{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:01:27Z","timestamp":1777806087298,"version":"3.51.4"},"reference-count":73,"publisher":"SAGE Publications","issue":"4","license":[{"start":{"date-parts":[[2019,6,17]],"date-time":"2019-06-17T00:00:00Z","timestamp":1560729600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2019,7,18]]},"abstract":"<jats:p>Today\u2019s cloud providers strive to attract customers with better services and less downtime in a highly competitive market. The need for minimizing the operational cost unavoidably leads cloud providers to rely on third party remote administrators for fulfilling regular maintenance tasks. In such a scenario, the lack of trust in those third party remote administrators paired with the extra privileges granted to them to complete the maintenance tasks usually implies undesirable security threats. A dishonest remote administrator, or an attacker armed with the stolen credential of a remote administrator, can pose severe insider threats to both the cloud provider and its tenants. In this paper, we take the first step towards understanding and mitigating such insider threats of remote administrators in clouds. Specifically, we first model the maintenance task assignments and their corresponding security impact due to privilege escalation. We then mitigate such impact through optimizing the task assignments with respect to given constraints. Finally, the simulation results demonstrate the effectiveness of our solution in various scenarios.<\/jats:p>","DOI":"10.3233\/jcs-191306","type":"journal-article","created":{"date-parts":[[2019,6,18]],"date-time":"2019-06-18T12:25:33Z","timestamp":1560860733000},"page":"427-458","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":2,"title":["Mitigating the insider threat of remote administrators in clouds through maintenance task assignments"],"prefix":"10.1177","volume":"27","author":[{"given":"Nawaf","family":"Alhebaishi","sequence":"first","affiliation":[{"name":"Concordia Institute for Information Systems Engineering, Concordia University, Quebec, Canada. E-mails:\u00a0,\u00a0"},{"name":"Faculty of Computing and Information Technology, King Abdulaziz University, Jeddag, KSA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lingyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Concordia Institute for Information Systems Engineering, Concordia University, Quebec, Canada. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[{"name":"Center for Secure Information Systems, George Mason University, VA, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anoop","family":"Singhal","sequence":"additional","affiliation":[{"name":"Computer Security Division, National Institute of Standards and Technology, MD, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2019,6,17]]},"reference":[{"key":"ref001","doi-asserted-by":"publisher","DOI":"10.1177\/1548512917706043"},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"M.\u00a0Albanese, S.\u00a0Jajodia and S.\u00a0Noel, Time-efficient and cost-effective network hardening using attack graphs, in: IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN 2012), 2012, pp.\u00a01\u201312.","DOI":"10.1109\/DSN.2012.6263942"},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"N.\u00a0Alhebaishi, L.\u00a0Wang, S.\u00a0Jajodia and A.\u00a0Singhal, Threat modeling for cloud data center infrastructures, in: Foundations and Practice of Security\u00a0\u2013 9th International Symposium, FPS, Revised Selected Papers, Qu\u00e9bec City, QC, Canada, October 24\u201325, 2016, Vol.\u00a02016, 2016, pp.\u00a0302\u2013319.","DOI":"10.1007\/978-3-319-51966-1_20"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"N.