{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T09:44:33Z","timestamp":1769247873635,"version":"3.49.0"},"reference-count":24,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2021,9,3]],"date-time":"2021-09-03T00:00:00Z","timestamp":1630627200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,9,3]],"date-time":"2021-09-03T00:00:00Z","timestamp":1630627200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"University Of South-Eastern Norway"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Wireless Pers Commun"],"published-print":{"date-parts":[[2021,11]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>In this paper we briefly outline as set of rules for integration of legacy devices into a modern industrial control system. These rules are fairly simple, and are mostly derived from \u201cZero Trust\u201d principles. These rules aim to be pragmatic, and cost-effectiveness trumps completeness.<\/jats:p>","DOI":"10.1007\/s11277-021-09055-1","type":"journal-article","created":{"date-parts":[[2021,9,4]],"date-time":"2021-09-04T00:30:02Z","timestamp":1630715402000},"page":"1169-1186","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Zero-Trust Principles for Legacy Components"],"prefix":"10.1007","volume":"121","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7363-0076","authenticated-orcid":false,"given":"Geir M.","family":"K\u00f8ien","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,9,3]]},"reference":[{"key":"9055_CR1","first-page":"03","volume-title":"MITRE ATT&CK\u00ae for industrial control systems: Design and philosophy","author":"Otis Alexander","year":"2020","unstructured":"Alexander, Otis, Belisle, Misha, & Steele, Jacob. (2020). MITRE ATT&CK\u00ae for industrial control systems: Design and philosophy (p. 03). MITRE: White paper."},{"key":"9055_CR2","doi-asserted-by":"crossref","unstructured":"Scott Rose, Oliver Borchert, Stu Mitchell, and Sean Connelly. Zero Trust Architecture. NIST Special Publication 800-207, NIST, 08 (2020).","DOI":"10.6028\/NIST.SP.800-207-draft2"},{"key":"9055_CR3","volume-title":"Enisa threat landscape: The year in review","author":"ENISA","year":"2020","unstructured":"ENISA. (2020). Enisa threat landscape: The year in review. ENISA: ETL."},{"key":"9055_CR4","unstructured":"DRAGOS. ICS Cybersecurity; Year in review (2020). White paper, DRAGOS, (2020)."},{"key":"9055_CR5","unstructured":"Shostack A (2014) Threat modeling: Designing for security. Wiley"},{"key":"9055_CR6","unstructured":"NSA. (2021). Embracing a zero trust security model (v1.0). Cybersecurity. Information, 02."},{"key":"9055_CR7","unstructured":"Industrial Control Systems Cyber Emergency Response Team (ICS-CERT. Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. Department of Homeland. (2016). Security, 09,"},{"key":"9055_CR8","unstructured":"Rory Ward and Betsy Beyer. (2014). BeyondCorp: a new approach to enterprise security. ; login: the magazine of USENIX & SAGE, 39(6), 6\u201311."},{"key":"9055_CR9","unstructured":"Zimmer, Bryan, & LISA: A practical zero trust architecture. In Enigma, . (2018). Enigma 2018 (p. 2018). CA: Santa Clara."},{"issue":"49","key":"9055_CR10","first-page":"14","volume":"7","author":"Aleph One","year":"1996","unstructured":"One, Aleph. (1996). Smashing the stack for fun and profit. Phrack magazine, 7(49), 14\u201316.","journal-title":"Phrack magazine"},{"issue":"5","key":"9055_CR11","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1002\/spe.515","volume":"33","author":"Kyung-Suk Lhee","year":"2003","unstructured":"Lhee, Kyung-Suk., & Chapin, Steve J. (2003). Buffer overflow and format string overflow vulnerabilities. Software-Practice and Experience, 33(5), 423\u2013460.","journal-title":"Software-Practice and Experience"},{"issue":"3","key":"9055_CR12","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1109\/TDSC.2012.10","volume":"9","author":"Matt Bishop","year":"2012","unstructured":"Bishop, Matt, Engle, Sophie, Howard, Damien, & Whalen, Sean. (2012). A taxonomy of buffer overflow characteristics. IEEE Transactions on Dependable and Secure Computing, 9(3), 305\u2013317.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"9055_CR13","unstructured":"Halfond William G, Viegas Jeremy, Orso Alessandro, et\u00a0al (2006) A classification of sql-injection attacks and countermeasures. In Proceedings of the IEEE international symposium on secure software engineering, volume\u00a01, pages 13\u201315. IEEE."