{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,25]],"date-time":"2025-12-25T12:38:24Z","timestamp":1766666304801},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2013,5,11]],"date-time":"2013-05-11T00:00:00Z","timestamp":1368230400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Electron Commer Res"],"published-print":{"date-parts":[[2013,9]]},"DOI":"10.1007\/s10660-013-9121-4","type":"journal-article","created":{"date-parts":[[2013,5,10]],"date-time":"2013-05-10T14:59:29Z","timestamp":1368197969000},"page":"243-256","source":"Crossref","is-referenced-by-count":21,"title":["Threat modeling of a mobile device management system for secure smart work"],"prefix":"10.1007","volume":"13","author":[{"given":"Keunwoo","family":"Rhee","sequence":"first","affiliation":[]},{"given":"Dongho","family":"Won","sequence":"additional","affiliation":[]},{"given":"Sang-Woon","family":"Jang","sequence":"additional","affiliation":[]},{"given":"Sooyoung","family":"Chae","sequence":"additional","affiliation":[]},{"given":"Sangwoo","family":"Park","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2013,5,11]]},"reference":[{"key":"9121_CR1","unstructured":"Apple Inc. (2010). iPhone in business mobile device management. http:\/\/images.apple.com\/iphone\/business\/docs\/iPhone_MDM.pdf . Accessed 29 May 2012."},{"key":"9121_CR2","first-page":"49","volume-title":"Proceedings of 11th workshop on mobile computing systems and applications (HotMobile\u201910)","author":"J. Bickford","year":"2010","unstructured":"Bickford, J., O\u2019Hare, R., Baliga, A., Ganapathy, V., & Iftode, L. (2010). Rootkits on smartphones: attacks, implications and opportunities. In Proceedings of 11th workshop on mobile computing systems and applications (HotMobile\u201910) (pp. 49\u201354)."},{"key":"9121_CR3","unstructured":"Bruns, J. (2009). Mobile application security on android. Black Hat 2009. http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/BURNS\/BHUSA09-Burns-AndroidSurgery-PAPER.pdf . Accessed 29 May 2012."},{"key":"9121_CR4","unstructured":"CCMB (2009). Common criteria for information technology security evaluation. Part 1: Introduction and general model. Version\u00a03.1, Revision\u00a03, Final, CCMB-2009-07-001."},{"key":"9121_CR5","volume-title":"Proceedings of the 40th Hawaii international conference on system sciences (HICSS\u201907)","author":"Y. Chen","year":"2007","unstructured":"Chen, Y., Boehm, B., & Sheppard, L. (2007). Value driven security threat modeling based on attack path analysis. In Proceedings of the 40th Hawaii international conference on system sciences (HICSS\u201907) (pp.\u00a0280a)."},{"key":"9121_CR6","unstructured":"Cisco Systems, Inc. (2012). Global IT survey highlights enthusiasm over tablets in the enterprise, shows customization, collaboration and virtualization as key features. http:\/\/newsroom.cisco.com\/press-release-content?type=webcontent&articleId=658006 . Accessed 29 May 2012."},{"key":"9121_CR7","unstructured":"CVSS (2012). Forum of incident response and security teams. http:\/\/www.first.org\/cvss\/cvss-guide.html . Accessed 29 May 2012."},{"key":"9121_CR8","unstructured":"C-skills blog (2012). http:\/\/c-skills.blogspot.com . Accessed 29 May 2012."},{"key":"9121_CR9","first-page":"262","volume-title":"Proceedings of the 6th IEEE\/ACM international workshop on grid computing","author":"Y. Demchenko","year":"2005","unstructured":"Demchenko, Y., Gommans, L., Laat, C. D., & Oudenaarde, B. (2005). Web services and grid security vulnerabilities and threats analysis and model. In Proceedings of the 6th IEEE\/ACM international workshop on grid computing (pp. 262\u2013267)."},{"key":"9121_CR10","unstructured":"Goldberg, Y. (2012). Practical threat analysis for the software industry. http:\/\/www.ptatechnologies.com . Accessed 29 May 2012."