{"id":"https://openalex.org/W2590050224","doi":"https://doi.org/10.1145/3180155.3182511","title":"Model comprehension for security risk assessment","display_name":"Model comprehension for security risk assessment","publication_year":2018,"publication_date":"2018-05-27","ids":{"openalex":"https://openalex.org/W2590050224","doi":"https://doi.org/10.1145/3180155.3182511","mag":"2590050224"},"language":"en","primary_location":{"id":"doi:10.1145/3180155.3182511","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3180155.3182511","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 40th International Conference on Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017922848","display_name":"Katsiaryna Labunets","orcid":"https://orcid.org/0000-0003-0884-2440"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Katsiaryna Labunets","raw_affiliation_strings":["Delft University of Technology"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085639552","display_name":"Fabio Massacci","orcid":"https://orcid.org/0000-0002-1091-8486"},"institutions":[{"id":"https://openalex.org/I193223587","display_name":"University of Trento","ror":"https://ror.org/05trd4x28","country_code":"IT","type":"education","lineage":["https://openalex.org/I193223587"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio Massacci","raw_affiliation_strings":["University of Trento, IT"],"affiliations":[{"raw_affiliation_string":"University of Trento, IT","institution_ids":["https://openalex.org/I193223587"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083730359","display_name":"Federica Paci","orcid":"https://orcid.org/0000-0003-3122-0236"},"institutions":[{"id":"https://openalex.org/I43439940","display_name":"University of Southampton","ror":"https://ror.org/01ryk1543","country_code":"GB","type":"education","lineage":["https://openalex.org/I43439940"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Federica Paci","raw_affiliation_strings":["University of Southampton, UK"],"affiliations":[{"raw_affiliation_string":"University of Southampton, UK","institution_ids":["https://openalex.org/I43439940"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014651524","display_name":"Sabrina Marczak","orcid":"https://orcid.org/0000-0001-9631-8969"},"institutions":[{"id":"https://openalex.org/I45643870","display_name":"Pontif\u00edcia Universidade Cat\u00f3lica do Rio Grande do Sul","ror":"https://ror.org/025vmq686","country_code":"BR","type":"education","lineage":["https://openalex.org/I45643870"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Sabrina Marczak","raw_affiliation_strings":["Pontif\u00edcia Universidade, Cat\u00f2lica do Rio Grande do Sul, BR"],"affiliations":[{"raw_affiliation_string":"Pontif\u00edcia Universidade, Cat\u00f2lica do Rio Grande do Sul, BR","institution_ids":["https://openalex.org/I45643870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055404991","display_name":"Fl\u00e1vio Moreira de Oliveira","orcid":"https://orcid.org/0000-0001-5353-5330"},"institutions":[{"id":"https://openalex.org/I45643870","display_name":"Pontif\u00edcia Universidade Cat\u00f3lica do Rio Grande do Sul","ror":"https://ror.org/025vmq686","country_code":"BR","type":"education","lineage":["https://openalex.org/I45643870"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Fl\u00e1vio Moreira de Oliveira","raw_affiliation_strings":["Pontif\u00edcia Universidade, Cat\u00f2lica do Rio Grande do Sul, BR"],"affiliations":[{"raw_affiliation_string":"Pontif\u00edcia Universidade, Cat\u00f2lica do Rio Grande do Sul, BR","institution_ids":["https://openalex.org/I45643870"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5017922848"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":0.3927,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.68034137,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":93},"biblio":{"volume":null,"issue":null,"first_page":"395","last_page":"395"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9677000045776367,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7348790168762207},{"id":"https://openalex.org/keywords/comprehension","display_name":"Comprehension","score":0.6639817953109741},{"id":"https://openalex.org/keywords/notation","display_name":"Notation","score":0.6379773616790771},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6015009880065918},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.5478149056434631},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.46472910046577454},{"id":"https://openalex.org/keywords/cognition","display_name":"Cognition","score":0.42756152153015137},{"id":"https://openalex.org/keywords/graphical-model","display_name":"Graphical model","score":0.4112203121185303},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3129832148551941},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.31282392144203186},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.18161973357200623},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.13960939645767212},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.12173596024513245}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7348790168762207},{"id":"https://openalex.org/C511192102","wikidata":"https://www.wikidata.org/wiki/Q5156948","display_name":"Comprehension","level":2,"score":0.6639817953109741},{"id":"https://openalex.org/C45357846","wikidata":"https://www.wikidata.org/wiki/Q2001982","display_name":"Notation","level":2,"score":0.6379773616790771},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6015009880065918},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.5478149056434631},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.46472910046577454},{"id":"https://openalex.org/C169900460","wikidata":"https://www.wikidata.org/wiki/Q2200417","display_name":"Cognition","level":2,"score":0.42756152153015137},{"id":"https://openalex.org/C155846161","wikidata":"https://www.wikidata.org/wiki/Q1143367","display_name":"Graphical