pith. sign in

arxiv: 2604.04705 · v1 · submitted 2026-04-06 · 💻 cs.CR · cs.SE

Bridging Safety and Security in Complex Systems: A Model-Based Approach with SAFT-GT Toolchain

Irdin Pekaric , Raffaela Groner , Alexander Raschke , Thomas Witte , Jubril Gbolahan Adigun , Michael Felderer , Matthias Tichy This is my paper

Pith reviewed 2026-05-10 19:47 UTC · model grok-4.3

classification 💻 cs.CR cs.SE
keywords safety analysissecurity analysisself-adaptive systemsattack-fault treesmodel-based engineeringtoolchainSAFT-GT
0
0 comments X

The pith

The SAFT-GT toolchain enables combined safety and security analysis in complex self-adaptive systems through attack-fault tree models.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper presents the SAFT-GT toolchain as a way to address both safety and security concerns in complex software systems like self-adaptive ones. The approach generates attack-fault trees and combines models to perform analyses that handle dynamic threats without major system changes. A sympathetic reader would care because current methods often treat safety and security separately, missing their interactions in evolving environments. The toolchain fits into self-adaptive feedback loops and was tested with domain experts in a user study to show real-world relevance.

Core claim

We designed and developed the SAFT-GT toolchain that tackles the multifaceted challenges associated with ensuring both safety and security. This paper provides a comprehensive description of the toolchain's architecture and functionalities, including the Attack-Fault Trees generation and model combination approaches. We emphasize the toolchain's ability to integrate seamlessly with existing systems, allowing for enhanced safety and security analyses without requiring extensive modifications and domain knowledge. Our proposed approach can address evolving security threats, including both known vulnerabilities and emerging attack vectors that could compromise the system. As a use case for the

What carries the argument

The SAFT-GT toolchain, which uses Attack-Fault Trees generation and model combination to jointly analyze safety and security.

If this is right

  • The toolchain allows enhanced safety and security analyses without extensive modifications to existing systems.
  • It can address both known vulnerabilities and emerging attack vectors.
  • The approach integrates into the feedback loop of self-adaptive systems.
  • User studies with domain experts confirm its relevance and usability in real-world scenarios.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Applying this combined modeling to other types of complex systems could reveal overlooked interactions between safety faults and security attacks.
  • Since the resources are open-source, developers might extend the toolchain to support additional threat models or system types.
  • Long-term use could lead to more resilient self-adaptive systems by continuously updating analyses as threats evolve.

Load-bearing premise

The toolchain integrates seamlessly with existing systems without requiring extensive modifications and domain knowledge, and the user study with domain experts sufficiently validates its practical applicability.

What would settle it

A deployment attempt on a real self-adaptive system that requires substantial custom coding or where experts report needing deep prior knowledge to use the analyses effectively would falsify the claims.

Figures

Figures reproduced from arXiv: 2604.04705 by Alexander Raschke, Irdin Pekaric, Jubril Gbolahan Adigun, Matthias Tichy, Michael Felderer, Raffaela Groner, Thomas Witte.

