{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T04:43:06Z","timestamp":1775018586412,"version":"3.50.1"},"reference-count":29,"publisher":"Pleiades Publishing Ltd","issue":"6","license":[{"start":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T00:00:00Z","timestamp":1762300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T00:00:00Z","timestamp":1762300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Program Comput Soft"],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.1134\/s036176882570029x","type":"journal-article","created":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T22:19:25Z","timestamp":1762381165000},"page":"429-434","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Software Security by Design"],"prefix":"10.1134","volume":"51","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3439-9534","authenticated-orcid":false,"given":"V. V.","family":"Kuliamin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7411-3831","authenticated-orcid":false,"given":"A. K.","family":"Petrenko","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2944-162X","authenticated-orcid":false,"given":"E. A.","family":"Rudina","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"137","published-online":{"date-parts":[[2025,11,5]]},"reference":[{"key":"3961_CR1","unstructured":"Cavoukin, A. and Dixon, M., Privacy and security by design: An enterprise architecture approach, 2013."},{"key":"3961_CR2","volume-title":"Secure by Design","author":"D.B. Johnsson","year":"2019","unstructured":"Johnsson, D.B., Deogun, D., and Sawano, D., Secure by Design, Manning Publications, 2019."},{"key":"3961_CR3","volume-title":"A Discipline of Programming","author":"E.W. Dijkstra","year":"1976","unstructured":"Dijkstra, E.W., A Discipline of Programming, Upper Saddle River, NJ: Prentice Hall, 1976."},{"key":"3961_CR4","doi-asserted-by":"publisher","unstructured":"Gries, D., The Science of Programming, Monographs in Computer Science, New York: Springer, 1987. https:\/\/doi.org\/10.1007\/978-1-4612-5983-1","DOI":"10.1007\/978-1-4612-5983-1"},{"key":"3961_CR5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-27919-5","volume-title":"The Correctness-by-Construction Approach to Programming","author":"D.G. Kourie","year":"2012","unstructured":"Kourie, D.G. and Watson, B.W., The Correctness-by-Construction Approach to Programming, Berlin: Springer, 2012. https:\/\/doi.org\/10.1007\/978-3-642-27919-5"},{"key":"3961_CR6","unstructured":"OWASP Application Security Verification Standard, v. 4.0.3, 2021."},{"key":"3961_CR7","doi-asserted-by":"publisher","unstructured":"Dougherty, C., Sayre, K., Seacord, R.C., Svoboda, D., and Togashi, K., Secure design patterns, Technical Report CMU\/SEI-2009-TR-010, Software Engineering Institute, 2009. https:\/\/doi.org\/10.1184\/R1\/6583640.v1","DOI":"10.1184\/R1\/6583640.v1"},{"key":"3961_CR8","volume-title":"Security Patterns in Practice: Designing Secure Architectures Using Software Patterns","author":"E. Fernandez-Buglioni","year":"2013","unstructured":"Fernandez-Buglioni, E., Security Patterns in Practice: Designing Secure Architectures Using Software Patterns, Chichester: Wiley, 2013."},{"key":"3961_CR9","doi-asserted-by":"publisher","unstructured":"Washizaki, H., Xia, T., Kamata, N., Fukazawa, Yo., Kanuka, H., Yamaoto, D., Yoshino, M., Okubo, T., Ogata, Sh., Kaiya, H., Kato, T., Hazeyama, A., Tanaka, T., Yoshioka, N., and Priyalakshmi, G., Taxonomy and literature survey of security pattern research, 2018 IEEE Conference on Application, Information and Network Security (AINS), Langkawi, Malaysia, 2018, IEEE, 2018, pp. 87\u201392. https:\/\/doi.org\/10.1109\/ains.2018.8631465","DOI":"10.1109\/ains.2018.8631465"},{"key":"3961_CR10","doi-asserted-by":"publisher","unstructured":"Jaeger, T., Operating System Security, Synthesis Lectures on Information Security, Cham: Springer, 2008. https:\/\/doi.org\/10.1007\/978-3-031-02333-0","DOI":"10.1007\/978-3-031-02333-0"},{"key":"3961_CR11","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1145\/2431211.2431216","volume":"45","author":"M. Pearce","year":"2013","unstructured":"Pearce, M., Zeadally, S., and Hunt, R., Virtualization: Issues, security threats, and solutions, ACM Comput. Surv., 2013, vol. 45, no. 2, p. 17. https:\/\/doi.org\/10.1145\/2431211.2431216","journal-title":"ACM Comput. Surv."},{"key":"3961_CR12","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1145\/800216.80658","volume":"15","author":"J. Rushby","year":"1981","unstructured":"Rushby, J., Design and verification of secure systems, ACM SIGOPS Operating Systems Review, 1981, vol. 15, no. 5, pp. 12\u201321. https:\/\/doi.org\/10.1145\/800216.80658","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"3961_CR13","unstructured":"Rushby, J., Partitioning in avionics architectures: Requirements, mechanisms, and assurance, NASA Contractor Report CR-1999-209347, NASA Langley Research Center, 1999."},{"key":"3961_CR14","unstructured":"Aeronautical Radio, Inc. (ARINC), Avionics application software standard interface, part 0, Overview of ARINC 653, ARINC 653P0-2, 2019."