{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T13:38:55Z","timestamp":1773409135423,"version":"3.50.1"},"reference-count":265,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,10]]},"abstract":"<jats:p>Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research.<\/jats:p>","DOI":"10.4018\/ijsse.2014100103","type":"journal-article","created":{"date-parts":[[2015,1,8]],"date-time":"2015-01-08T17:57:19Z","timestamp":1420739839000},"page":"48-98","source":"Crossref","is-referenced-by-count":11,"title":["Evolution of Security Engineering Artifacts"],"prefix":"10.4018","volume":"5","author":[{"given":"Michael","family":"Felderer","sequence":"first","affiliation":[{"name":"Institute of Computer Science, University of Innsbruck, Innsbruck, Austria"}]},{"given":"Basel","family":"Katt","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, University of Innsbruck, Innsbruck, Austria"}]},{"given":"Philipp","family":"Kalb","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, University of Innsbruck, Innsbruck, Austria"}]},{"given":"Jan","family":"J\u00fcrjens","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, Technical University of Dortmund, Dortmund, Germany"}]},{"given":"Mart\u00edn","family":"Ochoa","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, Technical University of Munich, Munich, Germany"}]},{"given":"Federica","family":"Paci","sequence":"additional","affiliation":[{"name":"Department of Information Engineering and Computer Science, University of Trento, Trento, Italy"}]},{"given":"Le Minh Sang","family":"Tran","sequence":"additional","affiliation":[{"name":"Security Research Group, University of Trento, Trento, Italy"}]},{"given":"Thein Than","family":"Tun","sequence":"additional","affiliation":[{"name":"Department of Computing, The Open University, Milton Keynes, UK"}]},{"given":"Koen","family":"Yskout","sequence":"additional","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}]},{"given":"Riccardo","family":"Scandariato","sequence":"additional","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}]},{"given":"Frank","family":"Piessens","sequence":"additional","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}]},{"given":"Dries","family":"Vanoverberghe","sequence":"additional","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}]},{"given":"Elizabeta","family":"Fourneret","sequence":"additional","affiliation":[{"name":"SnT Centre, University of Luxembourg, Luxembourg"}]},{"given":"Matthias","family":"Gander","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, University of Innsbruck, Innsbruck, Austria"}]},{"given":"Bj\u00f8rnar","family":"Solhaug","sequence":"additional","affiliation":[{"name":"Information and Communication Technology (ICT), SINTEF, Oslo, Norway"}]},{"given":"Ruth","family":"Breu","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, University of Innsbruck, Innsbruck, Austria"}]}],"member":"2432","reference":[{"key":"ijsse.2014100103-0","doi-asserted-by":"crossref","DOI":"10.6028\/NBS.IR.76-1041","author":"R.Abbott","year":"1976","journal-title":"Security analysis and enhancements of computer operating systems (Tech. Rep.)"},{"key":"ijsse.2014100103-1","doi-asserted-by":"publisher","DOI":"10.1145\/1321631.1321692"},{"key":"ijsse.2014100103-2","unstructured":"Ahmad, A., Jamshidi, P., & Pahl, C. (2012). Pattern-driven reuse in architecture-centric evolution for service software. In 7th international conference on software paradigm trends ICSOFT\u20192012."},{"key":"ijsse.2014100103-3","unstructured":"Alberts, C. J., & Dorofee, A. J. (2001). OCTAVE Criteria (Tech. Rep. No. CMU\/SEI-2001-TR-016). CERT."},{"key":"ijsse.2014100103-4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23798-0_2"},{"key":"ijsse.2014100103-5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45221-8_32"},{"key":"ijsse.2014100103-6","unstructured":"Alienvault. (n.d.). Ossim documentation. http:\/\/www.alienvault.com\/community.php?section= Docs [accessed: January 15, 2013]."},{"key":"ijsse.2014100103-7","first-page":"58","article-title":"Agile security issues: an empirical study.","author":"A.Alnatheer","year":"2010","journal-title":"Proceedings of the 2010 ACM-IEEE international symposium on empirical software engineering and measurement"},{"key":"ijsse.2014100103-8","doi-asserted-by":"publisher","DOI":"10.1145\/168588.168615"},{"key":"ijsse.2014100103-9","doi-asserted-by":"publisher","DOI":"10.1145\/1167515.1167479"},{"key":"ijsse.2014100103-10","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-6423(98)00023-9"},{"key":"ijsse.2014100103-11","article-title":"Multiple Facets for Dynamic Information Flow.","author":"T. H.Austin","year":"2012","journal-title":"Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages"},{"key":"ijsse.2014100103-12","doi-asserted-by":"publisher","DOI":"10.1016\/j.jhazmat.2006.03.049"},{"key":"ijsse.2014100103-13","unstructured":"Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy (Tech. Rep.). Technical report."},{"key":"ijsse.2014100103-14","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1998.738563"},{"key":"ijsse.2014100103-15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-76440-3_10"},{"key":"ijsse.2014100103-16","doi-asserted-by":"publisher","DOI":"10.1007\/11607380_7"},{"key":"ijsse.2014100103-17","doi-asserted-by":"crossref","unstructured":"Baresi, L., Guinea, S., & Plebani, P. (2006b). WS-Policy for service monitoring. Technologies for E-Services, 72\u201383.","DOI":"10.1007\/11607380_7"},{"issue":"6","key":"ijsse.2014100103-18","first-page":"1207","article-title":"Secure information flow by self-composition. Mathematical. Structures in Comp.","volume":"21","author":"G.Barthe","year":"2011","journal-title":"Sci."