{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T06:35:44Z","timestamp":1781332544707,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,7,8]]},"DOI":"10.1145\/3734436.3734451","type":"proceedings-article","created":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T17:32:44Z","timestamp":1751563964000},"page":"62-73","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["SPEAR: Security Posture Evaluation using AI Planner-Reasoning on Attack-Connectivity Hypergraphs"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-7394-1369","authenticated-orcid":false,"given":"Rakesh","family":"Podder","sequence":"first","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4918-3340","authenticated-orcid":false,"given":"Turgay","family":"Caglar","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-3090-7187","authenticated-orcid":false,"given":"Shadaab Kawnain","family":"Bashir","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2299-0178","authenticated-orcid":false,"given":"Sarath","family":"Sreedharan","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3612-7738","authenticated-orcid":false,"given":"Indrajit","family":"Ray","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0714-7676","authenticated-orcid":false,"given":"Indrakshi","family":"Ray","sequence":"additional","affiliation":[{"name":"Colorado State University, Fort Collins, CO, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,7,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of 2013 International Conference on Security and Cryptography (SECRYPT), Pierangela Samarati (Ed.)","author":"Albanese Massimiliano","year":"2013","unstructured":"Massimiliano Albanese, Sushil Jajodia, Anoop Singhal, and Lingyu Wang. 2013. An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities. In Proceedings of 2013 International Conference on Security and Cryptography (SECRYPT), Pierangela Samarati (Ed.). Reykjavik, Iceland, 1--12."},{"key":"e_1_3_2_1_2_1","volume-title":"2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA). IEEE, 292--302","author":"Bashir Shadaab Kawnain","year":"2024","unstructured":"Shadaab Kawnain Bashir, Rakesh Podder, Sarath Sreedharan, Indrakshi Ray, and Indrajit Ray. 2024. Resiliency Graphs: Modelling the Interplay between Cyber Attacks and System Failures through AI Planning. In 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA). IEEE, 292--302."},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of Smart Grid Security: Second International Workshop, SmartGridSec 2014 (Lecture Notes in Computer Science","volume":"47","author":"Beckers Kristian","year":"2014","unstructured":"Kristian Beckers, Maritta Heisel, Leanid Krautsevich, Fabio Martinelli, Rene Meis, and Artsiom Yautsiukhin. 2014. Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis. In Proceedings of Smart Grid Security: Second International Workshop, SmartGridSec 2014 (Lecture Notes in Computer Science, Vol. 8448), Jorge Cuellar (Ed.). Springer, Munich, Germany, 30--47."},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance: 9th International Workshop, DPM","author":"Beckers Kristian","year":"2014","unstructured":"Kristian Beckers, Leanid Krautsevich, and Artsiom Yautsiukhin. 2015. Analysis of Social Engineering Threats with Attack Graphs. In Proceedings of Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance: 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014 (Lecture Notes in Computer Science, Vol. 8872). Springer, Wroclaw, Poland, 216--232."},{"key":"e_1_3_2_1_5_1","volume-title":"Data and Applications Security and Privacy XXXIII: 33rd Annual IFIP WG 11.3 Conference, DBSec","author":"Bezawada Bruhadeshwar","year":"2019","unstructured":"Bruhadeshwar Bezawada, Indrajit Ray, and Kushagra Tiwary. 2019. AGBuilder: An AI Tool for Automated Attack Graph Building, Analysis, and Refinement. In Data and Applications Security and Privacy XXXIII: 33rd Annual IFIP WG 11.3 Conference, DBSec 2019, Charleston, SC, USA, July 15--17, 2019, Proceedings 33. Springer, 23--42."},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the AAAI Conference on Artificial Intelligence","volume":"37","author":"Booth Serena","year":"2023","unstructured":"Serena Booth, W Bradley Knox, Julie Shah, Scott Niekum, Peter Stone, and Alessandro Allievi. 2023. The Perils of Trial-and-Error Reward Design: Misdesign through Overfitting and Invalid Task Specifications. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 37. 5920--5929."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/0004-3702(94)90081-7"},{"key":"e_1_3_2_1_8_1","volume-title":"Towards More Likely Models for AI Planning. In Proceedings of the AAAI Conference on Artificial Intelligence","volume":"38","author":"Caglar Turgay","year":"2024","unstructured":"Turgay Caglar, Sirine Belhaj, Tathagata Chakraborty, Michael Katz, and Sarath Sreedharan. 