A Software Vulnerability Management Framework for the Minimization of System Attack Surface and Risk

Current Internet of Things (IoT) systems comprise multiple software systems that are deployed to provide users with the required functionalities. System architects create system blueprints and draw specifications for the software artefacts that are needed; subsequently, either custom-made software i...

Full description

Saved in:
Bibliographic Details
Published inElectronics (Basel) Vol. 12; no. 10; p. 2278
Main Authors Sotiropoulos, Panagiotis, Mathas, Christos-Minas, Vassilakis, Costas, Kolokotronis, Nicholas
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 18.05.2023
Subjects
Architecture
Cybersecurity
Data security
Integer programming
Internet of Things
Java
Linux
Methods
Open source software
Operating systems
Public domain
Software engineering
Software reliability
Specifications
Taxonomy
User requirements
Greece
Online AccessGet full text

Cover

Abstract Current Internet of Things (IoT) systems comprise multiple software systems that are deployed to provide users with the required functionalities. System architects create system blueprints and draw specifications for the software artefacts that are needed; subsequently, either custom-made software is developed according to these specifications and/or ready-made COTS/open source software may be identified and customized to realize the overall system goals. All deployed software however may entail vulnerabilities, either due to insecure coding practices or owing to misconfigurations and unexpected interactions. Moreover, software artefacts may implement a much broader set of functionalities than may be strictly necessary for the system at hand, in order to serve a wider range of needs, and failure to appropriately configure the deployed software to include only the required modules results in the further increase of the system attack surface and the associated risk. In this paper, we present a software vulnerability management framework which facilitates (a) the configuration of software to include only the necessary features, (b) the execution of security-related tests and the compilation of platform-wide software vulnerability lists, and (c) the prioritization of vulnerability addressing, considering the impact of each vulnerability, the associated technical debt for its remediation, and the available security budget. The proposed framework can be used as an aid in IoT platform implementation by software architects, developers, and security experts.
AbstractList Current Internet of Things (IoT) systems comprise multiple software systems that are deployed to provide users with the required functionalities. System architects create system blueprints and draw specifications for the software artefacts that are needed; subsequently, either custom-made software is developed according to these specifications and/or ready-made COTS/open source software may be identified and customized to realize the overall system goals. All deployed software however may entail vulnerabilities, either due to insecure coding practices or owing to misconfigurations and unexpected interactions. Moreover, software artefacts may implement a much broader set of functionalities than may be strictly necessary for the system at hand, in order to serve a wider range of needs, and failure to appropriately configure the deployed software to include only the required modules results in the further increase of the system attack surface and the associated risk. In this paper, we present a software vulnerability management framework which facilitates (a) the configuration of software to include only the necessary features, (b) the execution of security-related tests and the compilation of platform-wide software vulnerability lists, and (c) the prioritization of vulnerability addressing, considering the impact of each vulnerability, the associated technical debt for its remediation, and the available security budget. The proposed framework can be used as an aid in IoT platform implementation by software architects, developers, and security experts.