Figure 1
Figure 1. Figure 1: Integration of our approach in the MAPE-K loop. [PITH_FULL_IMAGE:figures/full_fig_p006_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: shows a simplified example of an AT for a packet flooding attack. It demonstrates that an attacker needs to “identify the receiving components” in a system and “generate traffic” in order to perform a flooding attack. The probabil￾ities specified for each attack step (depicted as ellipses) indicate the probability of successfully performing the respective attack step. Perform flooding-attack Identify recei… view at source ↗
Figure 3
Figure 3. Figure 3: Example of a Fault Tree (FT). events. Attack events are analogous to an attack goal that serves as the root of an AT and, therefore, mark the juncture between FT and AT in an AFT [24, 26] [PITH_FULL_IMAGE:figures/full_fig_p012_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Example of an Attack-Fault Tree (AFT). 2.3. Security Concepts and Metrics In this section, we outline the general security concepts and metrics that were uti￾lized in the proposed modeling approach. CVE2 data is used to distinguish between different vulnerabilities. These vulnerabilities have already been identified by secu￾rity experts and recorded in order to provide a means of protection against existin… view at source ↗
Figure 5
Figure 5. Figure 5: Overview of the SAFT toolchain and produced/used artifacts. [PITH_FULL_IMAGE:figures/full_fig_p017_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Meta-model of deployment model. Each deployment element can be executed on another element or depend on other elements. This dependency information is generated recursively by our analysis tool via the used files and libraries of a component returned by Unix tools such as lsof9 and ldd10. System-specific package managers as apt11 and dpkg12 abstract this in￾formation into package names for which CVEs can b… view at source ↗
Figure 7
Figure 7. Figure 7: Extended Fault Tree including an attack step (house-shaped node). This reflects that [PITH_FULL_IMAGE:figures/full_fig_p025_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: AFT fragment modeling the corruption of a platform by corrupting its components. [PITH_FULL_IMAGE:figures/full_fig_p032_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Simplified excerpt from the AFT generated by our approach. [PITH_FULL_IMAGE:figures/full_fig_p034_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Workshop Survey Response Results case that not everything is known at design time. Perhaps new things will be added.” According to the aforementioned statements, the design time approach was found to be challenging due to unexpected conditions and the necessity for all components to be known in advance. Moreover, the possibility of adding new components to the system that cannot be predicted at design tim… view at source ↗
read the original abstract

In the rapidly evolving landscape of software engineering, the demand for robust and secure systems has become increasingly critical. This is especially true for self-adaptive systems due to their complexity and the dynamic environments in which they operate. To address this issue, we designed and developed the SAFT-GT toolchain that tackles the multifaceted challenges associated with ensuring both safety and security. This paper provides a comprehensive description of the toolchain's architecture and functionalities, including the Attack-Fault Trees generation and model combination approaches. We emphasize the toolchain's ability to integrate seamlessly with existing systems, allowing for enhanced safety and security analyses without requiring extensive modifications and domain knowledge. Our proposed approach can address evolving security threats, including both known vulnerabilities and emerging attack vectors that could compromise the system. As a use case for the toolchain, we integrate it into the feedback loop of self-adaptive systems. Finally, to validate the practical applicability of the toolchain, we conducted an extensive user study involving domain experts, whose insights and feedback underscore the toolchain's relevance and usability in real-world scenarios. Our findings demonstrate the toolchain's effectiveness in real-world applications while highlighting areas for future improvements. The toolchain and associated resources are available in an open-source repository to promote reproducibility and encourage further research in this field.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. The paper introduces the SAFT-GT toolchain for generating and combining Attack-Fault Trees to jointly address safety and security in complex self-adaptive systems. It describes the toolchain architecture, model combination methods, claims of seamless integration with existing systems without extensive modifications, handling of known and emerging threats, use within feedback loops, and validation via an extensive user study with domain experts. The toolchain and resources are released as open-source to support reproducibility.

Significance. If the empirical claims hold, the work offers a model-based method to bridge safety and security analyses in dynamic systems, addressing a practical need in software engineering. The open-source release of the toolchain is a clear strength that enables reproducibility and further research.

major comments (1)
  1. [§5 (User Study and Validation)] §5 (User Study and Validation): The central claim that the toolchain demonstrates effectiveness and usability in real-world scenarios rests on an 'extensive user study involving domain experts' whose feedback 'underscore[s] the toolchain's relevance and usability.' However, the manuscript reports no participant count, selection criteria, survey instrument, quantitative metrics (e.g., SUS scores, effort reduction, threat coverage), statistical analysis, or comparison to baselines. This absence prevents assessment of whether the study supplies measurable evidence supporting the headline claims.
minor comments (2)
  1. [Abstract] Abstract: The repeated assertion of 'effectiveness in real-world applications' is not accompanied by any concrete outcome metrics from the user study.
  2. [Introduction and §3] The claim of 'seamless' integration 'without requiring extensive modifications and domain knowledge' (Introduction and §3) would benefit from a concrete example or integration effort measurement to make the assertion falsifiable.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their thorough review and constructive feedback. We address the single major comment below and confirm that we will revise the manuscript to incorporate the requested details on the user study.

read point-by-point responses

  1. Referee: [§5 (User Study and Validation)] §5 (User Study and Validation): The central claim that the toolchain demonstrates effectiveness and usability in real-world scenarios rests on an 'extensive user study involving domain experts' whose feedback 'underscore[s] the toolchain's relevance and usability.' However, the manuscript reports no participant count, selection criteria, survey instrument, quantitative metrics (e.g., SUS scores, effort reduction, threat coverage), statistical analysis, or comparison to baselines. This absence prevents assessment of whether the study supplies measurable evidence supporting the headline claims.