},{"key":"ijsse.2014100103-19","doi-asserted-by":"publisher","DOI":"10.1145\/775412.775425"},{"key":"ijsse.2014100103-20","doi-asserted-by":"publisher","DOI":"10.1145\/1125808.1125810"},{"key":"ijsse.2014100103-21","author":"L.Bass","year":"2003","journal-title":"Software architecture in practice"},{"key":"ijsse.2014100103-22","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065047"},{"key":"ijsse.2014100103-23","doi-asserted-by":"crossref","unstructured":"Ben-Gal, I. (2007). Bayesian networks. In F. Ruggeri R. S. Kenett, & F. W. Faltin (Eds.), Encyclopedia of statistics in quality and reliability. John Wiley & Sons","DOI":"10.1002\/9780470061572.eqr089"},{"key":"ijsse.2014100103-24","unstructured":"Bencs\u00e1th, B., P\u00e9k, G., Butty\u00e1n, L., & F\u00e9legyh\u00e1zi, M. (2012). Duqu: Analysis, detection, and lessons learned. In ACM European workshop on system security (EUROSEC) (Vol. 2012)."},{"key":"ijsse.2014100103-25","doi-asserted-by":"publisher","DOI":"10.1016\/S0164-1212(03)00080-3"},{"key":"ijsse.2014100103-26","unstructured":"Bergmann, G., Massacci, F., Paci, F., Tun, T. T., Varr\u00f3, D., & Yu, Y. (2011). A tool for managing evolving security requirements. In Caise forum (selected papers) (p. 110-125)."},{"key":"ijsse.2014100103-27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21732-6_12"},{"key":"ijsse.2014100103-28","doi-asserted-by":"crossref","unstructured":"Bergomi, F., Paul, S., Solhaug, B., & Vignon-Davillier, R. (2013). Beyond traceability: Compared approaches to consistent security risk assessments. In Proc. international workshop on security in air traffic management and other critical infrastructures (secatm\u201913). (To appear)","DOI":"10.1109\/ARES.2013.109"},{"key":"ijsse.2014100103-29","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1145\/1216993.1217012","article-title":"A EDOC profile for dependability analysis of real-time embedded systems.","author":"S.Bernardi","year":"2007","journal-title":"Proceedings of the 6th international workshop on software and performance"},{"key":"ijsse.2014100103-30","unstructured":"Binde, B., McRee, R., & O\u2019Connor, T. (2011). Assessing outbound traffic to uncover advanced persistent threat. SANS Institute. Whitepaper."},{"key":"ijsse.2014100103-31","unstructured":"Blobel, B. (2002). Aspects of modeling using the examples of Electronic Health Records (EHRs). In Coras workshop. (Part of International Conference on Telemedicine (ICT2002))"},{"key":"ijsse.2014100103-32","first-page":"235","article-title":"Statistical fraud detection: A review.","author":"R.Bolton","year":"2002","journal-title":"Statistical Science"},{"key":"ijsse.2014100103-33","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2010.05.069"},{"key":"ijsse.2014100103-34","author":"E.Braude","year":"2011","journal-title":"Software engineering: Modern approaches"},{"key":"ijsse.2014100103-35","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2012.05.085"},{"key":"ijsse.2014100103-36","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2011.06.002"},{"issue":"1-2","key":"ijsse.2014100103-37","first-page":"12","article-title":"MoVEing forward: Towards an architecture and processes for a Living Models infrastructure.","volume":"3","author":"M.Breu","year":"2011","journal-title":"International Journal on Advances in Life Sciences"},{"key":"ijsse.2014100103-38","doi-asserted-by":"crossref","unstructured":"Bridging the Gap between Web Application Firewalls and Web Applications. In Proceedings of the 2006 ACM workshop on formal methods in security engineering (pp. 67\u201377).","DOI":"10.1145\/1180337.1180344"},{"key":"ijsse.2014100103-39","doi-asserted-by":"publisher","DOI":"10.1145\/1138670.1138674"},{"key":"ijsse.2014100103-40","article-title":"Integrating access control design into the software development process","author":"G.Brose","year":"2002","journal-title":"Integrated design and process technology"},{"key":"ijsse.2014100103-41","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-008-0073-5"},{"key":"ijsse.2014100103-42","first-page":"2208","article-title":"Type systems","author":"L.Cardelli","year":"1997","journal-title":"The computer science and engineering handbook"},{"key":"ijsse.2014100103-43","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"ijsse.2014100103-44","doi-asserted-by":"publisher","DOI":"10.1109\/MISE.2009.5069890"},{"key":"ijsse.2014100103-45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03359-9_2"},{"key":"ijsse.2014100103-46","doi-asserted-by":"publisher","DOI":"10.1142\/S0218843007001688"},{"key":"ijsse.2014100103-47","author":"E.Cox","year":"1994","journal-title":"The fuzzy systems handbook: A practitioner\u2019s guide to building, using, and maintaining fuzzy systems"},{"key":"ijsse.2014100103-48","doi-asserted-by":"crossref","unstructured":"d\u2019Avila Garcez, A., Russo, A., Nuseibeh, B., & Kramer, J. (2003). Combining adductive reasoning and inductive learning to evolve requirements specifications. In IEEE Proceedings - software (Vol. 150(1), p. 25-38).","DOI":"10.1049\/ip-sen:20030207"},{"issue":"2","key":"ijsse.2014100103-49","first-page":"187","article-title":"A survey of modelling and analysis approaches for architecting secure software systems.","volume":"5","author":"L.Dai","year":"2007","journal-title":"International Journal of Network Security"},{"key":"ijsse.2014100103-50","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382275"},{"key":"ijsse.2014100103-51","author":"B.De Win","year":"2004","journal-title":"Developing secure applications through aspect-oriented programming"},{"key":"ijsse.2014100103-52","first-page":"1","article-title":"On the importance of the separation-of-concerns principle in secure software engineering.","author":"B.De Win","year":"2002","journal-title":"Workshop on the Application of Engineering Principles to System Security Design"},{"key":"ijsse.2014100103-53","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1992.213257"},{"key":"ijsse.2014100103-54","author":"H.Debar","year":"2007","journal-title":"The intrusion detection message exchange