{"id":"https://openalex.org/W7125899917","doi":"https://doi.org/10.1109/ase63991.2025.00360","title":"FlowStrider: Low-Friction Continuous Threat Modeling","display_name":"FlowStrider: Low-Friction Continuous Threat Modeling","publication_year":2025,"publication_date":"2025-11-16","ids":{"openalex":"https://openalex.org/W7125899917","doi":"https://doi.org/10.1109/ase63991.2025.00360"},"language":null,"primary_location":{"id":"doi:10.1109/ase63991.2025.00360","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ase63991.2025.00360","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124084299","display_name":"Bernd Gruner","orcid":null},"institutions":[{"id":"https://openalex.org/I2898391981","display_name":"Deutsches Zentrum f\u00fcr Luft- und Raumfahrt e. V. (DLR)","ror":"https://ror.org/04bwf3e34","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I2898391981"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Bernd Gruner","raw_affiliation_strings":["German Aerospace Center,Institute of Data Science,Jena,Germany"],"affiliations":[{"raw_affiliation_string":"German Aerospace Center,Institute of Data Science,Jena,Germany","institution_ids":["https://openalex.org/I2898391981"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124107516","display_name":"Noah Erthel","orcid":null},"institutions":[{"id":"https://openalex.org/I2898391981","display_name":"Deutsches Zentrum f\u00fcr Luft- und Raumfahrt e. V. (DLR)","ror":"https://ror.org/04bwf3e34","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I2898391981"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Noah Erthel","raw_affiliation_strings":["German Aerospace Center,Institute of Data Science,Jena,Germany"],"affiliations":[{"raw_affiliation_string":"German Aerospace Center,Institute of Data Science,Jena,Germany","institution_ids":["https://openalex.org/I2898391981"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055950864","display_name":"Clemens-Alexander Brust","orcid":"https://orcid.org/0000-0001-5419-1998"},"institutions":[{"id":"https://openalex.org/I2898391981","display_name":"Deutsches Zentrum f\u00fcr Luft- und Raumfahrt e. V. (DLR)","ror":"https://ror.org/04bwf3e34","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I2898391981"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Clemens-Alexander Brust","raw_affiliation_strings":["German Aerospace Center,Institute of Data Science,Jena,Germany"],"affiliations":[{"raw_affiliation_string":"German Aerospace Center,Institute of Data Science,Jena,Germany","institution_ids":["https://openalex.org/I2898391981"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5124084299"],"corresponding_institution_ids":["https://openalex.org/I2898391981"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.85125531,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"4001","last_page":"4004"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.13760000467300415,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.13760000467300415,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.1168999969959259,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.11050000041723251,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.5896000266075134},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5583999752998352},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.41839998960494995},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3944999873638153},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.3783000111579895},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.3531000018119812}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6050000190734863},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.5896000266075134},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5863000154495239},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5583999752998352},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.41839998960494995},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4020000100135803},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.3953000009059906},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3944999873638153},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.3783000111579895},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3752000033855438},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.3531000018119812},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.328000009059906},{"id":"https://openalex.org/C19527686","wikidata":"https://www.wikidata.org/wiki/Q1665453","display_name":"System integration","level":2,"score":0.313400000333786},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2879999876022339},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.2558000087738037},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.2549000084400177},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.25369998812675476}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ase63991.2025.00360","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ase63991.2025.00360","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth","score":0.4796590805053711}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W2809689731","https://openalex.org/W2982646748","https://openalex.org/W4401609515","https://openalex.org/W4403919514","https://openalex.org/W4411552882"],"related_works":[],"abstract_inverted_index":{"Architectural":[0],"threat":[1,98],"modeling":[2],"is":[3],"a":[4,54,62],"crucial":[5],"technique":[6],"for":[7,43,96],"identifying":[8],"and":[9,40,66,84],"mitigating":[10],"security":[11],"threats":[12],"in":[13,46],"software":[14,88],"systems,":[15],"helping":[16],"to":[17,26],"prevent":[18],"costly":[19],"design":[20],"flaws.":[21],"While":[22],"existing":[23],"tools":[24],"aim":[25],"reduce":[27],"its":[28],"resource-intensive":[29],"nature":[30],"through":[31,70],"automation,":[32],"they":[33],"often":[34],"lack":[35],"key":[36],"features\u2014such":[37],"as":[38],"scriptability":[39],"integration":[41,69,86],"capabilities\u2014needed":[42],"practical":[44],"use":[45],"development":[47,89],"workflows.In":[48],"this":[49],"paper,":[50],"we":[51],"present":[52],"FlowStrider,":[53],"tool":[55],"that":[56],"addresses":[57],"these":[58],"shortcomings":[59],"by":[60],"implementing":[61],"new,":[63],"practice-oriented":[64],"workflow":[65],"enabling":[67],"CI/CD":[68],"scriptability.":[71],"FlowStrider":[72],"reduces":[73],"the":[74,79,93],"required":[75],"manual":[76],"effort,":[77],"enhances":[78],"quality":[80],"of":[81],"analysis":[82],"results,":[83],"eases":[85],"into":[87],"workflows,":[90],"thereby":[91],"lowering":[92],"adoption":[94],"barrier":[95],"continuous":[97],"modeling.Screencast:":[99],"https://youtu.be/iRpeU1nubHwRepository:":[100],"https://gitlab.com/dlr-dw/automated-threat-modeling/flowstrider":[101]},"counts_by_year":[],"updated_date":"2026-01-29T23:17:01.242718","created_date":"2026-01-29T00:00:00"}