{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T10:04:41Z","timestamp":1774605881416,"version":"3.50.1"},"reference-count":37,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,1,31]],"date-time":"2023-01-31T00:00:00Z","timestamp":1675123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2023,1,31]]},"abstract":"<jats:p>Security risk assessment is an important task in systems engineering. It is used to derive security requirements for a secure system design and to evaluate design alternatives as well as vulnerabilities. Security risk assessment is also a complex and interdisciplinary task, where experts from the application domain and the security domain have to collaborate and understand each other. Automated and tool-supported approaches are desired to help manage the complexity. However, the models used for system engineering usually focus on functional behavior and lack security-related aspects. Therefore, we present our modeling approach that alleviates communication between the involved experts and features steps of computer-aided modeling to achieve consistency and avoid omission errors. We demonstrate our approach with an example. We also describe how to model impact rating and attack feasibility estimation in a modular fashion, along with the propagation and aggregation of these estimations through the model. As a result, experts can make local decisions or changes in the model, which in turn provides the impact of these decisions or changes on the overall risk profile. Finally, we discuss the advantages of our model-based method.<\/jats:p>","DOI":"10.1145\/3569458","type":"journal-article","created":{"date-parts":[[2022,11,4]],"date-time":"2022-11-04T12:34:24Z","timestamp":1667565264000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Security Risk Assessments: Modeling and Risk Level Propagation"],"prefix":"10.1145","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6566-8680","authenticated-orcid":false,"given":"Daniel","family":"Angermeier","sequence":"first","affiliation":[{"name":"Fraunhofer-Institute AISEC, Garching, Bavaria, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4681-1928","authenticated-orcid":false,"given":"Hannah","family":"Wester","sequence":"additional","affiliation":[{"name":"Fraunhofer-Institute AISEC, Garching, Bavaria, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9302-1553","authenticated-orcid":false,"given":"Kristian","family":"Beilke","sequence":"additional","affiliation":[{"name":"Fraunhofer-Institute AISEC, Garching, Bavaria, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6906-6495","authenticated-orcid":false,"given":"Gerhard","family":"Hansch","sequence":"additional","affiliation":[{"name":"Fraunhofer-Institute AISEC, Garching, Bavaria, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0822-2981","authenticated-orcid":false,"given":"J\u00f6rn","family":"Eichler","sequence":"additional","affiliation":[{"name":"Freie Universit\u00e4t Berlin, Institute of Computer Science, Berlin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,2,20]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.13154\/294-6670"},{"key":"e_1_3_2_3_2","first-page":"82","volume-title":"International Workshop on Risk Assessment and Risk-driven Testing","author":"Angermeier Daniel","year":"2016","unstructured":"Daniel Angermeier, Alexander Nieding, and J\u00f6rn Eichler. 2016. Supporting risk assessment with the systematic identification, merging, and validation of security goals. In International Workshop on Risk Assessment and Risk-driven Testing. Springer, Cham, Germany, 82\u201395."},{"issue":"3","key":"e_1_3_2_4_2","article-title":"Systematic identification of security goals and threats in risk assessment","volume":"36","author":"Angermeier Daniel","year":"2016","unstructured":"Daniel Angermeier, Alexander Nieding, and J\u00f6rn Eichler. 2016. Systematic identification of security goals and threats in risk assessment. Softwaretechnik-Trends 36, 3 (2016).","journal-title":"Softwaretechnik-Trends"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57858-3_7"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1016\/B978-0-12-438150-6.50018-2"},{"key":"e_1_3_2_7_2","volume-title":"Common Methodology for Information Technology Security Evaluation: Evaluation Methodology (3.1r5 ed.)","author":"Board Common Criteria Editorial","year":"2017","unstructured":"Common Criteria Editorial Board. 