{"id":"https://openalex.org/W4415286593","doi":"https://doi.org/10.46298/lmcs-22(2:7)2026","title":"A Scalable Game-Theoretic Approach for Selecting Security Controls from Standardized Catalogues","display_name":"A Scalable Game-Theoretic Approach for Selecting Security Controls from Standardized Catalogues","publication_year":2026,"publication_date":"2026-04-18","ids":{"openalex":"https://openalex.org/W4415286593","doi":"https://doi.org/10.46298/lmcs-22(2:7)2026"},"language":"en","primary_location":{"id":"doi:10.46298/lmcs-22(2:7)2026","is_oa":true,"landing_page_url":"https://doi.org/10.46298/lmcs-22(2:7)2026","pdf_url":null,"source":{"id":"https://openalex.org/S114379355","display_name":"Logical Methods in Computer Science","issn_l":"1860-5974","issn":["1860-5974"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310313916","host_organization_name":"Logical Methods in Computer Science e.V.","host_organization_lineage":["https://openalex.org/P4310313916"],"host_organization_lineage_names":["Logical Methods in Computer Science e.V."],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Logical Methods in Computer Science","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref","datacite","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://doi.org/10.46298/lmcs-22(2:7)2026","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5114450098","display_name":"Dylan L\u00e9veill\u00e9","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Dylan L\u00e9veill\u00e9","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5039439171","display_name":"Jason Jaskolka","orcid":"https://orcid.org/0000-0001-6316-3040"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jason Jaskolka","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5114450098"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.00635372,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"Volume 22, Issue 2","issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10317","display_name":"Advanced Database Systems and Queries","score":0.9502000212669373,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10317","display_name":"Advanced Database Systems and Queries","score":0.9502000212669373,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7562999725341797},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.6747000217437744},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.5478000044822693},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5228999853134155},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5217000246047974},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5149000287055969},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4657000005245209},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.42669999599456787},{"id":"https://openalex.org/keywords/formalism","display_name":"Formalism (music)","score":0.4052000045776367}],"concepts":[{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7562999725341797},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7142999768257141},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.6747000217437744},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.5478000044822693},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5228999853134155},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5217000246047974},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5149000287055969},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4657000005245209},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.42669999599456787},{"id":"https://openalex.org/C73301696","wikidata":"https://www.wikidata.org/wiki/Q5469984","display_name":"Formalism (music)","level":3,"score":0.4052000045776367},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3939000070095062},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37529999017715454},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.3495999872684479},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.3434000015258789},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.3050999939441681},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.28369998931884766},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2784999907016754},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.26339998841285706},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.26269999146461487},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.26269999146461487},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.25929999351501465},{"id":"https://openalex.org/C147343967","wikidata":"https://www.wikidata.org/wiki/Q5159078","display_name":"Concrete security","level":3,"score":0.2587999999523163},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.2565000057220459},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.2558000087738037}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.46298/lmcs-22(2:7)2026","is_oa":true,"landing_page_url":"https://doi.org/10.46298/lmcs-22(2:7)2026","pdf_url":null,"source":{"id":"https://openalex.org/S114379355","display_name":"Logical Methods in Computer Science","issn_l":"1860-5974","issn":["1860-5974"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310313916","host_organization_name":"Logical Methods in Computer Science e.V.","host_organization_lineage":["https://openalex.org/P4310313916"],"host_organization_lineage_names":["Logical Methods in Computer Science e.V."],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Logical Methods in Computer Science","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:2503.15626","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2503.15626","pdf_url":"https://arxiv.org/pdf/2503.15626","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:arXiv.org:2503.15626","is_oa":true,"landing_page_url":"https://arxiv.org/abs/2503.15626","pdf_url":"https://arxiv.org/pdf/2503.15626","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2503.15626","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2503.15626","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.46298/lmcs-22(2:7)2026","is_oa":true,"landing_page_url":"https://doi.org/10.46298/lmcs-22(2:7)2026","pdf_url":null,"source":{"id":"https://openalex.org/S114379355","display_name":"Logical Methods in Computer Science","issn_l":"1860-5974","issn":["1860-5974"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310313916","host_organization_name":"Logical Methods in Computer Science e.V.","host_organization_lineage":["https://openalex.org/P4310313916"],"host_organization_lineage_names":["Logical Methods in Computer Science e.V."],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Logical Methods in Computer Science","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320334617","display_name":"Social Sciences and Humanities Research Council of Canada","ror":"https://ror.org/04j5jqy92"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Selecting":[0],"the":[1,19,24,35,158,178,203,215],"combination":[2,84],"of":[3,40,85,93,109,188,223],"security":[4,86,95,110,189,199],"controls":[5,21,87,111,190],"that":[6,32,88],"will":[7],"most":[8],"effectively":[9],"protect":[10],"a":[11,15,83,91,102,118,129,153,161,198],"system's":[12],"assets":[13],"is":[14,57,125],"difficult":[16],"task.":[17],"If":[18],"wrong":[20],"are":[22,139],"selected,":[23],"system":[25,94,165],"may":[26],"be":[27,53,79],"left":[28],"vulnerable":[29],"to":[30,60,81,145,181,209],"cyber-attacks":[31],"can":[33,52,201],"impact":[34],"confidentiality,":[36],"integrity,":[37],"and":[38,43,62,73,117,206,211],"availability":[39],"critical":[41],"data":[42],"services.":[44],"In":[45,97],"practical":[46],"settings,":[47],"as":[48,70,128],"standardized":[49,168],"control":[50,65,122,135,169,216],"catalogues":[51],"quite":[54],"large,":[55],"it":[56],"not":[58],"possible":[59],"select":[61],"implement":[63],"every":[64],"possible.":[66],"Instead,":[67],"considerations,":[68],"such":[69],"budget,":[71],"effectiveness,":[72],"dependencies":[74,148],"among":[75,149],"various":[76],"controls,":[77],"must":[78],"considered":[80],"choose":[82],"best":[89],"achieve":[90],"set":[92,119,126,187],"objectives.":[96],"this":[98,173],"paper,":[99],"we":[100,156,176],"present":[101],"game-theoretic":[103],"approach":[104,159,205],"for":[105,137,147,191],"selecting":[106,184],"effective":[107,186],"combinations":[108,136],"based":[112],"on":[113,160],"expected":[114],"attacker":[115],"profiles":[116],"budget.":[120],"The":[121,194],"selection":[123,138,217],"problem":[124],"up":[127],"two-person":[130],"zero-sum":[131],"one-shot":[132],"game.":[133],"Valid":[134],"generated":[140],"using":[141],"an":[142,185],"algebraic":[143],"formalism":[144],"account":[146],"selected":[150],"controls.":[151],"Using":[152],"software":[154],"tool,":[155],"apply":[157],"fictional":[162],"Canadian":[163],"military":[164],"with":[166],"Canada's":[167],"catalogue,":[170],"ITSG-33.":[171],"Through":[172],"case":[174],"study,":[175],"demonstrate":[177],"approach's":[179],"scalability":[180],"assist":[182],"in":[183,214],"large":[192],"systems.":[193],"results":[195],"illustrate":[196],"how":[197],"analyst":[200],"use":[202],"proposed":[204],"supporting":[207],"tool":[208],"guide":[210],"support":[212],"decision-making":[213],"activity":[218],"when":[219],"developing":[220],"secure":[221],"systems":[222],"all":[224],"sizes.":[225]},"counts_by_year":[],"updated_date":"2026-06-07T08:38:57.713557","created_date":"2025-10-17T00:00:00"}