},{"issue":"10","key":"9055_CR14","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/2.161279","volume":"25","author":"Bertrand Meyer","year":"1992","unstructured":"Meyer, Bertrand. (1992). Applying design by contract. Computer, 25(10), 40\u201351.","journal-title":"Computer"},{"key":"9055_CR15","doi-asserted-by":"crossref","unstructured":"Volpano Dennis, and Smith Geoffrey (1997) A type-based approach to program security. In Michel Bidoit and Max Dauchet, editors, TAPSOFT \u201997: Theory and Practice of Software Development, pages 607\u2013621, Berlin, Heidelberg. Springer Berlin Heidelberg. ISBN 978-3-540-68517-3.","DOI":"10.1007\/BFb0030629"},{"issue":"1","key":"9055_CR16","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1109\/32.481513","volume":"22","author":"Mart\u00edn Abadi","year":"1996","unstructured":"Abadi, Mart\u00edn, & Needham, Roger. (1996). Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1), 6\u201315.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9055_CR17","unstructured":"ITU-T (2015). Information technology \u2013 Abstract Syntax Notation One (ASN.1): Specification of basic notation. Recommendation X.680, ITU-T, 08."},{"issue":"12","key":"9055_CR18","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1145\/96267.96279","volume":"33","author":"Barton P Miller","year":"1990","unstructured":"Miller, Barton P., Fredriksen, Louis, & So, Bryan. (1990). An empirical study of the reliability of unix utilities. Communications of the ACM, 33(12), 32\u201344.","journal-title":"Communications of the ACM"},{"issue":"1","key":"9055_CR19","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1145\/66093.66095","volume":"19","author":"H Eugene","year":"1989","unstructured":"Eugene, H. (1989). The internet worm program: An analysis. ACM SIGCOMM Computer Communication Review, 19(1), 17\u201357.","journal-title":"ACM SIGCOMM Computer Communication Review"},{"key":"9055_CR20","doi-asserted-by":"crossref","unstructured":"Miller, Barton, Zhang, Mengxiao, & Heymann, Elisa. (2020). The relevance of classic fuzz testing: Have we solved this one? IEEE Transactions on Software Engineering","DOI":"10.1109\/TSE.2020.3047766"},{"key":"9055_CR21","unstructured":"Bhme, Marcel, & Cadar, Cristian. (2020). and Abhik Roychoudhury. Fuzzing: Challenges and reflections. IEEE Software."},{"key":"9055_CR22","doi-asserted-by":"crossref","unstructured":"Zhao, Hui, Li, Zhihui, Wei, Hansheng, Shi, Jianqi, & Huang, Yanhong. (2019). Seqfuzzer: An industrial protocol fuzzing framework from a deep learning perspective. In 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST), pages 59\u201367. IEEE.","DOI":"10.1109\/ICST.2019.00016"},{"key":"9055_CR23","first-page":"17","volume-title":"Microsoft research drm talk","author":"Cory Doctorow","year":"2004","unstructured":"Doctorow, Cory. (2004). Microsoft research drm talk (p. 17). Microsoft Research Group, Redmond, WA: Transcript."},{"key":"9055_CR24","unstructured":"Peterson, Jordan B. (2018). 12 rules for life: An antidote to chaos. Random House Canada."}],"container-title":["Wireless Personal Communications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-021-09055-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11277-021-09055-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11277-021-09055-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,4]],"date-time":"2021-11-04T15:11:59Z","timestamp":1636038719000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11277-021-09055-1"}},"subtitle":["12 Rules for Legacy Devices: An Antidote to Chaos"],"short-title":[],"issued":{"date-parts":[[2021,9,3]]},"references-count":24,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2021,11]]}},"alternative-id":["9055"],"URL":"https:\/\/doi.org\/10.1007\/s11277-021-09055-1","relation":{},"ISSN":["0929-6212","1572-834X"],"issn-type":[{"value":"0929-6212","type":"print"},{"value":"1572-834X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,3]]},"assertion":[{"value":"16 August 2021","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 September 2021","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}