{"id":"https://openalex.org/W7147273693","doi":"https://doi.org/10.1109/access.2026.3679628","title":"A First Principles Review of a Novel De Facto Preventive Cybersecurity Strategy","display_name":"A First Principles Review of a Novel De Facto Preventive Cybersecurity Strategy","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7147273693","doi":"https://doi.org/10.1109/access.2026.3679628"},"language":"en","primary_location":{"id":"doi:10.1109/access.2026.3679628","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3679628","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2026.3679628","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5064790035","display_name":"Fazal Raheman","orcid":"https://orcid.org/0000-0002-7766-6949"},"institutions":[{"id":"https://openalex.org/I111112146","display_name":"Tallinn University of Technology","ror":"https://ror.org/0443cwa12","country_code":"EE","type":"education","lineage":["https://openalex.org/I111112146"]}],"countries":["EE"],"is_corresponding":false,"raw_author_name":"Fazal Raheman","raw_affiliation_strings":["Qloud Technologies Ltd., Tallinn, Estonia"],"raw_orcid":"https://orcid.org/0000-0002-7766-6949","affiliations":[{"raw_affiliation_string":"Qloud Technologies Ltd., Tallinn, Estonia","institution_ids":["https://openalex.org/I111112146"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075204257","display_name":"Tejas Bhagat","orcid":null},"institutions":[{"id":"https://openalex.org/I111112146","display_name":"Tallinn University of Technology","ror":"https://ror.org/0443cwa12","country_code":"EE","type":"education","lineage":["https://openalex.org/I111112146"]}],"countries":["EE"],"is_corresponding":false,"raw_author_name":"Tejas Bhagat","raw_affiliation_strings":["Qloud Technologies Ltd., Tallinn, Estonia"],"raw_orcid":"https://orcid.org/0000-0001-7364-6361","affiliations":[{"raw_affiliation_string":"Qloud Technologies Ltd., Tallinn, Estonia","institution_ids":["https://openalex.org/I111112146"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056688401","display_name":"Panayiotis Kotzanikolaou","orcid":"https://orcid.org/0000-0002-8771-9020"},"institutions":[{"id":"https://openalex.org/I154757721","display_name":"University of Piraeus","ror":"https://ror.org/02qs84g94","country_code":"GR","type":"education","lineage":["https://openalex.org/I154757721"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Panayiotis Kotzanikolaou","raw_affiliation_strings":["Department of Informatics, University of Piraeus, Piraeus, Greece"],"raw_orcid":"https://orcid.org/0000-0002-8771-9020","affiliations":[{"raw_affiliation_string":"Department of Informatics, University of Piraeus, Piraeus, Greece","institution_ids":["https://openalex.org/I154757721"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044800366","display_name":"Javier Guti\u00e9rrez Meana","orcid":null},"institutions":[{"id":"https://openalex.org/I165339363","display_name":"Universidad de Oviedo","ror":"https://ror.org/006gksa02","country_code":"ES","type":"education","lineage":["https://openalex.org/I165339363"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Javier Guti\u00e9rrez Meana","raw_affiliation_strings":["Tree Technology SA, Oviedo, Spain"],"raw_orcid":"https://orcid.org/0009-0008-1091-1736","affiliations":[{"raw_affiliation_string":"Tree Technology SA, Oviedo, Spain","institution_ids":["https://openalex.org/I165339363"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132665666","display_name":"Alfredo Cuzzocrea","orcid":null},"institutions":[{"id":"https://openalex.org/I45204951","display_name":"University of Calabria","ror":"https://ror.org/02rc97e94","country_code":"IT","type":"education","lineage":["https://openalex.org/I45204951"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Alfredo Cuzzocrea","raw_affiliation_strings":["IDEA Lab, University of Calabria, Rende, Italy"],"raw_orcid":"https://orcid.org/0000-0002-7104-6415","affiliations":[{"raw_affiliation_string":"IDEA Lab, University of Calabria, Rende, Italy","institution_ids":["https://openalex.org/I45204951"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034749954","display_name":"Vincent Lefebvre","orcid":"https://orcid.org/0000-0003-1931-1303"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vincent Lefebvre","raw_affiliation_strings":["Solidshield, Tages SARL, Le Cannet, France"],"raw_orcid":"https://orcid.org/0000-0003-1931-1303","affiliations":[{"raw_affiliation_string":"Solidshield, Tages SARL, Le Cannet, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132673916","display_name":"Sandeep Dongre","orcid":null},"institutions":[{"id":"https://openalex.org/I111112146","display_name":"Tallinn University of Technology","ror":"https://ror.org/0443cwa12","country_code":"EE","type":"education","lineage":["https://openalex.org/I111112146"]}],"countries":["EE"],"is_corresponding":false,"raw_author_name":"Sandeep