},{"key":"3961_CR15","volume-title":"MILS architectural approach supporting trustworthiness of the IIoT solutions, Whitepaper","author":"R.J. Delong","year":"2021","unstructured":"Delong, R.J. and Rudina, E., MILS architectural approach supporting trustworthiness of the IIoT solutions, Whitepaper, Industrial Internet Consortium, 2021."},{"key":"3961_CR16","doi-asserted-by":"publisher","first-page":"71","DOI":"10.47893\/ijcct.2010.1008","volume":"1","author":"P.K. Patra","year":"2010","unstructured":"Patra, P.K. and Pradhan, P.L., Hardening of UNIX operating system, International Journal of Computer and Communication Technology, 2010, vol. 1, no. 1, pp. 71\u201384. https:\/\/doi.org\/10.47893\/ijcct.2010.1008","journal-title":"International Journal of Computer and Communication Technology"},{"key":"3961_CR17","unstructured":"Open AADL. http:\/\/www.openaadl.org\/. Cited December 5, 2024."},{"key":"3961_CR18","doi-asserted-by":"publisher","unstructured":"Santos, J.C.S., Tarrit, K., and Mirakhorli, M., A catalog of security architecture weaknesses, 2017 IEEE International Conference on Software Architecture Workshops (ICSAW), Gothenburg, Sweden, 2017, IEEE, 2017, pp. 220\u2013223. https:\/\/doi.org\/10.1109\/icsaw.2017.25","DOI":"10.1109\/icsaw.2017.25"},{"key":"3961_CR19","unstructured":"MITRE. Common weakness enumeration, 2022. https:\/\/cwe.mitre.org\/index.html. Cited November 1, 2024."},{"key":"3961_CR20","unstructured":"MITRE. Common Vulnerabilities and Exposures, 2024. https:\/\/www.cve.org. Cited November 1, 2024."},{"key":"3961_CR21","unstructured":"Microsoft Security Development Lifecycle. \nhttps:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/. Cited November 1, 2024."},{"key":"3961_CR22","unstructured":"Microsoft Threat Modeling Tool. https:\/\/learn.microsoft.com\/en-us\/azure\/security\/develop\/threat-modeling-tool. Cited November 1, 2024."},{"key":"3961_CR23","doi-asserted-by":"publisher","unstructured":"Almorsy, M., Grundy, J., and Ibrahim, A.S., Automated software architecture security risk analysis using formalized signatures, 2013 35th International Conference on Software Engineering (ICSE), San Francisco, CA, 2013, IEEE, 2013, pp. 662\u2013671. https:\/\/doi.org\/10.1109\/icse.2013.6606612","DOI":"10.1109\/icse.2013.6606612"},{"key":"3961_CR24","doi-asserted-by":"publisher","unstructured":"Frydman, M., Ruiz, G., Heymann, E., C\u00e9sar, E., and Miller, B.P., Automating risk analysis of software design models, Sci. World J., 2014, vol. 2014, p. 805856. https:\/\/doi.org\/10.1155\/2014\/805856","DOI":"10.1155\/2014\/805856"},{"key":"3961_CR25","unstructured":"Nafees, T., Coull, N., Ferguson, I., and Sampson, A., Vulnerability anti-patterns: A timeless way to capture poor software practices (vulnerabilities), Proceedings of the 24th Conference on Pattern Languages of Programs, Vancouver, 2017, New York: Association for Computing Machinery, 2017, p. 23."},{"key":"3961_CR26","doi-asserted-by":"publisher","unstructured":"Seifermann, S., Heinrich, R., and Reussner, R., Data-driven software architecture for analyzing confidentiality, 2019 IEEE International Conference on Software Architecture (ICSA), Hamburg, 2019, IEEE, 2019, pp. 1\u201310. https:\/\/doi.org\/10.1109\/icsa.2019.00009","DOI":"10.1109\/icsa.2019.00009"},{"key":"3961_CR27","unstructured":"IDRIS. https:\/\/www.idris-lang.org\/. Cited December 5, 2024."},{"key":"3961_CR28","doi-asserted-by":"publisher","unstructured":"Siu, K., Moitra, A., Li, M., Durling, M., Herencia-Zapana, H., Interrante, J., Meng, B., Tinelli, C., Chowdhury, O., Larraz, D., Yahyazadeh, M., Arif, M.F., and Prince, D., Architectural and behavioral analysis for cyber security, 2019 IEEE\/AIAA 38th Digital Avionics Systems Conference (DASC), San Diego, CA, 2019, IEEE, 2019, pp. 1\u201310. https:\/\/doi.org\/10.1109\/dasc43569.2019.9081652","DOI":"10.1109\/dasc43569.2019.9081652"},{"key":"3961_CR29","unstructured":"VERDICT Project. \nhttps:\/\/ge-high-assurance.github.io\/VERDICT\/. Cited December 5, 2024."}],"container-title":["Programming and Computer Software"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1134\/S036176882570029X.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1134\/S036176882570029X","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1134\/S036176882570029X.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T02:53:58Z","timestamp":1775012038000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1134\/S036176882570029X"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,5]]},"references-count":29,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["3961"],"URL":"https:\/\/doi.org\/10.1134\/s036176882570029x","relation":{},"ISSN":["0361-7688","1608-3261"],"issn-type":[{"value":"0361-7688","type":"print"},{"value":"1608-3261","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,5]]},"assertion":[{"value":"16 June 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 July 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 July 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 November 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors of this work declare that they have no conflicts of interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"CONFLICT OF INTEREST"}}]}}