{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,29]],"date-time":"2024-10-29T13:57:04Z","timestamp":1730210224173,"version":"3.28.0"},"reference-count":18,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009,10]]},"DOI":"10.1109\/crisis.2009.5411976","type":"proceedings-article","created":{"date-parts":[[2010,2,17]],"date-time":"2010-02-17T18:30:04Z","timestamp":1266431404000},"page":"74-81","source":"Crossref","is-referenced-by-count":11,"title":["A formal methodology for detection of vulnerabilities in an enterprise information system"],"prefix":"10.1109","author":[{"given":"Anirban","family":"Sengupta","sequence":"first","affiliation":[]},{"given":"Chandan","family":"Mazumdar","sequence":"additional","affiliation":[]},{"given":"Aditya","family":"Bagchi","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref10","article-title":"Enterprise Vulnerability Description Language v0.l","author":"michalek","year":"2005","journal-title":"OASIS draft"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1991.130777"},{"key":"ref12","first-page":"474","article-title":"Beyond proof-of-compliance: Security analysis in trust management","volume":"52","author":"ninghui","year":"2005","journal-title":"Preliminary version appeared in Proceedings of 2003 IEEE Symposium on Security and Privacy"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/0022-0000(92)90008-7"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1067629.806517"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/322017.322025"},{"key":"ref16","first-page":"229","article-title":"Decidability of Safety in Graph-based Models for Access Control","author":"manuel","year":"2002","journal-title":"Proc of 7th ESORICS LNCS 2502"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1007352.1007387"},{"key":"ref18","first-page":"75","article-title":"Dual Labeling: Answering Graph Reachability Queries in Constant Time","author":"wang","year":"0","journal-title":"Proc of 22nd ICDE (2006)"},{"journal-title":"ICAT Metabase","year":"0","key":"ref4"},{"journal-title":"BSI","article-title":"IT Baseline Protection Manual","year":"2004","key":"ref3"},{"article-title":"Information Security Policies and Procedures","year":"1999","author":"peltier","key":"ref6"},{"journal-title":"Top 10 Vulnerability Scanners","year":"0","key":"ref5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2000.848453"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ICACIA.2008.4770021"},{"journal-title":"ISO\/IEC 17799","article-title":"Information Technology - Code of practice for information security management","year":"2005","key":"ref2"},{"article-title":"Concise Oxford English Dictionary, Eleventh Edition","year":"2004","author":"soanes","key":"ref1"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004377"}],"event":{"name":"2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009)","start":{"date-parts":[[2009,10,19]]},"location":"Toulouse, France","end":{"date-parts":[[2009,10,22]]}},"container-title":["2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/5405769\/5411964\/05411976.pdf?arnumber=5411976","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,19]],"date-time":"2017-03-19T02:48:29Z","timestamp":1489891709000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/5411976\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,10]]},"references-count":18,"URL":"https:\/\/doi.org\/10.1109\/crisis.2009.5411976","relation":{},"subject":[],"published":{"date-parts":[[2009,10]]}}}