{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T15:14:31Z","timestamp":1781104471215,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,18]],"date-time":"2022-04-18T00:00:00Z","timestamp":1650240000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Engineering and Physical Sciences Research Council","award":["EP\/R002983\/1,EP\/R004897\/1"],"award-info":[{"award-number":["EP\/R002983\/1,EP\/R004897\/1"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,18]]},"DOI":"10.1145\/3510547.3517919","type":"proceedings-article","created":{"date-parts":[[2022,4,28]],"date-time":"2022-04-28T14:13:59Z","timestamp":1651155239000},"page":"21-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Optimal Security Hardening over a Probabilistic Attack Graph"],"prefix":"10.1145","author":[{"given":"Przemys\u0142aw","family":"Buczkowski","sequence":"first","affiliation":[{"name":"Queen Mary University of London, London, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Pasquale","family":"Malacaria","sequence":"additional","affiliation":[{"name":"Queen Mary University of London, London, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chris","family":"Hankin","sequence":"additional","affiliation":[{"name":"Imperial College London, London, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andrew","family":"Fielder","sequence":"additional","affiliation":[{"name":"Imperial College London, London, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,4,28]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ejor.2019.04.035"},{"key":"e_1_3_2_2_2_1","first-page":"136","article-title":"Analytical Frameworks to Assess the Effectiveness and Economic-Returns of Cybersecurity Investments","volume":"2014","author":"Garvey P. R.","year":"2014","unstructured":"P. R. Garvey and S. H. Patel , \u201c Analytical Frameworks to Assess the Effectiveness and Economic-Returns of Cybersecurity Investments ,\u201d in 2014 IEEE MILCOM, Oct 2014 , pp. 136 -- 145 . P. R. Garvey and S. H. Patel, \u201cAnalytical Frameworks to Assess the Effectiveness and Economic-Returns of Cybersecurity Investments,\u201d in 2014 IEEE MILCOM, Oct 2014, pp. 136--145.","journal-title":"in"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.118"},{"key":"e_1_3_2_2_4_1","unstructured":"Controls 2018. [Online]. Available: https:\/\/cybernetsecurity.com\/industry-papers\/CIS-Controls%20Version-7-cc-FINAL.PDF  Controls 2018. [Online]. Available: https:\/\/cybernetsecurity.com\/industry-papers\/CIS-Controls%20Version-7-cc-FINAL.PDF"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/775265"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/360303.360333"},{"key":"e_1_3_2_2_7_1","first-page":"61","volume-title":"Theoretical Issues Concerning Protection In Operating Systems, ser. Advances in Computers.hskip 1em plus 0.5em minus 0.4emrelax Elsevier","author":"Harrison M. A.","year":"1985","unstructured":"M. A. Harrison , Theoretical Issues Concerning Protection In Operating Systems, ser. Advances in Computers.hskip 1em plus 0.5em minus 0.4emrelax Elsevier , 1985 , vol. 24 , pp. 61 -- 100 . [Online]. Available: http:\/\/sciencedirect.com\/science\/article\/pii\/S0065245808603654 M. A. Harrison, Theoretical Issues Concerning Protection In Operating Systems, ser. Advances in Computers.hskip 1em plus 0.5em minus 0.4emrelax Elsevier, 1985, vol. 24, pp. 61 -- 100. [Online]. Available: