{"id":"https://openalex.org/W4253678082","doi":"https://doi.org/10.1109/icse.2013.6606612","title":"Automated software architecture security risk analysis using formalized signatures","display_name":"Automated software architecture security risk analysis using formalized signatures","publication_year":2013,"publication_date":"2013-05-01","ids":{"openalex":"https://openalex.org/W4253678082","doi":"https://doi.org/10.1109/icse.2013.6606612"},"language":"en","primary_location":{"id":"doi:10.1109/icse.2013.6606612","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse.2013.6606612","pdf_url":null,"source":{"id":"https://openalex.org/S4363607951","display_name":"2013 35th International Conference on Software Engineering (ICSE)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 35th International Conference on Software Engineering (ICSE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076382877","display_name":"Mohamed Almorsy","orcid":null},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Mohamed Almorsy","raw_affiliation_strings":["Centre for Computing and Engineering Software Systems, Swinburne University of Technology, Melbourne, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Centre for Computing and Engineering Software Systems, Swinburne University of Technology, Melbourne, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082913979","display_name":"John Grundy","orcid":"https://orcid.org/0000-0003-4928-7076"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"John Grundy","raw_affiliation_strings":["Centre for Computing and Engineering Software Systems, Swinburne University of Technology, Melbourne, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Centre for Computing and Engineering Software Systems, Swinburne University of Technology, Melbourne, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000097766","display_name":"Amani S. Ibrahim","orcid":"https://orcid.org/0000-0001-8747-1419"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Amani S. Ibrahim","raw_affiliation_strings":["Centre for Computing and Engineering Software Systems, Swinburne University of Technology, Melbourne, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Centre for Computing and Engineering Software Systems, Swinburne University of Technology, Melbourne, Australia","institution_ids":["https://openalex.org/I57093077"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I57093077"],"apc_list":null,"apc_paid":null,"fwci":4.4819,"has_fulltext":false,"cited_by_count":47,"citation_normalized_percentile":{"value":0.94997524,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"662","last_page":"671"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7881560921669006},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.7050176858901978},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5962769985198975},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.5816460847854614},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.5444610118865967},{"id":"https://openalex.org/keywords/enterprise-information-security-architecture","display_name":"Enterprise information security architecture","score":0.5370444655418396},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.5007855892181396},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.48378512263298035},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.47259506583213806},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4651186466217041},{"id":"https://openalex.org/keywords/distributed-system-security-architecture","display_name":"Distributed System Security Architecture","score":0.45066913962364197},{"id":"https://openalex.org/keywords/reference-architecture","display_name":"Reference architecture","score":0.41070249676704407},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3962201178073883},{"id":"https://openalex.org/keywords/software-architecture","display_name":"Software architecture","score":0.3838927745819092},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.3268570303916931},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.29609739780426025},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.22637835144996643},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1431717872619629},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1115579903125763}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7881560921669006},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.7050176858901978},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5962769985198975},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.5816460847854614},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.5444610118865967},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.5370444655418396},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.5007855892181396},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.48378512263298035},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47259506583213806},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4651186466217041},{"id":"https://openalex.org/C77290126","wikidata":"https://www.wikidata.org/wiki/Q5283128","display_name":"Distributed System Security