---
_id: '65261'
author:
- first_name: Roman
full_name: Trentinaglia, Roman
id: '49934'
last_name: Trentinaglia
orcid: 0000-0001-9728-4991
- first_name: Thorsten
full_name: Koch, Thorsten
id: '13616'
last_name: Koch
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Trentinaglia R, Koch T, Bodden E. Using Attack and Failure Propagation Analysis
for Context-Aware Security Control Suggestions. In: Proceedings of the 14th
International Conference on Model-Based Software and Systems Engineering.
SCITEPRESS - Science and Technology Publications; 2026. doi:10.5220/0014278000004058'
apa: Trentinaglia, R., Koch, T., & Bodden, E. (2026). Using Attack and Failure
Propagation Analysis for Context-Aware Security Control Suggestions. Proceedings
of the 14th International Conference on Model-Based Software and Systems Engineering.
https://doi.org/10.5220/0014278000004058
bibtex: '@inproceedings{Trentinaglia_Koch_Bodden_2026, title={Using Attack and Failure
Propagation Analysis for Context-Aware Security Control Suggestions}, DOI={10.5220/0014278000004058},
booktitle={Proceedings of the 14th International Conference on Model-Based Software
and Systems Engineering}, publisher={SCITEPRESS - Science and Technology Publications},
author={Trentinaglia, Roman and Koch, Thorsten and Bodden, Eric}, year={2026}
}'
chicago: Trentinaglia, Roman, Thorsten Koch, and Eric Bodden. “Using Attack and
Failure Propagation Analysis for Context-Aware Security Control Suggestions.”
In Proceedings of the 14th International Conference on Model-Based Software
and Systems Engineering. SCITEPRESS - Science and Technology Publications,
2026. https://doi.org/10.5220/0014278000004058.
ieee: 'R. Trentinaglia, T. Koch, and E. Bodden, “Using Attack and Failure Propagation
Analysis for Context-Aware Security Control Suggestions,” 2026, doi: 10.5220/0014278000004058.'
mla: Trentinaglia, Roman, et al. “Using Attack and Failure Propagation Analysis
for Context-Aware Security Control Suggestions.” Proceedings of the 14th International
Conference on Model-Based Software and Systems Engineering, SCITEPRESS - Science
and Technology Publications, 2026, doi:10.5220/0014278000004058.
short: 'R. Trentinaglia, T. Koch, E. Bodden, in: Proceedings of the 14th International
Conference on Model-Based Software and Systems Engineering, SCITEPRESS - Science
and Technology Publications, 2026.'
date_created: 2026-03-31T13:52:36Z
date_updated: 2026-03-31T13:53:55Z
department:
- _id: '241'
- _id: '662'
doi: 10.5220/0014278000004058
language:
- iso: eng
publication: Proceedings of the 14th International Conference on Model-Based Software
and Systems Engineering
publication_status: published
publisher: SCITEPRESS - Science and Technology Publications
status: public
title: Using Attack and Failure Propagation Analysis for Context-Aware Security Control
Suggestions
type: conference
user_id: '49934'
year: '2026'
...
---
_id: '60583'
abstract:
- lang: eng
text: Assessing and communicating software security has become a crucial
concern in the era of digital transformation. As software systems grow more complex
and interconnected, it becomes increasingly challenging to effectively evaluate
and communicate a product's security status to both technical and non-technical
stakeholders. The Software Product Health Assistant (SPHA) is designed to automatically
collect and aggregate data from existing expert tools and derive, among other
scores, a transparent Security Score. SPHA is designed to present and explain
this Security Score to decision-makers to support their responsibilities. In this
paper, we demonstrate how to integrate data from SMARAGD (System Modeler for Architectural
Risk Assessment and Guidance on Defenses), a safety-informed threat modeling tool,
into SPHA to enhance the existing definition of its Security Score. To achieve
this, we combine information about known vulnerabilities with architectural and
threat data to calculate a realistic risk score for the product in question.