2024. Can LLMs Fix Issues with Reasoning Models? Towards More Likely Models for AI Planning. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 38. 20061--20069."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 14th ACM Conference on Computer and Communications Security. 204--213","author":"Dewri Rinku","year":"2007","unstructured":"Rinku Dewri, Nayot Poolsappasit, Indrajit Ray, and Darrell Whitley. 2007. Optimal Security Hardening using Multi-Objective Optimization on Attack Tree Models of Networks. In Proceedings of the 14th ACM Conference on Computer and Communications Security. 204--213."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-012-0160-y"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101578"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1109\/TETCI.2016.2637410","article-title":"Novel solution approach for multi-objective attack-defense cyber games with unknown utilities of the opponent","volume":"1","author":"Eisenstadt Erella","year":"2016","unstructured":"Erella Eisenstadt and Amiram Moshaiov. 2016. Novel solution approach for multi-objective attack-defense cyber games with unknown utilities of the opponent. IEEE Transactions on Emerging Topics in Computational Intelligence, Vol. 1, 1 (2016), 16--26.","journal-title":"IEEE Transactions on Emerging Topics in Computational Intelligence"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the International Conference on Automated Planning and Scheduling","volume":"31","author":"Ghasemi Mahsa","year":"2021","unstructured":"Mahsa Ghasemi, Evan Scope Crafts, Bo Zhao, and Ufuk Topcu. 2021. Multiple Plans are Better than One: Diverse Stochastic Planning. In Proceedings of the International Conference on Automated Planning and Scheduling, Vol. 31. 140--148."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10489-010-0266-8"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the International Conference on Automated Planning and Scheduling","volume":"25","author":"Hoffmann J\u00f6rg","year":"2015","unstructured":"J\u00f6rg Hoffmann. 2015. Simulated Penetration Testing: From ''Dijkstra'' to ''Turing Test''. In Proceedings of the International Conference on Automated Planning and Scheduling, Vol. 25. 364--372."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/1622394.1622404"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.3390\/pr8010012"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1109\/TDSC.2015.2423682","article-title":"Distributed Attack Graph Generation","volume":"13","author":"Kaynar Kerem","year":"2015","unstructured":"Kerem Kaynar and Fikret Sivrikaya. 2015. Distributed Attack Graph Generation. IEEE Transactions on Dependable and Secure Computing, Vol. 13, 5 (2015), 519--532.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1613\/jair.1.11551"},{"key":"e_1_3_2_1_20_1","volume-title":"How the Mind Explains Behavior: Folk Explanations, Meaning, and Social Interaction","author":"Malle Bertram F","unstructured":"Bertram F Malle. 2006. How the Mind Explains Behavior: Folk Explanations, Meaning, and Social Interaction. MIT press."},{"key":"e_1_3_2_1_21_1","volume-title":"Decision and Game Theory for Security: 11th International Conference, GameSec","author":"Milani Stephanie","year":"2020","unstructured":"Stephanie Milani, Weiran Shen, Kevin S Chan, Sridhar Venkatesan, Nandi O Leslie, Charles Kamhoua, and Fei Fang. 2020. Harnessing the Power of Deception in Attack Graph-Based Security Games. In Decision and Game Theory for Security: 11th International Conference, GameSec 2020, College Park, MD, USA, October 28--30, 2020, Proceedings 11. Springer, 147--167."},{"key":"e_1_3_2_1_22_1","volume-title":"GRASP: Accelerating Shortest Path Attacks via Graph Attention. arXiv preprint arXiv:2310.07980","author":"Miller Zohair Shafi","year":"2023","unstructured":"Zohair Shafi Miller, A Benjamin, Ayan Chatterjee, Tina Eliassi-Rad, and Rajmonda S Caceres. 2023. GRASP: Accelerating Shortest Path Attacks via Graph Attention. arXiv preprint arXiv:2310.07980 (2023)."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 2017 Workshop on Moving Target Defense. 87--97","author":"Nguyen Thanh H","year":"2017","unstructured":"Thanh H Nguyen, Mason Wright, Michael P Wellman, and Satinder Baveja. 2017. Multi-Stage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis. In Proceedings of the 2017 Workshop on Moving Target Defense. 87--97."},{"key":"e_1_3_2_1_24_1","volume-title":"Advanced Vulnerability Analysis and Intrusion Detection through Predictive Attack Graphs. Critical Issues in C4I","author":"Noel Steven","year":"2009","unstructured":"Steven Noel and Sushil Jajodia. 