model","level":2,"score":0.4112203121185303},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3129832148551941},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31282392144203186},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.18161973357200623},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.13960939645767212},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.12173596024513245},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C169760540","wikidata":"https://www.wikidata.org/wiki/Q207011","display_name":"Neuroscience","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3180155.3182511","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3180155.3182511","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 40th International Conference on Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6200000047683716}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W32063464","https://openalex.org/W151667467","https://openalex.org/W316845903","https://openalex.org/W576435926","https://openalex.org/W1565758573","https://openalex.org/W1565891703","https://openalex.org/W1587026990","https://openalex.org/W1587108865","https://openalex.org/W1592224053","https://openalex.org/W1808285885","https://openalex.org/W1843840945","https://openalex.org/W1891044686","https://openalex.org/W1930414293","https://openalex.org/W1989287546","https://openalex.org/W1998686495","https://openalex.org/W2007969951","https://openalex.org/W2013500172","https://openalex.org/W2040244195","https://openalex.org/W2046895806","https://openalex.org/W2050419550","https://openalex.org/W2055669065","https://openalex.org/W2059295187","https://openalex.org/W2061152427","https://openalex.org/W2077924088","https://openalex.org/W2081503819","https://openalex.org/W2110143060","https://openalex.org/W2111695375","https://openalex.org/W2114271984","https://openalex.org/W2123334556","https://openalex.org/W2125039582","https://openalex.org/W2129649833","https://openalex.org/W2130310983","https://openalex.org/W2133247286","https://openalex.org/W2153161154","https://openalex.org/W2158544586","https://openalex.org/W2166697993","https://openalex.org/W2169211232","https://openalex.org/W2170954067","https://openalex.org/W2171820467","https://openalex.org/W2205176590","https://openalex.org/W2231327593","https://openalex.org/W2475568089","https://openalex.org/W2492688925","https://openalex.org/W2582743722","https://openalex.org/W2775461574","https://openalex.org/W2887719616","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W3107474891","https://openalex.org/W148126914","https://openalex.org/W2010178308","https://openalex.org/W3101879006","https://openalex.org/W4313313264","https://openalex.org/W2381176843","https://openalex.org/W4352982005","https://openalex.org/W17905074","https://openalex.org/W110079466","https://openalex.org/W2889754251"],"abstract_inverted_index":{"Context:":[0],"Tabular":[1],"and":[2,38,70,82,104,116,203],"graphical":[3,83],"representations":[4,84],"are":[5,165],"used":[6],"to":[7,107,113,168,200],"communicate":[8],"security":[9,39,92],"risk":[10,99,127],"assessments":[11],"for":[12,150,156],"IT":[13],"systems.":[14],"However,":[15],"there":[16],"is":[17,153],"no":[18],"consensus":[19],"on":[20],"which":[21,75],"type":[22],"of":[23,29,61,80,88,125,174],"representation":[24],"better":[25,50],"supports":[26],"the":[27,33,59,78,86,108,126,171,189],"comprehension":[28,109],"risks":[30],"(such":[31],"as":[32,140],"relationships":[34],"between":[35],"threats,":[36,120],"vulnerabilities":[37],"controls).":[40],"Vessey's":[41,136],"cognitive":[42,137],"fit":[43,138],"theory":[44,139],"predicts":[45],"that":[46,161,183,197],"graphs":[47],"should":[48],"be":[49,133,188],"because":[51],"they":[52],"capture":[53,144],"spatial":[54,147],"relationships.":[55,148],"Method:":[56],"We":[57],"report":[58],"results":[60],"two":[62,66],"studies":[63],"performed":[64],"in":[65,74,158],"countries":[67],"with":[68],"69":[69],"83":[71],"participants":[72],"respectively,":[73],"we":[76],"assessed":[77],"effectiveness":[79],"tabular":[81,98,141],"concerning":[85],"extraction":[87],"correct":[89],"information":[90,118],"about":[91,119],"risks.":[93],"Results:":[94],"Participants":[95],"who":[96],"applied":[97],"models":[100,142,164],"gave":[101],"more":[102],"precise":[103],"complete":[105],"answers":[106],"questions":[110],"when":[111],"requested":[112],"find":[114],"simple":[115],"complex":[117],"vulnerabilities,":[121],"or":[122],"other":[123],"elements":[124],"models.":[128],"Conclusions:":[129],"Our":[130],"findings":[131],"can":[132],"explained":[134],"by":[135],"implicitly":[143],"elementary":[145],"linear":[146],"Interest":[149],"ICSE:":[151],"It":[152,191],"almost":[154],"taken":[155],"granted":[157],"Software":[159],"Engineering":[160],"graphical-,":[162],"diagram-based":[163],"\"the\"":[166],"way":[167],"go":[169],"(e.g.,":[170],"SE":[172],"Body":[173],"Knowledge":[175],"[3]).":[176],"This":[177],"paper":[178],"provides":[179],"some":[180],"experimental-based":[181],"doubts":[182],"this":[184],"might":[185,198],"not":[186],"always":[187],"case.":[190],"will":[192],"provide":[193],"an":[194],"interesting":[195],"debate":[196],"ripple":[199],"traditional":[201],"requirements":[202],"design":[204],"notations":[205],"outside":[206],"security.":[207]},"counts_by_year":[{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}