Dongre","raw_affiliation_strings":["Qloud Technologies Ltd., Tallinn, Estonia"],"raw_orcid":"https://orcid.org/0009-0009-1014-1177","affiliations":[{"raw_affiliation_string":"Qloud Technologies Ltd., Tallinn, Estonia","institution_ids":["https://openalex.org/I111112146"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132560156","display_name":"Anatolly Melnyk","orcid":null},"institutions":[{"id":"https://openalex.org/I4210110733","display_name":"IT Step University","ror":"https://ror.org/01g48s022","country_code":"UA","type":"education","lineage":["https://openalex.org/I4210110733"]}],"countries":["UA"],"is_corresponding":false,"raw_author_name":"Anatolly Melnyk","raw_affiliation_strings":["IT Step University, Lviv, Ukraine"],"raw_orcid":"https://orcid.org/0000-0002-8981-0530","affiliations":[{"raw_affiliation_string":"IT Step University, Lviv, Ukraine","institution_ids":["https://openalex.org/I4210110733"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000689170","display_name":"Andrej Grebenc","orcid":null},"institutions":[{"id":"https://openalex.org/I153976015","display_name":"University of Ljubljana","ror":"https://ror.org/05njb9z20","country_code":"SI","type":"education","lineage":["https://openalex.org/I153976015"]}],"countries":["SI"],"is_corresponding":false,"raw_author_name":"Andrej Grebenc","raw_affiliation_strings":["University of Ljubljana, Ljubljana, Slovenia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Ljubljana, Ljubljana, Slovenia","institution_ids":["https://openalex.org/I153976015"]}]}],"institutions":[],"countries_distinct_count":6,"institutions_distinct_count":9,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.46683664,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"14","issue":null,"first_page":"54023","last_page":"54052"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.3792000114917755,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.3792000114917755,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.3294000029563904,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.03180000185966492,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6079000234603882},{"id":"https://openalex.org/keywords/de-facto","display_name":"De facto","score":0.5454999804496765},{"id":"https://openalex.org/keywords/deconstruction","display_name":"Deconstruction (building)","score":0.4740999937057495},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.45190000534057617},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.41019999980926514},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.3402000069618225},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.33730000257492065},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.3312000036239624},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.3221000134944916}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.734499990940094},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.722599983215332},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6079000234603882},{"id":"https://openalex.org/C2992317946","wikidata":"https://www.wikidata.org/wiki/Q712144","display_name":"De facto","level":2,"score":0.5454999804496765},{"id":"https://openalex.org/C138855539","wikidata":"https://www.wikidata.org/wiki/Q3536388","display_name":"Deconstruction (building)","level":2,"score":0.4740999937057495},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.45190000534057617},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.41019999980926514},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.3402000069618225},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.33730000257492065},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.3312000036239624},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.3221000134944916},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.32179999351501465},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.30559998750686646},{"id":"https://openalex.org/C44280652","wikidata":"https://www.wikidata.org/wiki/Q104837","display_name":"Phase (matter)","level":2,"score":0.30250000953674316},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.299699991941452},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2978000044822693},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.28600001335144043},{"id":"https://openalex.org/C52913732","wikidata":"https://www.wikidata.org/wiki/Q857102","display_name":"Software design","level":4,"score":0.28349998593330383},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.2818000018596649},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.2754000127315521},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.2694999873638153},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.2676999866962433},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.26750001311302185},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.2597000002861023},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.2597000002861023},{"id":"https://openalex.org/C75606506","wikidata":"https://www.wikidata.org/wiki/Q1049183","display_name":"Formal