author:
- first_name: Jan-niclas
full_name: Strüwer, Jan-niclas
last_name: Strüwer
- first_name: Roman
full_name: Trentinaglia, Roman
id: '49934'
last_name: Trentinaglia
orcid: 0000-0001-9728-4991
- first_name: Benedict
full_name: Wohlers, Benedict
id: '53786'
last_name: Wohlers
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
- first_name: Roman
full_name: Dumitrescu, Roman
id: '16190'
last_name: Dumitrescu
citation:
ama: 'Strüwer J, Trentinaglia R, Wohlers B, Bodden E, Dumitrescu R. Assessing and
Communicating Software Security: Enhancing Software Product Health with Architectural
Threat Analysis. In: AHFE International. Vol 168. AHFE International; 2025.
doi:10.54941/ahfe1006145'
apa: 'Strüwer, J., Trentinaglia, R., Wohlers, B., Bodden, E., & Dumitrescu,
R. (2025). Assessing and Communicating Software Security: Enhancing Software Product
Health with Architectural Threat Analysis. AHFE International, 168.
https://doi.org/10.54941/ahfe1006145'
bibtex: '@inproceedings{Strüwer_Trentinaglia_Wohlers_Bodden_Dumitrescu_2025, title={Assessing
and Communicating Software Security: Enhancing Software Product Health with Architectural
Threat Analysis}, volume={168}, DOI={10.54941/ahfe1006145},
booktitle={AHFE International}, publisher={AHFE International}, author={Strüwer,
Jan-niclas and Trentinaglia, Roman and Wohlers, Benedict and Bodden, Eric and
Dumitrescu, Roman}, year={2025} }'
chicago: 'Strüwer, Jan-niclas, Roman Trentinaglia, Benedict Wohlers, Eric Bodden,
and Roman Dumitrescu. “Assessing and Communicating Software Security: Enhancing
Software Product Health with Architectural Threat Analysis.” In AHFE International,
Vol. 168. AHFE International, 2025. https://doi.org/10.54941/ahfe1006145.'
ieee: 'J. Strüwer, R. Trentinaglia, B. Wohlers, E. Bodden, and R. Dumitrescu, “Assessing
and Communicating Software Security: Enhancing Software Product Health with Architectural
Threat Analysis,” in AHFE International, 2025, vol. 168, doi: 10.54941/ahfe1006145.'
mla: 'Strüwer, Jan-niclas, et al. “Assessing and Communicating Software Security:
Enhancing Software Product Health with Architectural Threat Analysis.” AHFE
International, vol. 168, AHFE International, 2025, doi:10.54941/ahfe1006145.'
short: 'J. Strüwer, R. Trentinaglia, B. Wohlers, E. Bodden, R. Dumitrescu, in: AHFE
International, AHFE International, 2025.'
date_created: 2025-07-10T06:37:42Z
date_updated: 2025-07-10T06:39:03Z
department:
- _id: '241'
- _id: '662'
doi: 10.54941/ahfe1006145
intvolume: ' 168'
language:
- iso: eng
publication: AHFE International
publication_identifier:
issn:
- 2771-0718
publication_status: published
publisher: AHFE International
status: public
title: 'Assessing and Communicating Software Security: Enhancing Software Product
Health with Architectural Threat Analysis'
type: conference
user_id: '49934'
volume: 168
year: '2025'
...
---
_id: '59601'
abstract:
- lang: eng
text: Modern vehicles are becoming more connected and autonomous, and more software-defined
in general. Such connectivity leads to security risks due to the increased attack
surface for external intrusions. In addition, attacks can also lead to safety
hazards as cars contain multiple safety-critical components. Therefore both safety
and security must be considered in combination. In this whitepaper, we describe
a tool-supported analysis method aligned with automotive standards to identify
safety and security dependencies and automatically derive corresponding test cases.
These test cases can be imported into the existing dSPACE tool chain to improve
efficiency by reducing time-consuming manual work and susceptibility to errors.
