{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T23:24:21Z","timestamp":1778196261562,"version":"3.51.4"},"reference-count":23,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2020,2,28]],"date-time":"2020-02-28T00:00:00Z","timestamp":1582848000000},"content-version":"vor","delay-in-days":58,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>As development and deployment of secure systems continue to grow at scale, there is an equal need to evaluate these systems for vulnerabilities and other problems. However, the process of evaluating these designs is complicated and mainly proprietary to the group performing the evaluation. Generally, one follows the generic risk equation of probability and impact. In addition, one should examine the costs related to the adversary and the defender of a system. Without accounting for all of these different aspects, one cannot expect to properly assess the security of a system model or design. This work presents a security model adversarial risk-based tool (SMART) for systems security design evaluation. Our tool reads in a systems security model an attack graph and collects the necessary information for the purpose of determining the best solution based on a calculated security risk represented as a monetary amount. The advantage of the tool is the level of automation provided in the evaluation of security attack trees while providing meaningful metrics that are effortless to compare and contrast.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaa003","type":"journal-article","created":{"date-parts":[[2020,2,28]],"date-time":"2020-02-28T16:09:52Z","timestamp":1582906192000},"source":"Crossref","is-referenced-by-count":7,"title":["SMART: security model adversarial risk-based tool for systems security design evaluation"],"prefix":"10.1093","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1242-2393","authenticated-orcid":false,"given":"Paul A","family":"Wortman","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Connecticut, Storrs, CT, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John A","family":"Chandy","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Connecticut, Storrs, CT, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2020,2,28]]},"reference":[{"key":"2020022811094068200_tyaa003-B1","first-page":"1","author":"Bayoumy","year":"2018"},{"key":"2020022811094068200_tyaa003-B2","author":"Zsigovits","year":"2019"},{"key":"2020022811094068200_tyaa003-B3","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1007\/978-3-319-22975-1_11","volume-title":"International Conference on Formal Modeling and Analysis of Timed Systems","author":"Kumar","year":"2015"},{"key":"2020022811094068200_tyaa003-B4","author":"Wortman"},{"key":"2020022811094068200_tyaa003-B5","article-title":"SATMC: a SAT-based model checker for security protocols","author":"Armando","journal-title":"European Workshop on Logics in Artificial Intelligence"},{"key":"2020022811094068200_tyaa003-B6","first-page":"123","author":"Brucker","year":"2012"},{"key":"2020022811094068200_tyaa003-B7","first-page":"730","article-title":"A quantitative analysis of current security concerns and solutions for cloud computing","volume":"1","author":"Gonzalez","year":"2012","journal-title":"JoCCASA"},{"key":"2020022811094068200_tyaa003-B8","doi-asserted-by":"crossref","first-page":"41","DOI":"10.18052\/www.scipress.com\/ILSHS.6.41","article-title":"Attributed metagraph modelling to design business process security management","volume":"6","author":"Mukherjee","year":"2013","journal-title":"ILSHS"},{"key":"2020022811094068200_tyaa003-B9","volume-title":"Istituto di Informatica e Telematica. Consiglio Nazionale delle Ricerche, IIT TR-17\/2015","author":"Marotta"},{"key":"2020022811094068200_tyaa003-B10","doi-asserted-by":"crossref","first-page":"1194","DOI":"10.1016\/j.procs.2016.04.247","article-title":"Security risk visualization with semantic risk model","volume":"83","author":"Latvala","year":"2016","journal-title":"Procedia Comput Sci"},{"key":"2020022811094068200_tyaa003-B11","doi-asserted-by":"crossref","first-page":"3017","DOI":"10.1007\/s10664-017-9502-8","article-title":"Model comprehension for security risk assessment: an empirical comparison of tabular vs. graphical representations","volume":"22","author":"Labunets","year":"2017","journal-title":"Empir Softw Eng"},{"key":"2020022811094068200_tyaa003-B12","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.cose.2015.11.001","article-title":"Taxonomy of information security risk assessment (ISRA)","volume":"57","author":"Shameli-Sendi","year":"2016","journal-title":"Comput Secur"},{"key":"2020022811094068200_tyaa003-B13","author":"Chockalingam"},{"key":"2020022811094068200_tyaa003-B14","doi-asserted-by":"crossref","first-page":"531","DOI":"10.1007\/s12652-016-0442-8","article-title":"Security risk assessment framework for smart car using the attack tree analysis","volume":"9","author":"Kong","year":"2018","journal-title":"J Amb Intel Hum Comp"},{"key":"2020022811094068200_tyaa003-B15","doi-asserted-by":"crossref","first-page":"681","DOI":"10.1007\/s10207-017-0382-0","article-title":"A framework for estimating information security risk assessment method completeness","volume":"17","author":"Wangen","year":"2018","journal-title":"Int J Inf Secur"},{"key":"2020022811094068200_tyaa003-B16","author":"Bernsmed"},{"key":"2020022811094068200_tyaa003-B17"},{"key":"2020022811094068200_tyaa003-B18","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1016\/j.cose.2017.09.004","article-title":"A safety\/security risk analysis approach of industrial control systems: a cyber bowtie\u2013combining new version of attack tree with bowtie analysis","volume":"72","author":"Abdo","year":"2018","journal-title":"Comput Secur"},{"key":"2020022811094068200_tyaa003-B19","author":"Arias","year":"2019"},{"key":"2020022811094068200_tyaa003-B20","first-page":"693","author":"Ji","year":"2016"},{"key":"2020022811094068200_tyaa003-B21","first-page":"1","article-title":"Information security risk assessment method for ship control system based on fuzzy sets and attack trees","volume":"2019","author":"Shang","year":"2019","journal-title":"Secur Commun Netw"},{"key":"2020022811094068200_tyaa003-B22"},{"key":"2020022811094068200_tyaa003-B23"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/6\/1\/tyaa003\/32708651\/tyaa003.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/6\/1\/tyaa003\/32708651\/tyaa003.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,2,28]],"date-time":"2020-02-28T16:09:56Z","timestamp":1582906196000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaa003\/5766337"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,1]]},"references-count":23,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,1,1]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaa003","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2020]]},"published":{"date-parts":[[2020,1,1]]},"article-number":"tyaa003"}}