2009. Advanced Vulnerability Analysis and Intrusion Detection through Predictive Attack Graphs. Critical Issues in C4I, Armed Forces Communications and Electronics Association (AFCEA) Solutions Series. International Journal of Command and Control (2009)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2602087.2602117"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2003.1254313"},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 14th Conference on USENIX Security Symposium","volume":"128","author":"Ou Xinming","unstructured":"Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. 2005. MulVAL: A Logic-Based Network Security Analyzer. In Proceedings of the 14th Conference on USENIX Security Symposium (Baltimore, MD) (SSYM'05, Vol. 8). USENIX Association, Baltimore, MD, USA, 113--128."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/310889.310919"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.34"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of Computer Security -- ESORICS","author":"Ray Indrajit","year":"2005","unstructured":"Indrajit Ray and Nayot Poolsapassit. 2005. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In Proceedings of Computer Security -- ESORICS 2005, Sabrina de Capitani di Vimercati, Paul Syverson, and Dieter Gollmann (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 231--246."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPS-ISA58951.2023.00032"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of Workshop on Problem Solving using Classical Planners at 26th AAAI Conf. on Artificial Intelligence","author":"Roberts Mark","year":"2012","unstructured":"Mark Roberts, Adele E Howe, Indrajit Ray, and Malgorzata Urbanska. 2012. Using Planning for a Personalized Security Agent. In Proceedings of Workshop on Problem Solving using Classical Planners at 26th AAAI Conf. on Artificial Intelligence. Toronto, Ontario, Canada."},{"key":"e_1_3_2_1_33_1","article-title":"Attack Trees","volume":"24","author":"Schneier B.","year":"1999","unstructured":"B. Schneier. 1999. Attack Trees: Modeling Security Threats. Dr. Dobb's Journal of Software Tools 24, Vol. 12 (1999), 21--29.","journal-title":"Modeling Security Threats. Dr. Dobb's Journal of Software Tools"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 31st International Joint Conference on Artificial Intelligence and the 25th European Conference on Artificial Intelligence, IJCAI-ECAI (IJCAI-22)","author":"Sreedharan Sarath","year":"2022","unstructured":"Sarath Sreedharan, Pascal Bercher, and Subbarao Kambhampati. 2022. On the Computational Complexity of Model Reconciliations. In Proceedings of the 31st International Joint Conference on Artificial Intelligence and the 25th European Conference on Artificial Intelligence, IJCAI-ECAI (IJCAI-22). Messe Wien, Vienna, Austria, 4657--4664."},{"key":"e_1_3_2_1_35_1","volume-title":"Artificial Intelligence","volume":"301","author":"Sreedharan Sarath","year":"2021","unstructured":"Sarath Sreedharan, Tathagata Chakraborti, and Subbarao Kambhampati. 2021. Foundations of Explanations as Model Reconciliation. Artificial Intelligence, Vol. 301, 103558 (2021)."},{"key":"e_1_3_2_1_36_1","volume-title":"PDDLAssistant: A Tool for Assisting Construction and Maintenance of Attack Graphs Using PDDL. In in Proceedings of the ACM Conference on Computer and Communications Security 2017 (CCS","author":"Tiwary Kushagra","year":"2017","unstructured":"Kushagra Tiwary, Sachini Weerawardhana, Indrajit Ray, and Adele Howe. 2017. PDDLAssistant: A Tool for Assisting Construction and Maintenance of Attack Graphs Using PDDL. In in Proceedings of the ACM Conference on Computer and Communications Security 2017 (CCS 2017). Dallas, USA."},{"key":"e_1_3_2_1_37_1","volume-title":"Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment. arXiv preprint arXiv:2307.14114","author":"Unger Simon","year":"2023","unstructured":"Simon Unger, Ektor Arzoglou, Markus Heinrich, Dirk Scheuermann, and Stefan Katzenbeisser. 2023. Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment. arXiv preprint arXiv:2307.14114 (2023)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485387"}],"event":{"name":"SACMAT '25:SACMAT '25","location":"Stony Brook NY USA","sponsor":["sigsac ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 30th ACM Symposium on Access Control Models and Technologies"],"original-title":[],"deposited":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T17:35:04Z","timestamp":1751564104000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3734436.3734451"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,7]]},"references-count":38,"alternative-id":["10.1145\/3734436.3734451","10.1145\/3734436"],"URL":"https:\/\/doi.org\/10.1145\/3734436.3734451","relation":{},"subject":[],"published":{"date-parts":[[2025,7,7]]},"assertion":[{"value":"2025-07-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}