{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:32:23Z","timestamp":1772119943980,"version":"3.50.1"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2024,3,23]],"date-time":"2024-03-23T00:00:00Z","timestamp":1711152000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,3,23]],"date-time":"2024-03-23T00:00:00Z","timestamp":1711152000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Innovations Syst Softw Eng"],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s11334-024-00556-3","type":"journal-article","created":{"date-parts":[[2024,3,23]],"date-time":"2024-03-23T10:01:31Z","timestamp":1711188091000},"page":"635-651","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Attack\u2013defense tree-based analysis and optimal defense synthesis for system design"],"prefix":"10.1007","volume":"21","author":[{"given":"Baoluo","family":"Meng","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arjun","family":"Viswanathan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Saswata","family":"Paul","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"William","family":"Smith","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abha","family":"Moitra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kit","family":"Siu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Durling","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,3,23]]},"reference":[{"key":"556_CR1","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/11734727_17","volume-title":"Information security and cryptology-ICISC 2005","author":"S Mauw","year":"2006","unstructured":"Mauw S, Oostdijk M (2006) Foundations of attack trees. In: Won DH, Kim S (eds) Information security and cryptology-ICISC 2005. Springer, Berlin, pp 186\u2013198. https:\/\/doi.org\/10.1007\/11734727_17"},{"key":"556_CR2","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-19751-2_6","volume-title":"Formal aspects of security and trust","author":"B Kordy","year":"2011","unstructured":"Kordy B, Mauw S, Radomirovi\u0107 S, Schweitzer P (2011) Foundations of attack-defense trees. In: Degano P, Etalle S, Guttman J (eds) Formal aspects of security and trust. Springer, Berlin, pp 80\u201395. https:\/\/doi.org\/10.1007\/978-3-642-19751-2_6"},{"key":"556_CR3","doi-asserted-by":"publisher","unstructured":"Meng B, Viswanathan A, Smith W, Moitra A, Siu K, Durling M (2022) Synthesis of optimal defenses for system architecture design model in MaxSMT. In: NASA formal methods symposium, pp. 752\u2013770. https:\/\/doi.org\/10.1007\/978-3-031-06773-0_40. Springer","DOI":"10.1007\/978-3-031-06773-0_40"},{"key":"556_CR4","unstructured":"MITRE common attack pattern enumeration and classification (CAPEC). https:\/\/capec.mitre.org\/. Accessed: 2022-03-21"},{"key":"556_CR5","unstructured":"National institute of standards and technology 800-53. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-53\/rev-5\/final. Accessed: 2022-03-21"},{"key":"556_CR6","unstructured":"Radio technical commission for aeronautics (RTCA) DO326 \u2013 Airworthiness Security Process Specification. https:\/\/www.rtca.org\/. Accessed: 2022-03-21"},{"key":"556_CR7","unstructured":"Radio technical commission for aeronautics (RTCA) DO356\u2013Airworthiness security methods and considerations. https:\/\/www.rtca.org\/. Accessed: 2022-03-21"},{"key":"556_CR8","first-page":"332","volume-title":"Lecture notes in computer science","author":"B Kordy","year":"2017","unstructured":"Kordy B, Wide\u0142 W (2017) How well can i secure my system? Lecture notes in computer science. Springer, NewYork, pp 332\u2013347"},{"key":"556_CR9","doi-asserted-by":"publisher","unstructured":"Feiler PH, Lewis B, Vestal S, Colbert E. An overview of the SAE architecture analysis & design language (AADL) standard: a basis for model-based architecture-driven embedded systems engineering. In: IFIP the international federation for information processing, pp. 3\u201315. Springer. https:\/\/doi.org\/10.1007\/0-387-24590-1_1","DOI":"10.1007\/0-387-24590-1_1"},{"key":"556_CR10","first-page":"81","volume":"3","author":"A Moitra","year":"2020","unstructured":"Moitra A, Prince D, Siu K, Durling