Architecture","level":5,"score":0.45066913962364197},{"id":"https://openalex.org/C55356503","wikidata":"https://www.wikidata.org/wiki/Q2136675","display_name":"Reference architecture","level":4,"score":0.41070249676704407},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3962201178073883},{"id":"https://openalex.org/C35869016","wikidata":"https://www.wikidata.org/wiki/Q846636","display_name":"Software architecture","level":3,"score":0.3838927745819092},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.3268570303916931},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.29609739780426025},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.22637835144996643},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1431717872619629},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1115579903125763},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icse.2013.6606612","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse.2013.6606612","pdf_url":null,"source":{"id":"https://openalex.org/S4363607951","display_name":"2013 35th International Conference on Software Engineering (ICSE)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 35th International Conference on Software Engineering (ICSE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.44999998807907104,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W44938389","https://openalex.org/W81291332","https://openalex.org/W1544372680","https://openalex.org/W1595201491","https://openalex.org/W1619579880","https://openalex.org/W1973556339","https://openalex.org/W1987559562","https://openalex.org/W1989967797","https://openalex.org/W2002095915","https://openalex.org/W2043914943","https://openalex.org/W2097515494","https://openalex.org/W2108082297","https://openalex.org/W2113739228","https://openalex.org/W2122483144","https://openalex.org/W2122649073","https://openalex.org/W2124685708","https://openalex.org/W2126230853","https://openalex.org/W2129586531","https://openalex.org/W2143909182","https://openalex.org/W2153657417","https://openalex.org/W2172100572","https://openalex.org/W4205192141","https://openalex.org/W6632584629","https://openalex.org/W6635530407","https://openalex.org/W6636448357"],"related_works":["https://openalex.org/W2365099716","https://openalex.org/W2100883222","https://openalex.org/W2523437542","https://openalex.org/W4205995943","https://openalex.org/W2407674278","https://openalex.org/W4253678082","https://openalex.org/W2060746033","https://openalex.org/W4238669181","https://openalex.org/W2998865675","https://openalex.org/W1627741891"],"abstract_inverted_index":{"Reviewing":[0],"software":[1,20,182],"system":[2,12,34,41,52,63,131,183],"architecture":[3,56,97,184,199,210],"to":[4,74,95,132,140,221],"pinpoint":[5],"potential":[6],"security":[7,55,59,77,98,101,114,144,167,185,200,211,229],"flaws":[8],"before":[9],"proceeding":[10],"with":[11],"development":[13,21],"is":[14,107,195],"a":[15,92,129,157,180],"critical":[16],"milestone":[17],"in":[18,38,235],"secure":[19],"lifecycles.":[22],"This":[23],"includes":[24],"identifying":[25],"possible":[26],"attacks":[27],"or":[28,79,86,139],"threat":[29],"scenarios":[30,80,102,112,147,170,233],"that":[31,81,156,204],"target":[32,130],"the":[33,48,51,119,189,196,227,236],"and":[35,53,103,113,148,153,169,174,208,223,231],"may":[36,45],"result":[37],"breaching":[39],"of":[40,50,191],"security.":[42],"Additionally":[43],"we":[44,127],"also":[46],"assess":[47],"strength":[49],"its":[54],"using":[57,87,100,118,219],"well-known":[58],"metrics":[60,115,149,168],"such":[61],"as":[62],"attack":[64,111,137,232],"surface,":[65],"Compartmentalization,":[66],"least-privilege,":[67],"etc.":[68],"However,":[69],"existing":[70],"efforts":[71],"are":[72,82],"limited":[73,88],"specific,":[75],"predefined":[76],"properties":[78],"checked":[83],"either":[84],"manually":[85],"toolsets.":[89],"We":[90,177,213],"introduce":[91],"new":[93],"approach":[94,106,164,217],"support":[96],"analysis":[99,186,202],"metrics.":[104],"Our":[105,163],"based":[108],"on":[109],"formalizing":[110],"signature":[116,134,159],"specification":[117],"Object":[120],"Constraint":[121],"Language":[122],"(OCL).":[123],"Using":[124],"formal":[125,158],"signatures":[126,225],"analyse":[128],"locate":[133],"matches":[135],"(for":[136,143],"scenarios),":[138],"take":[141],"measurements":[142],"metrics).":[145],"New":[146],"can":[150,160],"be":[151,161],"incorporated":[152],"calculated":[154],"provided":[155],"specified.":[162],"supports":[165,205],"defining":[166],"at":[171],"architecture,":[172],"design,":[173],"code":[175],"levels.":[176],"have":[178,214],"developed":[179],"prototype":[181],"tool.":[187],"To":[188],"best":[190],"our":[192,216],"knowledge":[193],"this":[194],"first":[197],"extensible":[198],"risk":[201],"tool":[203],"both":[206],"metric-based":[207],"scenario-based":[209],"analysis.":[212],"validated":[215],"by":[218],"it":[220],"capture":[222],"evaluate":[224],"from":[226],"NIST":[228],"principals":[230],"defined":[234],"CAPEC":[237],"database.":[238]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":2}],"updated_date":"2026-04-02T13:48:15.688549","created_date":"2025-10-10T00:00:00"}