    Authors: We agree that the original manuscript's description of the user study was insufficiently detailed. While the study was conducted with domain experts and generated both qualitative and quantitative feedback, the submission focused primarily on the toolchain architecture and omitted the methodological specifics. In the revised manuscript we will expand §5 to report participant count and demographics, selection criteria, the survey instrument and administration procedure, quantitative metrics (including SUS scores, perceived effort reduction, and threat coverage), appropriate statistical summaries, and any baseline comparisons performed. These additions will be supported by the study data we collected and will enable readers to assess the evidence for our claims. revision: yes

Circularity Check

0 steps flagged

No circularity; tool description and external validation are self-contained

full rationale

The paper presents the design, architecture, and integration of the SAFT-GT toolchain for safety-security analysis in self-adaptive systems, followed by validation through an external user study with domain experts. No mathematical derivations, equations, fitted parameters, or predictions appear in the provided text. Claims rest on descriptive content and cited external feedback rather than reducing to self-definitions, self-citations, or renamings. The central assertions are therefore independent of the paper's own inputs.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The paper is an engineering tool-description contribution with no mathematical derivations, fitted parameters, or new postulated entities. It relies on standard concepts from safety engineering, security analysis, and model-based systems engineering.

pith-pipeline@v0.9.0 · 5552 in / 1226 out tokens · 74770 ms · 2026-05-10T19:47:50.734353+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

60 extracted references · 60 canonical work pages

  1. [2]

    Ceccarelli, L

    A. Ceccarelli, L. Montecchi, Evaluating object (mis) detection from a safety and reliability perspective: Discussion and measures, IEEE Access 11 (2023) 44952– 44963.doi:10.1109/ACCESS.2023.3272979

    work page doi:10.1109/access.2023.3272979 2023

  2. [3]

    Weyns, I

    D. Weyns, I. Gerostathopoulos, N. Abbas, J. Andersson, S. Biffl, P. Brada, T. Bu- res, A. Di Salle, M. Galster, P. Lago, G. Lewis, M. Litoiu, A. Musil, J. Musil, 60 P. Patros, P. Pelliccione, Self-adaptation in industry: A survey, ACM Trans. Auton. Adapt. Syst. 18 (2) (may 2023).doi:10.1145/3589227

    work page doi:10.1145/3589227 2023

  3. [4]

    L. M. Prikler, F. Wotawa, Challenges of testing self-adaptive systems, in: Pro- ceedings of the 26th ACM International Systems and Software Product Line Conference - Volume B, SPLC ’22, Association for Computing Machinery, New York, NY, USA, 2022, p. 224–228.doi:10.1145/3503229.3547048

    work page doi:10.1145/3503229.3547048 2022

  4. [5]

    Donaldson

    E. Andr´ e, D. Lime, M. Ramparison, M. Stoelinga, Parametric analyses of attack- fault trees, in: 2019 19th International Conference on Application of Concurrency to System Design (ACSD), 2019, pp. 33–42.doi:10.1109/ACSD.2019.00008

    work page doi:10.1109/acsd.2019.00008 2019

  5. [6]

    Kumar, M

    R. Kumar, M. Stoelinga, Quantitative security and safety analysis with attack- fault trees, in: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), 2017, pp. 25–32.doi:10.1109/HASE.2017.12

    work page doi:10.1109/hase.2017.12 2017

  6. [7]

