{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T01:31:54Z","timestamp":1775698314560,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,8,26]],"date-time":"2019-08-26T00:00:00Z","timestamp":1566777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"\u00d6sterreichische Forschungsf\u00f6rderungsgesellschaft","award":["863129"],"award-info":[{"award-number":["863129"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,8,26]]},"DOI":"10.1145\/3339252.3341482","type":"proceedings-article","created":{"date-parts":[[2019,8,9]],"date-time":"2019-08-09T12:21:03Z","timestamp":1565353263000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["Requirements and Recommendations for IoT\/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing"],"prefix":"10.1145","author":[{"given":"Ralph","family":"Ankele","sequence":"first","affiliation":[{"name":"JOANNEUM RESEARCH Forschungsgesellschaft, mbH Graz, Austria"}]},{"given":"Stefan","family":"Marksteiner","sequence":"additional","affiliation":[{"name":"AVL List GmbH, Graz, Austria"}]},{"given":"Kai","family":"Nahrgang","sequence":"additional","affiliation":[{"name":"JOANNEUM RESEARCH Forschungsgesellschaft, mbH Graz, Austria"}]},{"given":"Heribert","family":"Vallant","sequence":"additional","affiliation":[{"name":"JOANNEUM RESEARCH Forschungsgesellschaft, mbH Graz, Austria"}]}],"member":"320","published-online":{"date-parts":[[2019,8,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"International Journal of Grid and Distributed Computing","author":"Feruza Farkhod","year":"2009"},{"key":"e_1_3_2_1_2_1","unstructured":"ZigBee Alliance. 2012. ZigBee Specification 053474r20.  ZigBee Alliance. 2012. ZigBee Specification 053474r20."},{"key":"e_1_3_2_1_3_1","volume-title":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST). 413--414","author":"Almubairik N. A."},{"key":"e_1_3_2_1_4_1","first-page":"1","article-title":"Zero-Correlation Attacks on Tweakable Block Ciphers with Linear Tweakey Expansion","volume":"2019","author":"Ankele Ralph","year":"2019","journal-title":"IACR Transactions on Symmetric Cryptology"},{"key":"e_1_3_2_1_5_1","volume-title":"Selected Areas in Cryptography -- SAC","author":"Ankele Ralph","year":"2018"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.23"},{"key":"e_1_3_2_1_7_1","unstructured":"Andrew Banks and Rahul Gupta. 2014. MQTT Version 3.1.1. http:\/\/docs.oasis-open.org\/mqtt\/mqtt\/v3.1.1\/os\/mqtt-v3.1.1-os.html  Andrew Banks and Rahul Gupta. 2014. MQTT Version 3.1.1. http:\/\/docs.oasis-open.org\/mqtt\/mqtt\/v3.1.1\/os\/mqtt-v3.1.1-os.html"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_1_9_1","unstructured":"John Biggs. 2016. Hackers release source code for a powerful DDoS app called Mirai. https:\/\/techcrunch.com\/2016\/10\/10\/hackers-release-source-code-for-a-powerful-ddos-app-called-mirai\/?guccounter=1.  John Biggs. 2016. Hackers release source code for a powerful DDoS app called Mirai. https:\/\/techcrunch.com\/2016\/10\/10\/hackers-release-source-code-for-a-powerful-ddos-app-called-mirai\/?guccounter=1."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2018.04.015"},{"key":"e_1_3_2_1_11_1","volume-title":"International journal of mechanical, aerospace, industrial and mechatronics engineering 8, 1","author":"Brettel Malte","year":"2014"},{"key":"e_1_3_2_1_12_1","unstructured":"Ge Chu and Alexei Lisitsa. 2019. Penetration Testing for Internet of Things and Its Automation.  Ge Chu and Alexei Lisitsa. 2019. Penetration Testing for Internet of Things and Its Automation."},{"key":"e_1_3_2_1_13_1","unstructured":"LoRa Alliance Technical Committee. 2017. LoRaWANTM 1.1 Specification.  LoRa Alliance Technical Committee. 2017. LoRaWANTM 1.1 Specification."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134063"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2460"},{"key":"e_1_3_2_1_16_1","volume-title":"2015 XVIII International Conference on Soft Computing and Measurements (SCM). 189--192","author":"Desnitsky V. A."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2015.3"},{"key":"e_1_3_2_1_21_1","unstructured":"Michael Howard and David LeBlanc. 2003. Writing secure code. Pearson Education.  Michael Howard and David LeBlanc. 2003. Writing secure code. Pearson Education."},{"key":"e_1_3_2_1_23_1","volume-title":"Information technology -- Security techniques -- Authenticated encryption. Standard","author":"IEC"},{"key":"e_1_3_2_1_24_1","unstructured":"Tanner Johnson. 2018. Growing Cybersecurity Concerns Within the Industrial IoT (IIoT). https:\/\/technology.ihs.com\/607003\/growing-cybersecurity-concerns-within-the-industrial-iot-iiot Accessed: 2019-05-15.  Tanner Johnson. 2018. Growing Cybersecurity Concerns Within the Industrial IoT (IIoT). https:\/\/technology.ihs.com\/607003\/growing-cybersecurity-concerns-within-the-industrial-iot-iiot Accessed: 2019-05-15."},{"key":"e_1_3_2_1_25_1","unstructured":"Antti Karjalainen Riku Hietam\u00c3\u010fki Matti Kamunen and Neel Mehta. 2013. OpenSSL 'Heartbleed' vulnerability CVE-2014-0160. Available from MITRE CVE-ID CVE-2014-0160.. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0160  Antti Karjalainen Riku Hietam\u00c3\u010fki Matti Kamunen and Neel Mehta. 2013. OpenSSL 'Heartbleed' vulnerability CVE-2014-0160. Available from MITRE CVE-ID CVE-2014-0160.. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0160"},{"key":"e_1_3_2_1_26_1","first-page":"80","article-title":"DDoS in the IoT","volume":"50","author":"Kolias C.","year":"2017","journal-title":"Mirai and Other Botnets. Computer"},{"key":"e_1_3_2_1_27_1","unstructured":"Bodo Moller Thai Duong Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback. https:\/\/www.openssl.org\/~bodo\/ssl-poodle.pdf  Bodo Moller Thai Duong Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback. https:\/\/www.openssl.org\/~bodo\/ssl-poodle.pdf"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.09.005"},{"key":"e_1_3_2_1_29_1","unstructured":"Silicon Labs. 2019. Z-Wave Plus Device Type v2 Specification.  Silicon Labs. 2019. Z-Wave Plus Device Type v2 Specification."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIS.2017.49"},{"key":"e_1_3_2_1_31_1","unstructured":"Selena Larson. 2017. FDA confirms that St. Jude's cardiac devices can be hacked. https:\/\/money.cnn.com\/2017\/01\/09\/technology\/fda-st-jude-cardiac-hack\/.  Selena Larson. 2017. FDA confirms that St. Jude's cardiac devices can be hacked. https:\/\/money.cnn.com\/2017\/01\/09\/technology\/fda-st-jude-cardiac-hack\/."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISORC.2008.25"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.mfglet.2014.12.001"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.41"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Du\u0161ko Luka\u010d. 2015. The fourth ICT-based industrial revolution \"Industry 4.0\" \u00e2\u0102\u0164 HMI and the case of CAE\/CAD innovation with EPLAN P8. 835--838.  Du\u0161ko Luka\u010d. 2015. The fourth ICT-based industrial revolution \"Industry 4.0\" \u00e2\u0102\u0164 HMI and the case of CAE\/CAD innovation with EPLAN P8. 835--838.","DOI":"10.1109\/TELFOR.2015.7377595"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2111"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/CTTE.2017.8260940"},{"key":"e_1_3_2_1_39_1","unstructured":"Charlie Miller and Chris Valasek. 2015. Remote Exploitation of an Unaltered Passenger Vehicle. https:\/\/www.blackhat.com\/us-15\/briefings.html#remote-exploitation-of-an-unaltered-passenger-vehicle.  Charlie Miller and Chris Valasek. 2015. Remote Exploitation of an Unaltered Passenger Vehicle. https:\/\/www.blackhat.com\/us-15\/briefings.html#remote-exploitation-of-an-unaltered-passenger-vehicle."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34704-7_5"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.pnucene.2015.12.009"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2010.2050377"},{"key":"e_1_3_2_1_43_1","unstructured":"Bluetooth SIG Proprietary. 2019. Bluetooth Core Specification V5.1.  Bluetooth SIG Proprietary. 2019. Bluetooth Core Specification V5.1."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837274.1837461"},{"key":"e_1_3_2_1_45_1","volume-title":"Kali Linux: Wireless Penetration Testing Beginner's Guide","author":"Ramachandran Vivek","year":"2015"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2013.04.014"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.14"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3055245.3055251"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2016.2549047"},{"key":"e_1_3_2_1_50_1","volume-title":"ModelBased Security Testing. Electronic Proceedings in Theoretical Computer Science 80 (02","author":"Schieferdecker Ina","year":"2012"},{"key":"e_1_3_2_1_52_1","volume-title":"Threat modeling: Designing for security","author":"Shostack Adam"},{"key":"e_1_3_2_1_53_1","unstructured":"Statista. 2019. Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions). https:\/\/www.statista.com\/statistics\/471264\/iot-number-of-connected-devices-worldwide\/. Accessed: 2019-05-06.  Statista. 2019. Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions). https:\/\/www.statista.com\/statistics\/471264\/iot-number-of-connected-devices-worldwide\/. Accessed: 2019-05-06."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63688-7_19"},{"key":"e_1_3_2_1_55_1","first-page":"1","article-title":"Analysis of AES, SKINNY, and Others with Constraint Programming","volume":"2017","author":"Sun Siwei","year":"2017","journal-title":"IACR Transactions on Symmetric Cryptology"},{"key":"e_1_3_2_1_56_1","volume-title":"The Trouble with Security Requirements. In 2017 IEEE 25th International Requirements Engineering Conference (RE). 122--133","author":"T\u00fcrpe S.","year":"2017"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1155\/2016\/3159805"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.24"},{"key":"e_1_3_2_1_59_1","volume-title":"Security of Industrial Control Systems and Cyber-Physical Systems, Nora Cuppens-Boulahia, Costas Lambrinoudakis, Fr\u00e9d\u00e9ric Cuppens","author":"Yung Jonathan"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.02.009"}],"event":{"name":"ARES '19: 14th International Conference on Availability, Reliability and Security","location":"Canterbury CA United Kingdom","acronym":"ARES '19"},"container-title":["Proceedings of the 14th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3339252.3341482","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3339252.3341482","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:29Z","timestamp":1750204469000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3339252.3341482"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,8,26]]},"references-count":56,"alternative-id":["10.1145\/3339252.3341482","10.1145\/3339252"],"URL":"https:\/\/doi.org\/10.1145\/3339252.3341482","relation":{},"subject":[],"published":{"date-parts":[[2019,8,26]]},"assertion":[{"value":"2019-08-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}