{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T08:01:10Z","timestamp":1776931270255,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","funder":[{"name":"EU Horizon Europe programme, project SLICES-PP","award":["10107977"],"award-info":[{"award-number":["10107977"]}]},{"name":"Bavarian Ministry of Economic Affairs, Regional Development and Energy, project 6G Future Lab Bavaria"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,13]]},"DOI":"10.1145\/3733812.3765533","type":"proceedings-article","created":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T10:54:48Z","timestamp":1763117688000},"page":"14-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["ThreatCompute: Leveraging LLMs for Automated Threat Modeling of Cloud-Native Applications"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6106-503X","authenticated-orcid":false,"given":"Anna","family":"Wimbauer","sequence":"first","affiliation":[{"name":"BIFOLD & TU Berlin, Berlin, Germany and Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6143-6076","authenticated-orcid":false,"given":"Luca","family":"Muscariello","sequence":"additional","affiliation":[{"name":"Cisco Systems, Paris, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1664-982X","authenticated-orcid":false,"given":"Jacques","family":"Samain","sequence":"additional","affiliation":[{"name":"Cisco Systems, Paris, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7075-1545","authenticated-orcid":false,"given":"Lion","family":"Steger","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3014-4595","authenticated-orcid":false,"given":"Kilian","family":"Glas","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7944-4867","authenticated-orcid":false,"given":"Max","family":"Helm","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2347-1839","authenticated-orcid":false,"given":"Georg","family":"Carle","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,14]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"Ehsan Aghaei Xi Niu Waseem Shadid and Ehab Al-Shaer. 2022. SecureBERT: A Domain-Specific Language Model for Cybersecurity. arxiv:https:\/\/arXiv.org\/abs\/2204.02685\u00a0[cs.CL]"},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3544420"},{"key":"e_1_3_3_2_4_2","unstructured":"Md\u00a0Tanvirul Alam Dipkamal Bhusal Youngja Park and Nidhi Rastogi. 2023. Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI. arxiv:https:\/\/arXiv.org\/abs\/2211.01753\u00a0[cs.CR]"},{"key":"e_1_3_3_2_5_2","unstructured":"The\u00a0Kubernetes Authors. 2023. Kubernetes Documentation: Concepts - Overview. https:\/\/kubernetes.io\/docs\/concepts\/overview\/. Accessed: 2024-08-25."},{"key":"e_1_3_3_2_6_2","volume-title":"How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends","author":"Charrier Casey","year":"2024","unstructured":"Casey Charrier and Robert Weiner. 2024. How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends. Technical Report. Mandiant. https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/time-to-exploit-trends-2023"},{"key":"e_1_3_3_2_7_2","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Deng Gelei","year":"2024","unstructured":"Gelei Deng, Yi Liu, V\u00edctor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu, Martin Pinzger, and Stefan Rass. 2024. PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/deng"},{"key":"e_1_3_3_2_8_2","doi-asserted-by":"crossref","unstructured":"Isra Elsharef Zhen Zeng and Zhongshu Gu. 2024. Facilitating Threat Modeling by Leveraging Large Language Models. (2024).","DOI":"10.14722\/aiscc.2024.23016"},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"publisher","unstructured":"Viktor Engstr\u00f6m Pontus Johnson Robert Lagerstr\u00f6m Erik Ringdahl and Max W\u00e4llstedt. 2023. Automated Security Assessments of Amazon Web Services Environments. ACM Trans. Priv. Secur. 26 2 Article 20 (March 2023) 31\u00a0pages. 