{"id":"https://openalex.org/W2890528019","doi":"https://doi.org/10.3233/jcs-171063","title":"A catalogue associating security patterns and attack steps to design secure applications","display_name":"A catalogue associating security patterns and attack steps to design secure applications","publication_year":2018,"publication_date":"2018-09-11","ids":{"openalex":"https://openalex.org/W2890528019","doi":"https://doi.org/10.3233/jcs-171063","mag":"2890528019"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-171063","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-171063","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://uca.hal.science/hal-01984694","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032624369","display_name":"S\u00e9bastien Salva","orcid":null},"institutions":[{"id":"https://openalex.org/I198244214","display_name":"Universit\u00e9 Clermont Auvergne","ror":"https://ror.org/01a8ajp46","country_code":"FR","type":"education","lineage":["https://openalex.org/I198244214"]},{"id":"https://openalex.org/I4210103002","display_name":"University of Clermont Auvergne","ror":null,"country_code":"FR","type":null,"lineage":["https://openalex.org/I4210103002"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"S\u00e9bastien Salva","raw_affiliation_strings":["University Clermont Auvergne, IUT of Clermont-Ferrand, Limos, France. E-mail:\u00a0","University Clermont Auvergne, IUT of Clermont-Ferrand, Limos, France. E-mail:\u00a0sebastien.salva@uca.fr"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University Clermont Auvergne, IUT of Clermont-Ferrand, Limos, France. E-mail:\u00a0","institution_ids":["https://openalex.org/I4210103002"]},{"raw_affiliation_string":"University Clermont Auvergne, IUT of Clermont-Ferrand, Limos, France. E-mail:\u00a0sebastien.salva@uca.fr","institution_ids":["https://openalex.org/I198244214"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000080342","display_name":"Loukmen Regainia","orcid":null},"institutions":[{"id":"https://openalex.org/I198244214","display_name":"Universit\u00e9 Clermont Auvergne","ror":"https://ror.org/01a8ajp46","country_code":"FR","type":"education","lineage":["https://openalex.org/I198244214"]},{"id":"https://openalex.org/I4210103002","display_name":"University of Clermont Auvergne","ror":null,"country_code":"FR","type":null,"lineage":["https://openalex.org/I4210103002"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Loukmen Regainia","raw_affiliation_strings":["University Clermont Auvergne, Limos, France. E-mail:\u00a0","University Clermont Auvergne, Limos, France. E-mail:\u00a0loukmen.regainia@uca.fr"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University Clermont Auvergne, Limos, France. E-mail:\u00a0","institution_ids":["https://openalex.org/I4210103002"]},{"raw_affiliation_string":"University Clermont Auvergne, Limos, France. E-mail:\u00a0loukmen.regainia@uca.fr","institution_ids":["https://openalex.org/I198244214"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5032624369"],"corresponding_institution_ids":["https://openalex.org/I198244214","https://openalex.org/I4210103002"],"apc_list":null,"apc_paid":null,"fwci":1.2336,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.86009887,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"27","issue":"1","first_page":"49","last_page":"74"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7879407405853271},{"id":"https://openalex.org/keywords/software-design-pattern","display_name":"Software design pattern","score":0.6013637781143188},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.5746793746948242},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5515038967132568},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5219085216522217},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5104941129684448},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.47590479254722595},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.46294960379600525},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.45447027683258057},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.43602511286735535},{"id":"https://openalex.org/keywords/listing","display_name":"Listing (finance)","score":0.4274202883243561},{"id":"https://openalex.org/keywords/structural-pattern","display_name":"Structural pattern","score":0.4207558035850525},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.4177483320236206},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3737720251083374},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.32785552740097046},{"id":"https://openalex.org/keywords/software-design","display_name":"Software design","score":0.2518947720527649},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.24732714891433716},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.20157521963119507},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.08375540375709534},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.0720173716545105}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7879407405853271},{"id":"https://openalex.org/C146054899","wikidata":"https://www.wikidata.org/wiki/Q181156","display_name":"Software design pattern","level":3,"score":0.6013637781143188},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.5746793746948242},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5515038967132568},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5219085216522217},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5104941129684448},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.47590479254722595},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.46294960379600525},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.45447027683258057},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.43602511286735535},{"id":"https://openalex.org/C2779820595","wikidata":"https://www.wikidata.org/wiki/Q798505","display_name":"Listing (finance)","level":2,"score":0.4274202883243561},{"id":"https://openalex.org/C164202143","wikidata":"https://www.wikidata.org/wiki/Q635280","display_name":"Structural pattern","level":5,"score":0.4207558035850525},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.4177483320236206},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3737720251083374},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.32785552740097046},{"id":"https://openalex.org/C52913732","wikidata":"https://www.wikidata.org/wiki/Q857102","display_name":"Software design","level":4,"score":0.2518947720527649},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.24732714891433716},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.20157521963119507},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.08375540375709534},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0720173716545105},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3233/jcs-171063","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-171063","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-01984694v1","is_oa":true,"landing_page_url":"https://uca.hal.science/hal-01984694","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Computer Security, 2019, 27 (1), pp.49-74. &#x27E8;10.3233/JCS-171063&#x27E9;","raw_type":"Journal articles"}],"best_oa_location":{"id":"pmh:oai:HAL:hal-01984694v1","is_oa":true,"landing_page_url":"https://uca.hal.science/hal-01984694","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Computer Security, 2019, 27 (1), pp.49-74. &#x27E8;10.3233/JCS-171063&#x27E9;","raw_type":"Journal articles"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W34326359","https://openalex.org/W79503960","https://openalex.org/W1531064568","https://openalex.org/W1533876796","https://openalex.org/W1539259953","https://openalex.org/W1561349478","https://openalex.org/W1565377632","https://openalex.org/W1996655273","https://openalex.org/W2001822577","https://openalex.org/W2065076704","https://openalex.org/W2078899285","https://openalex.org/W2083241531","https://openalex.org/W2084481113","https://openalex.org/W2095881341","https://openalex.org/W2112968394","https://openalex.org/W2134521102","https://openalex.org/W2142527556","https://openalex.org/W2145036943","https://openalex.org/W2160012352","https://openalex.org/W2164059558","https://openalex.org/W2167228371","https://openalex.org/W2247591845","https://openalex.org/W2277041267","https://openalex.org/W2594769746","https://openalex.org/W2619284436","https://openalex.org/W2625021110","https://openalex.org/W2769437624","https://openalex.org/W4242704521"],"related_works":["https://openalex.org/W2088322083","https://openalex.org/W2037721767","https://openalex.org/W2073810760","https://openalex.org/W1991033033","https://openalex.org/W4246269543","https://openalex.org/W2561520263","https://openalex.org/W1531468785","https://openalex.org/W2122079681","https://openalex.org/W4231940311","https://openalex.org/W2801417730"],"abstract_inverted_index":{"Design":[0],"Patterns":[1],"are":[2,25,115],"now":[3],"widely":[4],"accepted":[5],"and":[6,14,89,106,160,210],"used":[7,141],"in":[8,20,66,183],"software":[9,21,102],"engineering;":[10],"they":[11],"represent":[12],"generic":[13],"reusable":[15],"solutions":[16],"to":[17,31,52,83,117,142],"common":[18],"problems":[19],"design.":[22],"Security":[23],"patterns":[24,27,44,55,71],"specialised":[26],"whose":[28],"purpose":[29],"is":[30,123,139],"help":[32],"design":[33,75],"applications":[34],"that":[35,114],"should":[36],"meet":[37],"security":[38,43,80,86,104,107,135,169,184,208,212],"requirements.":[39],"The":[40,97,137],"enthusiasm":[41],"surrounding":[42],"has":[45],"made":[46],"emerge":[47],"several":[48],"catalogues":[49],"listing":[50],"up":[51],"180":[53],"different":[54],"at":[56],"the":[57,68,85,111,161,166,175,192],"moment.":[58],"This":[59,121],"growing":[60],"number":[61],"brings":[62],"an":[63],"increased":[64],"difficulty":[65],"choosing":[67],"most":[69],"appropriate":[70],"for":[72,152,181,200],"a":[73,79,90,118,129,153,196],"given":[74,119,154,164],"problem.":[76],"We":[77],"propose":[78],"pattern":[81,87,112,170,176,197],"classification":[82,91,98,122,177,198],"facilitate":[84],"choice":[88],"method":[92],"based":[93],"on":[94,189],"data":[95],"integration.":[96],"exposes":[99],"relationships":[100],"among":[101],"attacks,":[103,206],"principles":[105,209],"patterns.":[108,185,213],"It":[109],"expresses":[110],"combinations":[113],"countermeasures":[116],"attack.":[120],"semi-automatically":[124],"inferred":[125],"by":[126],"means":[127],"of":[128,168,194],"data-store":[130,138],"integrating":[131],"disparate":[132],"publicly":[133],"available":[134],"data.":[136],"also":[140],"generate":[143],"Attack":[144],"Defense":[145],"Trees.":[146],"In":[147],"our":[148],"context,":[149],"these":[150],"illustrate,":[151],"attack,":[155],"its":[156],"sub-attacks,":[157],"steps,":[158],"techniques":[159],"related":[162],"defenses":[163],"under":[165],"form":[167],"combinations.":[171],"Such":[172],"trees":[173],"make":[174],"more":[178],"readable":[179],"even":[180],"beginners":[182],"Finally,":[186],"we":[187],"evaluate":[188],"human":[190],"subjects":[191],"benefits":[193],"using":[195],"established":[199],"Web":[201],"applications,":[202],"which":[203],"covers":[204],"215":[205],"66":[207],"26":[211]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2018-09-27T00:00:00"}