Thereby, our method brings together system design and testing phases to pave the
way for an integrated safety and security-by-design life cycle in the automotive
domain.
author:
- first_name: Roman
full_name: Trentinaglia, Roman
id: '49934'
last_name: Trentinaglia
orcid: 0000-0001-9728-4991
- first_name: Markus
full_name: Fockel, Markus
id: '8472'
last_name: Fockel
orcid: 0000-0002-1269-0702
- first_name: Matthias
full_name: Pukrop, Matthias
last_name: Pukrop
- first_name: Tobias
full_name: Schaeffer, Tobias
last_name: Schaeffer
citation:
ama: 'Trentinaglia R, Fockel M, Pukrop M, Schaeffer T. Whitepaper: From HARA
and TARA to Risk-Based Safety and Security Dependency Testing. dSPACE GmbH;
2024.'
apa: 'Trentinaglia, R., Fockel, M., Pukrop, M., & Schaeffer, T. (2024). Whitepaper:
From HARA and TARA to Risk-Based Safety and Security Dependency Testing. dSPACE
GmbH.'
bibtex: '@book{Trentinaglia_Fockel_Pukrop_Schaeffer_2024, title={Whitepaper: From
HARA and TARA to Risk-Based Safety and Security Dependency Testing}, publisher={dSPACE
GmbH}, author={Trentinaglia, Roman and Fockel, Markus and Pukrop, Matthias and
Schaeffer, Tobias}, year={2024} }'
chicago: 'Trentinaglia, Roman, Markus Fockel, Matthias Pukrop, and Tobias Schaeffer.
Whitepaper: From HARA and TARA to Risk-Based Safety and Security Dependency
Testing. dSPACE GmbH, 2024.'
ieee: 'R. Trentinaglia, M. Fockel, M. Pukrop, and T. Schaeffer, Whitepaper: From
HARA and TARA to Risk-Based Safety and Security Dependency Testing. dSPACE
GmbH, 2024.'
mla: 'Trentinaglia, Roman, et al. Whitepaper: From HARA and TARA to Risk-Based
Safety and Security Dependency Testing. dSPACE GmbH, 2024.'
short: 'R. Trentinaglia, M. Fockel, M. Pukrop, T. Schaeffer, Whitepaper: From HARA
and TARA to Risk-Based Safety and Security Dependency Testing, dSPACE GmbH, 2024.'
date_created: 2025-04-16T09:30:13Z
date_updated: 2025-04-16T09:30:29Z
department:
- _id: '241'
- _id: '662'
language:
- iso: eng
main_file_link:
- url: https://www.iem.fraunhofer.de/content/dam/iem/dokumente/termine/whitepaper_safety-and-security_06_240527_e-v11.pdf
page: '5'
publication_status: published
publisher: dSPACE GmbH
related_material:
link:
- relation: other
url: https://www.iem.fraunhofer.de/de/newsroom/presse-und-news/fraunhofer-iem-dspace-veroeffentlichen-whitepaper.html
status: public
title: 'Whitepaper: From HARA and TARA to Risk-Based Safety and Security Dependency
Testing'
type: misc
user_id: '49934'
year: '2024'
...
---
_id: '57578'
author:
- first_name: Roman
full_name: Trentinaglia, Roman
id: '49934'
last_name: Trentinaglia
orcid: 0000-0001-9728-4991
- first_name: Markus
full_name: Fockel, Markus
id: '8472'
last_name: Fockel
orcid: 0000-0002-1269-0702
- first_name: Matthias
full_name: Pukrop, Matthias
last_name: Pukrop
- first_name: Tobias
full_name: Schaeffer, Tobias
last_name: Schaeffer
citation:
ama: 'Trentinaglia R, Fockel M, Pukrop M, Schaeffer T. Automatically deriving test
cases from safety-security dependencies. In: 22th Escar Europe : The World’s
Leading Automotive Cyber Security Conference : Embedded Security in Cars (Dortmund,
19. - 20.11.2024). ; 2024. doi:10.13154/294-12716'
apa: 'Trentinaglia, R., Fockel, M., Pukrop, M., & Schaeffer, T. (2024). Automatically
deriving test cases from safety-security dependencies. 22th Escar Europe :
The World’s Leading Automotive Cyber Security Conference : Embedded Security in
Cars (Dortmund, 19. - 20.11.2024). https://doi.org/10.13154/294-12716'
bibtex: '@inproceedings{Trentinaglia_Fockel_Pukrop_Schaeffer_2024, title={Automatically
deriving test cases from safety-security dependencies}, DOI={10.13154/294-12716},
booktitle={22th escar Europe : The World’s Leading Automotive Cyber Security Conference :
Embedded Security in Cars (Dortmund, 19. - 20.11.2024)}, author={Trentinaglia,
Roman and Fockel, Markus and Pukrop, Matthias and Schaeffer, Tobias}, year={2024}
}'
chicago: 'Trentinaglia, Roman, Markus Fockel, Matthias Pukrop, and Tobias Schaeffer.