},{"key":"9121_CR11","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1145\/1103780.1103795","volume-title":"Proceedings of the 2005 ACM workshop on storage security and survivability (StorageSS\u201905)","author":"R. Hasan","year":"2005","unstructured":"Hasan, R., Myagmar, S., Lee, A. J., & Yurcik, W. (2005). Toward a threat model for storage systems. In Proceedings of the 2005 ACM workshop on storage security and survivability (StorageSS\u201905) (pp.\u00a094\u2013102)."},{"issue":"3\u20134","key":"9121_CR12","doi-asserted-by":"crossref","first-page":"441","DOI":"10.1007\/s10660-010-9063-z","volume":"10","author":"T. H\u00e5valdsrud","year":"2010","unstructured":"H\u00e5valdsrud, T., Ligaarden, O., Myrseth, P., Refsdal, A., St\u00f8len, K., & \u00d8lnes, J. (2010). Experiences from using a UML-based method for trust analysis in an industrial project on electronic procurement. Electronic Commerce Research, 10(3\u20134), 441\u2013467.","journal-title":"Electronic Commerce Research"},{"issue":"3\u20134","key":"9121_CR13","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1007\/s10660-006-8677-7","volume":"6","author":"P. Herrmann","year":"2006","unstructured":"Herrmann, P., & Herrmann, G. (2006). Security requirement analysis of business processes. Electronic Commerce Research, 6(3\u20134), 305\u2013335.","journal-title":"Electronic Commerce Research"},{"key":"9121_CR14","unstructured":"Hogben, G., & Dekker, M. (2010). Smartphone: Information security risks, opportunities and recommendations for users. European Network and Information Security Agency. http:\/\/www.enisa.europa.eu\/activities\/identity-and-trust\/risks-and-data-breaches\/smartphones-information-security-risks-opportunities-and-recommendations-for-users\/at_download\/fullReport . Accessed 29 May 2012."},{"key":"9121_CR15","unstructured":"International Organization for Standardization (2004). ISO\/IEC TR 13335-1: information technology\u2014security techniques\u2014management of information and communications technology security\u2014Part\u00a01: Concepts and models for information and communications technology security management. http:\/\/www.iso.org\/iso\/iso_catalogue_tc\/catalogue_detail.htm?csnumber=39066 . Accessed 29 May 2012."},{"key":"9121_CR16","first-page":"311","volume-title":"Lecture notes in computer science","author":"W. Jeon","year":"2011","unstructured":"Jeon, W., Kim, J., Lee, Y., & Won, D. (2011). A\u00a0practical analysis of smartphone security. In M.\u00a0J.\u00a0Smith & G.\u00a0Salvendy (Eds.), Lecture notes in computer science (Vol.\u00a06771, pp. 311\u2013320). Berlin: Springer."},{"key":"9121_CR17","unstructured":"Layland, R., Wexler, J., Datoo, A., George, A., Rege, O., Marshall, J., Herrema, J., & Duckering, B. (2011). The 2011 mobile device management challenge\u2014defusing mobile anarchy in the enterprise. Network World and Robin Layland present. http:\/\/solutioncenters.networkworld.com\/mobile_management_challenge . Accessed 29 May 2012."},{"key":"9121_CR18","volume-title":"A study on the design of secure multi function printer conforming to the Korea evaluation and certification scheme","author":"K. Lee","year":"2011","unstructured":"Lee, K. (2011). A study on the design of secure multi function printer conforming to the Korea evaluation and certification scheme. Suwon: Sungkyunkwan University"},{"key":"9121_CR19","volume-title":"Improving web application security: threats and countermeasures","author":"J. D. Meier","year":"2003","unstructured":"Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., Murukan, A., Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., & Murukan, A. (2003). Improving web application security: threats and countermeasures. Microsoft Press. http:\/\/msdn.microsoft.com\/en-us\/library\/ff649874.aspx . Accessed 20 July 2012."