $${}^{\\text{2 }}$$ 2 CySeMoL: predictive, probabilistic cyber security modeling language. IEEE Trans. Dependable Sec. Comput. 12(6), 626\u2013639 (2015)","journal-title":"IEEE Trans. Dependable Sec. Comput."},{"key":"572_CR32","doi-asserted-by":"crossref","unstructured":"Houmb, S.H., Georg, G., St, S.H., Collins, F., France, R.: An integrated security verification and security solution design trade-off analysis. In: Integrating Security and Software Engineering: Advances and Future Visions. IDEA Group Publishing, pp. 190\u2013219 (2007)","DOI":"10.4018\/978-1-59904-147-6.ch009"},{"key":"572_CR33","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J.: UMLsec: Extending UML for secure systems development. In: Proceedings of the 5th International Conference on the Unified Modeling Language (UML\u201902), pp. 412\u2013425. Springer, London (2002)","DOI":"10.1007\/3-540-45800-X_32"},{"key":"572_CR34","doi-asserted-by":"crossref","unstructured":"Kappel, G., Langer, P., Retschitzegger, W., Schwinger, W., Wimmer, M.: Model transformation by-example: A survey of the first wave. In: Conceptual Modelling and Its Theoretical Foundations. Lecture Notes in Computer Science, vol. 7260, pp. 197\u2013215. Springer, Berlin (2012)","DOI":"10.1007\/978-3-642-28279-9_15"},{"issue":"1","key":"572_CR35","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1093\/logcom\/exs029","volume":"24","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55\u201387 (2014)","journal-title":"J. Log. Comput."},{"key":"572_CR36","doi-asserted-by":"crossref","unstructured":"Lewis, T., Darken, R., Mackin, T., Dudenhoeffer, D.: Model-Based Risk Analysis for Critical Infrastructures, pp. 3\u201319. Critical Infrastructure Security - WIT Press, Southampton (2011)","DOI":"10.2495\/978-1-84564-562-5\/01"},{"key":"572_CR37","doi-asserted-by":"crossref","unstructured":"Macdonald, D., Clements, S., Patrick, S., Perkins, C., Muller, G., Lancaster, M., Hutton, W.: Cyber\/physical security vulnerability assessment integration. In: 2013 IEEE PES Innovative Smart Grid Technologies (ISGT), pp. 1\u20136 (2013)","DOI":"10.1109\/ISGT.2013.6497883"},{"issue":"6","key":"572_CR38","doi-asserted-by":"publisher","first-page":"669","DOI":"10.1007\/s10009-014-0320-7","volume":"16","author":"S Marrone","year":"2014","unstructured":"Marrone, S., Flammini, F., Mazzocca, N., Nardone, R., Vittorini, V.: Towards model-driven V&V assessment of railway control systems. Int. J. Softw. Tools Technol Transf 16(6), 669\u2013683 (2014)","journal-title":"Int. J. Softw. Tools Technol Transf"},{"key":"572_CR39","unstructured":"Marrone, S., Nardone, R., Orazzo, A., Petrone, I., Velardi, L.: Improving verification process in driverless metro systems: The MBAT project. In: Proceedings of the 5th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation. Applications and Case Studies (ISoLA 2012), Part II, Heraklion, Crete, Greece, October 15\u201318, 2012, pp. 231\u2013245 (2012)"},{"issue":"34","key":"572_CR40","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1016\/j.ijcip.2013.10.001","volume":"6","author":"S Marrone","year":"2013","unstructured":"Marrone, S., Nardone, R., Tedesco, A., D\u2019Amore, P., Vittorini, V., Setola, R., De Cillis, F., Mazzocca, N.: Vulnerability modeling and analysis for critical infrastructure protection applications. Int. J. Crit. Infrastruct. Protect. 6(34), 217\u2013227 (2013)","journal-title":"Int. J. Crit. Infrastruct. Protect."},{"key":"572_CR41","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1016\/j.compeleceng.2015.07.011","volume":"47","author":"S Marrone","year":"2015","unstructured":"Marrone, S., Rodr\u00edguez, R.J., Nardone, R., Flammini, F., Vittorini, V.: On synergies of cyber and physical security modelling in vulnerability assessment of railway systems. Comput. Electr. Eng. 47, 275\u2013285 (2015)","journal-title":"Comput. Electr. Eng."