Audience Academic
Author Mathas, Christos-Minas
Sotiropoulos, Panagiotis
Vassilakis, Costas
Kolokotronis, Nicholas
Author_xml – sequence: 1
  givenname: Panagiotis
  orcidid: 0000-0001-9669-7401
  surname: Sotiropoulos
  fullname: Sotiropoulos, Panagiotis
– sequence: 2
  givenname: Christos-Minas
  orcidid: 0000-0002-4761-5833
  surname: Mathas
  fullname: Mathas, Christos-Minas
– sequence: 3
  givenname: Costas
  orcidid: 0000-0001-9940-1821
  surname: Vassilakis
  fullname: Vassilakis, Costas
– sequence: 4
  givenname: Nicholas
  orcidid: 0000-0003-0660-8431
  surname: Kolokotronis
  fullname: Kolokotronis, Nicholas
BookMark eNptUctOYzEMjRAjAZ1-AZtIrMvkwW2SZYV4SUVIlJntlZs4EHpvAkkq1Pn6yagsWGAvbFnn-Mg-J-QwpoiEnHJ2LqVhv3BAW3OKwRYuOBNC6QNyLJgyMyOMOPzSH5FpKa-sheFSS3ZM3IKukq8fkJH-2Q4RM6zDEOqO3kOEZxwxVnqdYcSPlDfUp0zrC9L7EMMY_kINKdLk6WpXKo50USvYDV1tsweLFKKjj6FsfpIfHoaC0886Ib-vr54ub2fLh5u7y8VyZuWc15kDy3jHpeg0cu-c0tpo5r1aS5h7JqVydu7RqDnTxjAHa8dlpxQwqQUDKyfkbL_3Laf3LZbav6Ztjk2yF5qbC9m1oxvqfI96hgH7EH2qGWxLh2Ow7bc-tPlCdazpS2MaQe4JNqdSMvr-LYcR8q7nrP9vQf-NBfIf5s5-mw
CitedBy_id crossref_primary_10_25299_itjrd_2023_13251
Cites_doi 10.1016/j.cose.2021.102494
10.3390/fi14100276
10.1109/MIE.2020.3008136
10.1145/3236024.3236068
10.1145/2971482
10.1109/COMST.2018.2869360
10.1109/IECON.2017.8217070
10.3390/en14102818
10.5220/0007950904990507
10.1109/MIC.2012.29
10.1016/j.procs.2020.04.217
10.1002/cpe.583
10.1016/j.iot.2019.100129
10.1109/TrustCom/BigDataSE.2019.00076
10.1145/3319535.3354206
10.1287/opre.50.1.42.17798
10.3390/s22041335
10.1109/EPEC.2015.7379940
10.1109/CCWC54503.2022.9720884
10.1109/SoutheastCon42311.2019.9020329
10.1109/EDOC49727.2020.00026
10.1007/978-3-642-37521-7
10.1109/JIOT.2022.3152364
10.23919/MIPRO.2017.7973622
10.1504/IJWET.2022.127876
10.1109/ISI.2016.7745438
10.1016/j.comnet.2018.11.025
10.3390/s21072329
10.1016/j.cosrev.2022.100467
10.3390/electronics8111218
10.1145/3533767.3534414
10.1109/ETFA.2012.6489544
10.1109/ISCC47284.2019.8969728
10.1109/TSMC.2019.2915940
10.1145/3407023.3409185
10.1007/978-1-4842-4294-0
10.14722/ndss.2019.23488
ContentType Journal Article
Copyright COPYRIGHT 2023 MDPI AG
2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Copyright_xml – notice: COPYRIGHT 2023 MDPI AG
– notice: 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
DBID AAYXX
CITATION
7SP
8FD
8FE
8FG
ABUWG
AFKRA
ARAPS
AZQEC
BENPR
BGLVJ
CCPQU
DWQXO
HCIFZ
L7M
P5Z
P62
PIMPY
PQEST
PQQKQ
PQUKI
PRINS
DOI 10.3390/electronics12102278
DatabaseName CrossRef
Electronics & Communications Abstracts
Technology Research Database
ProQuest SciTech Collection
ProQuest Technology Collection
ProQuest Central (Alumni)
ProQuest Central UK/Ireland
Advanced Technologies & Aerospace Database‎ (1962 - current)
ProQuest Central Essentials
AUTh Library subscriptions: ProQuest Central
Technology Collection
ProQuest One Community College
ProQuest Central
SciTech Premium Collection (Proquest) (PQ_SDU_P3)
Advanced Technologies Database with Aerospace
ProQuest Advanced Technologies & Aerospace Database
ProQuest Advanced Technologies & Aerospace Collection
Access via ProQuest (Open Access)
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Academic
ProQuest One Academic UKI Edition
ProQuest Central China
DatabaseTitle CrossRef
Publicly Available Content Database
Advanced Technologies & Aerospace Collection
Technology Collection
Technology Research Database
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest One Academic Eastern Edition
Electronics & Communications Abstracts