format"},{"key":"ijsse.2014100103-55","doi-asserted-by":"crossref","unstructured":"Denning, D. (1987). An intrusion-detection model. Software Engineering, IEEE Transactions on (2), 222\u2013232.","DOI":"10.1109\/TSE.1987.232894"},{"key":"ijsse.2014100103-56","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1145\/1180337.1180344","article-title":"Bridging the gap between web application firewalls and web applications.","author":"L.Desmet","year":"2006","journal-title":"Proceedings of the fourth ACM workshop on Formal methods in security"},{"key":"ijsse.2014100103-57","first-page":"109","article-title":"Noninterference through Secure Multi-Execution.","author":"D.Devriese","year":"2010","journal-title":"Proceedings of the IEEE symposium on security and privacy"},{"key":"ijsse.2014100103-58","unstructured":"Ebios 2010 \u2013 Expression of needs and identification of security objectives [Computer software manual]. (2010). (In French)"},{"key":"ijsse.2014100103-59","unstructured":"EEC. (2006). Methodology report for the 2005\/2012 integrated risk picture for Air Traffic Management in Europe [Computer software manual]. (EEC Technical\/Scientific Report No. 2006-041)"},{"key":"ijsse.2014100103-60","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-009-0090-z"},{"key":"ijsse.2014100103-61","unstructured":"Erlingsson, U. (2004). The inlined reference monitor approach to security policy enforcement (Unpublished doctoral dissertation). Ithaca, NY, USA. (AAI3114521)"},{"key":"ijsse.2014100103-62","doi-asserted-by":"crossref","unstructured":"Erlingsson, U., & Schneider, F. B. (2000). Irm enforcement of java stack inspection. In In IEEE symposium on security and privacy (pp. 246\u2013255).","DOI":"10.1109\/SECPRI.2000.848461"},{"key":"ijsse.2014100103-63","author":"U.Erlingsson","year":"2010","journal-title":"Low-level software security by example"},{"key":"ijsse.2014100103-64","first-page":"15","article-title":"Finding incremental solutions for evolving requirements","author":"N. A.Ernst","year":"2011","journal-title":"Re"},{"key":"ijsse.2014100103-65","doi-asserted-by":"crossref","unstructured":"Erradi, A., Maheshwari, P., & Tosic, V. (2007). WS-Policy based monitoring of composite web services.","DOI":"10.1109\/ECOWS.2007.31"},{"key":"ijsse.2014100103-66","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2003.12.016"},{"key":"ijsse.2014100103-67","doi-asserted-by":"publisher","DOI":"10.1109\/ICSEA.2007.24"},{"key":"ijsse.2014100103-68","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19125-1_14"},{"key":"ijsse.2014100103-69","unstructured":"Felderer, M., Agreiter, B., Zech, P., & Breu, R. (2011). A classification for model-based security testing. In The third international conference on advances in system testing and validation lifecycle (VALID 2011) (pp. 109\u2013114)."},{"key":"ijsse.2014100103-70","unstructured":"Felderer, M., Kalb, P., Agreiter, B., Breu, R., Buyens, K., Farwick, M., Yskout, K. (2011). Survey on state of the art time awareness and management (Tech. Rep.). Deliverable 1.2 of the EternalS Coordination Action (FP7-247758)."},{"key":"ijsse.2014100103-71","unstructured":"Felici, M. (2004). Observational models of requirements evolution (Unpublished doctoral dissertation). University of Edinburgh."},{"key":"ijsse.2014100103-72","unstructured":"Ferguson, N., & Schneier, B. (2003). A cryptographic evaluation of IPSEC (Tech. Rep.). Counterpane Internet Security, Inc. Retrieved from http:\/\/www.schneier .com\/paper-ipsec.html"},{"key":"ijsse.2014100103-73","unstructured":"FindBugs. (n.d.). Find Bugs in Java Programs. (http:\/\/findbugs.sourceforge.net\/ [accessed: January 15, 2013])"},{"key":"ijsse.2014100103-74","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2011.95"},{"key":"ijsse.2014100103-75","doi-asserted-by":"crossref","unstructured":"France, R. B., & Bieman, J. M. (2001). Multi-view software evolution: A EDOC-based framework for evolving object-oriented software. In ICSM.","DOI":"10.1109\/ICSM.2001.972751"},{"key":"ijsse.2014100103-76","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2011.6051659"},{"key":"ijsse.2014100103-77","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34781-8_14"},{"key":"ijsse.2014100103-78","article-title":"Towards a model- and learning-based framework for security anomaly detection","author":"M.Gander","year":"2011","journal-title":"Formal methods for components and objects (FMCO) 2011"},{"key":"ijsse.2014100103-79","first-page":"1","article-title":"On scada control system command and response injection and intrusion detection","author":"W.Gao","year":"2010","journal-title":"ECRIME researchers summit"},{"key":"ijsse.2014100103-80","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"ijsse.2014100103-81","doi-asserted-by":"publisher","DOI":"10.1109\/WICSA.2009.5290799"},{"key":"ijsse.2014100103-82","doi-asserted-by":"crossref","unstructured":"Garlan, D., Barnes, J. M., Schmerl, B. R., & Celiku, O. (2009b). Evolution styles: Foundations and tool support for software architecture evolution. In Joint working IEEE\/IFIP conference on software architecture and european conference on software architecture (WICSA\/ECSA 2009) (p. 131-140). IEEE Computer Society.","DOI":"10.1109\/WICSA.2009.5290799"},{"key":"ijsse.2014100103-83","first-page":"107","article-title":"An aspect-based approach to modeling security concerns","author":"G.Georg","year":"2002","journal-title":"Critical systems development with EDOC"},{"key":"ijsse.2014100103-84","first-page":"35","article-title":"Creating security mechanism aspect models from abstract security aspect models","author":"G.Georg","year":"2003","journal-title":"Critical systems development with UML"},{"key":"ijsse.2014100103-85","doi-asserted-by":"publisher","DOI":"10.1109\/TAI.1999.809769"},{"key":"ijsse.2014100103-86","doi-asserted-by":"publisher","DOI":"10.1109\/IWSSD.2000.891138"},{"key":"ijsse.2014100103-87","unstructured":"Giblin, C., Liu, A., M\u00fcller, S., Pfitzmann, B., Zhou, X., & Building, H. (2005). Regulations expressed as logical models (REALM). In Legal knowledge and information systems: Jurix 2005: the eighteenth annual conference (p. 37)."