},{"key":"572_CR42","unstructured":"Mauw, S., Oostdijk, M.: Foundations of attack trees. In: 8th International Conference Information Security and Cryptology (ICISC 2005), Seoul, Korea, December 1\u20132, 2005, Revised Selected Papers, pp. 186\u2013198 (2005)"},{"key":"572_CR43","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1016\/j.entcs.2005.10.021","volume":"152","author":"T Mens","year":"2006","unstructured":"Mens, T., Van Gorp, P.: A taxonomy of model transformation. Electr. Notes Theor. Comput. Sci. 152, 125\u2013142 (2006)","journal-title":"Electr. Notes Theor. Comput. Sci."},{"issue":"2","key":"572_CR44","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/s10708-011-9412-z","volume":"78","author":"A Murray","year":"2013","unstructured":"Murray, A.: An overview of network vulnerability modeling approaches. GeoJournal 78(2), 209\u2013221 (2013)","journal-title":"GeoJournal"},{"key":"572_CR45","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-319-29510-7_7","volume":"596","author":"R Nardone","year":"2016","unstructured":"Nardone, R., Gentile, U., Benerecetti, M., Peron, A., Vittorini, V., Marrone, S., Mazzocca, N.: Modeling railway control systems in promela. Commun. Comput. Inf. Sci. 596, 121\u2013136 (2016). doi: 10.1007\/978-3-319-29510-7_7","journal-title":"Commun. Comput. Inf. Sci."},{"key":"572_CR46","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-319-17581-2_7","volume":"476","author":"R Nardone","year":"2015","unstructured":"Nardone, R., Gentile, U., Peron, A., Benerecetti, M., Vittorini, V., Marrone, S., De Guglielmo, R., Mazzocca, N., Velardi, L.: Dynamic state machines for formalizing railway control system specifications. Commun. Comput. Inf. Sci. 476, 93\u2013109 (2015). doi: 10.1007\/978-3-319-17581-2_7","journal-title":"Commun. Comput. Inf. Sci."},{"key":"572_CR47","unstructured":"OMG: UML Profile for MARTE: Modeling and Analysis of Real-time Embedded Systems (2011). Version 1.1, formal\/11-06-02"},{"issue":"3","key":"572_CR48","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/1226736.1226774","volume":"50","author":"D Parker","year":"2007","unstructured":"Parker, D.: Risks of risk-based security. Commu. ACM 50(3), 120 (2007)","journal-title":"Commu. ACM"},{"key":"572_CR49","volume-title":"Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference","author":"J Pearl","year":"1988","unstructured":"Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann Publishers Inc., San Francisco (1988)"},{"key":"572_CR50","unstructured":"Risk Steering Committee: DHS Risk Lexicon, 2010 Edition (2010)"},{"key":"572_CR51","unstructured":"Roadnight, J.: Will physical security information management (PSIM) systems change the global security world? Tech. rep., CornerStone (2011)"},{"key":"572_CR52","doi-asserted-by":"crossref","unstructured":"Rodr\u00edguez, R.J., Marrone, S.: Model-based vulnerability assessment of self-adaptive protection systems. In: Intelligent Distributed Computing IX, pp. 439\u2013449. Springer (2016)","DOI":"10.1007\/978-3-319-25017-5_41"},{"key":"572_CR53","doi-asserted-by":"crossref","unstructured":"Rodr\u00edguez, R.J., Merseguer, J., Bernardi, S.: Modelling security of critical infrastructures: a survivability assessment. Comput. J. 58(10), pp. 2313\u20132327 (2015)","DOI":"10.1093\/comjnl\/bxu096"},{"issue":"8","key":"572_CR54","doi-asserted-by":"publisher","first-page":"929","DOI":"10.1002\/sec.299","volume":"5","author":"A Roy","year":"2012","unstructured":"Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929\u2013943 (2012)","journal-title":"Secur. Commun. Netw."},{"issue":"4","key":"572_CR55","doi-asserted-by":"publisher","first-page":"935","DOI":"10.1111\/j.0272-4332.2004.00495.x","volume":"24","author":"S Sagan","year":"2004","unstructured":"Sagan, S.: The problem of redundancy problem: why more nuclear security forces may produce less nuclear security. Risk Anal. 24(4), 935\u2013946 (2004)","journal-title":"Risk Anal."