},{"key":"9121_CR20","volume-title":"Proceedings of the symposium on requirements engineering for information security (SREIS\u201905)","author":"S. Myagmar","year":"2005","unstructured":"Myagmar, S., Lee, A. J., & Yurcik, W. (2005). Threat modeling as a basis for security requirements. In Proceedings of the symposium on requirements engineering for information security (SREIS\u201905)."},{"key":"9121_CR21","unstructured":"National Vulnerability Database (2012). CVE-2011-1149. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2011-1149 . Accessed 29 May 2012."},{"key":"9121_CR22","first-page":"526","volume-title":"Proceedings of the 8th ACIS international conference on software engineering, artificial intelligence, networking, and Parallel\/Distributed computing (SNPD 2007)","author":"J. Ni","year":"2007","unstructured":"Ni, J., Li, Z., Gao, Z., & Sun, J. (2007). Threat analysis and prevention for grid and web security. In Proceedings of the 8th ACIS international conference on software engineering, artificial intelligence, networking, and Parallel\/Distributed computing (SNPD 2007) (pp. 526\u2013531)."},{"key":"9121_CR23","volume-title":"Proceedings of the 10th IASTED international conference on software engineering and applications (SEA 2006)","author":"E. A. Oladimeji","year":"2006","unstructured":"Oladimeji, E. A., Suppakkul, S., & Chung, L. (2006). Security threat modeling and analysis: a goal-oriented approach. In Proceedings of the 10th IASTED international conference on software engineering and applications (SEA 2006)."},{"key":"9121_CR24","unstructured":"OWASP (2012). Man-in-the-middle attack. http:\/\/www.owasp.org\/index.php\/Man-in-the-middle_attack . Accessed 29 May 2012."},{"key":"9121_CR25","unstructured":"OWASP (2012). Session hijacking attack. http:\/\/www.owasp.org\/index.php\/Session_hijacking_attack . Accessed 29 May 2012."},{"key":"9121_CR26","unstructured":"OWASP (2012). SQL injection. http:\/\/www.owasp.org\/index.php\/SQL_Injection . Accessed 29 May 2012."},{"key":"9121_CR27","volume-title":"Proceedings of the 7th international conference on enterprise information systems (ICEEIS 2005)","author":"J. Pauli","year":"2005","unstructured":"Pauli, J., & Xu, D. (2005). Threat-driven architectural design of secure information systems. In Proceedings of the 7th international conference on enterprise information systems (ICEEIS 2005)."},{"key":"9121_CR28","first-page":"1","volume-title":"Proceedings of the 2nd international conference on communication systems software and middleware (COMSWARE 2007)","author":"N. R. Prasad","year":"2007","unstructured":"Prasad, N. R. (2007). Threat model framework and methodology for personal networks (PNs). In Proceedings of the 2nd international conference on communication systems software and middleware (COMSWARE 2007) (pp. 1\u20136)."},{"key":"9121_CR29","first-page":"1","volume-title":"Proceedings of the 4th international conference on malicious and unwanted software","author":"A. D. Schmidt","year":"2009","unstructured":"Schmidt, A. D., Schmidt, H. G., Batyuk, L., Clausen, J. H., Camtepe, S. A., & Albayrak, S. (2009). Smartphone malware evolution revisited: android next target? In Proceedings of the 4th international conference on malicious and unwanted software (pp. 1\u20137)."},{"key":"9121_CR30","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1109\/SECURWARE.2009.47","volume-title":"Proceedings of 2009 third international conference on emerging security information, systems and technologies (SECURWARE 2009)","author":"A. Stango","year":"2009","unstructured":"Stango, A., Prasad, N. R., & Kyriazanos, D. M. (2009). A\u00a0threat analysis methodology for security evaluation and enhancement planning. In Proceedings of 2009 third international conference on emerging security information, systems and technologies (SECURWARE 2009) (pp. 262\u2013267)."},{"key":"9121_CR31","unstructured":"Stouffer, K. A. (2004). System protection profile-industrial control systems version\u00a01.0. National Institute of Standards and Technology. http:\/\/www.nist.gov\/customcf\/get_pdf.cfm?pub_id=822602 . Accessed 29 May 2012."