{"id":"https://openalex.org/W3004779955","doi":"https://doi.org/10.1145/3377024.3377026","title":"Using variability modeling to support security evaluations","display_name":"Using variability modeling to support security evaluations","publication_year":2020,"publication_date":"2020-02-05","ids":{"openalex":"https://openalex.org/W3004779955","doi":"https://doi.org/10.1145/3377024.3377026","mag":"3004779955"},"language":"en","primary_location":{"id":"doi:10.1145/3377024.3377026","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3377024.3377026","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Working Conference on Variability Modelling of Software-Intensive Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5009188447","display_name":"Andy Kenner","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Andy Kenner","raw_affiliation_strings":["METOP GmbH Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"METOP GmbH Magdeburg, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052105063","display_name":"Stephan Dassow","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Stephan Dassow","raw_affiliation_strings":["METOP GmbH, Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"METOP GmbH, Magdeburg, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006945657","display_name":"Christian Lausberger","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Christian Lausberger","raw_affiliation_strings":["METOP GmbH, Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"METOP GmbH, Magdeburg, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042728295","display_name":"Jacob Kr\u00fcger","orcid":"https://orcid.org/0000-0002-0283-248X"},"institutions":[{"id":"https://openalex.org/I95793202","display_name":"Otto-von-Guericke University Magdeburg","ror":"https://ror.org/00ggpsq73","country_code":"DE","type":"education","lineage":["https://openalex.org/I95793202"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jacob Kr\u00fcger","raw_affiliation_strings":["Otto-von-Guericke University, Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"Otto-von-Guericke University, Magdeburg, Germany","institution_ids":["https://openalex.org/I95793202"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086853013","display_name":"Thomas Leich","orcid":"https://orcid.org/0000-0001-9580-7728"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Thomas Leich","raw_affiliation_strings":["Harz University &amp; METOP GmbH, Wernigerode &amp; Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"Harz University &amp; METOP GmbH, Wernigerode &amp; Magdeburg, Germany","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5009188447"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.8683,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.88745088,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8376802802085876},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.5809813141822815},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.5350118279457092},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5308669209480286},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.488817423582077},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.45416101813316345},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.4510974586009979},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.28433629870414734},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.17837941646575928},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.10659146308898926}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8376802802085876},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.5809813141822815},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.5350118279457092},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5308669209480286},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.488817423582077},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.45416101813316345},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.4510974586009979},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.28433629870414734},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.17837941646575928},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.10659146308898926},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3377024.3377026","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3377024.3377026","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Working Conference on Variability Modelling of Software-Intensive Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G979986140","display_name":null,"funder_award_id":"LE 3382/2-3, SA 465/49-3","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W23242426","https://openalex.org/W48497080","https://openalex.org/W110007310","https://openalex.org/W654785806","https://openalex.org/W1608654004","https://openalex.org/W1838112905","https://openalex.org/W1970141412","https://openalex.org/W1973375765","https://openalex.org/W1976339648","https://openalex.org/W1981611763","https://openalex.org/W2010896594","https://openalex.org/W2015004885","https://openalex.org/W2023953679","https://openalex.org/W2025562789","https://openalex.org/W2061227608","https://openalex.org/W2077937403","https://openalex.org/W2099213660","https://openalex.org/W2125398918","https://openalex.org/W2127483730","https://openalex.org/W2148974547","https://openalex.org/W2155617465","https://openalex.org/W2157771728","https://openalex.org/W2160616025","https://openalex.org/W2291398156","https://openalex.org/W2495617574","https://openalex.org/W2753774212","https://openalex.org/W2916450331","https://openalex.org/W2967363435"],"related_works":["https://openalex.org/W922414892","https://openalex.org/W2185499427","https://openalex.org/W2393340519","https://openalex.org/W4298219515","https://openalex.org/W2147569372","https://openalex.org/W2371301679","https://openalex.org/W4200107511","https://openalex.org/W2161453659","https://openalex.org/W4381854096","https://openalex.org/W1415835900"],"abstract_inverted_index":{"A":[0],"software":[1,41],"system's":[2,15],"security":[3,37],"is":[4,53,79],"constantly":[5],"threatened":[6],"by":[7],"vulnerabilities":[8,34,105,133],"that":[9,82,102,170],"result":[10],"from":[11,151],"faults":[12],"in":[13,86,141,208],"the":[14,50,104,157,160,168,179],"design":[16,98],"(e.g.,":[17],"unintended":[18],"feature":[19,100,199],"interactions)":[20],"and":[21,35,58,75,89,109,134,154,174,196],"which":[22,130,188],"can":[23,66],"be":[24,67],"exploited":[25],"with":[26,167,193],"attacks.":[27],"While":[28],"various":[29],"databases":[30,44,153,180],"summarize":[31],"information":[32,78,150],"on":[33,126,148,155],"other":[36,62],"issues":[38],"for":[39,69,129,185,205],"many":[40],"systems,":[42],"these":[43],"face":[45],"severe":[46],"limitations.":[47],"For":[48],"example,":[49],"information's":[51],"quality":[52],"unclear,":[54],"often":[55],"only":[56],"semi-structured,":[57],"barely":[59],"connected":[60],"to":[61,73,97,112,137,191],"information.":[63],"Consequently,":[64],"it":[65],"challenging":[68],"any":[70],"security-related":[71],"stakeholder":[72],"extract":[74],"understand":[76],"what":[77],"relevant,":[80],"considering":[81],"most":[83],"systems":[84],"exist":[85],"different":[87],"variants":[88],"versions.":[90],"To":[91,143],"tackle":[92],"this":[93,118,144],"problem,":[94],"we":[95,120,131,146,189],"propose":[96],"vulnerability":[99],"models":[101],"represent":[103],"of":[106,159,176,198],"a":[107,122,182],"system":[108],"enable":[110],"developers":[111],"virtualize":[113,138],"corresponding":[114],"attack":[115,206],"scenarios.":[116],"In":[117],"paper,":[119],"report":[121],"first":[123],"case":[124],"study":[125],"Mozilla":[127],"Firefox":[128],"extracted":[132],"used":[135],"them":[136],"vulnerable":[139],"instances":[140],"Docker.":[142],"end,":[145],"focused":[147],"extracting":[149],"available":[152],"evaluating":[156],"usability":[158],"results.":[161],"Our":[162],"findings":[163],"indicate":[164],"several":[165],"problems":[166],"extraction":[169],"complicate":[171],"modeling,":[172],"understanding,":[173],"testing":[175],"vulnerabilities.":[177],"Nonetheless,":[178],"provide":[181],"valuable":[183],"foundation":[184],"our":[186],"technique,":[187],"aim":[190],"extend":[192],"automatic":[194],"synthesis":[195],"analyses":[197],"models,":[200],"as":[201,203],"well":[202],"virtualization":[204],"scenarios":[207],"future":[209],"work.":[210]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}