10.1145\/3570903","DOI":"10.1145\/3570903"},{"key":"e_1_3_3_2_10_2","doi-asserted-by":"crossref","unstructured":"Viktor Engstr\u00f6m and Robert Lagerstr\u00f6m. 2022. Two decades of cyberattack simulations: A systematic literature review. Computers & Security 116 (2022) 102681.","DOI":"10.1016\/j.cose.2022.102681"},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3701716.3715209"},{"key":"e_1_3_3_2_12_2","doi-asserted-by":"crossref","unstructured":"Simon Hacks Sotirios Katsikeas Engla Ling Robert Lagerstr\u00f6m and Mathias Ekstedt. 2020. powerLang: a probabilistic attack simulation language for the power domain. Energy Informatics 3 (2020) 1\u201317.","DOI":"10.1186\/s42162-020-00134-4"},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3232799"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-62230-5_4"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.5220\/0007247901750182"},{"key":"e_1_3_3_2_16_2","unstructured":"Nick Kirtley. 2022. PASTA Threat Modeling. https:\/\/threat-modeling.com\/pasta-threat-modeling\/. Accessed: 2024-08-25."},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"publisher","unstructured":"Alyzia-Maria Konsta Alberto Lluch Lafuente Beatrice Spiga and Nicola Dragoni. 2024. Survey: Automatic generation of attack trees and attack graphs. Computers & Security 137 (2024) 103602. 10.1016\/j.cose.2023.103602","DOI":"10.1016\/j.cose.2023.103602"},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"publisher","unstructured":"Khang Mai Jongmin Lee Razvan Beuran Ryosuke Hotchi Sian\u00a0En Ooi Takayuki Kuroda and Yasuo Tan. 2025. RAF-AG: Report analysis framework for attack path generation. Computers & Security 148 (2025) 104125. 10.1016\/j.cose.2024.104125","DOI":"10.1016\/j.cose.2024.104125"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-36584-8_5"},{"key":"e_1_3_3_2_20_2","unstructured":"Microsoft. 2021. Threat Matrix for Kubernetes. https:\/\/microsoft.github.io\/Threat-Matrix-for-Kubernetes\/. Accessed: 2024-08-21."},{"key":"e_1_3_3_2_21_2","unstructured":"Microsoft Corporation. 2009. The STRIDE Threat Model. https:\/\/learn.microsoft.com\/en-us\/previous-versions\/commerce-server\/ee823878(v=cs.20). Accessed: 2024-08-25."},{"key":"e_1_3_3_2_22_2","unstructured":"Dmitry Namiot and Manfred sneps sneppe. 2014. On Micro-services Architecture. Interenational Journal of Open Information Technologies 2 (09 2014) 24\u201327."},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"publisher","unstructured":"Ana\u00a0Maria Pirca and Harjinder\u00a0Singh Lallie. 2023. An empirical evaluation of the effectiveness of attack graphs and MITRE ATT&CK matrices in aiding cyber attack perception amongst decision-makers. Computers & Security 130 (2023) 103254. 10.1016\/j.cose.2023.103254","DOI":"10.1016\/j.cose.2023.103254"},{"key":"e_1_3_3_2_24_2","unstructured":"Renascence\u00a0Tarafder Prapty Ashish Kundu and Arun Iyengar. 2024. Using Retriever Augmented Large Language Models for Attack Graph Generation. arxiv:https:\/\/arXiv.org\/abs\/2408.05855\u00a0[cs.CR] https:\/\/arxiv.org\/abs\/2408.05855"},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"crossref","unstructured":"Engla Rencelj\u00a0Ling and Mathias Ekstedt. 2023. Estimating time-to-compromise for industrial control system attack techniques through vulnerability data. SN Computer Science 4 3 (2023) 318.","DOI":"10.1007\/s42979-023-01750-z"},{"key":"e_1_3_3_2_26_2","doi-asserted-by":"crossref","unstructured":"Dipayan Saha Hasan\u00a0Al Shaikh Shams Tarek and Farimah Farahmandi. 2025. ThreatLens: LLM-guided Threat Modeling and Test Plan Generation for Hardware Security Verification. Cryptology ePrint Archive Paper 2025\/561. https:\/\/eprint.iacr.org\/2025\/561","DOI":"10.1109\/VTS65138.2025.11022932"},{"key":"e_1_3_3_2_27_2","volume-title":"Building Effective AI Agents","author":"Schluntz Erik","year":"2024","unstructured":"Erik Schluntz and Barry Zhang. 2024. Building Effective AI Agents. https:\/\/www.anthropic.com\/engineering\/building-effective-agents Anthropic Engineering Blog, accessed June 24, 2025."