},{"key":"ijsse.2014100103-88","doi-asserted-by":"crossref","unstructured":"Giorgini, P., Massacci, F., & Zannone, N. (2005). Security and trust requirements engineering., 237-272.","DOI":"10.1007\/11554578_8"},{"key":"ijsse.2014100103-89","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2007.11.003"},{"key":"ijsse.2014100103-90","first-page":"139","article-title":"Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection.","author":"G.Gu","year":"2008","journal-title":"Proceedings of the 17th conference on security symposium"},{"key":"ijsse.2014100103-91","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2007.114"},{"key":"ijsse.2014100103-92","doi-asserted-by":"publisher","DOI":"10.1002\/spe.880"},{"key":"ijsse.2014100103-93","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70754"},{"key":"ijsse.2014100103-94","article-title":"A Classification of SQL-Injection Attacks and Countermeasures.","author":"W. G.Halfond","year":"2006","journal-title":"Proceedings of the IEEE international symposium on secure software engineering"},{"key":"ijsse.2014100103-95","doi-asserted-by":"crossref","unstructured":"Hamlen, K. W., Morrisett, G., & Schneider, F. B. (2006). Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst., 28(1), 175\u2013205. Hassine, J., Rilling, J., Hewitt, J., & Dssouli, R. (2005). Change impact analysis for requirement evolution using use case maps. In IWPSE \u201905.","DOI":"10.1145\/1111596.1111601"},{"key":"ijsse.2014100103-96","unstructured":"Hawkins, J., & Fernandez, E. (1997). Extending use cases and interaction diagrams to develop distributed system architecture requirements (Tech. Rep. No. TR-CSE-97-47). Department of Computer Science & Engineering, Florida Atlantic University."},{"key":"ijsse.2014100103-97","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2011.6051653"},{"key":"ijsse.2014100103-98","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0053588"},{"key":"ijsse.2014100103-99","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-39650-5_14"},{"key":"ijsse.2014100103-100","unstructured":"Hernan, S., Lambert, S., Ostwald, T., & Shostack, A. (2006). Threat modeling \u2013 uncover security design flaws using the STRIDE approach."},{"key":"ijsse.2014100103-101","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13094-6_9"},{"key":"ijsse.2014100103-102","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.06.066"},{"key":"ijsse.2014100103-103","first-page":"95","article-title":"Towards a UML profile for model-based risk assessment of security critical systems","author":"S.Houmb","year":"2003","journal-title":"Critical systems development with UML"},{"key":"ijsse.2014100103-104","author":"M.Howard","year":"2001","journal-title":"Writing secure code"},{"key":"ijsse.2014100103-105","unstructured":"Howard, R. A. (1971). Dynamic probabilistic systems, volume i: Markov models. John Wiley & Sons."},{"key":"ijsse.2014100103-106","doi-asserted-by":"publisher","DOI":"10.1287\/deca.1050.0020"},{"key":"ijsse.2014100103-107","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351719"},{"key":"ijsse.2014100103-108","unstructured":"IEC 60300-9 Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems - Event Tree Analysis (ETA) [Computer software manual]. (1995)."},{"key":"ijsse.2014100103-109","unstructured":"IEC 61025 Fault Tree Analysis (FTA) [Computer software manual]. (1990)."},{"key":"ijsse.2014100103-110","unstructured":"IEC 61165 application of Markov techniques [Computer software manual]. (1995)."},{"key":"ijsse.2014100103-111","year":"1990","journal-title":"Standard Glossary of Software Engineering Terminology"},{"key":"ijsse.2014100103-112","unstructured":"ISO\/IEC 27001 \u2013 Information technology \u2013 Security techniques \u2013 Information security management systems \u2013 Requirements [Computer software manual]. (2005)."},{"key":"ijsse.2014100103-113","unstructured":"ISO\/IEC 27005 \u2013 Information technology \u2013 Security techniques \u2013 Information security risk management [Computer software manual]. (2011)."},{"key":"ijsse.2014100103-114","unstructured":"ISO 31000 \u2013 risk management \u2013 Principles and guidelines [Computer software manual]. (2009)."},{"key":"ijsse.2014100103-115","unstructured":"ISO\/IEC\/IEEE 42010 \u2013 systems and software engineering \u2013 architecture description [Computer software manual]. (2011)."},{"key":"ijsse.2014100103-116","author":"M.Jackson","year":"2001","journal-title":"Problem frames: Analyzing and structuring software development problems"},{"key":"ijsse.2014100103-117","doi-asserted-by":"publisher","DOI":"10.1109\/SEFM.2005.39"},{"key":"ijsse.2014100103-118","doi-asserted-by":"crossref","unstructured":"Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., & Piessens, F. (2011). Verifast: A powerful, sound, predictable, fast verifier for C and Java. NASA Formal Methods, 41\u201355.","DOI":"10.1007\/978-3-642-20398-5_4"},{"key":"ijsse.2014100103-119","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-17164-2_21"},{"key":"ijsse.2014100103-120","doi-asserted-by":"crossref","unstructured":"Jin, H., Sun, J., Chen, H., & Han, Z. (2004). A fuzzy data mining based intrusion detection model. In Distributed computing systems, 2004. FTDFC 2004. Proceedings. 