{"id":"https://openalex.org/W2884848436","doi":"https://doi.org/10.1145/3194133.3194139","title":"Toward evaluating the impact of self-adaptation on security control certification","display_name":"Toward evaluating the impact of self-adaptation on security control certification","publication_year":2018,"publication_date":"2018-05-28","ids":{"openalex":"https://openalex.org/W2884848436","doi":"https://doi.org/10.1145/3194133.3194139","mag":"2884848436"},"language":"en","primary_location":{"id":"doi:10.1145/3194133.3194139","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3194133.3194139","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3194133.3194139","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th International Conference on Software Engineering for Adaptive and Self-Managing Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3194133.3194139","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5003869632","display_name":"Allen Marshall","orcid":"https://orcid.org/0000-0002-8423-3172"},"institutions":[{"id":"https://openalex.org/I87208437","display_name":"University of Tulsa","ror":"https://ror.org/04wn28048","country_code":"US","type":"education","lineage":["https://openalex.org/I87208437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Allen Marshall","raw_affiliation_strings":["University of Tulsa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Tulsa","institution_ids":["https://openalex.org/I87208437"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101660157","display_name":"Sharmin Jahan","orcid":"https://orcid.org/0009-0004-7495-7291"},"institutions":[{"id":"https://openalex.org/I87208437","display_name":"University of Tulsa","ror":"https://ror.org/04wn28048","country_code":"US","type":"education","lineage":["https://openalex.org/I87208437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sharmin Jahan","raw_affiliation_strings":["University of Tulsa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Tulsa","institution_ids":["https://openalex.org/I87208437"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088977884","display_name":"Rose Gamble","orcid":null},"institutions":[{"id":"https://openalex.org/I87208437","display_name":"University of Tulsa","ror":"https://ror.org/04wn28048","country_code":"US","type":"education","lineage":["https://openalex.org/I87208437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rose Gamble","raw_affiliation_strings":["University of Tulsa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Tulsa","institution_ids":["https://openalex.org/I87208437"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.8448,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.80395624,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"9640","issue":null,"first_page":"149","last_page":"160"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.7268902659416199},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7190616130828857},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7106472849845886},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.6613963842391968},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.5861446261405945},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.5528754591941833},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5241299271583557},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.5193015933036804},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4887971580028534},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.48271986842155457},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.4725986123085022},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.44181859493255615},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.43449926376342773},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.42173486948013306},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4001224637031555},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.348539263010025},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.151118665933609},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.11455217003822327},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.10087135434150696}],"concepts":[{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.7268902659416199},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7190616130828857},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7106472849845886},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.6613963842391968},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.5861446261405945},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.5528754591941833},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5241299271583557},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.5193015933036804},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4887971580028534},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.48271986842155457},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.4725986123085022},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.44181859493255615},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.43449926376342773},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.42173486948013306},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4001224637031555},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.348539263010025},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.151118665933609},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.11455217003822327},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.10087135434150696},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3194133.3194139","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3194133.3194139","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3194133.3194139","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th