    Groner, T

    R. Groner, T. Witte, A. Raschke, S. Hirn, I. Pekaric, M. Frick, M. Tichy, M. Felderer, Model-based generation of attack-fault trees, in: J. Guiochet, S. Tonetta, F. Bitsch (Eds.), Computer Safety, Reliability, and Security (SAFE- COMP), Springer Nature Switzerland, Cham, 2023, pp. 107–120.doi:10.1007/ 978-3-031-40923-3_9

    work page 2023

  7. [8]

    Pekaric, M

    I. Pekaric, M. Felderer, P. Steinm¨ uller, VULNERLIZER: cross-analysis between vulnerabilities and software libraries, in: 54th Hawaii International Conference on System Sciences, HICSS 2021, Kauai, Hawaii, USA, January 5, 2021, Schol- arSpace, 2021, pp. 1–10

    work page 2021

  8. [9]

    Pekaric, C

    I. Pekaric, C. Sauerwein, S. Haselwanter, M. Felderer, A taxonomy of attack 61 mechanisms in the automotive domain, Computer Standards & Interfaces 78 (2021) 103539.doi:https://doi.org/10.1016/j.csi.2021.103539

    work page doi:10.1016/j.csi.2021.103539 2021

  9. [10]

    Witte, R

    T. Witte, R. Groner, A. Raschke, M. Tichy, I. Pekaric, M. Felderer, Towards model co-evolution across self-adaptation steps for combined safety and security analysis, in: Proceedings of the 17th Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS ’22, Association for Computing Machinery, New York, NY, USA, 2022, p. 106–112.doi:...

    work page doi:10.1145/3524844 2022

  10. [11]

    Giese, M

    H. Giese, M. Tichy, Component-based hazard analysis: Optimal designs, prod- uct lines, and online-reconfiguration, in: J. G´ orski (Ed.), Computer Safety, Re- liability, and Security, Springer Berlin Heidelberg, Berlin, Heidelberg, 2006, pp. 156–169.doi:10.1007/11875567_12

    work page doi:10.1007/11875567_12 2006

  11. [12]

    doi: 10.1109/MC.2003.1160055

    J. Kephart, D. Chess, The vision of autonomic computing, Computer 36 (1) (2003) 41–50.doi:10.1109/MC.2003.1160055

    work page doi:10.1109/mc.2003.1160055 2003

  12. [13]

    Science Robotics7(66), 6074 (2022) https://doi.org/10.1126/scirobotics.abm6074

    S. Macenski, T. Foote, B. Gerkey, C. Lalancette, W. Woodall, Robot operating system 2: Design, architecture, and uses in the wild, Science Robotics 7 (66) (2022) eabm6074.doi:10.1126/scirobotics.abm6074

    work page doi:10.1126/scirobotics.abm6074 2022

  13. [14]

    Weyns, B

    D. Weyns, B. Schmerl, V. Grassi, S. Malek, R. Mirandola, C. Prehofer, J. Wuttke, J. Andersson, H. Giese, K. M. G¨ oschka, Software Engineering for Self-Adaptive Systems II. Lecture Notes in Computer Science, Vol. 7475, Springer Berlin Heidelberg, Berlin, Heidelberg, 2013, Ch. On Patterns for Decentralized Control in Self-Adaptive Systems, pp. 76–107.doi:1...

    work page 2013

  14. [15]

    Arcaini, E

    P. Arcaini, E. Riccobene, P. Scandurra, Modeling and analyzing mape-k feed- back loops for self-adaptation, in: 2015 IEEE/ACM 10th International Sympo- sium on Software Engineering for Adaptive and Self-Managing Systems, 2015, pp. 13–23.doi:10.1109/SEAMS.2015.10

    work page doi:10.1109/seams.2015.10 2015

  15. [16]

    S. Mauw, M. Oostdijk, Foundations of attack trees, in: D. H. Won, S. Kim (Eds.), Information Security and Cryptology - ICISC 2005, Springer Berlin Hei- delberg, Berlin, Heidelberg, 2006, pp. 186–198.doi:10.1007/11734727_17

    work page doi:10.1007/11734727_17 2005

  16. [17]

    Schneier, Modeling security threats, Dr

    B. Schneier, Modeling security threats, Dr. Dobb’s journal 24 (12) (1999)

    work page 1999

  17. [18]