M, Herencia-Zapana H (2020) Threat identification and defense control selection for embedded systems. SAE Int J Trans Cybersecur Priv 3:81\u201396","journal-title":"SAE Int J Trans Cybersecur Priv"},{"key":"556_CR11","doi-asserted-by":"publisher","unstructured":"Siu K, Herencia-Zapana H, Prince D, Moitra A (2020) A model-based framework for analyzing the security of system architectures. In: 2020 annual reliability and maintainability symposium (RAMS), pp. 1\u20136. https:\/\/doi.org\/10.1109\/rams48030.2020.9153607. IEEE","DOI":"10.1109\/rams48030.2020.9153607"},{"key":"556_CR12","doi-asserted-by":"publisher","unstructured":"Javaid AY, Sun W, Devabhaktuni VK, Alam M (2012) Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: 2012 IEEE conference on technologies for homeland security (HST), pp. 585\u2013590. https:\/\/doi.org\/10.1109\/ths.2012.6459914. IEEE","DOI":"10.1109\/ths.2012.6459914"},{"key":"556_CR13","doi-asserted-by":"publisher","unstructured":"Bj\u00f8rner N, Phan A-D, Fleckenstein L (2015) $$\\nu $$z-an optimizing smt solver. In: Tools and algorithms for the construction and analysis of systems: 21st international conference (TACAS), pp. 194\u2013199. https:\/\/doi.org\/10.1007\/978-3-662-46681-0_14. Springer","DOI":"10.1007\/978-3-662-46681-0_14"},{"key":"556_CR14","unstructured":"Barrett C, Fontaine P, Tinelli C (2016) The satisfiability modulo theories library (SMT-LIB). www.SMT-LIB.org"},{"issue":"1","key":"556_CR15","doi-asserted-by":"publisher","first-page":"18","DOI":"10.3390\/systems9010018","volume":"9","author":"B Meng","year":"2021","unstructured":"Meng B, Larraz D, Siu K, Moitra A, Interrante J, Smith W, Paul S, Prince D, Herencia-Zapana H, Arif MF et al (2021) VERDICT: a language and framework for engineering cyber resilient and safe system. Systems 9(1):18. https:\/\/doi.org\/10.3390\/systems9010018","journal-title":"Systems"},{"key":"556_CR16","doi-asserted-by":"publisher","unstructured":"Siu K, Moitra A, Li M, Durling M, Herencia-Zapana H, Interrante J, Meng B, Tinelli C, Chowdhury O, Larraz D, et al. (2019) Architectural and behavioral analysis for cyber security. In: 2019 IEEE\/AIAA 38th digital avionics systems conference (DASC), pp. 1\u201310. https:\/\/doi.org\/10.1109\/dasc43569.2019.9081652. IEEE","DOI":"10.1109\/dasc43569.2019.9081652"},{"key":"556_CR17","unstructured":"The OSATE tool. https:\/\/osate.org\/about-osate.html (2021)"},{"key":"556_CR18","doi-asserted-by":"publisher","unstructured":"Barzeele J, Siu K, Robinson M, Suantak L, Merems J, Durling M, Moitra A, Meng B, Williams P, Prince D. (2021) Experience in designing for cyber resiliency in embedded DoD systems. In: INCOSE international symposium, vol 31, pp 80\u201394. https:\/\/doi.org\/10.1002\/j.2334-5837.2021.00827.x. Wiley Online Library","DOI":"10.1002\/j.2334-5837.2021.00827.x"},{"key":"556_CR19","doi-asserted-by":"publisher","unstructured":"Durling MR, Moitra A, Siu KY, Meng B, Carbone JW, Alexander CC, Castillo-Villar KK, Ciocarlie GF (2022) Model-based security analysis in additive manufacturing systems. In: Proceedings of the 2022 ACM CCS workshop on additive manufacturing (3D Printing) security, pp. 3\u201313. https:\/\/doi.org\/10.1145\/3560833.3563566","DOI":"10.1145\/3560833.3563566"},{"key":"556_CR20","doi-asserted-by":"publisher","unstructured":"Depamelaere W, Lemaire L, Vossaert J, Naessens V (2018) CPS security assessment using automatically generated attack trees. In: Proceedings of the 5th international symposium for ICS & SCADA cyber security research 2018. https:\/\/doi.org\/10.14236\/ewic\/ics2018.1. British Computer Society (BCS)","DOI":"10.14236\/ewic\/ics2018.1"},{"key":"556_CR21","doi-asserted-by":"publisher","unstructured":"Vigo R, Nielson F, Nielson HR (2014) Automated generation of attack trees. In: 2014 IEEE 27th computer security foundations symposium, pp. 337\u2013350. https:\/\/doi.org\/10.1109\/csf.2014.31. IEEE","DOI":"10.1109\/csf.2014.31"},{"key":"556_CR22","doi-asserted-by":"publisher","unstructured":"Pinchinat S, Acher M, Vojtisek D (2016) ATSyRa: an integrated environment for synthesizing attack trees. In: International workshop on