{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:58:14Z","timestamp":1750309094527,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T00:00:00Z","timestamp":1689033600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,11]]},"DOI":"10.1145\/3598469.3598529","type":"proceedings-article","created":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T19:06:05Z","timestamp":1689015965000},"page":"536-543","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5037-0657","authenticated-orcid":false,"given":"Thomas","family":"Zefferer","sequence":"first","affiliation":[{"name":"A-SIT Plus GmbH, Austria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7902-0087","authenticated-orcid":false,"given":"Bernd","family":"Prunster","sequence":"additional","affiliation":[{"name":"A-SIT Plus GmbH, Austria"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-2869-684X","authenticated-orcid":false,"given":"Christian","family":"Kollmann","sequence":"additional","affiliation":[{"name":"A-SIT Plus GmbH, Austria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2938-6296","authenticated-orcid":false,"given":"Andreea Ancuta","family":"Corici","sequence":"additional","affiliation":[{"name":"Fraunhofer FOKUS Institute, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8312-5086","authenticated-orcid":false,"given":"Lukas","family":"Alber","sequence":"additional","affiliation":[{"name":"Institute of Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9230-0833","authenticated-orcid":false,"given":"Roland","family":"Czerny","sequence":"additional","affiliation":[{"name":"Institute of Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6322-746X","authenticated-orcid":false,"given":"Blaz","family":"Podgorelec","sequence":"additional","affiliation":[{"name":"Institute of Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria"}]}],"member":"320","published-online":{"date-parts":[[2023,7,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2021. OWASP Top Ten. \"https:\/\/owasp.org\/Top10\/\""},{"key":"e_1_3_2_1_2_1","volume-title":"Information security governance challenges and critical success factors: Systematic review. Computers & security 99","author":"AlGhamdi Sultan","year":"2020","unstructured":"Sultan AlGhamdi, Khin\u00a0Than Win, and Elena Vlahu-Gjorgievska. 2020. Information security governance challenges and critical success factors: Systematic review. Computers & security 99 (2020), 102030."},{"volume-title":"Information Security Management Systems (ISMS). Standard. Federal Office for Information Security (BSI)","author":"BSI","key":"e_1_3_2_1_3_1","unstructured":"BSI Standard 200-1 2017. BSI Standard 200-1, Information Security Management Systems (ISMS). Standard. Federal Office for Information Security (BSI), Bonn, DE."},{"volume-title":"IT-Grundschutz Methodology. Standard. Federal Office for Information Security (BSI)","author":"BSI","key":"e_1_3_2_1_4_1","unstructured":"BSI Standard 200-2 2017. BSI Standard 200-2, IT-Grundschutz Methodology. Standard. Federal Office for Information Security (BSI), Bonn, DE."},{"volume-title":"Risk Analysis based on IT Grundschutz. Standard. Federal Office for Information Security (BSI)","author":"BSI","key":"e_1_3_2_1_5_1","unstructured":"BSI Standard 200-3 2017. BSI Standard 200-3, Risk Analysis based on IT Grundschutz. Standard. Federal Office for Information Security (BSI), Bonn, DE."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3543434.3543638"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/341852.341877"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-07076-6_7"},{"key":"e_1_3_2_1_9_1","volume-title":"Hany Ammar, and Ali Mili.","author":"Goseva-Popstojanova Katerina","year":"2003","unstructured":"Katerina Goseva-Popstojanova, Ahmed Hassan, Ajith Guedem, Walid Abdelmoez, Diaa Eldin\u00a0M Nassar, Hany Ammar, and Ali Mili. 2003. Architectural-level risk analysis using UML. IEEE transactions on software engineering 29, 10 (2003), 946\u2013960."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14445\/22312803\/IJCTT-V36P101"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-005-0087-0"},{"volume-title":"Risk management \u2014 Guidelines. Standard","author":"ISO","key":"e_1_3_2_1_12_1","unstructured":"ISO 31000:2018(E) 2018. Risk management \u2014 Guidelines. Standard. International Organization for Standardization, Geneva, CH."},{"volume-title":"Information technology \u2014 Security techniques \u2014 Evaluation criteria for IT security. Standard","author":"IEC","key":"e_1_3_2_1_13_1","unstructured":"ISO\/IEC 15408:1999(E) 1999. Information technology \u2014 Security techniques \u2014 Evaluation criteria for IT security. Standard. International Organization for Standardization, Geneva, CH."},{"volume-title":"Information technology \u2014 Security techniques \u2014 Information security risk management. Standard","author":"IEC","key":"e_1_3_2_1_14_1","unstructured":"ISO\/IEC 27005:2018(E) 2018. Information technology \u2014 Security techniques \u2014 Information security risk management. Standard. International Organization for Standardization, Geneva, CH."},{"key":"e_1_3_2_1_15_1","volume-title":"ATAM: Method for architecture evaluation. Technical Report. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst.","author":"Kazman Rick","year":"2000","unstructured":"Rick Kazman, Mark Klein, and Paul Clements. 2000. ATAM: Method for architecture evaluation. Technical Report. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst."},{"volume-title":"Improving web application security: threats and countermeasures","author":"Meier JD","key":"e_1_3_2_1_16_1","unstructured":"JD Meier. 2003. Improving web application security: threats and countermeasures. Microsoft press."