    M. B. Muzammil, M. Bilal, S. Ajmal, S. C. Shongwe, Y. Y. Ghadi, Unveiling vulnerabilities of web attacks considering man in the middle attack and ses- sion hijacking, IEEE Access 12 (2024) 6365–6375.doi:10.1109/ACCESS.2024. 3350444

    work page doi:10.1109/access.2024 2024

  18. [19]

    H. S. Lallie, K. Debattista, J. Bal, A review of attack graph and attack tree visual syntax in cyber security, Computer Science Review 35 (2020) 100219.doi: 10.1016/j.cosrev.2019.100219

    work page doi:10.1016/j.cosrev.2019.100219 2020

  19. [20]

    W. E. Vesely, F. F. Goldberg, N. H. Roberts, D. F. Haasl, Fault tree handbook, Tech. rep., Nuclear Regulatory Commission Washington DC (1981)

    work page 1981

  20. [21]

    G. J. Pai, J. B. Dugan, Automatic synthesis of dynamic fault trees from uml sys- tem models, in: 13th International Symposium on Software Reliability Engineer- ing, 2002. Proceedings., 2002, pp. 243–254.doi:10.1109/ISSRE.2002.1173261

    work page doi:10.1109/issre.2002.1173261 2002

  21. [22]

    Dugan, S

    J. Dugan, S. Bavuso, M. Boyd, Dynamic fault-tree models for fault-tolerant computer systems, IEEE Transactions on Reliability 41 (3) (1992) 363–377.doi: 10.1109/24.159800. 63

    work page doi:10.1109/24.159800 1992

  22. [23]

    Bertier, O

    D. Raiteri, G. Franceschinis, M. Iacono, V. Vittorini, Repairable fault tree for the automatic evaluation of repair policies, in: International Conference on De- pendable Systems and Networks, 2004, 2004, pp. 659–668.doi:10.1109/DSN. 2004.1311936

    work page doi:10.1109/dsn 2004

  23. [24]

    Ruijters, M

    E. Ruijters, M. Stoelinga, Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools, Computer Science Review 15-16 (2015) 29–62. doi:10.1016/j.cosrev.2015.03.001

    work page doi:10.1016/j.cosrev.2015.03.001 2015

  24. [25]

    Edifor, M

    E. Edifor, M. Walker, N. Gordon, Quantification of priority-or gates in temporal fault trees, in: F. Ortmeier, P. Daniel (Eds.), Computer Safety, Reliability, and Security, Springer Berlin Heidelberg, Berlin, Heidelberg, 2012, pp. 99–110.doi: 10.1007/978-3-642-33678-2_9

    work page doi:10.1007/978-3-642-33678-2_9 2012

  25. [26]

    Air traffic control complexity as workload driver

    I. Nai Fovino, M. Masera, A. De Cian, Integrating cyber attacks within fault trees, Reliability Engineering & System Safety 94 (9) (2009) 1394–1402, eSREL 2007, the 18th European Safety and Reliability Conference.doi:10.1016/j. ress.2009.02.020

    work page doi:10.1016/j 2009

  26. [27]

    Samonas, D

    S. Samonas, D. Coss, The CIA strikes back: Redefining confidentiality, integrity and availability in security, Journal of Information System Security 10 (3) (2014)

    work page 2014

  27. [28]

    Sauerwein, I

    C. Sauerwein, I. Pekaric, M. Felderer, R. Breu, An analysis and classification of public information security data sources used in research and practice, Computers & security 82 (2019) 140–155

    work page 2019

  28. [29]

    Jacobs, S

    J. Jacobs, S. Romanosky, B. Edwards, I. Adjerid, M. Roytman, Exploit pre- diction scoring system (epss), Digital Threats 2 (3) (jul 2021).doi:10.1145/ 3436242. 64

    work page 2021

  29. [30]

    Lenin, J

    A. Lenin, J. Willemson, D. P. Sari, Attacker profiling in quantitative security assessment based on attack trees, in: K. Bernsmed, S. Fischer-H¨ ubner (Eds.), Secure IT Systems, Springer International Publishing, Cham, 2014, pp. 199–212. doi:10.1007/978-3-319-11599-3_12

    work page doi:10.1007/978-3-319-11599-3_12 2014

  30. [31]