},{"key":"572_CR56","doi-asserted-by":"crossref","unstructured":"Selic, B.: A Systematic Approach to domain-specific language design using UML. In: 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC), pp. 2\u20139. IEEE Computer Society, Santorini Island, Greece (2007)","DOI":"10.1109\/ISORC.2007.10"},{"key":"572_CR57","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04426-2","volume-title":"Railway Infrastructure Security","author":"R Setola","year":"2015","unstructured":"Setola, R., Sforza, A., Vittorini, V., Pragliola, C.: Railway Infrastructure Security. Springer, Berlin (2015). doi: 10.1007\/978-3-319-04426-2"},{"key":"572_CR58","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-3-319-04426-2_9","volume-title":"Optimal Location of Security Devices","author":"A Sforza","year":"2015","unstructured":"Sforza, A., Starita, S., Sterle, C.: Optimal Location of Security Devices, pp. 171\u2013196. Springer, Cham (2015). doi: 10.1007\/978-3-319-04426-2_9"},{"key":"572_CR59","doi-asserted-by":"crossref","unstructured":"Sforza, A., Sterle, C., D\u2019Amore, P., Tedesco, R., De Cillis, F., Setola, R.: Optimization models in a smart tool for the railway infrastructure protection. In: Critical Information Infrastructure Security. Lecture Notes in Computer Science, vol. 8328, pp. 191\u2013196. Springer, Berlin (2013)","DOI":"10.1007\/978-3-319-03964-0_17"},{"issue":"3","key":"572_CR60","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1109\/JSYST.2012.2221853","volume":"7","author":"T Sommestad","year":"2013","unstructured":"Sommestad, T., Ekstedt, M., Holm, H.: The cyber security modeling language: a tool for assessing the vulnerability of enterprise system architectures. IEEE Syst. J. 7(3), 363\u2013373 (2013)","journal-title":"IEEE Syst. J."},{"key":"572_CR61","unstructured":"US Department of Homeland Security: Fundamentals Homeland Security Risk Management Doctrine. Washington, DC: US Department of Homeland Security (2011)"},{"key":"572_CR62","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-3-319-04426-2_8","volume":"27","author":"V Vittorini","year":"2015","unstructured":"Vittorini, V., Marrone, S., Mazzocca, N., Nardone, R., Drago, A.: A model-driven process for physical protection system design and vulnerability evaluation. Top. Saf. Risk Reliab. Qual. 27, 143\u2013169 (2015)","journal-title":"Top. Saf. Risk Reliab. Qual."},{"key":"572_CR63","volume-title":"Securing America\u2019s Passenger-Rail Systems","author":"J Wilson","year":"2007","unstructured":"Wilson, J., Jackson, B., Eisman, M., Steinberg, P., Riley, K.: Securing America\u2019s Passenger-Rail Systems. RAND Corporation, Santa Monica (2007)"},{"key":"572_CR64","doi-asserted-by":"crossref","unstructured":"Xie, P., Li, J., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: Proceedings of the 40th IEEE\/IFIP International Conference on Dependable Systems and Networks, pp. 211\u2013220 (2010)","DOI":"10.1109\/DSN.2010.5544924"},{"issue":"2","key":"572_CR65","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1109\/TPDS.2013.211","volume":"25","author":"SA Zonouz","year":"2014","unstructured":"Zonouz, S.A., Khurana, H., Sanders, W.H., Yardley, T.M.: RRE: a game-theoretic intrusion response and recovery engine. IEEE Trans. Parallel Distrib. Syst. 25(2), 395\u2013406 (2014)","journal-title":"IEEE Trans. Parallel Distrib. Syst."}],"container-title":["Software &amp; Systems Modeling"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10270-016-0572-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-016-0572-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-016-0572-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T22:03:00Z","timestamp":1749852180000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10270-016-0572-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12,26]]},"references-count":65,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,2]]}},"alternative-id":["572"],"URL":"https:\/\/doi.org\/10.1007\/s10270-016-0572-7","relation":{},"ISSN":["1619-1366","1619-1374"],"issn-type":[{"value":"1619-1366","type":"print"},{"value":"1619-1374","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,12,26]]},"assertion":[{"value":"5 June 2015","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 November 2016","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 December 2016","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 December 2016","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}