{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T05:26:32Z","timestamp":1780637192163,"version":"3.54.1"},"reference-count":65,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2013,9,1]],"date-time":"2013-09-01T00:00:00Z","timestamp":1377993600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Systems Journal"],"published-print":{"date-parts":[[2013,9]]},"DOI":"10.1109\/jsyst.2012.2221853","type":"journal-article","created":{"date-parts":[[2012,12,11]],"date-time":"2012-12-11T19:01:54Z","timestamp":1355252514000},"page":"363-373","source":"Crossref","is-referenced-by-count":124,"title":["The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures"],"prefix":"10.1109","volume":"7","author":[{"given":"Teodor","family":"Sommestad","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mathias","family":"Ekstedt","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hannes","family":"Holm","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","author":"younan","year":"2008","journal-title":"Efficient Countermeasures for Software Vulnerabilities due to Memory Management Errors"},{"key":"ref38","author":"simon","year":"2012","journal-title":"A Comparative Analysis of Methods Defense Against Buffer Overflow Attacks"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/997150.997156"},{"key":"ref32","author":"anderson","year":"2008","journal-title":"Security Engineering A Guide to Building Dependable Distributed Systems"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-3502-4"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.21"},{"key":"ref37","first-page":"1","article-title":"Countermeasures against buffer overflow attacks","author":"frykholm","year":"2000","journal-title":"RSA Tech Note"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/FITS.2003.1264935"},{"key":"ref35","first-page":"149","article-title":"A comparison of publicly available tools for dynamic buffer overflow prevention","author":"wilander","year":"2003","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref34","year":"2012","journal-title":"Common Attack Pattern Enumeration and Classification"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-17722-4_8"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1016\/0957-4174(93)90008-T"},{"key":"ref61","first-page":"1206","article-title":"GeNIe: A development environment for graphical decision-analytic models","author":"druzdzel","year":"1999","journal-title":"Proc Amer Med Inform Assoc Annu Symp"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1108\/09685221111173058"},{"key":"ref63","author":"\ufffdsterlind","year":"2011","journal-title":"Validering av vektyget Enterprise Architecture Tool"},{"key":"ref27","first-page":"18","article-title":"Identifying critical attack assets in dependency attack graphs","author":"sawilla","year":"2008","journal-title":"Proc European Symp Research in Computer Security"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29749-6_1"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.73"},{"key":"ref29","author":"stouffer","year":"2008","journal-title":"NIST Special Publication 800-82"},{"key":"ref2","first-page":"129","author":"taskar","year":"2007","journal-title":"Introduction to Statistical Relational Learning"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2010.02.002"},{"key":"ref20","author":"sheyner","year":"2004","journal-title":"Scenario graphs and attack graphs"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2006.302434"},{"key":"ref21","author":"lippmann","year":"2002","journal-title":"NETspa a network security planning architecture"},{"key":"ref24","first-page":"124","author":"noel","year":"2009","journal-title":"Advances in Topological Vulnerability Analysis"},{"key":"ref23","author":"homer","year":"2010","journal-title":"A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1850795.1850798"},{"key":"ref25","first-page":"44","author":"lippmann","year":"2008","journal-title":"Visualization for Computer Security"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2007.03.005"},{"key":"ref51","author":"sommestad","year":"2011","journal-title":"Exploiting network configuration mistakes Practitioners self-assessed success rate"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/BF00849196"},{"key":"ref58","author":"buschle","year":"2012","journal-title":"KTH The Enterprise Architecture Tool"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-33406-8_41"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290968"},{"key":"ref55","author":"stasiukonis","year":"2006","journal-title":"Dark Reading"},{"key":"ref54","author":"jacobs","year":"2011","journal-title":"Measuring the Effectiveness of the USB Flash Drive as a Vector for Social Engineering Attacks on Commercial and Residential Computer Systems"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.2"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1108\/09685221111143033"},{"key":"ref10","first-page":"1","article-title":"A natural extension of Tropos methodology for modelling security","author":"mouratidis","year":"2002","journal-title":"Proc Workshop on Agent Oriented Methodologies"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.164"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-007-0064-y"},{"key":"ref12","first-page":"55","article-title":"A risk assessment model for voting systems using threat trees and Monte Carlo simulation","author":"pardue","year":"2010","journal-title":"Proc 1st Int Workshop Requirements Eng e-Voting Syst (RE-VOTE'09)"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.4018\/jisp.2011070102"},{"key":"ref14","author":"mell","year":"2007","journal-title":"A Complete Guide to the Common Vulnerability Scoring System (CVSS)"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-36584-8_5"},{"key":"ref16","author":"johansson","year":"2005","journal-title":"Assessment of enterprise information securityHow to make it credible and efficient"},{"key":"ref17","author":"heberlein","year":"2012","journal-title":"A Taxonomy for Comparing Attack-Graph Approaches"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04474-8_18"},{"key":"ref19","first-page":"307","article-title":"Computer-attack graph generation tool","author":"swiler","year":"2000","journal-title":"Proc DARPA Information Survivability Conf Exposition (DISCEX)"},{"key":"ref4","year":"2009","journal-title":"Information TechnologySecurity TechniquesInformation Security Management Measurements"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719036"},{"key":"ref6","article-title":"Attack trees: Modeling security threats","author":"schneier","year":"1999","journal-title":"Dr Dobb's J"},{"key":"ref5","first-page":"800","author":"swanson","year":"2003","journal-title":"Security Metrics Guide for Information Technology Systems"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC.2010.32"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2006.46"},{"key":"ref49","author":"sommestad","year":"0","journal-title":"Quantifying the effectiveness of intrusion detection systems in operation through domain experts"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2012.238"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/1314257.1314261"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2011.7"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211235625"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1080\/10658980601051318"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2010.5461951"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"key":"ref43","year":"2012","journal-title":"Free Rainbow Tables"}],"container-title":["IEEE Systems Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/4267003\/6553371\/06378394.pdf?arnumber=6378394","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,29]],"date-time":"2021-11-29T20:28:12Z","timestamp":1638217692000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6378394\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,9]]},"references-count":65,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/jsyst.2012.2221853","relation":{},"ISSN":["1932-8184","1937-9234"],"issn-type":[{"value":"1932-8184","type":"print"},{"value":"1937-9234","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,9]]}}}