    Gherardi, Variability modeling and resolution in component-based robotics systems, Ph

    L. Gherardi, Variability modeling and resolution in component-based robotics systems, Ph. D. Thesis (2013)

    work page 2013

  31. [32]

    Pekaric, M

    I. Pekaric, M. Frick, J. G. Adigun, R. Groner, T. Witte, A. Raschke, M. Felderer, M. Tichy, Streamlining attack tree generation: A fragment-based approach, in: T. X. Bui (Ed.), 57th Hawaii International Conference on System Sciences, HICSS 2024, Hilton Hawaiian Village Waikiki Beach Resort, Hawaii, USA, January 3-6, 2024, ScholarSpace, 2024, pp. 7447–7456

    work page 2024

  32. [33]

    C. E. Budde, C. Kolb, M. Stoelinga, Attack trees vs. fault trees: Two sides of the same coin from different currencies, in: A. Abate, A. Marin (Eds.), Quantitative Evaluation of Systems, Springer International Publishing, Cham, 2021, pp. 457– 467.doi:10.1007/978-3-030-85172-9_24

    work page doi:10.1007/978-3-030-85172-9_24 2021

  33. [34]

    T. Mens, P. Van Gorp, A taxonomy of model transformation, Electronic Notes in Theoretical Computer Science 152 (2006) 125–142.doi:10.1016/j.entcs. 2005.10.021

    work page doi:10.1016/j.entcs 2006

  34. [35]

    Ponsard, J.-C

    C. Ponsard, J.-C. Deprez, R. Darimont, Formalizing security and safety require- ments by mapping attack-fault trees on obstacle models with constraint program- ming semantics, in: 2020 IEEE Workshop on Formal Requirements (FORM- REQ), 2020, pp. 8–13.doi:10.1109/FORMREQ51202.2020.00009

    work page doi:10.1109/formreq51202.2020.00009 2020

  35. [36]

    Coppit, K

    D. Coppit, K. J. Sullivan, Galileo: a tool built from mass-market applications, 65 in: Proceedings of the 22nd International Conference on Software Engineering, ICSE ’00, Association for Computing Machinery, New York, NY, USA, 2000, p. 750–753.doi:10.1145/337180.337622

    work page doi:10.1145/337180.337622 2000

  36. [37]

    Junges, D

    S. Junges, D. Guck, J.-P. Katoen, M. Stoelinga, Uncovering dynamic fault trees, in: 2016 46th Annual IEEE/IFIP International Conference on Dependable Sys- tems and Networks (DSN), 2016, pp. 299–310.doi:10.1109/DSN.2016.35

    work page doi:10.1109/dsn.2016.35 2016

  37. [38]

    David, K

    A. David, K. G. Larsen, A. Legay, M. Mikuˇ cionis, D. B. Poulsen, J. van Vliet, Z. Wang, Statistical model checking for networks of priced timed au- tomata, in: U. Fahrenberg, S. Tripakis (Eds.), Formal Modeling and Analysis of Timed Systems, Springer Berlin Heidelberg, Berlin, Heidelberg, 2011, pp. 80– 96.doi:10.1007/978-3-642-24310-3_7

    work page doi:10.1007/978-3-642-24310-3_7 2011

  38. [39]

    Uppaal SMC tutorial

    A. David, K. G. Larsen, A. Legay, M. Mikuˇ cionis, D. B. Poulsen, Uppaal SMC tutorial, International Journal on Software Tools for Technology Transfer 17 (4) (2015) 397–415.doi:10.1007/s10009-014-0361-y

    work page doi:10.1007/s10009-014-0361-y 2015

  39. [40]

    I. N. Fovino, M. Masera, A. De Cian, Integrating cyber attacks within fault trees, Reliability Engineering & System Safety 94 (9) (2009) 1394–1402

    work page 2009

  40. [41]

    Pfister, G

    M. Pfister, G. Apruzzese, I. Pekaric, Department-specific security awareness campaigns: A cross-organizational study of hr and accounting, in: 2025 APWG Symposium on Electronic Crime Research (eCrime), IEEE, 2025, pp. 1–17

    work page 2025

  41. [42]