ProQuest Central (Alumni Edition)
SciTech Premium Collection
ProQuest One Community College
ProQuest Technology Collection
ProQuest SciTech Collection
ProQuest Central China
ProQuest Central
Advanced Technologies & Aerospace Database
ProQuest One Academic UKI Edition
ProQuest Central Korea
ProQuest One Academic
Advanced Technologies Database with Aerospace
DatabaseTitleList CrossRef

Publicly Available Content Database
Database_xml – sequence: 1
  dbid: 8FG
  name: ProQuest Technology Collection
  url: https://search.proquest.com/technologycollection1
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Architecture
EISSN 2079-9292
ExternalDocumentID A750889399
10_3390_electronics12102278
GeographicLocations Greece
GeographicLocations_xml – name: Greece
GroupedDBID 5VS
8FE
8FG
AAYXX
AFKRA
ALMA_UNASSIGNED_HOLDINGS
ARAPS
BENPR
BGLVJ
CCPQU
CITATION
GROUPED_DOAJ
HCIFZ
IAO
ITC
KQ8
MODMG
M~E
OK1
P62
PIMPY
PROAC
7SP
8FD
ABUWG
AZQEC
DWQXO
L7M
PQEST
PQQKQ
PQUKI
PRINS
ID FETCH-LOGICAL-c361t-dac01513258e1fdd788980ff7b3a6f0337dc6fe97608990dabd13577a03820ac3
IEDL.DBID 8FG
ISSN 2079-9292
IngestDate Thu Oct 10 16:49:35 EDT 2024
Tue Jan 23 06:12:50 EST 2024
Fri Aug 23 02:37:03 EDT 2024
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 10
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c361t-dac01513258e1fdd788980ff7b3a6f0337dc6fe97608990dabd13577a03820ac3
ORCID 0000-0002-4761-5833
0000-0003-0660-8431
0000-0001-9669-7401
0000-0001-9940-1821
OpenAccessLink https://www.proquest.com/docview/2819435383?pq-origsite=%requestingapplication%
PQID 2819435383
PQPubID 2032404
ParticipantIDs proquest_journals_2819435383
gale_infotracacademiconefile_A750889399
crossref_primary_10_3390_electronics12102278
PublicationCentury 2000
PublicationDate 2023-05-18
PublicationDateYYYYMMDD 2023-05-18
PublicationDate_xml – month: 05
  year: 2023
  text: 2023-05-18
  day: 18
PublicationDecade 2020
PublicationPlace Basel
PublicationPlace_xml – name: Basel
PublicationTitle Electronics (Basel)
PublicationYear 2023
Publisher MDPI AG
Publisher_xml – name: MDPI AG
References ref_50
ref_14
ref_13
ref_12
Prehofer (ref_37) 2001; 13
ref_55
ref_54
ref_53
ref_51
ref_19
ref_17
He (ref_33) 2022; 9
ref_16
ref_15
Schiller (ref_23) 2022; 44
Hussain (ref_5) 2019; 21
Kaur (ref_20) 2020; 171
ref_25
ref_24
ref_22
ref_21
ref_29
ref_28
ref_27
ref_26
HaddadPajouh (ref_10) 2021; 14
Grau (ref_2) 2021; 15
Omolara (ref_11) 2022; 112
Coppola (ref_4) 2016; 49
ref_36
ref_35
ref_34
Bormann (ref_45) 2012; 16
ref_32
ref_31
ref_30
Sotiropoulos (ref_18) 2022; 17
ref_39
ref_38
Dantzig (ref_40) 2002; 50
ref_47
Hassan (ref_8) 2019; 148
ref_46
Ghazo (ref_52) 2020; 50
ref_44
ref_43
ref_42
ref_41
ref_1
ref_3
ref_49
ref_48
ref_9
ref_7
ref_6
References_xml – volume: 112
  start-page: 102494
  year: 2022
  ident: ref_11
  article-title: The internet of things security: A survey encompassing unexplored areas and new insights
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2021.102494
  contributor:
    fullname: Omolara
– ident: ref_9
– ident: ref_35
  doi: 10.3390/fi14100276
– ident: ref_26
– ident: ref_16
– volume: 15
  start-page: 50
  year: 2021
  ident: ref_2
  article-title: Robots in Industry: The Past, Present, and Future of a Growing Collaboration With Humans
  publication-title: IEEE Ind. Electron. Mag.
  doi: 10.1109/MIE.2020.3008136
  contributor:
    fullname: Grau
– ident: ref_55
  doi: 10.1145/3236024.3236068
– volume: 49
  start-page: 1
  year: 2016
  ident: ref_4
  article-title: Connected Car
  publication-title: ACM Comput. Surv.