“Automatically Deriving Test Cases from Safety-Security Dependencies.” In 22th
Escar Europe : The World’s Leading Automotive Cyber Security Conference : Embedded
Security in Cars (Dortmund, 19. - 20.11.2024), 2024. https://doi.org/10.13154/294-12716.'
ieee: 'R. Trentinaglia, M. Fockel, M. Pukrop, and T. Schaeffer, “Automatically deriving
test cases from safety-security dependencies,” 2024, doi: 10.13154/294-12716.'
mla: 'Trentinaglia, Roman, et al. “Automatically Deriving Test Cases from Safety-Security
Dependencies.” 22th Escar Europe : The World’s Leading Automotive Cyber Security
Conference : Embedded Security in Cars (Dortmund, 19. - 20.11.2024), 2024,
doi:10.13154/294-12716.'
short: 'R. Trentinaglia, M. Fockel, M. Pukrop, T. Schaeffer, in: 22th Escar Europe :
The World’s Leading Automotive Cyber Security Conference : Embedded Security in
Cars (Dortmund, 19. - 20.11.2024), 2024.'
date_created: 2024-12-04T14:55:47Z
date_updated: 2025-05-19T09:31:29Z
department:
- _id: '241'
- _id: '662'
doi: 10.13154/294-12716
language:
- iso: eng
publication: '22th escar Europe : The World’s Leading Automotive Cyber Security Conference
: Embedded Security in Cars (Dortmund, 19. - 20.11.2024)'
status: public
title: Automatically deriving test cases from safety-security dependencies
type: conference
user_id: '49934'
year: '2024'
...
---
_id: '43395'
author:
- first_name: Roman
full_name: Trentinaglia, Roman
id: '49934'
last_name: Trentinaglia
orcid: 0000-0001-9728-4991
- first_name: Sven
full_name: Merschjohann, Sven
id: '11394'
last_name: Merschjohann
- first_name: Markus
full_name: Fockel, Markus
id: '8472'
last_name: Fockel
orcid: 0000-0002-1269-0702
- first_name: Hendrik
full_name: Eikerling, Hendrik
id: '29279'
last_name: Eikerling
citation:
ama: 'Trentinaglia R, Merschjohann S, Fockel M, Eikerling H. Eliciting Security
Requirements – An Experience Report. In: REFSQ 2023: Requirements Engineering:
Foundation for Software Quality. Springer Nature Switzerland; 2023. doi:10.1007/978-3-031-29786-1_25'
apa: 'Trentinaglia, R., Merschjohann, S., Fockel, M., & Eikerling, H. (2023).
Eliciting Security Requirements – An Experience Report. REFSQ 2023: Requirements
Engineering: Foundation for Software Quality. https://doi.org/10.1007/978-3-031-29786-1_25'
bibtex: '@inproceedings{Trentinaglia_Merschjohann_Fockel_Eikerling_2023, place={Cham},
title={Eliciting Security Requirements – An Experience Report}, DOI={10.1007/978-3-031-29786-1_25},
booktitle={REFSQ 2023: Requirements Engineering: Foundation for Software Quality},
publisher={Springer Nature Switzerland}, author={Trentinaglia, Roman and Merschjohann,
Sven and Fockel, Markus and Eikerling, Hendrik}, year={2023} }'
chicago: 'Trentinaglia, Roman, Sven Merschjohann, Markus Fockel, and Hendrik Eikerling.