International Conference on Software Engineering for Adaptive and Self-Managing Systems","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3194133.3194139","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3194133.3194139","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3194133.3194139","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th International Conference on Software Engineering for Adaptive and Self-Managing Systems","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.7900000214576721,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G4950054451","display_name":null,"funder_award_id":"FA8750-16-1-0248","funder_id":"https://openalex.org/F4320338294","funder_display_name":"Air Force Research Laboratory"}],"funders":[{"id":"https://openalex.org/F4320338294","display_name":"Air Force Research Laboratory","ror":"https://ror.org/02e2egq70"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2884848436.pdf","grobid_xml":"https://content.openalex.org/works/W2884848436.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W42341481","https://openalex.org/W54183895","https://openalex.org/W1542535462","https://openalex.org/W1568573127","https://openalex.org/W1886563687","https://openalex.org/W1925666667","https://openalex.org/W1947529348","https://openalex.org/W1964202794","https://openalex.org/W1965851258","https://openalex.org/W1998987919","https://openalex.org/W2018601806","https://openalex.org/W2022106311","https://openalex.org/W2036625623","https://openalex.org/W2045521911","https://openalex.org/W2050606033","https://openalex.org/W2071616717","https://openalex.org/W2079614594","https://openalex.org/W2090398333","https://openalex.org/W2115141362","https://openalex.org/W2134364383","https://openalex.org/W2142925340","https://openalex.org/W2225615039","https://openalex.org/W2496448904","https://openalex.org/W2509373962","https://openalex.org/W2510018675","https://openalex.org/W2548072927","https://openalex.org/W2573464331","https://openalex.org/W2591908838","https://openalex.org/W2620716883","https://openalex.org/W2730252526","https://openalex.org/W2780375555","https://openalex.org/W2782687172","https://openalex.org/W2782836710","https://openalex.org/W2782890256","https://openalex.org/W2790319107","https://openalex.org/W2804841627","https://openalex.org/W2913795852","https://openalex.org/W3144368627","https://openalex.org/W3151050225","https://openalex.org/W4249484115"],"related_works":["https://openalex.org/W2066297175","https://openalex.org/W2293554594","https://openalex.org/W815057058","https://openalex.org/W2497647994","https://openalex.org/W2749905988","https://openalex.org/W3195449469","https://openalex.org/W4224218656","https://openalex.org/W1988974780","https://openalex.org/W4282927483","https://openalex.org/W4246555342"],"abstract_inverted_index":{"Certifying":[0],"security":[1,36,56,62,77,111,126,173,184],"controls":[2,57,78,116],"is":[3],"required":[4],"for":[5,76],"information":[6,29,40],"systems":[7,30,41],"that":[8,42,165],"are":[9,31,68,92],"either":[10],"federally":[11],"maintained":[12,14],"or":[13],"by":[15,79,171],"a":[16],"US":[17],"government":[18],"contractor.":[19],"As":[20],"described":[21],"in":[22],"the":[23,59,65,72,83,99,105,110,123,134,139,143,150,155,163,167,172],"NIST":[24],"SP800-53,":[25],"certified":[26],"and":[27,45,81,85,101,146],"accredited":[28],"deployed":[32],"with":[33,149,160],"an":[34],"acceptable":[35],"threat":[37,63],"risk.":[38],"Self-adaptive":[39],"allow":[43],"functional":[44,84,140],"decision-making":[46],"changes":[47],"to":[48,64,70,88,108,179,188],"be":[49],"dynamically":[50],"configured":[51],"at":[52],"runtime":[53,130],"may":[54],"violate":[55],"increasing":[58],"risk":[60,124,182],"of":[61,74,104,125,162,183],"system.":[66],"Methods":[67],"needed":[69,107],"formalize":[71],"process":[73],"certification":[75],"expressing":[80],"verifying":[82],"non-functional":[86],"requirements":[87,103],"determine":[89],"what":[90],"risks":[91],"introduced":[93],"through":[94],"self-adaptation.":[95],"We":[96,153,175],"formally":[97],"express":[98],"existence":[100,168],"behavior":[102],"mechanisms":[106,164],"guarantee":[109],"controls'":[112],"effectiveness":[113],"using":[114],"audit":[115],"on":[117,138],"program":[118],"example.":[119],"To":[120],"reason":[121],"over":[122],"control":[127,157,185],"compliance":[128],"given":[129],"self-adaptations,":[131],"we":[132],"use":[133],"KIV":[135],"theorem":[136],"prover":[137],"requirements,":[141],"extracting":[142],"verification":[144],"concerns":[145],"workflow":[147],"associated":[148],"proof":[151],"process.":[152],"augment":[154],"MAPE-K":[156],"loop":[158],"planner":[159],"knowledge":[161],"satisfy":[166],"criteria":[169],"expressed":[170],"controls.":[174],"compare":[176],"self-adaptive":[177],"plans":[178],"assess":[180],"their":[181],"violation":[186],"prior":[187],"plan":[189],"deployment.":[190]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}