},{"volume-title":"FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION - SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES. Standard","key":"e_1_3_2_1_17_1","unstructured":"NIST.FIPS.140-3 2019. FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION - SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES. Standard. National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA."},{"volume-title":"NIST Special Publication 800-131A Revision 2 - Transitioning the Use of Cryptographic Algorithms and Key Lengths. Standard","key":"e_1_3_2_1_18_1","unstructured":"NIST.SP.800-131Ar2 2019. NIST Special Publication 800-131A Revision 2 - Transitioning the Use of Cryptographic Algorithms and Key Lengths. Standard. National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA."},{"volume-title":"NIST Special Publication 800-133 Revision 2 - Recommendation for Cryptographic Key Generation. Standard","key":"e_1_3_2_1_19_1","unstructured":"NIST.SP.800-133r2 2020. NIST Special Publication 800-133 Revision 2 - Recommendation for Cryptographic Key Generation. Standard. National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA."},{"volume-title":"NIST Special Publication 800-163 Revision 1 - Vetting the Security of Mobile Applications. Standard","key":"e_1_3_2_1_20_1","unstructured":"NIST.SP.800-163r1 2019. NIST Special Publication 800-163 Revision 1 - Vetting the Security of Mobile Applications. Standard. National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA."},{"volume-title":"NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management: Part 1 - General. Standard","key":"e_1_3_2_1_21_1","unstructured":"NIST.SP.800-57pt1r5 2020. NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management: Part 1 - General. Standard. National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA."},{"volume-title":"NIST Special Publication 800-57 Part 2 Revision 1 - Recommendation for Key Management: Part 2 \u2013 Best Practices for Key Management Organizations. Standard","key":"e_1_3_2_1_22_1","unstructured":"NIST.SP.800-57pt2r1 2019. NIST Special Publication 800-57 Part 2 Revision 1 - Recommendation for Key Management: Part 2 \u2013 Best Practices for Key Management Organizations. Standard. National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA."},{"key":"e_1_3_2_1_23_1","unstructured":"Open Web Application Security\u00a0Project (OWASP). 2021. OWASP Threat Modeling Process. https:\/\/owasp.org\/www-project-threat-modeling\/ Accessed on 2022-10-01."},{"volume-title":"OWASP Application Security Verification Standard (ASVS) Project. Standard","key":"e_1_3_2_1_24_1","unstructured":"owasp.asvs 2021. OWASP Application Security Verification Standard (ASVS) Project. Standard. OWASP Foundation. \"https:\/\/owasp.org\/www-project-application-security-verification-standard\/\""},{"volume-title":"Standard","author":"Mobile Application Security Verification OWASP MASVS","key":"e_1_3_2_1_25_1","unstructured":"owasp.masvs 2021. OWASP MASVS (Mobile Application Security Verification Standard). Standard. OWASP Foundation. \"https:\/\/mas.owasp.org\/MASVS\/\""},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICAICTA.2017.8090982"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2007.12.014"},{"volume-title":"Electronic Signatures and Infrastructures (ESI)","key":"e_1_3_2_1_28_1","unstructured":"REN\/ESI-0019401v231 2021. Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers. Standard. European Telecommunications Standards Institute (ETSI), Valbonne, FR."},{"volume-title":"Electronic Signatures and Infrastructures (ESI)","key":"e_1_3_2_1_29_1","unstructured":"REN\/ESI-0019411-1v131 2021. Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates. Standard. European Telecommunications Standards Institute (ETSI), Valbonne, FR."},{"key":"e_1_3_2_1_30_1","first-page":"121","article-title":"AAFs architectural analysis method for secure software development","volume":"126","author":"Ryoo J.","year":"2017","unstructured":"J. Ryoo, H. Lee, K. Kim, J. Lee, and S. Lee. 2017. AAFs architectural analysis method for secure software development. Journal of Systems and Software 126 (2017), 121\u2013137.","journal-title":"Journal of Systems and Software"},{"key":"e_1_3_2_1_31_1","unstructured":"European Union. 2014. Regulation (EU) No 910\/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32014R0910&from=EN."},{"key":"e_1_3_2_1_32_1","unstructured":"European Union. 2016. General Data Protection Regulation (GDPR). https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:32016R0679."},{"key":"e_1_3_2_1_33_1","unstructured":"European Union. 2018. Regulation (EU) 2018\/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024\/2012. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32018R1724&from=EN."},{"key":"e_1_3_2_1_34_1","unstructured":"European Union. 2021. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulation (EU) No 910\/2014 as regards establishing a framework for a European Digital Identity. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:52021PC0281&from=EN."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1108\/IJPSM-03-2018-0072"}],"event":{"name":"dg.o 2023: Digital government and solidarity","acronym":"dg.o 2023","location":"Gda?sk Poland"},"container-title":["Proceedings of the 24th Annual International Conference on Digital Government Research"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3598469.3598529","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3598469.3598529","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:43:43Z","timestamp":1750286623000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3598469.3598529"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,11]]},"references-count":35,"alternative-id":["10.1145\/3598469.3598529","10.1145\/3598469"],"URL":"https:\/\/doi.org\/10.1145\/3598469.3598529","relation":{},"subject":[],"published":{"date-parts":[[2023,7,11]]},"assertion":[{"value":"2023-07-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}