},{"issue":"3\u20134","key":"9121_CR32","doi-asserted-by":"crossref","first-page":"239","DOI":"10.1007\/s10660-010-9064-y","volume":"10","author":"G. Swamynathan","year":"2010","unstructured":"Swamynathan, G., & Almeroth, K. (2010). The design of a reliable reputation system. Electronic Commerce Research, 10(3\u20134), 239\u2013270.","journal-title":"Electronic Commerce Research"},{"key":"9121_CR33","volume-title":"Threat modeling, redmond","author":"F. Swiderski","year":"2004","unstructured":"Swiderski, F., & Snyder, W. (2004). Threat modeling, redmond. Washington: Microsoft Press."},{"key":"9121_CR34","unstructured":"Sybase, Inc. (2011). Afaria: a\u00a0technical overview. http:\/\/m.sybase.com\/files\/White_Papers\/Afaira-Techinical-WP.pdf . Accessed 29 May 2012."},{"key":"9121_CR35","unstructured":"Tegrak Kernel (2012). http:\/\/pspmaster.tistory.com . Accessed 29 May 2012."},{"key":"9121_CR36","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1145\/1920261.1920314","volume-title":"Proceedings of the 26th annual computer security applications conference (ACSAC\u201910)","author":"Z. Wang","year":"2010","unstructured":"Wang, Z., & Stavrou, A. (2010). Exploiting smart-phone USB connectivity for fun and profit. In Proceedings of the 26th annual computer security applications conference (ACSAC\u201910) (pp. 357\u2013366)."},{"key":"9121_CR37","unstructured":"Wikipedia (2012). Brute-force attack. http:\/\/en.wikipedia.org\/wiki\/Brute-force_attack . Accessed 29 May 2012."},{"key":"9121_CR38","unstructured":"Wikipedia (2012). Dictionary attack. http:\/\/en.wikipedia.org\/wiki\/Dictionary_attack . Accessed 29 May 2012."},{"key":"9121_CR39","unstructured":"Wikipedia (2012). iOS jailbreaking. http:\/\/en.wikipedia.org\/wiki\/IOS_jailbreaking . Accessed 29 May 2012."},{"key":"9121_CR40","unstructured":"Wikipedia (2012). Replay attack. http:\/\/en.wikipedia.org\/wiki\/Replay_attack . Accessed 29 May 2012."},{"key":"9121_CR41","unstructured":"Wikipedia (2012). Rooting (Android OS). http:\/\/en.wikipedia.org\/wiki\/Rooting_(Android_OS) . Accessed 29 May 2012."},{"key":"9121_CR42","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1109\/MALWARE.2011.6112330","volume-title":"Proceedings of 2011 6th international conference on malicious and unwanted software","author":"D. You","year":"2011","unstructured":"You, D., & Noh, B. (2011). Android platform base Linux kernel rootkit. In Proceedings of 2011 6th international conference on malicious and unwanted software (pp. 79\u201387)."},{"issue":"2","key":"9121_CR43","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/s10660-012-9092-x","volume":"12","author":"T. Zarmpou","year":"2012","unstructured":"Zarmpou, T., Saprikis, V., Markos, A., & Vlachopoulou, M. (2012). Modeling users\u2019 acceptance of mobile services. Electronic Commerce Research, 12(2), 225\u2013248.","journal-title":"Electronic Commerce Research"}],"container-title":["Electronic Commerce Research"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10660-013-9121-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10660-013-9121-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10660-013-9121-4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,16]],"date-time":"2022-02-16T18:26:22Z","timestamp":1645035982000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10660-013-9121-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,5,11]]},"references-count":43,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,9]]}},"alternative-id":["9121"],"URL":"https:\/\/doi.org\/10.1007\/s10660-013-9121-4","relation":{},"ISSN":["1389-5753","1572-9362"],"issn-type":[{"value":"1389-5753","type":"print"},{"value":"1572-9362","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,5,11]]}}}