\u00a0Alhebaishi, L.\u00a0Wang, S.\u00a0Jajodia and A.\u00a0Singhal, Modeling and mitigating the insider threat of remote administrators in clouds, in: Data and Applications Security and Privacy XXXII\u00a0\u2013 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings, Bergamo, Italy, July 16\u201318, 2018, 2018, pp.\u00a03\u201320.","DOI":"10.1007\/978-3-319-95729-6_1"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"Q.\u00a0Althebyan and B.\u00a0Panda, A knowledge-base model for insider threat prediction, in: 2007 IEEE SMC Information Assurance and Security Workshop, 2007, pp.\u00a0239\u2013246. doi:10.1109\/IAW.2007.381939.","DOI":"10.1109\/IAW.2007.381939"},{"key":"ref006","unstructured":"Amazon Web Services, https:\/\/aws.amazon.com\/, 2018, Online; accessed 28\/02\/2018."},{"key":"ref007","doi-asserted-by":"crossref","unstructured":"P.\u00a0Ammann, D.\u00a0Wijesekera and S.\u00a0Kaushik, Scalable, graph-based network vulnerability analysis, in: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS, Washington, DC, USA, November 18\u201322, 2002, 2002, pp.\u00a0217\u2013224.","DOI":"10.1145\/586110.586140"},{"key":"ref008","unstructured":"K.\u00a0Bakshi, Cisco cloud computing-data center strategy, architecture, and solutions, 2009, http:\/\/www.cisco.com\/web\/strategy\/docs\/gov\/CiscoCloudComputing_WP.pdf."},{"key":"ref009","doi-asserted-by":"publisher","DOI":"10.1002\/sys.21211"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"M.\u00a0Bishop, S.\u00a0Engle, S.\u00a0Peisert, S.\u00a0Whalen and C.\u00a0Gates, We have met the enemy and he is us, in: Proceedings of the 2008 New Security Paradigms Workshop, NSPW \u201908, ACM, New York, NY, USA, 2008, pp.\u00a01\u201312. doi:10.1145\/1595676.","DOI":"10.1145\/1595676.1595678"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"S.\u00a0Bleikertz, A.\u00a0Kurmus, Z.A.\u00a0Nagy and M.\u00a0Schunter, Secure cloud maintenance: Protecting workloads against insider attacks, in: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS \u201912, ACM, New York, NY, USA, 2012, pp.\u00a083\u201384.","DOI":"10.1145\/2414456.2414505"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"D.\u00a0Borbor, L.\u00a0Wang, S.\u00a0Jajodia and A.\u00a0Singhal, Diversifying network services under cost constraints for better resilience against unknown attacks, in: Data and Applications Security and Privacy XXX\u00a0\u2013 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Proceedings, Trento, Italy, July 18\u201320, 2016, 2016, pp.\u00a0295\u2013312.","DOI":"10.1007\/978-3-319-41483-6_21"},{"key":"ref013","doi-asserted-by":"crossref","unstructured":"D.\u00a0Borbor, L.\u00a0Wang, S.\u00a0Jajodia and A.\u00a0Singhal, Securing networks against unpatchable and unknown vulnerabilities using heterogeneous hardening options, in: Data and Applications Security and Privacy XXXI, G.\u00a0Livraga and S.\u00a0Zhu, eds, Cham, Springer International Publishing, 2017, pp.\u00a0509\u2013528.","DOI":"10.1007\/978-3-319-61176-1_28"},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"T.\u00a0BrancoJr. and H.\u00a0Santos, What is missing for trust in the cloud computing? in: Proceedings of the 2016 ACM SIGMIS Conference on Computers and People Research, SIGMIS-CPR \u201916, ACM, New York, NY, USA, 2016, pp.\u00a027\u201328.","DOI":"10.1145\/2890602.2890605"},{"key":"ref015","unstructured":"X.\u00a0Chen, M.\u00a0Zhang, Z.M.\u00a0Mao and P.\u00a0Bahl, Automating network application dependency discovery: Experiences, limitations, and new solutions, in: 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8\u201310, 2008, San Diego, California, USA, Proceedings, 2008, pp.\u00a0117\u2013130."},{"key":"ref016","doi-asserted-by":"crossref","unstructured":"R.