http:\/\/sciencedirect.com\/science\/article\/pii\/S0065245808603654"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/800214.806557"},{"key":"e_1_3_2_2_9_1","first-page":"14","article-title":"DAG-based attack and defense modeling: Don't miss the forest for the attack trees","volume":"13","author":"Kordy B.","year":"2014","unstructured":"B. Kordy , L. Pi\u00e8tre-Cambac\u00e9d\u00e8s , and P. Schweitzer , \u201c DAG-based attack and defense modeling: Don't miss the forest for the attack trees ,\u201d Comp. Sci. Rev. , vol. 13 -- 14 , pp. 1 -- 38, 2014 . [Online]. Available: http:\/\/sciencedirect.com\/science\/article\/pii\/S1574013714000100 B. Kordy, L. Pi\u00e8tre-Cambac\u00e9d\u00e8s, and P. Schweitzer, \u201cDAG-based attack and defense modeling: Don't miss the forest for the attack trees,\u201d Comp. Sci. Rev., vol. 13--14, pp. 1 -- 38, 2014. [Online]. Available: http:\/\/sciencedirect.com\/science\/article\/pii\/S1574013714000100","journal-title":"Comp. Sci. Rev."},{"key":"e_1_3_2_2_10_1","volume-title":"14th National Computer Security Conference. hskip 1em plus 0.5em minus 0.4emrelax NCSC","author":"Weiss J.","year":"1991","unstructured":"J. Weiss , \u201c A system security engineering process ,\u201d in 14th National Computer Security Conference. hskip 1em plus 0.5em minus 0.4emrelax NCSC , 1991 . J. Weiss, \u201cA system security engineering process,\u201d in 14th National Computer Security Conference. hskip 1em plus 0.5em minus 0.4emrelax NCSC, 1991."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.34"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2001.932182"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2006.302434"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.19"},{"key":"e_1_3_2_2_16_1","volume-title":"USENIX Security Symposium","author":"Ou X.","year":"2005","unstructured":"X. Ou , S. Govindavajhala , and A. W. Appel , \u201c MulVAL: A logic-based network security analyzer ,\u201d in USENIX Security Symposium , 2005 . X. Ou, S. Govindavajhala, and A. W. Appel, \u201cMulVAL: A logic-based network security analyzer,\u201d in USENIX Security Symposium, 2005."},{"key":"e_1_3_2_2_18_1","volume-title":"Cybersecurity for SCADA Systems. hskip 1em plus 0.5em minus 0.4emrelax PennWell","author":"Shaw W. T.","year":"2006","unstructured":"W. T. Shaw , Cybersecurity for SCADA Systems. hskip 1em plus 0.5em minus 0.4emrelax PennWell , 2006 . W. T. Shaw, Cybersecurity for SCADA Systems. hskip 1em plus 0.5em minus 0.4emrelax PennWell, 2006."},{"key":"e_1_3_2_2_19_1","volume-title":"Operational technologies","year":"2017","unstructured":"\u201c Operational technologies ,\u201d https:\/\/ncsc.gov.uk\/guidance\/operational-technologies, Feb 2017 . \u201cOperational technologies,\u201d https:\/\/ncsc.gov.uk\/guidance\/operational-technologies, Feb 2017."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1201\/b11352"},{"key":"e_1_3_2_2_21_1","volume-title":"Israeli test on worm called crucial in Iran nuclear delay","author":"Broad W. J.","year":"2011","unstructured":"W. J. Broad , J. Markoff , and D. E. Sanger , \u201c Israeli test on worm called crucial in Iran nuclear delay ,\u201d Jan 2011 . [Online]. Available: https:\/\/nytimes.com\/2011\/01\/16\/world\/middleeast\/16stuxnet.html W. J. Broad, J. Markoff, and D. E. Sanger, \u201cIsraeli test on worm called crucial in Iran nuclear delay,\u201d Jan 2011. [Online]. Available: https:\/\/nytimes.com\/2011\/01\/16\/world\/middleeast\/16stuxnet.html"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSPEC.2013.6471059"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-32125-7_4"},{"key":"e_1_3_2_2_24_1","volume-title":"Evolution of cyber threats in OT environments","author":"Lakhani A.","year":"2020","unstructured":"A. Lakhani , \u201c Evolution of cyber threats in OT environments ,\u201d https:\/\/fortinet.com\/blog\/industry-trends\/evolution-of-cyber-threats-in-ot-environments, Jun 2020 . A. Lakhani, \u201cEvolution of cyber threats in OT environments,\u201d https:\/\/fortinet.com\/blog\/industry-trends\/evolution-of-cyber-threats-in-ot-environments, Jun 2020."},{"key":"e_1_3_2_2_25_1","volume-title":"Penetration Testing of Industrial Control Systems .hskip 1em plus 0.5em minus 0.4emrelax Sandia National Laboratories","author":"Duggan D. P.","year":"2005","unstructured":"D. P. Duggan , Penetration Testing of Industrial Control Systems .hskip 1em plus 0.5em minus 0.4emrelax Sandia National Laboratories , 2005 . D. P. Duggan, Penetration Testing of Industrial Control Systems .hskip 1em plus 0.5em minus 0.4emrelax Sandia National Laboratories, 2005."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445969"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.5220\/0007247901750182"},{"key":"e_1_3_2_2_28_1","volume-title":"JSON schema: A media type for describing JSON documents","author":"Austin W.","year":"2020","unstructured":"W. Austin , A. Henry , H. Ben , and D. Greg , \u201c JSON schema: A media type for describing JSON documents ,\u201d Dec 2020 . [Online]. Available: https:\/\/datatracker.ietf.org\/doc\/draft-bhutton-json-schema\/00\/ W. Austin, A. Henry, H. Ben, and D. Greg, \u201cJSON schema: A media type for describing JSON documents,\u201d Dec 2020. [Online]. Available: https:\/\/datatracker.ietf.org\/doc\/draft-bhutton-json-schema\/00\/"},{"key":"e_1_3_2_2_29_1","volume-title":"Multi-criteria Decision Analysis for Supporting the Selection of Engineering Materials in Product Design","author":"Jahan A.","year":"2016","unstructured":"A. Jahan , K. L. Edwards , and M. Bahraminasab , Multi-criteria Decision Analysis for Supporting the Selection of Engineering Materials in Product Design , 2 nd ed., A. Jahan, K. L. Edwards, and M. Bahraminasab, Eds.hskip 1em plus 0.5em minus 0.4emrelax Butterworth-Heinemann , 2016 . [Online]. Available: http:\/\/sciencedirect.com\/science\/article\/pii\/B9780081005361000047 A. Jahan, K. L. Edwards, and M. Bahraminasab, Multi-criteria Decision Analysis for Supporting the Selection of Engineering Materials in Product Design, 2nd ed., A. Jahan, K. L. Edwards, and M. Bahraminasab, Eds.hskip 1em plus 0.5em minus 0.4emrelax Butterworth-Heinemann, 2016. [Online]. Available: http:\/\/sciencedirect.com\/science\/article\/pii\/B9780081005361000047","edition":"2"},{"key":"e_1_3_2_2_30_1","volume-title":"CoRR","author":"McKerns M. M.","year":"2012","unstructured":"M. M. McKerns , L. Strand , T. Sullivan , A. Fang , and M. A. G. Aivazis , \u201cBuilding a framework for predictive science ,\u201d CoRR , 2012 . [Online]. Available : http:\/\/arxiv.org\/abs\/1202.1056 M. M. McKerns, L. Strand, T. Sullivan, A. Fang, and M. A. G. Aivazis, \u201cBuilding a framework for predictive science,\u201d CoRR, 2012. [Online]. Available: http:\/\/arxiv.org\/abs\/1202.1056"},{"key":"e_1_3_2_2_31_1","volume-title":"PuLP: A linear programming toolkit for Python","author":"Mitchell S.","year":"2011","unstructured":"S. Mitchell and I. Dunning , \u201c PuLP: A linear programming toolkit for Python ,\u201d 2011 . S. Mitchell and I. Dunning, \u201cPuLP: A linear programming toolkit for Python,\u201d 2011."