10th IEEE international workshop on future trends of (pp. 191\u2013197).","DOI":"10.1109\/FTDCS.2004.1316613"},{"key":"ijsse.2014100103-121","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-007-0076-7"},{"key":"ijsse.2014100103-122","author":"K.Julisch","year":"2003","journal-title":"Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security (TISSEC), 6(4), 471. J\u00fcrjens, J. (2005). Secure systems development with UML"},{"key":"ijsse.2014100103-123","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21470-7_5"},{"key":"ijsse.2014100103-124","doi-asserted-by":"crossref","unstructured":"Kassios, I. T. (2006). Dynamic frames: Support for framing, dependencies and sharing without restrictions. In Fm (p. 268-283).","DOI":"10.1007\/11813040_19"},{"key":"ijsse.2014100103-125","unstructured":"Katta, V., & St\u00e5lhane, T. (2011). A conceptual model of traceability for safety systems. Poster session at 2nd International Conference on Complex Systems Design & Management (CSD&M\u201911)."},{"key":"ijsse.2014100103-126","unstructured":"Khan, S., Greenwood, P., Garcia, A., & Rashid, A. (2008). On the Impact of Evolving Requirements-Architecture Dependencies: An Exploratory Study. In advanced information systems engineering: 20th international conference, CAISE 2008 Montpellier, France, June 18-20, 2008, Proceedings (p. 243)."},{"key":"ijsse.2014100103-127","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45337-7_18"},{"key":"ijsse.2014100103-128","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24721-0_13"},{"key":"ijsse.2014100103-129","doi-asserted-by":"crossref","unstructured":"Kissel, R., Stine, K., Scholl, M., Rossman, H., Fahlsing, J., & Gulick, J. (2008). Security considerations in the system development lifecycle [Computer software manual]. (NIST Special Publication 800-64 Revision 2)","DOI":"10.6028\/NIST.SP.800-64r2"},{"key":"ijsse.2014100103-130","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2004.03.012"},{"key":"ijsse.2014100103-131","doi-asserted-by":"publisher","DOI":"10.1145\/373256.373280"},{"key":"ijsse.2014100103-132","doi-asserted-by":"crossref","first-page":"805","DOI":"10.1145\/1176617.1176727","article-title":"Towards agile security in web applications.","author":"V.Kongsli","year":"2006","journal-title":"Companion to the 21st ACM sigplan symposium on object-oriented programming systems, languages, and applications"},{"key":"ijsse.2014100103-133","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMP.2010.13"},{"key":"ijsse.2014100103-134","unstructured":"Krautsevich, L., Lazouski, A., Martinelli, F., & Yautsiukhin, A. (2011). Cost-effective enforcement of UCONApolicies. In Proceedings of the 6th international conference on risks and security of internet and systems (crisis\u201911) (pp. 1\u20138). IEEE Computer Press."},{"key":"ijsse.2014100103-135","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Mutz, D., Robertson, W., & Valeur, F. (2003 Bayesian event classification for intrusion detection. In Computer security applications conference, 2003. Proceedings. 19th annual (p. 14-23). Published by the IEEE Computer Society","DOI":"10.1109\/CSAC.2003.1254306"},{"key":"ijsse.2014100103-136","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1145\/948109.948144","article-title":"Anomaly detection of web-based attacks.","author":"C.Kruegel","year":"2003","journal-title":"Proceedings of the 10th ACM conference on computer and communications security"},{"key":"ijsse.2014100103-137","doi-asserted-by":"publisher","DOI":"10.1109\/CSMR.1998.665774"},{"key":"ijsse.2014100103-138","first-page":"259","article-title":"A taxonomy of computer program security flaws, with examples. ACM Computing Surveys, 26(3), 211\u2013255. Leangsuksun, C., Song, H., & Shen, L. (2003). Reliability modeling using UML.","volume":"2003","author":"C.Landwehr","year":"1994","journal-title":"Software Engineering Research and Practice"},{"key":"ijsse.2014100103-139","unstructured":"Lee, W., & Xiang, D. (2001). Information-theoretic measures for anomaly detection. In Security and privacy, 2001. S&P 2001. Proceedings. 2001 IEEE symposium on (pp. 130\u2013143)."},{"key":"ijsse.2014100103-140","doi-asserted-by":"publisher","DOI":"10.1016\/0164-1212(79)90022-0"},{"key":"ijsse.2014100103-141","doi-asserted-by":"publisher","DOI":"10.1109\/MS.1998.646878"},{"key":"ijsse.2014100103-142","doi-asserted-by":"crossref","unstructured":"Leitner, P., Michlmayr, A., Rosenberg, F., & Dustdar, S. (2010). Monitoring, Prediction and Prevention of SLA Violations in Composite Services. In IEEE international conference on web services (ICWS 2010) (pp. 369\u2013376).","DOI":"10.1109\/ICWS.2010.21"},{"key":"ijsse.2014100103-143","doi-asserted-by":"publisher","DOI":"10.1145\/1029894.1029905"},{"key":"ijsse.2014100103-144","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.1989.65194"},{"key":"ijsse.2014100103-145","first-page":"333","article-title":"Unsupervised anomaly detection in network intrusion detection using clusters.","author":"K.Leung","year":"2005","journal-title":"Proceedings of the twenty-eighth australasian conference on computer science-volume 38"},{"key":"ijsse.2014100103-146","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSACW.2010.98"},{"key":"ijsse.2014100103-147","doi-asserted-by":"publisher","DOI":"10.1109\/MESOCA.2011.6049035"},{"key":"ijsse.2014100103-148","unstructured":"Ligaarden, O. S., Refsdal, A., & St\u00f8len, K. (2012a). Designing indicators to monitor the fulfillment of business objectives with particular focus on quality and ICT-supported monitoring of indicators. International Journal On Advances in Intelligent Systems, 5(1-2)."},{"key":"ijsse.2014100103-149","first-page":"256","author":"O. S.Ligaarden","year":"2012","journal-title":"It security governance innovations: Theory and research"},{"key":"ijsse.2014100103-150","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-004-0046-8"},{"key":"ijsse.2014100103-151","unstructured":"Lin, L., Nuseibeh, B., Ince, D., & Jackson, M. (2004). Using abuse frames to bound the scope of security problems. In 12th IEEE international requirements engineering conference (RE\u201904) (pp. 354\u2013355). IEEE Computer Society."