“Eliciting Security Requirements – An Experience Report.” In REFSQ 2023: Requirements
Engineering: Foundation for Software Quality. Cham: Springer Nature Switzerland,
2023. https://doi.org/10.1007/978-3-031-29786-1_25.'
ieee: 'R. Trentinaglia, S. Merschjohann, M. Fockel, and H. Eikerling, “Eliciting
Security Requirements – An Experience Report,” 2023, doi: 10.1007/978-3-031-29786-1_25.'
mla: 'Trentinaglia, Roman, et al. “Eliciting Security Requirements – An Experience
Report.” REFSQ 2023: Requirements Engineering: Foundation for Software Quality,
Springer Nature Switzerland, 2023, doi:10.1007/978-3-031-29786-1_25.'
short: 'R. Trentinaglia, S. Merschjohann, M. Fockel, H. Eikerling, in: REFSQ 2023:
Requirements Engineering: Foundation for Software Quality, Springer Nature Switzerland,
Cham, 2023.'
date_created: 2023-04-04T12:47:31Z
date_updated: 2023-04-04T12:51:41Z
department:
- _id: '241'
- _id: '662'
doi: 10.1007/978-3-031-29786-1_25
language:
- iso: eng
place: Cham
publication: 'REFSQ 2023: Requirements Engineering: Foundation for Software Quality'
publication_identifier:
isbn:
- '9783031297854'
- '9783031297861'
issn:
- 0302-9743
- 1611-3349
publication_status: published
publisher: Springer Nature Switzerland
status: public
title: Eliciting Security Requirements – An Experience Report
type: conference
user_id: '8472'
year: '2023'
...
---
_id: '29847'
author:
- first_name: Markus
full_name: Fockel, Markus
id: '8472'
last_name: Fockel
orcid: 0000-0002-1269-0702
- first_name: David
full_name: Schubert, David
id: '9106'
last_name: Schubert
- first_name: Roman
full_name: Trentinaglia, Roman
id: '49934'
last_name: Trentinaglia
orcid: 0000-0001-9728-4991
- first_name: Hannes
full_name: Schulz, Hannes
last_name: Schulz
- first_name: Wolfgang
full_name: Kirmair, Wolfgang
last_name: Kirmair
citation:
ama: 'Fockel M, Schubert D, Trentinaglia R, Schulz H, Kirmair W. Semi-automatic
Integrated Safety and Security Analysis for Automotive Systems. In: Proceedings
of the 10th International Conference on Model-Driven Engineering and Software
Development. SCITEPRESS - Science and Technology Publications; 2022. doi:10.5220/0010778500003119'
apa: Fockel, M., Schubert, D., Trentinaglia, R., Schulz, H., & Kirmair, W. (2022).
Semi-automatic Integrated Safety and Security Analysis for Automotive Systems.
Proceedings of the 10th International Conference on Model-Driven Engineering
and Software Development. https://doi.org/10.5220/0010778500003119
bibtex: '@inproceedings{Fockel_Schubert_Trentinaglia_Schulz_Kirmair_2022, title={Semi-automatic
Integrated Safety and Security Analysis for Automotive Systems}, DOI={10.5220/0010778500003119},
booktitle={Proceedings of the 10th International Conference on Model-Driven Engineering
and Software Development}, publisher={SCITEPRESS - Science and Technology Publications},
author={Fockel, Markus and Schubert, David and Trentinaglia, Roman and Schulz,
Hannes and Kirmair, Wolfgang}, year={2022} }'
chicago: Fockel, Markus, David Schubert, Roman Trentinaglia, Hannes Schulz, and
Wolfgang Kirmair. “Semi-Automatic Integrated Safety and Security Analysis for
Automotive Systems.” In Proceedings of the 10th International Conference on
Model-Driven Engineering and Software Development. SCITEPRESS - Science and
Technology Publications, 2022. https://doi.org/10.5220/0010778500003119.