    Bilge, T

    L. Bilge, T. Dumitra¸ s, Before we knew it: an empirical study of zero-day attacks in the real world, in: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, Association for Computing Machinery, New York, NY, USA, 2012, p. 833–844.doi:10.1145/2382196.2382284. 66

    work page doi:10.1145/2382196.2382284 2012

  42. [43]

    Arazzi, D

    M. Arazzi, D. R. Arikkat, S. Nicolazzo, A. Nocera, R. R. K. A., P. Vinod, M. Conti, NLP-based techniques for cyber threat intelligence, CoRR abs/2311.08807 (2023).doi:10.48550/ARXIV.2311.08807

    work page doi:10.48550/arxiv.2311.08807 2023

  43. [44]

    A. P. Fournaris, A. Komninos, A. S. Lalos, A. P. Kalogeras, C. Koulamas, D. Ser- panos, Security and Quality in Cyber-Physical Systems Engineering, Springer In- ternational Publishing, Cham, 2019, Ch. Design and Run-Time Aspects of Secure Cyber-Physical Systems, pp. 357–382.doi:10.1007/978-3-030-25312-7_13

    work page doi:10.1007/978-3-030-25312-7_13 2019

  44. [45]

    Understanding the process of data labeling in cybersecurity,

    T. Braun, I. Pekaric, G. Apruzzese, Understanding the process of data labeling in cybersecurity, in: Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing, SAC ’24, Association for Computing Machinery, New York, NY, USA, 2024, pp. 1596–1605.doi:10.1145/3605098.3636046

    work page doi:10.1145/3605098.3636046 2024

  45. [46]

    Managing engineering systems with large state and action spaces through deep reinforcement learning

    S. Kriaa, L. Pietre-Cambacedes, M. Bouissou, Y. Halgand, A survey of ap- proaches combining safety and security for industrial control systems, Reliability Engineering and System Safety 138 (2015) p. 156–178.doi:10.1016/j.ress. 2015.02.008

    work page doi:10.1016/j.ress 2015

  46. [47]

    Bloomfield, K

    R. Bloomfield, K. Netkachova, R. Stroud, Security-informed safety: if it’s not se- cure, it’s not safe, in: International workshop on software engineering for resilient systems, Springer, 2013, pp. 17–32

    work page 2013

  47. [48]

    Karaosman, A

    E. Karaosman, A. Rizvani, I. Pekaric, Security Barriers to Trustworthy AI- Driven Cyber Threat Intelligence in Finance: Evidence from Practitioners, in: Proceedings of the Sixteenth ACM Conference on Data and Application Security and Privacy (CODASPY), 2026.doi:10.1145/3800506.3803505

    work page doi:10.1145/3800506.3803505 2026

  48. [49]

    Oueidat, J.-M

    T. Oueidat, J.-M. Flaus, F. Mass´ e, A review of combined safety and security 67 risk analysis approaches: Application and classification, in: 2020 International Conference on Control, Automation and Diagnosis (ICCAD), 2020, pp. 1–7.doi: 10.1109/ICCAD49821.2020.9260512

    work page doi:10.1109/iccad49821.2020.9260512 2020

  49. [50]

    An Integrated Approach to Safety and Security Based on Systems Theory

    W. Young, N. G. Leveson, An integrated approach to safety and security based on systems theory, Commun. ACM 57 (2) (2014) 31–35.doi:10.1145/2556938

    work page doi:10.1145/2556938 2014

  50. [51]

    Pereira, C

    D. Pereira, C. Hirata, R. Pagliares, S. Nadjm-Tehrani, Towards combined safety and security constraints analysis, in: S. Tonetta, E. Schoitsch, F. Bitsch (Eds.), Computer Safety, Reliability, and Security, Springer International Publishing, Cham, 2017, pp. 70–80.doi:10.1007/978-3-319-66284-8_7

    work page doi:10.1007/978-3-319-66284-8_7 2017

  51. [52]