\u00a0Chinchani, A.\u00a0Iyer, H.Q.\u00a0Ngo and S.\u00a0Upadhyaya, Towards a theory of insider threat assessment, in: 2005 International Conference on Dependable Systems and Networks (DSN\u201905), 2005, pp.\u00a0108\u2013117. doi:10.1109\/DSN.2005.94.","DOI":"10.1109\/DSN.2005.94"},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"W.R.\u00a0Claycomb and A.\u00a0Nicoll, Insider threats to cloud computing: Directions for new research challenges, in: 2012 IEEE 36th Annual Computer Software and Applications Conference, 2012, pp.\u00a0387\u2013394. doi:10.1109\/COMPSAC.2012.113.","DOI":"10.1109\/COMPSAC.2012.113"},{"key":"ref018","unstructured":"Cloud Security Alliance, Security guidance for critical areas of focus in cloud computing v 3.0, 2011."},{"key":"ref019","unstructured":"Cloud Security Alliance, Top threats to cloud computing, 2018. Available at https:\/\/cloudsecurityalliance.org\/topthreats\/csathreats.v1.0.pdf."},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"K.\u00a0Dahbur, B.\u00a0Mohammad and A.B.\u00a0Tarakji, A survey of risks, threats and vulnerabilities in cloud computing, in: Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, ISWSA \u201911, ACM, New York, NY, USA, 2011, pp.\u00a012:1\u201312:6.","DOI":"10.1145\/1980822.1980834"},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"R.\u00a0Dewri, N.\u00a0Poolsappasit, I.\u00a0Ray and D.\u00a0Whitley, Optimal security hardening using multi-objective optimization on attack tree models of networks, in: Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, 2007, pp.\u00a0204\u2013213.","DOI":"10.1145\/1315245.1315272"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-012-0160-y"},{"key":"ref023","unstructured":"M.\u00a0Doucet and M.\u00a0Lari, Cyber security and cybercrime in Canada, 2017, 2018, available at https:\/\/www150.statcan.gc.ca\/n1\/en\/catalogue\/71-607-X2018007."},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"M.\u00a0Frigault and L.\u00a0Wang, Measuring network security using Bayesian network-based attack graphs, in: Computer Software and Applications, 2008. COMPSAC \u201908. 32nd Annual IEEE International, 2008, pp.\u00a0698\u2013703.","DOI":"10.1109\/COMPSAC.2008.88"},{"key":"ref025","unstructured":"Gartner, Gartner forecasts worldwide public cloud revenue to grow 21.4 percent in 2018, 2018. Available at https:\/\/www.gartner.com\/newsroom\/id\/3871416."},{"key":"ref026","unstructured":"D.E.\u00a0Golberg, Genetic Algorithms in Search, Optimization, and Machine Learning, Vol.\u00a01989, Addison-Wesley, 1989."},{"key":"ref027","unstructured":"Google Cloud Platform, 2018, https:\/\/cloud.google.com\/, Online; accessed 28\/02\/2018."},{"key":"ref028","doi-asserted-by":"crossref","unstructured":"N.\u00a0Gruschka and M.\u00a0Jensen, Attack surfaces: A taxonomy for attacks on cloud services, in: 2010 IEEE 3rd International Conference on Cloud Computing, IEEE, 2010, pp.\u00a0276\u2013279. doi:10.1109\/CLOUD.2010.23.","DOI":"10.1109\/CLOUD.2010.23"},{"key":"ref029","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2004.06.004"},{"key":"ref030","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2017.01.007"},{"key":"ref031","unstructured":"M.\u00a0Hany, VMware VSphere In The Enterprise, http:\/\/www.hypervizor.com\/diags\/HyperViZor-Diags-VMW-vS4-Enterprise-v1-0.pdf. [Online; accessed 05\/02\/2015]."},{"key":"ref032","unstructured":"ISO Std IEC, ISO 27017,\n                      Information technology\u00a0\u2013 Security techniques\u00a0\u2013 Code of practice for information security controls based on ISO\/IEC 27002 for cloud services (DRAFT)\n                      , http:\/\/www.iso27001security.com\/html\/27017.html, 2012."