},{"issue":"6","key":"ijsse.2014100103-152","first-page":"573","article-title":"The impact of requirements changes on specifications and state machines.","volume":"39","author":"L.Lin","year":"2009","journal-title":"SP&E"},{"key":"ijsse.2014100103-153","doi-asserted-by":"crossref","unstructured":"Liu, L., Yu, E., & Mylopoulos, J. (2003). Security and privacy requirements analysis within a social setting. RE 2003, 3, 151\u2013161.","DOI":"10.1109\/ICRE.2003.1232746"},{"key":"ijsse.2014100103-154","doi-asserted-by":"crossref","unstructured":"Luckham, D. (2008). The power of events: an introduction to complex event processing in distributed enterprise systems. Rule Representation, Interchange and Reasoning on the Web, 3\u20133.","DOI":"10.1007\/978-3-540-88808-6_2"},{"key":"ijsse.2014100103-155","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2010.134"},{"key":"ijsse.2014100103-156","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8"},{"key":"ijsse.2014100103-157","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23082-0_9"},{"key":"ijsse.2014100103-158","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(93)90029-5"},{"issue":"3","key":"ijsse.2014100103-159","first-page":"371","article-title":"An attack surface metric. Software Engineering","volume":"37","author":"P.Manadhata","year":"2011","journal-title":"IEEE Transactions on"},{"key":"ijsse.2014100103-160","volume":"Vol. 1","author":"S.Mannan","year":"2005","journal-title":"Lees\u2019 loss prevention in the process industries. Hazard identification, assessment and control"},{"key":"ijsse.2014100103-161","first-page":"88","article-title":"On the composition of secure systems","author":"H.Mantel","year":"2002","journal-title":"IEEE symposium on security and privacy"},{"key":"ijsse.2014100103-162","doi-asserted-by":"crossref","unstructured":"Massacci, F., Mylopoulos, J., Paci, F., Tun, T. T., & Yu, Y. (2011). An extended ontology for security requirements. In CAISE workshops (p. 622-636).","DOI":"10.1007\/978-3-642-22056-2_64"},{"key":"ijsse.2014100103-163","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-05183-8_6"},{"key":"ijsse.2014100103-164","unstructured":"McVeigh, A. (2009). A rigorous, architectural approach to extensible applications (Unpublished doctoral dissertation). Imperial College London."},{"key":"ijsse.2014100103-165","doi-asserted-by":"publisher","DOI":"10.1145\/1082983.1083214"},{"key":"ijsse.2014100103-166","unstructured":"Mehta, D. M. (2007). Effective software security management. OWASP. Retrieved from https:\/\/ www.owasp.org\/images\/2\/28\/Effective _Software_Security_Management.pdf"},{"key":"ijsse.2014100103-167","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2008.03.004"},{"key":"ijsse.2014100103-168","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-76440-3"},{"key":"ijsse.2014100103-169","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2010.136"},{"key":"ijsse.2014100103-170","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2009.22"},{"key":"ijsse.2014100103-171","doi-asserted-by":"publisher","DOI":"10.1145\/2024445.2024467"},{"key":"ijsse.2014100103-172","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45017-3_7"},{"key":"ijsse.2014100103-173","doi-asserted-by":"publisher","DOI":"10.1002\/int.20432"},{"key":"ijsse.2014100103-174","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2002.1007774"},{"key":"ijsse.2014100103-175","doi-asserted-by":"publisher","DOI":"10.1109\/SOCA.2009.5410273"},{"key":"ijsse.2014100103-176","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"ijsse.2014100103-177","first-page":"75","article-title":"Security patterns: Comparing modeling approaches","author":"A.Nhlabatsi","year":"2010","journal-title":"Software engineering for secure systems: Industrial and research perspectives"},{"key":"ijsse.2014100103-178","doi-asserted-by":"publisher","DOI":"10.4018\/jsse.2010102004"},{"key":"ijsse.2014100103-179","doi-asserted-by":"publisher","DOI":"10.1145\/586143.586144"},{"key":"ijsse.2014100103-180","doi-asserted-by":"publisher","DOI":"10.1145\/1029208.1029225"},{"key":"ijsse.2014100103-181","doi-asserted-by":"crossref","unstructured":"Ochoa, M., J\u00fcrjens, J., & Cu\u00e9llar, J. (2012). Non- interference on UML Statecharts. In 50th international conference on objects, models, components, patterns (TOOLS Europe 2012). Springer.","DOI":"10.1007\/978-3-642-30561-0_16"},{"key":"ijsse.2014100103-182","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28166-2_10"},{"key":"ijsse.2014100103-183","doi-asserted-by":"crossref","unstructured":"Oldmeadow, J., Ravinutala, S., & Leckie, C. (2004). Adaptive clustering for network intrusion detection. Advances in Knowledge Discovery and Data Mining, 255\u2013259.","DOI":"10.1007\/978-3-540-24775-3_33"},{"key":"ijsse.2014100103-184","unstructured":"Ou, X., Govindavajhala, S., & Appel, A. (2005). Mulval: A logic-based network security analyzer. In 14th usenix security symposium (pp. 1\u201316)."},{"key":"ijsse.2014100103-185","doi-asserted-by":"publisher","DOI":"10.1145\/361598.361623"},{"key":"ijsse.2014100103-186","unstructured":"Paul, S., & Delande, O. (2011). Integrability of design modelling solution. SecureChange FP7 project deliverable D4.4b."},{"key":"ijsse.2014100103-187","doi-asserted-by":"publisher","DOI":"10.1201\/EBK1439839560"},{"key":"ijsse.2014100103-188","doi-asserted-by":"crossref","unstructured":"Penninckx, W., M\u00fchlberg, J. T., Smans, J., Jacobs, B., & Piessens, F. (2012). Sound formal verification of linux\u2019s usb bp keyboard driver. In Nasa formal methods (p. 210-215).","DOI":"10.1007\/978-3-642-28891-3_21"},{"key":"ijsse.2014100103-189","doi-asserted-by":"publisher","DOI":"10.1145\/310889.310919"},{"key":"ijsse.2014100103-190","first-page":"1","article-title":"A Comprehensive Survey of Data Mining-based Fraud Detection Research.","author":"C.Phua","year":"2005","journal-title":"Artificial Intelligence Review"},{"key":"ijsse.2014100103-191","author":"B. C.Pierce","year":"2002","journal-title":"Types and programming languages"},{"key":"ijsse.2014100103-192","doi-asserted-by":"publisher","DOI":"10.1145\/596980.596983"},{"key":"ijsse.2014100103-193","unstructured":"Project PROTEUS. (June 1996). Deliverable 1.3: Meeting the challenge of changing requirements (Tech. Rep.). Centre for Software Reliability, University of Newcastle upon Tyne."