    Swiler, C

    L. Swiler, C. Phillips, D. Ellis, S. Chakerian, Computer-attack graph generation tool, in: Proceedings DARPA Information Survivability Conference and Expo- sition II. DISCEX’01, Vol. 2, 2001, pp. 307–321 vol.2.doi:10.1109/DISCEX. 2001.932182

    work page doi:10.1109/discex 2001

  52. [53]

    Kotenko, A

    I. Kotenko, A. Chechulin, A cyber attack modeling and impact assessment framework, in: 2013 5th International Conference on Cyber Conflict (CYCON 2013), 2013, pp. 1–24

    work page 2013

  53. [54]

    X. Ou, W. F. Boyer, M. A. McQueen, A scalable approach to attack graph gen- eration, in: Proceedings of the 13th ACM Conference on Computer and Commu- nications Security, CCS ’06, Association for Computing Machinery, New York, NY, USA, 2006, p. 336–345.doi:10.1145/1180405.1180446

    work page doi:10.1145/1180405.1180446 2006

  54. [55]

    Jablonski, D

    M. Jablonski, D. Wijesekera, A. Singhal, Generating cyber-physical system risk overlays for attack and fault trees using systems theory, in: Proceedings of the 68 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Sat- CPS ’22, Association for Computing Machinery, New York, NY, USA, 2022, p. 13–20.doi:10.1145/3510547.3517922

    work page doi:10.1145/3510547.3517922 2022

  55. [56]

    N. M. Villegas, H. A. M¨ uller, G. Tamura, L. Duchien, R. Casallas, A framework for evaluating quality-driven self-adaptive software systems, in: Proceedings of the 6th International Symposium on Software Engineering for Adaptive and Self- Managing Systems, SEAMS ’11, Association for Computing Machinery, New York, NY, USA, 2011, p. 80–89.doi:10.1145/19880...

    work page doi:10.1145/1988008.1988020 2011

  56. [57]

    Tamura, N

    G. Tamura, N. Villegas, H. M¨ uller, J. P. Sousa, B. Becker, M. Pezz` e, G. Karsai, S. Mankovskii, W. Sch¨ afer, L. Tahvildari, K. Wong, Towards Practical Runtime Verification and Validation of Self-Adaptive Software Systems, in: R. de Lemos, H. Giese, H. M¨ uller, M. Shaw (Eds.), Software Engineering for Self-Adaptive Systems 2, Vol. 7475 of LNCS, Spring...

    work page 2012

  57. [58]

    Kl¨ os, T

    V. Kl¨ os, T. G¨ othel, S. Glesner, Comprehensible and dependable self-learning self-adaptive systems, Journal of Systems Architecture 85-86 (2018) 28–42.doi: https://doi.org/10.1016/j.sysarc.2018.03.004

    work page doi:10.1016/j.sysarc.2018.03.004 2018

  58. [59]

    D. M. Barbosa, R. G. de Moura Lima, P. H. M. Maia, E. C. Junior, Lo- tus@runtime: a tool for runtime monitoring and verification of self-adaptive systems, in: Proceedings of the 12th International Symposium on Software Engi- neering for Adaptive and Self-Managing Systems, SEAMS ’17, IEEE Press, 2017, p. 24–30.doi:10.1109/SEAMS.2017.18

    work page doi:10.1109/seams.2017.18 2017

  59. [60]

    Carwehl, T

    M. Carwehl, T. Vogel, G. N. Rodrigues, L. Grunske, Runtime Verification of Self-Adaptive Systems with Changing Requirements , in: 2023 IEEE/ACM 18th 69 Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), IEEE Computer Society, Los Alamitos, CA, USA, 2023, pp. 104–114. doi:10.1109/SEAMS59076.2023.00024

    work page doi:10.1109/seams59076.2023.00024 2023

  60. [61]

    Steiner, P

    M. Steiner, P. Liggesmeyer, Combination of safety and security analysis - find- ing security problems that threaten the safety of a system, in: Workshop DECS (ERCIM/EWICS workshop on dependable embedded and cyber-physical sys- tems) of the 32nd international conference on computer safety (SAFECOMP), 2013. 70

    work page 2013