},{"key":"e_1_3_2_2_32_1","volume-title":"Supply Chain Compromise -- ATT&CK for Industrial Control Systems","year":"2021","unstructured":"]MITRE , \u201c Supply Chain Compromise -- ATT&CK for Industrial Control Systems ,\u201d https:\/\/collaborate.mitre.org\/attackics\/index.php\/Technique\/T0862, Apr 2021 . ]MITRE, \u201cSupply Chain Compromise -- ATT&CK for Industrial Control Systems,\u201d https:\/\/collaborate.mitre.org\/attackics\/index.php\/Technique\/T0862, Apr 2021."},{"key":"e_1_3_2_2_33_1","volume-title":"Oct","author":"Pennington A.","year":"2019","unstructured":"A. Pennington , A. Applebaum , K. Nickels , T. Schulz , B. Strom , and J. Wunder , Getting started with ATT&CK .hskip 1em plus 0.5em minus 0.4emrelax MITRE , Oct 2019 . [Online]. Available: https:\/\/www.mitre.org\/sites\/default\/files\/publications\/mitre-getting-started-with-attack-october-2019.pdf A. Pennington, A. Applebaum, K. Nickels, T. Schulz, B. Strom, and J. Wunder, Getting started with ATT&CK .hskip 1em plus 0.5em minus 0.4emrelax MITRE, Oct 2019. [Online]. Available: https:\/\/www.mitre.org\/sites\/default\/files\/publications\/mitre-getting-started-with-attack-october-2019.pdf"},{"key":"e_1_3_2_2_34_1","volume-title":"Using ATT&CK to advance CTI -- part 2","author":"Nickels K.","year":"2018","unstructured":"K. Nickels , \u201c Using ATT&CK to advance CTI -- part 2 ,\u201d Nov 2018 . [Online]. Available: https:\/\/medium.com\/mitre-attack\/using-att-ck-to-advance-cyber-threat-intelligence-part-2-- K. Nickels, \u201cUsing ATT&CK to advance CTI -- part 2,\u201d Nov 2018. [Online]. Available: https:\/\/medium.com\/mitre-attack\/using-att-ck-to-advance-cyber-threat-intelligence-part-2--"},{"key":"e_1_3_2_2_35_1","volume-title":"Mar","author":"Alexander O.","year":"2020","unstructured":"O. Alexander , M. Belisle , and J. Steele , ATT&CK for Industrial Control Systems: Design and Philosophy. hskip 1em plus 0.5em minus 0.4emrelax MITRE , Mar 2020 . O. Alexander, M. Belisle, and J. Steele, ATT&CK for Industrial Control Systems: Design and Philosophy. hskip 1em plus 0.5em minus 0.4emrelax MITRE, Mar 2020."},{"key":"e_1_3_2_2_36_1","volume-title":"STIX#8482","author":"Jordan B.","year":"2021","unstructured":"B. Jordan , R. Piazza , and T. Darley , STIX#8482 ; Version 2.1. hskip 1em plus 0.5em minus 0.4emrelax OASIS Open 2021 , 2021. B. Jordan, R. Piazza, and T. Darley, STIX#8482; Version 2.1. hskip 1em plus 0.5em minus 0.4emrelax OASIS Open 2021, 2021."},{"key":"e_1_3_2_2_37_1","volume-title":"Allowing only signed application to run","author":"Microsoft Corporation","year":"2008","unstructured":"Microsoft Corporation , \u201c Allowing only signed application to run ,\u201d https:\/\/docs.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-server- 2008 -R2-and-2008, Sep 2012. Microsoft Corporation, \u201cAllowing only signed application to run,\u201d https:\/\/docs.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-server-2008-R2-and-2008, Sep 2012."