methods","level":2,"score":0.25920000672340393},{"id":"https://openalex.org/C2780707294","wikidata":"https://www.wikidata.org/wiki/Q27795853","display_name":"Effi","level":2,"score":0.2538999915122986},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.2508000135421753}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2026.3679628","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3679628","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:6abea287b8bb488fb0ba1a59e8793eda","is_oa":true,"landing_page_url":"https://doaj.org/article/6abea287b8bb488fb0ba1a59e8793eda","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 14, Pp 54023-54052 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2026.3679628","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3679628","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.5803909301757812,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Vulnerabilities":[0],"in":[1,73,93],"ICT":[2],"infrastructure":[3],"largely":[4],"stem":[5],"from":[6,179],"the":[7,21,28,70,85,102,114,119,136,233],"design":[8,115,141,154],"practice":[9],"of":[10,31,122,139,202,206],"granting":[11],"third-party":[12],"permissions":[13],"(TPPs)":[14],"to":[15,23,56,61,69,76,196],"software":[16,123],"vendors.":[17],"Our":[18,147],"group":[19],"was":[20,89],"first":[22,120],"demonstrate":[24],"that":[25,35,150,161,176,241],"TPPs":[26,112,151],"are":[27,49,152],"root":[29],"cause":[30],"systemic":[32],"vulnerabilities,":[33],"and":[34,52,58,91,143,160,171,200,245,256],"their":[36,162],"elimination":[37],"could":[38],"enable":[39],"a":[40,131,173,236],"new":[41],"paradigm\u2014Zero":[42],"Vulnerability":[43],"Computing":[44],"(ZVC).":[45],"Legacy":[46],"cybersecurity":[47,239],"systems":[48],"reactive,":[50],"multi-step,":[51],"human-driven,":[53],"allowing":[54],"vulnerabilities":[55],"emerge":[57],"then":[59],"attempting":[60],"defend":[62],"against":[63],"them.":[64],"This":[65,82,230],"reactive":[66],"posture":[67],"contributes":[68],"exponential":[71],"rise":[72],"cybercrime,":[74],"projected":[75],"reach":[77],"$23.8":[78],"trillion":[79],"by":[80,135,249],"2027.":[81],"paper":[83],"advances":[84],"ZVC":[86,178],"paradigm,":[87],"which":[88],"tested":[90],"validated":[92],"our":[94],"earlier":[95],"work":[96],"on":[97],"hardware":[98],"wallet":[99],"experiments":[100],"under":[101],"European":[103],"Commission\u2019s":[104],"Grant":[105],"program.":[106],"We":[107,167,247],"further":[108],"investigate":[109],"whether":[110],"eliminating":[111],"at":[113],"phase":[116],"conflicts":[117],"with":[118,227],"principles":[121],"engineering.":[124],"Rather":[125],"than":[126,157],"revalidating":[127],"efficacy,":[128],"we":[129],"adopt":[130],"hypothesis-building":[132],"approach":[133],"supported":[134],"historical":[137],"deconstruction":[138],"computer":[140],"rules":[142],"previous":[144],"empirical":[145],"validation.":[146],"analysis":[148,175],"reveals":[149],"recurrent":[153],"constructs":[155],"rather":[156],"axiomatic":[158],"necessities,":[159],"removal":[163],"is":[164,242],"architecturally":[165],"viable.":[166],"evaluate":[168],"ZVC\u2019s":[169,184],"viability":[170],"offer":[172],"comparative":[174],"distinguishes":[177],"legacy":[180],"Zero":[181],"Trust":[182],"models.":[183],"core":[185],"protocol":[186],"operates":[187],"without":[188],"traditional":[189],"user-facing":[190],"cryptography,":[191],"making":[192],"it":[193],"inherently":[194],"resistant":[195],"quantum":[197],"computing":[198],"threats":[199],"capable":[201],"addressing":[203],"approximately":[204],"90%":[205],"known":[207],"<italic":[208,216],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[209,217],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">\u201cstructural":[210],"vulnerabilities.\u201d</i>":[211],"The":[212],"remaining":[213],"10%,":[214],"mostly":[215],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">\u201csemantic":[218],"vulnerabilities,\u201d</i>":[219],"can":[220],"be":[221],"mitigated":[222],"through":[223],"proactive":[224],"strategies":[225],"integrated":[226],"artificial":[228],"intelligence.":[229],"review":[231],"lays":[232],"foundation":[234],"for":[235],"preventive,":[237],"quantum-resilient":[238],"paradigm":[240],"automated,":[243],"cost-effective,":[244],"future-proof.":[246],"conclude":[248],"outlining":[250],"implementation":[251],"challenges,":[252],"open":[253],"research":[254],"questions,":[255],"future":[257],"directions.":[258]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-02T00:00:00"}