},{"key":"ref033","unstructured":"G.\u00a0Jakobson, Mission cyber security situation assessment using impact dependency graphs, in: 14th International Conference on Information Fusion, 2011, pp.\u00a01\u20138."},{"key":"ref034","unstructured":"V.\u00a0Kann, A compendium of np optimization problems, in: WWW Spring 1994, 1994."},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"M.\u00a0Li, W.\u00a0Zang, K.\u00a0Bai, M.\u00a0Yu and P.\u00a0Liu, Mycloud: Supporting user-configured privacy protection in cloud computing, in: Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC \u201913, ACM, New York, NY, USA, 2013, pp.\u00a059\u201368. doi:10.1145\/2523649.2523680.","DOI":"10.1145\/2523649.2523680"},{"key":"ref036","doi-asserted-by":"crossref","unstructured":"J.\u00a0Luna, H.\u00a0Ghani, D.\u00a0Germanus and N.\u00a0Suri, A security metrics framework for the cloud, in: Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on, 2011, pp.\u00a0245\u2013250.","DOI":"10.5220\/0003446902450250"},{"key":"ref037","doi-asserted-by":"crossref","unstructured":"J.\u00a0Luna, H.\u00a0Ghani, D.\u00a0Germanus and N.\u00a0Suri, A security metrics framework for the cloud, in: Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on, IEEE, 2011, pp.\u00a0245\u2013250.","DOI":"10.5220\/0003446902450250"},{"key":"ref038","unstructured":"S.\u00a0Mathew, S.\u00a0Upadhyaya, D.\u00a0Ha and H.Q.\u00a0Ngo, Insider abuse comprehension through capability acquisition graphs, in: 2008 11th International Conference on Information Fusion, 2008, pp.\u00a01\u20138."},{"key":"ref039","doi-asserted-by":"crossref","unstructured":"J.\u00a0McHugh, Quality of protection: Measuring the unmeasurable? in: Proceedings of the 2nd ACM Workshop on Quality of Protection, QoP 2006, Vol.\u00a030, Alexandria, VA, USA, October 30, 2006, 2006, pp.\u00a01\u20132.","DOI":"10.1145\/1179494.1179495"},{"key":"ref040","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.145"},{"key":"ref041","unstructured":"Microsoft Azure, https:\/\/azure.microsoft.com, 2018. Online; accessed 28\/02\/2018."},{"key":"ref042","doi-asserted-by":"crossref","unstructured":"A.\u00a0Natarajan, P.\u00a0Ning, Y.\u00a0Liu, S.\u00a0Jajodia and S.E.\u00a0Hutchinson, Nsdminer: Automated discovery of network service dependencies, in: Proceedings of the IEEE INFOCOM 2012, Orlando, FL, USA, March 25\u201330, 2012, 2012, pp.\u00a02507\u20132515. doi:10.1109\/INFCOM.2012.6195642.","DOI":"10.1109\/INFCOM.2012.6195642"},{"key":"ref043","unstructured":"National Institute of Standards and Technology: Cloud Computing Service Metrics Description, http:\/\/www.nist.gov\/itl\/cloud\/upload\/RATAX-CloudServiceMetricsDescription-DRAFT-20141111.pdf, 2015, Online; accessed 17\/06\/2015."},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"W.\u00a0Nzoukou, L.\u00a0Wang, S.\u00a0Jajodia and A.\u00a0Singhal, A unified framework for measuring a network\u2019s mean time-to-compromise, in: 2013 IEEE 32nd International Symposium on Reliable Distributed Systems, 2013, pp.\u00a0215\u2013224. doi:10.1109\/SRDS.2013.30.","DOI":"10.1109\/SRDS.2013.30"},{"key":"ref045","unstructured":"Openstack, Openstack Operations Guide, http:\/\/docs.openstack.org\/openstack-ops\/content\/openstack-ops_preface.html, Online; accessed 27\/08\/2015."},{"key":"ref046","unstructured":"B.\u00a0PeddycordIII, P.\u00a0Ning and S.\u00a0Jajodia, On the accurate identification of network service dependencies in distributed systems, in: Strategies, Tools, and Techniques: Proceedings of the 26th Large Installation System Administration Conference, LISA 2012, San Diego, CA, USA, December 9\u201314, 2012, 2012, pp.\u00a0181\u2013194."