},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/SEST57387.2023.10257329"},{"key":"e_1_3_3_2_29_2","doi-asserted-by":"crossref","unstructured":"Md\u00a0Shazibul\u00a0Islam Shamim Farzana\u00a0Ahamed Bhuiyan and Akond Rahman. 2020. Xi commandments of kubernetes security: A systematization of knowledge related to kubernetes security practices. 2020 IEEE Secure Development (SecDev) (2020) 58\u201364.","DOI":"10.1109\/SecDev45635.2020.00025"},{"key":"e_1_3_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"e_1_3_3_2_31_2","unstructured":"Maddie Stone and James Sadowski. 2024. A Year in Review of Zero-Days Exploited In-the-Wild in 2023. https:\/\/storage.googleapis.com\/gweb-uniblog-publish-prod\/documents\/Year_in_Review_of_ZeroDays.pdf Analyzes zero-day vulnerabilities actively exploited in 2023 and offers recommendations for ecosystem security.."},{"key":"e_1_3_3_2_32_2","volume-title":"Technical report","author":"Strom Blake\u00a0E","year":"2018","unstructured":"Blake\u00a0E Strom, Andy Applebaum, Doug\u00a0P Miller, Kathryn\u00a0C Nickels, Adam\u00a0G Pennington, and Cody\u00a0B Thomas. 2018. Mitre att&ck: Design and philosophy. In Technical report. The MITRE Corporation."},{"key":"e_1_3_3_2_33_2","unstructured":"David Tayouri Nick Baum Asaf Shabtai and Rami Puzis. 2022. A Survey of MulVAL Extensions and Their Attack Scenarios Coverage. arxiv:https:\/\/arXiv.org\/abs\/2208.05750\u00a0[cs.CR] https:\/\/arxiv.org\/abs\/2208.05750"},{"key":"e_1_3_3_2_34_2","unstructured":"Pat Verga Sebastian Hofstatter Sophia Althammer Yixuan Su Aleksandra Piktus Arkady Arkhangorodsky Minjie Xu Naomi White and Patrick Lewis. 2024. Replacing Judges with Juries: Evaluating LLM Generations with a Panel of Diverse Models. arxiv:https:\/\/arXiv.org\/abs\/2404.18796\u00a0[cs.CL] https:\/\/arxiv.org\/abs\/2404.18796"},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70567-3_22"},{"key":"e_1_3_3_2_36_2","doi-asserted-by":"publisher","unstructured":"Wojciech Wide\u0142 Simon Hacks Mathias Ekstedt Pontus Johnson and Robert Lagerstr\u00f6m. 2023. The meta attack language - a formal description. Computers & Security 130 (2023) 103284. 10.1016\/j.cose.2023.103284","DOI":"10.1016\/j.cose.2023.103284"},{"key":"e_1_3_3_2_37_2","unstructured":"Tingmin Wu Shuiqiao Yang Shigang Liu David Nguyen Seung Jang and Alsharif Abuadbba. 2025. ThreatModeling-LLM: Automating Threat Modeling using Large Language Models for Banking System. arxiv:https:\/\/arXiv.org\/abs\/2411.17058\u00a0[cs.CR] https:\/\/arxiv.org\/abs\/2411.17058"},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"crossref","unstructured":"Wenjun Xiong Simon Hacks and Robert Lagerstr\u00f6m. 2021. A method for assigning probability distributions in attack simulation languages. Complex Systems Informatics and Modeling Quarterly26 (2021) 55\u201377.","DOI":"10.7250\/csimq.2021-26.04"},{"key":"e_1_3_3_2_39_2","doi-asserted-by":"crossref","unstructured":"Wenjun Xiong and Robert Lagerstr\u00f6m. 2019. Threat modeling\u2013A systematic literature review. Computers & security 84 (2019) 53\u201369.","DOI":"10.1016\/j.cose.2019.03.010"},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","unstructured":"Kengo Zenitani. 2023. Attack graph analysis: An explanatory guide. Computers & Security 126 (2023) 103081. 10.1016\/j.cose.2022.103081","DOI":"10.1016\/j.cose.2022.103081"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/IMF.2018.00017"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCSW '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 Cloud Computing Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3733812.3765533","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T18:56:54Z","timestamp":1767985014000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3733812.3765533"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,13]]},"references-count":40,"alternative-id":["10.1145\/3733812.3765533","10.1145\/3733812"],"URL":"https:\/\/doi.org\/10.1145\/3733812.3765533","relation":{},"subject":[],"published":{"date-parts":[[2025,10,13]]},"assertion":[{"value":"2025-11-14","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}