2017. Common Methodology for Information Technology Security Evaluation: Evaluation Methodology (3.1r5 ed.). Standard. Common Criteria."},{"key":"e_1_3_2_8_2","volume-title":"Model-based Security Engineering for Electronic Business Processes","author":"Eichler J.","year":"2015","unstructured":"J. Eichler. 2015. Model-based Security Engineering for Electronic Business Processes. Ph. D. Dissertation. Technische Universit\u00e4t M\u00fcnchen."},{"key":"e_1_3_2_9_2","first-page":"81","volume-title":"Proceedings of the VDI\/VW-Gemeinschaftstagung Automotive Security","volume":"2263","author":"Eichler J\u00f6rn","year":"2015","unstructured":"J\u00f6rn Eichler and Daniel Angermeier. 2015. Modular risk assessment for the development of secure automotive systems. In Proceedings of the VDI\/VW-Gemeinschaftstagung Automotive Security, Vol. 2263. VDI, D\u00fcsseldorf, 81\u201390."},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-009-0092-x"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/2422498.2422501"},{"key":"e_1_3_2_12_2","volume-title":"Measuring and Managing Information Risk: A FAIR Approach","author":"Freund Jack","year":"2015","unstructured":"Jack Freund and Jack Jones. 2015. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, Oxford, UK."},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3145905"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.3390\/info11050273"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3327961.3329528"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2382574"},{"key":"e_1_3_2_17_2","volume-title":"IEC 62443-3-2:2020 Security for Industrial Automation and Control Systems\u2013Part 3-2: Security Risk Assessment for System design","year":"2020","unstructured":"IEC. 2020. IEC 62443-3-2:2020 Security for Industrial Automation and Control Systems\u2013Part 3-2: Security Risk Assessment for System design. Standard. International Electrotechnical Commission and others, Geneva, CH."},{"key":"e_1_3_2_18_2","volume-title":"ISO\/SAE 21434:2021 Road Vehicles\u2013Cybersecurity engineering","year":"2021","unstructured":"ISO\/SAE. 2021. ISO\/SAE 21434:2021 Road Vehicles\u2013Cybersecurity engineering. Standard. International Organization for Standardization, Geneva, CH."},{"key":"e_1_3_2_19_2","volume-title":"The Threats to Our Products","author":"Kohnfelder Loren","year":"1999","unstructured":"Loren Kohnfelder and Praerit Garg. 1999. The Threats to Our Products. Technical Report. Microsoft Interface."},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2014.07.001"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-28005-5_4"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2017.40"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8"},{"issue":"8","key":"e_1_3_2_24_2","doi-asserted-by":"crossref","first-page":"1242","DOI":"10.3390\/electronics9081242","article-title":"Security risk analysis approach for safety-critical systems of connected vehicles","volume":"9","author":"Luo Feng","year":"2020","unstructured":"Feng Luo, Shuo Hou, Xuan Zhang, Zhenyu Yang, and Wenwen Pan. 2020. Security risk analysis approach for safety-critical systems of connected vehicles. Electronics 9, 8 (August2020), 1242.","journal-title":"Electronics"},{"key":"e_1_3_2_25_2","first-page":"621","volume-title":"Proceedings of the 2015 Design, Automation and Test in Europe Conference (DATE\u201915)","author":"Macher Georg","year":"2015","unstructured":"Georg Macher, Harald Sporer, Reinhard Berlach, Eric Armengaud, and Christian Kreiner. 2015. SAHARA: A security-aware hazard and risk analysis method. In Proceedings of the 2015 Design, Automation and Test in Europe Conference (DATE\u201915). 621\u2013624."},{"key":"e_1_3_2_26_2","first-page":"260","article-title":"Adventures in automotive networks and control units","volume":"21","author":"Miller Charlie","year":"2013","unstructured":"Charlie Miller and Chris Valasek. 2013. Adventures in automotive networks and control units. Def. Con. 21 (2013), 260\u2013264.","journal-title":"Def. Con."