@inproceedings{65261,
  author       = {{Trentinaglia, Roman and Koch, Thorsten and Bodden, Eric}},
  booktitle    = {{Proceedings of the 14th International Conference on Model-Based Software and Systems Engineering}},
  publisher    = {{SCITEPRESS - Science and Technology Publications}},
  title        = {{{Using Attack and Failure Propagation Analysis for Context-Aware Security Control Suggestions}}},
  doi          = {{10.5220/0014278000004058}},
  year         = {{2026}},
}

@inproceedings{60583,
  abstract     = {{<jats:p>Assessing and communicating software security has become a crucial concern in the era of digital transformation. As software systems grow more complex and interconnected, it becomes increasingly challenging to effectively evaluate and communicate a product's security status to both technical and non-technical stakeholders. The Software Product Health Assistant (SPHA) is designed to automatically collect and aggregate data from existing expert tools and derive, among other scores, a transparent Security Score. SPHA is designed to present and explain this Security Score to decision-makers to support their responsibilities. In this paper, we demonstrate how to integrate data from SMARAGD (System Modeler for Architectural Risk Assessment and Guidance on Defenses), a safety-informed threat modeling tool, into SPHA to enhance the existing definition of its Security Score. To achieve this, we combine information about known vulnerabilities with architectural and threat data to calculate a realistic risk score for the product in question.</jats:p>}},
  author       = {{Strüwer, Jan-niclas and Trentinaglia, Roman and Wohlers, Benedict and Bodden, Eric and Dumitrescu, Roman}},
  booktitle    = {{AHFE International}},
  issn         = {{2771-0718}},
  publisher    = {{AHFE International}},
  title        = {{{Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis}}},
  doi          = {{10.54941/ahfe1006145}},
  volume       = {{168}},
  year         = {{2025}},
}

@misc{59601,
  abstract     = {{Modern vehicles are becoming more connected and autonomous, and more software-defined in general. Such connectivity leads to security risks due to the increased attack surface for external intrusions. In addition, attacks can also lead to safety hazards as cars contain multiple safety-critical components. Therefore both safety and security must be considered in combination. In this whitepaper, we describe a tool-supported analysis method aligned with automotive standards to identify safety and security dependencies and automatically derive corresponding test cases. These test cases can be imported into the existing dSPACE tool chain to improve efficiency by reducing time-consuming manual work and susceptibility to errors. Thereby, our method brings together system design and testing phases to pave the way for an integrated safety and security-by-design life cycle in the automotive domain.}},
  author       = {{Trentinaglia, Roman and Fockel, Markus and Pukrop, Matthias and Schaeffer, Tobias}},
  pages        = {{5}},
  publisher    = {{dSPACE GmbH}},
  title        = {{{Whitepaper: From HARA and TARA to Risk-Based Safety and Security Dependency Testing}}},
  year         = {{2024}},
}

@inproceedings{57578,
  author       = {{Trentinaglia, Roman and Fockel, Markus and Pukrop, Matthias and Schaeffer, Tobias}},
  booktitle    = {{22th escar Europe : The World’s Leading Automotive Cyber Security Conference : Embedded Security in Cars (Dortmund, 19. - 20.11.2024)}},
  title        = {{{Automatically deriving test cases from safety-security dependencies}}},
  doi          = {{10.13154/294-12716}},
  year         = {{2024}},
}

@inproceedings{43395,
  author       = {{Trentinaglia, Roman and Merschjohann, Sven and Fockel, Markus and Eikerling, Hendrik}},
  booktitle    = {{REFSQ 2023: Requirements Engineering: Foundation for Software Quality}},
  isbn         = {{9783031297854}},
  issn         = {{0302-9743}},
  publisher    = {{Springer Nature Switzerland}},
  title        = {{{Eliciting Security Requirements – An Experience Report}}},
  doi          = {{10.1007/978-3-031-29786-1_25}},
  year         = {{2023}},
}

@inproceedings{29847,
  author       = {{Fockel, Markus and Schubert, David and Trentinaglia, Roman and Schulz, Hannes and Kirmair, Wolfgang}},
  booktitle    = {{Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development}},
  publisher    = {{SCITEPRESS - Science and Technology Publications}},
  title        = {{{Semi-automatic Integrated Safety and Security Analysis for Automotive Systems}}},
  doi          = {{10.5220/0010778500003119}},
  year         = {{2022}},
}

@inproceedings{34298,
  author       = {{Trentinaglia, Roman}},
  booktitle    = {{Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings}},
  publisher    = {{ACM}},
  title        = {{{Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns}}},
  doi          = {{10.1145/3550356.3558508}},
  year         = {{2022}},
}