From 580d540976f620c0ec1d25ae64b718f431cbdfd2 Mon Sep 17 00:00:00 2001
From: MatthiasEckhart <5939067+MatthiasEckhart@users.noreply.github.com>
Date: Sun, 24 Jul 2022 21:19:52 +0200
Subject: [PATCH] Added TII BibTeX file.

---
 README.md            |  4 ++--
 bib/Eckhart2022a.bib | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 bib/Eckhart2022a.bib

diff --git a/README.md b/README.md
index 3d773bc..6895777 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 This prototype implements the methods presented in the following two publications:
 
 1. [Eckhart, M., Ekelhart, A., & Weippl, E. R. (2020). Automated Security Risk Identification Using AutomationML-Based Engineering Data. IEEE Transactions on Dependable and Secure Computing.](https://doi.org/10.1109/TDSC.2020.3033150)
-2. Eckhart, M., Ekelhart, A., Biffl S., Lüder A., & Weippl, E. R. (2022). QualSec: An Automated Quality-Driven Approach for Security Risk Identification in Cyber-Physical Production Systems. IEEE Transactions on Industrial Informatics. To Appear.
+2. [Eckhart, M., Ekelhart, A., Biffl S., Lüder A., & Weippl, E. R. (2022). QualSec: An Automated Quality-Driven Approach for Security Risk Identification in Cyber-Physical Production Systems. IEEE Transactions on Industrial Informatics.](https://doi.org/10.1109/tii.2022.3193119)
 
 In essence, it identifies security risk sources (i.e., threats and vulnerabilities) and types of attack consequences based on AutomationML (AML) artifacts.
 The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber-attacks that potentially lead to physical damage.
@@ -99,7 +99,7 @@ The measurements and log files obtained during the performance assessment are av
 
 ## How to Cite
 
-If you use this prototype in your research, please consider citing our [IEEE TDSC 2020](https://doi.org/10.1109/TDSC.2020.3033150) or IEEE TII 2022 publication. Feel free to use the papers' BibTeX entries ([TDSC](https://github.com/sbaresearch/amlsec/tree/master/bib/Eckhart2022.bib), TII).
+If you use this prototype in your research, please consider citing our [IEEE TDSC 2020](https://doi.org/10.1109/TDSC.2020.3033150) or [IEEE TII 2022](https://doi.org/10.1109/tii.2022.3193119) publication. Feel free to use the papers' BibTeX entries ([TDSC](https://github.com/sbaresearch/amlsec/tree/master/bib/Eckhart2022.bib), [TII](https://github.com/sbaresearch/amlsec/tree/master/bib/Eckhart2022a.bib)).
 
 ## Acknowledgment
 
diff --git a/bib/Eckhart2022a.bib b/bib/Eckhart2022a.bib
new file mode 100644
index 0000000..f1e0914
--- /dev/null
+++ b/bib/Eckhart2022a.bib
@@ -0,0 +1,10 @@
+@Article{Eckhart2022a,
+  author   = {Eckhart, Matthias and Ekelhart, Andreas and Biffl, Stefan and L{\"u}der, Arndt and Weippl, Edgar},
+  journal  = {IEEE Transactions on Industrial Informatics},
+  title    = {{QualSec}: An Automated Quality-Driven Approach for Security Risk Identification in Cyber-Physical Production Systems},
+  year     = {2022},
+  issn     = {1941-0050},
+  pages    = {1--12},
+  abstract = {As the threat landscape in the industrial domain continually advances, security-by-design is an ever-growing concern in the engineering of cyber-physical production systems (CPPSs). Often, quality aspects are not considered when securing CPPSs, which creates attack vectors that could lead to malicious activity affecting the products&#x0027; quality. Since quality control systems generally provide inadequate protection against intentionally introduced defects, and can be susceptible to attacks, quality considerations must be integrated into security-aware CPPS engineering. For this purpose, we propose the QualSec method that automatically identifies security risks pertaining to CPPSs, building on the quality characteristics associated with manufacturing operations to determine cascading effects. QualSec is based on a semantic representation of engineering knowledge, allowing to efficiently reuse engineering models from AutomationML artifacts. Moreover, QualSec utilizes Petri nets to facilitate the analysis of security risks and cascading effects. In this way, QualSec informs users about possible attack paths for compromising quality characteristics, how attackers may disguise their malicious actions, and the possible consequences of attacks with respect to product quality. We demonstrate the benefits of QualSec in a case study and analyze its scalability through a rigorous performance evaluation.},
+  doi      = {10.1109/TII.2022.3193119},
+}