},{"key":"ijsse.2014100103-194","doi-asserted-by":"publisher","DOI":"10.1007\/BF00116251"},{"key":"ijsse.2014100103-195","unstructured":"Quinlan, J. R. (1996). Bagging, boosting, and c4. 5. In Aaai\/iaai, vol. 1 (pp. 725\u2013730)."},{"key":"ijsse.2014100103-196","article-title":"An aspect-based approach to modeling access control concerns.","author":"I.Ray","year":"2003","journal-title":"Information and Software Technology"},{"key":"ijsse.2014100103-197","doi-asserted-by":"publisher","DOI":"10.1109\/WICSA-ECSA.212.29"},{"key":"ijsse.2014100103-198","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02056-8_14"},{"key":"ijsse.2014100103-199","article-title":"A secure software architecture description language.","author":"J.Ren","year":"2005","journal-title":"Workshop on software security assurance tools, techniques, and metrics"},{"key":"ijsse.2014100103-200","doi-asserted-by":"publisher","DOI":"10.1109\/LICS.2002.1029817"},{"key":"ijsse.2014100103-201","author":"R. M.Robinson","year":"2007","journal-title":"Risk and reliability \u2013 an introductory text"},{"key":"ijsse.2014100103-202","doi-asserted-by":"crossref","unstructured":"Roschke, S., Cheng, F., & Meinel, C. (2011). A new alert correlation algorithm based on attack graph. Computational Intelligence in Security for Information Systems, 58\u201367.","DOI":"10.1007\/978-3-642-21323-6_8"},{"key":"ijsse.2014100103-203","doi-asserted-by":"publisher","DOI":"10.1145\/367008.367020"},{"key":"ijsse.2014100103-204","author":"N.Rozanski","year":"2005","journal-title":"Software systems architecture: Working with stakeholders using viewpoints and perspectives"},{"key":"ijsse.2014100103-205","doi-asserted-by":"crossref","unstructured":"Ruhroth, T., & J\u00fcrjens, J. (2012). Supporting security assurance in the context of evolution: Modular modeling and analysis with UMLSEC. In 16th IEEE international symposium on high assurance systems engineering (HASE 2012). IEEE.","DOI":"10.1109\/HASE.2012.35"},{"key":"ijsse.2014100103-206","doi-asserted-by":"publisher","DOI":"10.1049\/ip-sen:19990156"},{"key":"ijsse.2014100103-207","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"ijsse.2014100103-208","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2010.21"},{"key":"ijsse.2014100103-209","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15114-9_13"},{"key":"ijsse.2014100103-210","article-title":"Model-based security testing.","author":"I.Schieferdecker","year":"2012","journal-title":"Proceedings 7th workshop on model-based testing"},{"key":"ijsse.2014100103-211","doi-asserted-by":"crossref","unstructured":"Schmidt, D. C. (2006). Model-Driven Engineering. IEEE Computer, 39(2).","DOI":"10.1109\/MC.2006.58"},{"key":"ijsse.2014100103-212","doi-asserted-by":"crossref","unstructured":"Schneider, F., Morrisett, G., & Harper, R. (2001). A language-based approach to security. Informatics \u2013 10 Years Back. 10 Years Ahead, 2000, 86\u2013101.","DOI":"10.1007\/3-540-44577-3_6"},{"key":"ijsse.2014100103-213","first-page":"21","article-title":"Attack trees: Modeling security threats.","volume":"24","author":"S.Schneider","year":"1999","journal-title":"Dr. Dobb\u2019s J."},{"key":"ijsse.2014100103-214","first-page":"58","article-title":"Computer intrusion: Detecting masquerades.","author":"M.Schonlau","year":"2001","journal-title":"Statistical Science"},{"key":"ijsse.2014100103-215","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)01009-X"},{"key":"ijsse.2014100103-216","unstructured":"SecureChange, W. P (2012). Deliverable 7.4: Results of test campaign on case studies. (SecureChange (EU ICT-FET-231101) [accessed: January 15, 2013])"},{"key":"ijsse.2014100103-217","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32498-7_43"},{"key":"ijsse.2014100103-218","unstructured":"Siemens. (n.d.). CRAMM \u2013 The total information security toolkit. http:\/\/www.cramm.com\/ [accessed: January 15, 2013]."},{"key":"ijsse.2014100103-219","doi-asserted-by":"publisher","DOI":"10.1109\/TOOLS.2000.891363"},{"key":"ijsse.2014100103-220","doi-asserted-by":"publisher","DOI":"10.5381\/jot.2006.5.3.a2"},{"key":"ijsse.2014100103-221","doi-asserted-by":"crossref","unstructured":"Smans, J., Jacobs, B., & Piessens, F. (2009). Implicit dynamic frames: Combining dynamic frames and separation logic. In ECOOP (p. 148-172).","DOI":"10.1007\/978-3-642-03013-0_8"},{"key":"ijsse.2014100103-222","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-013-0179-6"},{"issue":"1","key":"ijsse.2014100103-223","first-page":"54","article-title":"Targeted cyberattacks: A superset of advanced persistent threats.","volume":"11","author":"A.Sood","year":"2013","journal-title":"IEEE Security and Privacy"},{"key":"ijsse.2014100103-224","unstructured":"Souza, V. E. S., Lapouchnian, A., & Mylopoulos, J. (2011). System identification for adaptive software systems: a requirements engineering perspective. In 30th International conference on conceptual modeling (pp. 346\u2013361). Springer."},{"key":"ijsse.2014100103-225","doi-asserted-by":"publisher","DOI":"10.1002\/(SICI)1096-908X(199909\/10)11:5<293::AID-SMR198>3.0.CO;2-R"},{"key":"ijsse.2014100103-226","doi-asserted-by":"publisher","DOI":"10.1147\/sj.132.0115"},{"key":"ijsse.2014100103-227","doi-asserted-by":"publisher","DOI":"10.1145\/503271.503224"},{"key":"ijsse.2014100103-228","doi-asserted-by":"crossref","DOI":"10.1109\/WICSA-ECSA.212.31","article-title":"Modelling architectural decisions under changing requirements","author":"M.Szlenk","year":"2012","journal-title":"Joint conference on software architecture & european conference on software architecture"},{"key":"ijsse.2014100103-229","unstructured":"Szyperski, C. A. (1998). Component software - beyond object-oriented programming. Addison-Wesley-Longman."