},{"key":"ref047","first-page":"62:1","volume":"49","author":"Pendleton M.","year":"2016","journal-title":"ACM Comput. Surv."},{"key":"ref048","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.34"},{"key":"ref049","doi-asserted-by":"crossref","unstructured":"I.\u00a0Ray and N.\u00a0Poolsapassit, Computer security \u2013 ESORICS 2005: 10th European symposium on research in computer security, in: Proceedings, Ch. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders, Milan, Italy, September 12\u201314, 2005, Springer Berlin Heidelberg, 2005, pp.\u00a0231\u2013246.","DOI":"10.1007\/11555827_14"},{"key":"ref050","first-page":"10:1","volume":"7","author":"Roy A.","year":"2016","journal-title":"ACM Trans. Manage. Inf. Syst."},{"key":"ref051","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"ref052","doi-asserted-by":"crossref","unstructured":"P.\u00a0Saripalli and B.\u00a0Walters, Quirc: A quantitative impact and risk assessment framework for cloud security, in: 2010 IEEE 3rd International Conference on Cloud Computing, 2010, pp.\u00a0280\u2013288. doi:10.1109\/CLOUD.2010.22.","DOI":"10.1109\/CLOUD.2010.22"},{"key":"ref053","doi-asserted-by":"crossref","unstructured":"A.\u00a0Sarkar, S.\u00a0K\u00f6hler, S.\u00a0Riddle, B.\u00a0Ludaescher and M.\u00a0Bishop, Insider attack identification and prevention using a declarative approach, in: 2014 IEEE Security and Privacy Workshops, 2014, pp.\u00a0265\u2013276. doi:10.1109\/SPW.2014.41.","DOI":"10.1109\/SPW.2014.41"},{"key":"ref054","doi-asserted-by":"crossref","unstructured":"R.E.\u00a0Sawilla and X.\u00a0Ou, Identifying critical attack assets in dependency attack graphs, in: Computer Security\u00a0\u2013 ESORICS 2008, 13th European Symposium on Research in Computer Security, Proceedings, M\u00e1laga, Spain, October 6\u20138, 2008, 2008, pp.\u00a018\u201334.","DOI":"10.1007\/978-3-540-88313-5_2"},{"key":"ref055","unstructured":"F.B.\u00a0Shaikh and S.\u00a0Haider, Security threats in cloud computing, in: Internet Technology and Secured Transactions (ICITST), 2011 International Conference for, 2011, pp.\u00a0214\u2013219."},{"key":"ref056","doi-asserted-by":"crossref","unstructured":"O.\u00a0Sheyner, J.\u00a0Haines, S.\u00a0Jha, R.\u00a0Lippmann and J.M.\u00a0Wing, Automated generation and analysis of attack graphs, in: Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on, 2002, pp.\u00a0273\u2013284. doi:10.1109\/SECPRI.2002.1004377.","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"ref057","doi-asserted-by":"crossref","unstructured":"O.\u00a0Sheyner, J.\u00a0Haines, S.\u00a0Jha, R.\u00a0Lippmann and J.M.\u00a0Wing, Automated generation and analysis of attack graphs, in: Security and Privacy, Proceedings. 2002 IEEE Symposium on, IEEE, 2002, pp.\u00a0273\u2013284. doi:10.1109\/SECPRI.2002.1004377.","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"ref058","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2010.07.006"},{"key":"ref059","doi-asserted-by":"crossref","unstructured":"X.\u00a0Sun, A.\u00a0Singhal and P.\u00a0Liu, Towards actionable mission impact assessment in the context of cloud computing, in: Data and Applications Security and Privacy XXXI\u00a0\u2013 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings, Philadelphia, PA, USA, July 19\u201321, 2017, 2017, pp.\u00a0259\u2013274.","DOI":"10.1007\/978-3-319-61176-1_14"},{"key":"ref060","doi-asserted-by":"crossref","unstructured":"W.K.\u00a0Sze, A.\u00a0Srivastava and R.\u00a0Sekar, Hardening openstack cloud platforms against compute node compromises, in: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS \u201916, ACM, New York, NY, USA, 2016, pp.\u00a0341\u2013352. doi:10.1145\/2897845.2897851.","DOI":"10.1145\/2897845.2897851"},{"key":"ref061","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, M.