graphical models for security, pp. 97\u2013101. https:\/\/doi.org\/10.1007\/978-3-319-29968-6_7. Springer","DOI":"10.1007\/978-3-319-29968-6_7"},{"key":"556_CR23","doi-asserted-by":"publisher","unstructured":"Dalton GC, Mills RF, Colombi JM, Raines RA, et al. (2006) Analyzing attack trees using generalized stochastic petri nets. In: Information assurance workshop, pp. 116\u2013123. https:\/\/doi.org\/10.1109\/iaw.2006.1652085. IEEE","DOI":"10.1109\/iaw.2006.1652085"},{"key":"556_CR24","doi-asserted-by":"publisher","unstructured":"Fila B, Wide\u0142 W. (2020) Exploiting attack\u2013defense trees to find an optimal set of countermeasures. In: 2020 IEEE 33rd computer security foundations symposium (CSF), pp. 395\u2013410. https:\/\/doi.org\/10.1109\/CSF49147.2020.00035","DOI":"10.1109\/CSF49147.2020.00035"},{"key":"556_CR25","doi-asserted-by":"publisher","unstructured":"Buldas A, Lenin A, Willemson J, Charnamord A. (2017) Simple infeasibility certificates for attack trees. In: International workshop on security, pp. 39\u201355. https:\/\/doi.org\/10.1007\/978-3-319-64200-0_3. Springer","DOI":"10.1007\/978-3-319-64200-0_3"},{"key":"556_CR26","doi-asserted-by":"publisher","unstructured":"Arias J, Budde CE, Penczek W, Petrucci L, Sidoruk T, Stoelinga M. (2020) Hackers vs. security: attack-defence trees as asynchronous multi-agent systems. In: International conference on formal engineering methods, pp. 3\u201319. https:\/\/doi.org\/10.1007\/978-3-030-63406-3_1. Springer","DOI":"10.1007\/978-3-030-63406-3_1"},{"key":"556_CR27","doi-asserted-by":"publisher","unstructured":"Wang P, Lin W-H, Kuo P-T, Lin H-T, Wang TC. (2012) Threat risk analysis for cloud security based on attack-defense trees. In: 2012 8th international conference on computing technology and information management (NCM and ICNIT), vol 1, pp 106\u2013111. https:\/\/doi.org\/10.4156\/ijact.vol4.issue17.70. IEEE","DOI":"10.4156\/ijact.vol4.issue17.70"},{"key":"556_CR28","doi-asserted-by":"publisher","unstructured":"Kordy B, Wide\u0142 W (2018) On quantitative analysis of attack\u2013defense trees with repeated labels. In: International conference on principles of security and trust, pp 325\u2013346. https:\/\/doi.org\/10.1007\/978-3-319-89722-6_14. Springer","DOI":"10.1007\/978-3-319-89722-6_14"},{"key":"556_CR29","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-319-74860-3_2","volume-title":"Graphical models for security","author":"A Bossuat","year":"2017","unstructured":"Bossuat A, Kordy B (2017) Evil twins: handling repetitions in attack-defense trees: a survival guide. In: Liu P, Mauw S, Stolen K (eds) Graphical models for security. Springer, Santa Barbara, pp 17\u201332. https:\/\/doi.org\/10.1007\/978-3-319-74860-3_2"},{"key":"556_CR30","doi-asserted-by":"publisher","unstructured":"Gadyatskaya O, Hansen RR, Larsen KG, Legay A, Olesen MC, Poulsen DB (2016) Modelling attack-defense trees using timed automata. In: International conference on formal modeling and analysis of timed systems, pp 35\u201350. https:\/\/doi.org\/10.1007\/978-3-319-44878-7_3. Springer","DOI":"10.1007\/978-3-319-44878-7_3"},{"issue":"16","key":"556_CR31","doi-asserted-by":"publisher","first-page":"4404","DOI":"10.3390\/s20164404","volume":"20","author":"E Rios","year":"2020","unstructured":"Rios E, Rego A, Iturbe E, Higuero M, Larrucea X (2020) Continuous quantitative risk management in smart grids using attack defense trees. Sensors 20(16):4404. https:\/\/doi.org\/10.3390\/s20164404","journal-title":"Sensors"},{"key":"556_CR32","doi-asserted-by":"publisher","unstructured":"Lounis K, Ouchani S (2021) Modeling attack-defense trees\u2019 countermeasures using continuous time markov chains. In: International conference on software engineering and formal methods, pp 30\u201342. https:\/\/doi.org\/10.1007\/978-3-030-67220-1_3. Springer","DOI":"10.1007\/978-3-030-67220-1_3"},{"key":"556_CR33","doi-asserted-by":"publisher","unstructured":"Jhawar R, Lounis K, Mauw S (2016) A stochastic framework for quantitative analysis of attack-defense trees. In: International workshop on security and trust management, pp 