},{"key":"ijsse.2014100103-230","unstructured":"Tamzalit, D., & Mens, T. (2010). Guiding architectural re-structuring through architectural styles. In R. Sterritt, B. Eames, & J. Sprinkle (Eds.), International conference and workshops on the engineering of computer-based systems (ECBS 2010) (p. 69-78). IEEE Computer Society."},{"key":"ijsse.2014100103-231","author":"R. N.Taylor","year":"2010","journal-title":"Software architecture foundations, theory, and practice"},{"key":"ijsse.2014100103-232","unstructured":"The Open Web Application Security Project. (2011). Owasp website. http:\/\/www.owasp.org. [accessed, January 15, 2013]"},{"key":"ijsse.2014100103-233","unstructured":"The security risk management guide [Computer software manual]. (2006)."},{"key":"ijsse.2014100103-234","unstructured":"Tian-yang, G., Yin-sheng, S., & You-yuan, F. (2010). Research on software security testing. World Academy of Science, Engineering and Technology, 70."},{"key":"ijsse.2014100103-235","unstructured":"Tierney, B., Aydt, R., Gunter, D., Smith, W., Swany, M., Taylor, V., & Wolski, R. (2002). A grid monitoring architecture. In The global grid forum gwd-gp-16-2."},{"key":"ijsse.2014100103-236","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21640-4_7"},{"key":"ijsse.2014100103-237","unstructured":"Trend Micro, I. (n.d.). Ossec documentation. (http:\/\/www.ossec.net\/ [accessed: January 15, 2013])"},{"key":"ijsse.2014100103-238","unstructured":"Trojer, T., Breu, M., & L\u00f6w, S. (2010). Change-driven model evolution for living models. In 3rd workshop model-driven tool and process integration (MDTPI), ECMFA 2010. Paris, France."},{"key":"ijsse.2014100103-239","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2008.09.040"},{"key":"ijsse.2014100103-240","first-page":"1105","article-title":"The prom framework: A new era in process mining tool support.","volume":"2005","author":"B.van Dongen","year":"2005","journal-title":"Applications and Theory of Petri Nets"},{"key":"ijsse.2014100103-241","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-39800-4_2"},{"key":"ijsse.2014100103-242","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2004.1317437"},{"key":"ijsse.2014100103-243","author":"A.van Lamsweerde","year":"2009","journal-title":"Requirements Engineering: From System Goals to UML Models to Software Specifications"},{"key":"ijsse.2014100103-244","doi-asserted-by":"publisher","DOI":"10.1109\/32.879820"},{"key":"ijsse.2014100103-245","doi-asserted-by":"publisher","DOI":"10.1002\/j.2334-5837.2008.tb00857.x"},{"key":"ijsse.2014100103-246","doi-asserted-by":"crossref","unstructured":"Volpano, D., Irvine, C., & Smith, G. (1996). A sound type system for secure flow analysis. J. Computer. Security (2-3), 167\u2013187.","DOI":"10.3233\/JCS-1996-42-304"},{"key":"ijsse.2014100103-247","doi-asserted-by":"publisher","DOI":"10.1145\/325694.325728"},{"key":"ijsse.2014100103-248","doi-asserted-by":"publisher","DOI":"10.1145\/777313.777315"},{"issue":"2-3","key":"ijsse.2014100103-249","first-page":"375","article-title":"Fault-based conformance testing in practice.","volume":"3","author":"M.Weiglhofer","year":"2009","journal-title":"International Journal of Software and Informatics"},{"key":"ijsse.2014100103-250","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-59904-147-6.ch006"},{"key":"ijsse.2014100103-251","doi-asserted-by":"publisher","DOI":"10.1109\/EDOC.2009.18"},{"key":"ijsse.2014100103-252","unstructured":"Wheeler, D. A. (n.d.). The Flawfinder homepage. http:\/\/www.dwheeler.com\/flawfinder\/ [accessed: January 15, 2013]"},{"key":"ijsse.2014100103-253","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2009.07.002"},{"key":"ijsse.2014100103-254","unstructured":"Win, B. D. (2004). Engineering application-level security through aspect-oriented software development (Unpublished doctoral dissertation)."},{"key":"ijsse.2014100103-255","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2002.1017701"},{"issue":"1","key":"ijsse.2014100103-256","first-page":"121","article-title":"Regression testing minimisation, selection and prioritisation: A survey.","volume":"1","author":"S.Yoo","year":"2010","journal-title":"Software Testing, Verification, and Reliability"},{"key":"ijsse.2014100103-257","doi-asserted-by":"publisher","DOI":"10.2201\/NiiPi.2008.5.5"},{"key":"ijsse.2014100103-258","doi-asserted-by":"publisher","DOI":"10.1145\/2187671.2187679"},{"key":"ijsse.2014100103-259","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28033-7_3"},{"key":"ijsse.2014100103-260","first-page":"1","article-title":"Change patterns.","author":"K.Yskout","year":"2012","journal-title":"Software & Systems Modeling"},{"key":"ijsse.2014100103-261","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227155"},{"key":"ijsse.2014100103-262","doi-asserted-by":"publisher","DOI":"10.1016\/S0019-9958(65)90241-X"},{"key":"ijsse.2014100103-263","unstructured":"Zargar, S., Takabi, H., & Joshi, J. (2011). Dcdidp: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In Collaborative computing: Networking, applications and worksharing (collaboratecom), 2011 7th international conference on (pp. 332\u2013341)."},{"key":"ijsse.2014100103-264","doi-asserted-by":"publisher","DOI":"10.1109\/ISRE.1997.566875"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=121682","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T14:50:44Z","timestamp":1747407044000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijsse.2014100103"}},"subtitle":["A State of the Art Survey"],"short-title":[],"issued":{"date-parts":[[2014,10]]},"references-count":265,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2014100103","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,10]]}}}