},{"key":"e_1_3_2_2_38_1","volume-title":"Tramwajowy sabota.z w \u0141 odzi: Ch\u0142opiec dzia\u0142a\u0142 od p\u00f3\u0142 roku","author":"RMF","year":"2008","unstructured":"RMF FM , \u201c Tramwajowy sabota.z w \u0141 odzi: Ch\u0142opiec dzia\u0142a\u0142 od p\u00f3\u0142 roku ,\u201d https:\/\/archive.is\/08qSk ( Polish) , Jan 2008 . RMF FM, \u201cTramwajowy sabota.z w \u0141 odzi: Ch\u0142opiec dzia\u0142a\u0142 od p\u00f3\u0142 roku,\u201d https:\/\/archive.is\/08qSk (Polish), Jan 2008."},{"key":"e_1_3_2_2_39_1","first-page":"130","volume-title":"Everyday Cryptography. hskip 1em plus 0.5em minus 0.4emrelax","author":"Martin K. M.","year":"2017","unstructured":"K. M. Martin , \u201c The DES. The AES ,\u201d in Everyday Cryptography. hskip 1em plus 0.5em minus 0.4emrelax Oxford University Press , 2017 , pp. 130 -- 143 . K. M. Martin, \u201cThe DES. The AES,\u201d in Everyday Cryptography. hskip 1em plus 0.5em minus 0.4emrelax Oxford University Press, 2017, pp. 130--143."},{"key":"e_1_3_2_2_40_1","volume-title":"VA: MITRE","author":"Strom B. E.","year":"2020","unstructured":"B. E. Strom , A. Applebaum , D. P. Miller , K. C. Nickels , A. G. Pennington , and C. B. Thomas , ATT&CK: Design and Philosophy. hskip 1em plus 0.5em minus 0.4emrelax McLean , VA: MITRE , Mar 2020 . [Online]. Available : https:\/\/attack.mitre.org\/docs\/ATTACK_Design_and_Philosophy_March_2020.pdf B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas, ATT&CK: Design and Philosophy. hskip 1em plus 0.5em minus 0.4emrelax McLean, VA: MITRE, Mar 2020. [Online]. Available: https:\/\/attack.mitre.org\/docs\/ATTACK_Design_and_Philosophy_March_2020.pdf"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/IEEM.2012.6838095"},{"key":"e_1_3_2_2_42_1","volume-title":"Remote File Copy -- ATT&CK for Industrial Control Systems","year":"2021","unstructured":"\u201c Remote File Copy -- ATT&CK for Industrial Control Systems ,\u201d https:\/\/collaborate.mitre.org\/attackics\/index.php\/Technique\/T0867, Apr 2021 . \u201cRemote File Copy -- ATT&CK for Industrial Control Systems,\u201d https:\/\/collaborate.mitre.org\/attackics\/index.php\/Technique\/T0867, Apr 2021."},{"key":"e_1_3_2_2_43_1","volume-title":"Implications of IT ransomware for ICS environments","author":"Slowik J.","year":"2019","unstructured":"J. Slowik , \u201c Implications of IT ransomware for ICS environments ,\u201d https:\/\/dragos.com\/blog\/industry-news\/implications-of-it-ransomware-for-ics-environments\/, Apr 2019 . J. Slowik, \u201cImplications of IT ransomware for ICS environments,\u201d https:\/\/dragos.com\/blog\/industry-news\/implications-of-it-ransomware-for-ics-environments\/, Apr 2019."}],"event":{"name":"CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy","location":"Baltimore MD USA","acronym":"CODASPY '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510547.3517919","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510547.3517919","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:12:19Z","timestamp":1750191139000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510547.3517919"}},"subtitle":["A Case Study of an Industrial Control System using CySecTool"],"short-title":[],"issued":{"date-parts":[[2022,4,18]]},"references-count":42,"alternative-id":["10.1145\/3510547.3517919","10.1145\/3510547"],"URL":"https:\/\/doi.org\/10.1145\/3510547.3517919","relation":{},"subject":[],"published":{"date-parts":[[2022,4,18]]},"assertion":[{"value":"2022-04-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}