},{"key":"e_1_3_2_27_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1145\/3198458.3198465","volume-title":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","author":"Monteuuis Jean-Philippe","year":"2018","unstructured":"Jean-Philippe Monteuuis, Aymen Boudguiga, Jun Zhang, Houda Labiod, Alain Servel, and Pascal Urien. 2018. SARA: Security automotive risk analysis method. In Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. Association for Computing Machinery, New York, NY, 3\u201314."},{"key":"e_1_3_2_28_2","series-title":"Proceedings of the 6th International Conference on OWL: Experiences and Directions","first-page":"208","volume":"529","author":"O\u2019Connor Martin J.","year":"2009","unstructured":"Martin J. O\u2019Connor and Amar K. Das. 2009. SQWRL: A query language for OWL. In Proceedings of the 6th International Conference on OWL: Experiences and Directions(OWLED\u201909, Vol. 529). CEUR-WS.org, Aachen, Germany, 208\u2013215."},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.34"},{"key":"e_1_3_2_30_2","unstructured":"Alastair Ruddle Benjamin Weyl Sajid Idrees Y. Roudier Michael Friedewald Timo Leimbach A. Fuchs S. G\u00fcrgens O. Henninger Roland Rieke M. Ritscher H. Broberg L. Apvrille R. Pacalet and Gabriel Pedroza. 2009. Security requirements for automotive on-board networks based on dark-side scenarios. Seventh Research Framework Programme (2007\u20132013) of the European Community. Deliverable D2.3: EVITA. E-safety vehicle intrusion protected applications 150 pages. https:\/\/www.researchgate.net\/profile\/Gabriel-Pedroza\/publication\/304525166_Security_requirements_for_automotive_on-board_networks_based_on_dark-side_scenarios\/links\/57b06d4808ae15c76cba2666\/Security-requirements-for-automotive-on-board-networks-based-on-dark-side-scenarios.pdf."},{"key":"e_1_3_2_31_2","doi-asserted-by":"crossref","first-page":"310","DOI":"10.1007\/978-3-319-10506-2_21","volume-title":"Computer Safety, Reliability, and Security","author":"Schmittner Christoph","year":"2014","unstructured":"Christoph Schmittner, Thomas Gruber, Peter Puschner, and Erwin Schoitsch. 2014. Security application of failure mode and effect analysis (FMEA). In Computer Safety, Reliability, and Security, Andrea Bondavalli and Felicita Di Giandomenico (Eds.). Springer International Publishing, Cham, 310\u2013325."},{"key":"e_1_3_2_32_2","volume-title":"Threat Modeling: Designing for Security","author":"Shostack Adam","year":"2014","unstructured":"Adam Shostack. 2014. Threat Modeling: Designing for Security. John Wiley & Sons, Indianapolis, IN."},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2012.2221853"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-15618-7_13"},{"key":"e_1_3_2_35_2","volume-title":"UN Regulation on Uniform Provisions Concerning the Approval of Vehicles with Regards to Cyber Security and Cyber Security Management System","author":"OTA UNECE WP.29 TF CS and","year":"2020","unstructured":"UNECE WP.29 TF CS and OTA. 2020. UN Regulation on Uniform Provisions Concerning the Approval of Vehicles with Regards to Cyber Security and Cyber Security Management System. Proposal. UN World Forum for the Harmonization of Vehicle Regulations (WP.29)."},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/ICS2016.8"},{"key":"e_1_3_2_37_2","volume-title":"UN Regulation No. 155\u2014Cyber Security and Cyber Security Management System","author":"WP29 UNECE GRVA","year":"2021","unstructured":"UNECE GRVA WP29. 2021. UN Regulation No. 155\u2014Cyber Security and Cyber Security Management System. Technical Report. United Nations."},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2010.5544924"}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3569458","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3569458","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:56Z","timestamp":1750182536000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3569458"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,31]]},"references-count":37,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1,31]]}},"alternative-id":["10.1145\/3569458"],"URL":"https:\/\/doi.org\/10.1145\/3569458","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,1,31]]},"assertion":[{"value":"2021-06-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-09-17","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}