138\u2013153. https:\/\/doi.org\/10.1007\/978-3-319-46598-2_10. Springer","DOI":"10.1007\/978-3-319-46598-2_10"},{"key":"556_CR34","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101630","volume":"88","author":"A Buldas","year":"2020","unstructured":"Buldas A, Gadyatskaya O, Lenin A, Mauw S, Trujillo-Rasua R (2020) Attribute evaluation on attack trees with incomplete information. Comput Secur 88:101630. https:\/\/doi.org\/10.1016\/j.cose.2019.101630","journal-title":"Comput Secur"},{"key":"556_CR35","doi-asserted-by":"publisher","unstructured":"Kordy B, Kordy P, Mauw S, Schweitzer P (2013) ADTool: security analysis with attack\u2013defense trees. In: International conference on quantitative evaluation of systems, pp 173\u2013176. https:\/\/doi.org\/10.1007\/978-3-642-40196-1_15. Springer","DOI":"10.1007\/978-3-642-40196-1_15"},{"key":"556_CR36","doi-asserted-by":"publisher","unstructured":"Ji X, Yu H, Fan G, Fu W (2016) Attack-defense trees based cyber security analysis for CPSs. In: 2016 17th IEEE\/ACIS international conference on software engineering, artificial intelligence, networking and parallel\/distributed computing (SNPD), pp 693\u2013698. https:\/\/doi.org\/10.1109\/snpd.2016.7515980. IEEE","DOI":"10.1109\/snpd.2016.7515980"},{"key":"556_CR37","doi-asserted-by":"publisher","unstructured":"Bryans J, Nguyen HN, Shaikh SA (2019) Attack defense trees with sequential conjunction. In: 2019 IEEE 19th international symposium on high assurance systems engineering (HASE), pp 247\u2013252. https:\/\/doi.org\/10.1109\/hase.2019.00045. IEEE","DOI":"10.1109\/hase.2019.00045"},{"key":"556_CR38","doi-asserted-by":"publisher","unstructured":"Du S, Li X, Du J, Zhu H (2014) An attack-and-defence game for security assessment in vehicular ad hoc networks. Peer-to-peer Netw Appl 7(3):215\u2013228. https:\/\/doi.org\/10.1007\/s12083-012-0127-9","DOI":"10.1007\/s12083-012-0127-9"},{"key":"556_CR39","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-1-4614-9357-0_3","volume-title":"Security assessment in vehicular networks","author":"S Du","year":"2013","unstructured":"Du S, Zhu H (2013) Attack-defense tree based security assessment. Security assessment in vehicular networks. Springer, New York, pp 17\u201322. https:\/\/doi.org\/10.1007\/978-1-4614-9357-0_3"},{"issue":"6","key":"556_CR40","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/mce.2019.2941345","volume":"8","author":"S Garg","year":"2019","unstructured":"Garg S, Aujla GS, Kumar N, Batra S (2019) Tree-based attack-defense model for risk assessment in multi-UAV networks. IEEE Consum Electron Mag 8(6):35\u201341. https:\/\/doi.org\/10.1109\/mce.2019.2941345","journal-title":"IEEE Consum Electron Mag"},{"key":"556_CR41","doi-asserted-by":"publisher","first-page":"3","DOI":"10.4271\/11-04-01-0001","volume":"4","author":"B Meng","year":"2021","unstructured":"Meng B, Smith W, Durling M (2021) Security threat modeling and automated analysis for system design. SAE Int J Transp Cybersecur Priv 4:3\u201317. https:\/\/doi.org\/10.4271\/11-04-01-0001","journal-title":"SAE Int J Transp Cybersecur Priv"}],"container-title":["Innovations in Systems and Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11334-024-00556-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11334-024-00556-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11334-024-00556-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T03:05:17Z","timestamp":1750302317000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11334-024-00556-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,23]]},"references-count":41,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["556"],"URL":"https:\/\/doi.org\/10.1007\/s11334-024-00556-3","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-2530611\/v1","asserted-by":"object"}]},"ISSN":["1614-5046","1614-5054"],"issn-type":[{"value":"1614-5046","type":"print"},{"value":"1614-5054","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,23]]},"assertion":[{"value":"30 January 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 February 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 March 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}