ieee: 'M. Fockel, D. Schubert, R. Trentinaglia, H. Schulz, and W. Kirmair, “Semi-automatic
Integrated Safety and Security Analysis for Automotive Systems,” 2022, doi: 10.5220/0010778500003119.'
mla: Fockel, Markus, et al. “Semi-Automatic Integrated Safety and Security Analysis
for Automotive Systems.” Proceedings of the 10th International Conference on
Model-Driven Engineering and Software Development, SCITEPRESS - Science and
Technology Publications, 2022, doi:10.5220/0010778500003119.
short: 'M. Fockel, D. Schubert, R. Trentinaglia, H. Schulz, W. Kirmair, in: Proceedings
of the 10th International Conference on Model-Driven Engineering and Software
Development, SCITEPRESS - Science and Technology Publications, 2022.'
date_created: 2022-02-15T08:07:15Z
date_updated: 2022-02-15T08:14:07Z
department:
- _id: '241'
- _id: '662'
doi: 10.5220/0010778500003119
language:
- iso: eng
publication: Proceedings of the 10th International Conference on Model-Driven Engineering
and Software Development
publication_status: published
publisher: SCITEPRESS - Science and Technology Publications
status: public
title: Semi-automatic Integrated Safety and Security Analysis for Automotive Systems
type: conference
user_id: '49934'
year: '2022'
...
---
_id: '34298'
author:
- first_name: Roman
full_name: Trentinaglia, Roman
id: '49934'
last_name: Trentinaglia
orcid: 0000-0001-9728-4991
citation:
ama: 'Trentinaglia R. Deriving model-based safety and security assurance cases from
design rationale of countermeasure patterns. In: Proceedings of the 25th International
Conference on Model Driven Engineering Languages and Systems: Companion Proceedings.
ACM; 2022. doi:10.1145/3550356.3558508'
apa: 'Trentinaglia, R. (2022). Deriving model-based safety and security assurance
cases from design rationale of countermeasure patterns. Proceedings of the
25th International Conference on Model Driven Engineering Languages and Systems:
Companion Proceedings. https://doi.org/10.1145/3550356.3558508'
bibtex: '@inproceedings{Trentinaglia_2022, title={Deriving model-based safety and
security assurance cases from design rationale of countermeasure patterns}, DOI={10.1145/3550356.3558508}, booktitle={Proceedings
of the 25th International Conference on Model Driven Engineering Languages and
Systems: Companion Proceedings}, publisher={ACM}, author={Trentinaglia, Roman},
year={2022} }'
chicago: 'Trentinaglia, Roman. “Deriving Model-Based Safety and Security Assurance
Cases from Design Rationale of Countermeasure Patterns.” In Proceedings of
the 25th International Conference on Model Driven Engineering Languages and Systems:
Companion Proceedings. ACM, 2022. https://doi.org/10.1145/3550356.3558508.'
ieee: 'R. Trentinaglia, “Deriving model-based safety and security assurance cases
from design rationale of countermeasure patterns,” 2022, doi: 10.1145/3550356.3558508.'
mla: 'Trentinaglia, Roman. “Deriving Model-Based Safety and Security Assurance Cases
from Design Rationale of Countermeasure Patterns.” Proceedings of the 25th
International Conference on Model Driven Engineering Languages and Systems: Companion
Proceedings, ACM, 2022, doi:10.1145/3550356.3558508.'
short: 'R. Trentinaglia, in: Proceedings of the 25th International Conference on
Model Driven Engineering Languages and Systems: Companion Proceedings, ACM, 2022.'
date_created: 2022-12-09T08:50:22Z
date_updated: 2025-05-19T09:32:35Z
department:
- _id: '241'
- _id: '662'
doi: 10.1145/3550356.3558508
language:
- iso: eng
publication: 'Proceedings of the 25th International Conference on Model Driven Engineering
Languages and Systems: Companion Proceedings'
publication_status: published
publisher: ACM
status: public
title: Deriving model-based safety and security assurance cases from design rationale
of countermeasure patterns
type: conference
user_id: '49934'
year: '2022'
...