\u00a0Albanese and S.\u00a0Jajodia, Network Hardening: An Automated Approach to Improving Network Security, Springer Publishing Company, Incorporated, 2014.","DOI":"10.1007\/978-3-319-04612-9"},{"key":"ref062","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.24"},{"key":"ref063","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, S.\u00a0Jajodia, A.\u00a0Singhal and S.\u00a0Noel, k-zero day safety: Measuring the security risk of networks against unknown attacks, in: ESORICS, Springer, 2010, pp.\u00a0573\u2013587.","DOI":"10.1007\/978-3-642-15497-3_35"},{"key":"ref064","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, S.\u00a0Jajodia, A.\u00a0Singhal and S.\u00a0Noel, k-zero day safety: Measuring the security risk of networks against unknown attacks, in: Computer Security\u00a0\u2013 ESORICS 2010, 15th European Symposium on Research in Computer Security, Proceedings, Athens, Greece, September 20\u201322, 2010, 2010, pp.\u00a0573\u2013587.","DOI":"10.1007\/978-3-642-15497-3_35"},{"key":"ref065","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, S.\u00a0Jajodia and A.E.\u00a0Singhal, Network Security Metrics, Springer, 2017.","DOI":"10.1007\/978-3-319-66505-4"},{"key":"ref066","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2006.06.018"},{"key":"ref067","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, A.\u00a0Singhal and S.\u00a0Jajodia, Toward measuring network security using attack graphs, in: Proceedings of the 2007 ACM Workshop on Quality of Protection, QoP \u201907, ACM, New York, NY, USA, 2007, pp.\u00a049\u201354. doi:10.1145\/1314257.1314273.","DOI":"10.1145\/1314257.1314273"},{"key":"ref068","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, A.\u00a0Singhal and S.\u00a0Jajodia, Measuring the overall security of network configurations using attack graphs, in: IFIP Annual Conference on Data and Applications Security and Privacy Springer, Berlin Heidelberg, 2007, pp.\u00a098\u2013112.","DOI":"10.1007\/978-3-540-73538-0_9"},{"key":"ref069","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, M.\u00a0Zhang, S.\u00a0Jajodia, A.\u00a0Singhal and M.\u00a0Albanese, Modeling network diversity for evaluating the robustness of networks against zero-day attacks, in: Proceedings of ESORICS\u201914, 2014, pp.\u00a0494\u2013511.","DOI":"10.1007\/978-3-319-11212-1_28"},{"key":"ref070","doi-asserted-by":"crossref","unstructured":"L.\u00a0Wang, M.\u00a0Zhang, S.\u00a0Jajodia, A.\u00a0Singhal and M.\u00a0Albanese, Modeling network diversity for evaluating the robustness of networks against zero-day attacks, in: Computer Security\u00a0\u2013 ESORICS 2014\u00a0\u2013 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7\u201311, 2014. Proceedings, Part II, 2014, pp.\u00a0494\u2013511.","DOI":"10.1007\/978-3-319-11212-1_28"},{"key":"ref071","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.09.013"},{"key":"ref072","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2516916"},{"key":"ref073","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2516916"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191306","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-191306","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191306","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:19Z","timestamp":1777495519000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-191306"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,17]]},"references-count":73,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2019,7,18]]}},"alternative-id":["10.3233\/JCS-191306"],"URL":"https:\/\/doi.org\/10.3233\/jcs-191306","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,6,17]]}}}