  doi: 10.1145/2971482
  contributor:
    fullname: Coppola
– volume: 21
  start-page: 1275
  year: 2019
  ident: ref_5
  article-title: Autonomous Cars: Research Results, Issues, and Future Challenges
  publication-title: IEEE Commun. Surv. Tutor.
  doi: 10.1109/COMST.2018.2869360
  contributor:
    fullname: Hussain
– ident: ref_42
– ident: ref_1
  doi: 10.1109/IECON.2017.8217070
– ident: ref_22
  doi: 10.3390/en14102818
– ident: ref_27
– ident: ref_49
  doi: 10.5220/0007950904990507
– volume: 16
  start-page: 62
  year: 2012
  ident: ref_45
  article-title: CoAP: An Application Protocol for Billions of Tiny Internet Nodes
  publication-title: IEEE Internet Comput.
  doi: 10.1109/MIC.2012.29
  contributor:
    fullname: Bormann
– ident: ref_48
– volume: 171
  start-page: 2023
  year: 2020
  ident: ref_20
  article-title: A Comparative Study of Static Code Analysis tools for Vulnerability Detection in C/C++ and JAVA Source Code
  publication-title: Procedia Computer Science
  doi: 10.1016/j.procs.2020.04.217
  contributor:
    fullname: Kaur
– ident: ref_41
– volume: 13
  start-page: 465
  year: 2001
  ident: ref_37
  article-title: Feature-oriented programming: A new way of object composition
  publication-title: Concurr. Comput. Pract. Exp.
  doi: 10.1002/cpe.583
  contributor:
    fullname: Prehofer
– ident: ref_38
– ident: ref_17
– volume: 14
  start-page: 100129
  year: 2021
  ident: ref_10
  article-title: A survey on internet of things security: Requirements, challenges, and solutions
  publication-title: Internet Things
  doi: 10.1016/j.iot.2019.100129
  contributor:
    fullname: HaddadPajouh
– ident: ref_29
  doi: 10.1109/TrustCom/BigDataSE.2019.00076
– ident: ref_51
  doi: 10.1145/3319535.3354206
– ident: ref_7
– ident: ref_28
– volume: 50
  start-page: 42
  year: 2002
  ident: ref_40
  article-title: Linear Programming
  publication-title: Oper. Res.
  doi: 10.1287/opre.50.1.42.17798
  contributor:
    fullname: Dantzig
– ident: ref_34
  doi: 10.3390/s22041335
– ident: ref_47
– ident: ref_3
  doi: 10.1109/EPEC.2015.7379940
– ident: ref_24
  doi: 10.1109/CCWC54503.2022.9720884
– ident: ref_32
  doi: 10.1109/SoutheastCon42311.2019.9020329
– ident: ref_54
  doi: 10.1109/EDOC49727.2020.00026
– ident: ref_44
– ident: ref_21
– ident: ref_39
  doi: 10.1007/978-3-642-37521-7
– volume: 9
  start-page: 16438
  year: 2022
  ident: ref_33
  article-title: Firmware Vulnerabilities Homology Detection Based on Clonal Selection Algorithm for IoT Devices
  publication-title: IEEE Internet Things J.
  doi: 10.1109/JIOT.2022.3152364
  contributor:
    fullname: He
– ident: ref_31
  doi: 10.23919/MIPRO.2017.7973622
– ident: ref_6
– volume: 17
  start-page: 296
  year: 2022
  ident: ref_18
  article-title: The additional testsuite framework: Facilitating software testing and test management
  publication-title: Int. J. Web Eng. Technol.
  doi: 10.1504/IJWET.2022.127876
  contributor:
    fullname: Sotiropoulos
– ident: ref_30
  doi: 10.1109/ISI.2016.7745438
– volume: 148
  start-page: 283
  year: 2019
  ident: ref_8
  article-title: Current research on Internet of Things (IoT) security: A survey
  publication-title: Comput. Netw.
  doi: 10.1016/j.comnet.2018.11.025
  contributor:
    fullname: Hassan
– ident: ref_19
  doi: 10.3390/s21072329
– volume: 44
  start-page: 100467
  year: 2022
  ident: ref_23
  article-title: Landscape of IoT security
  publication-title: Comput. Sci. Rev.
  doi: 10.1016/j.cosrev.2022.100467
  contributor:
    fullname: Schiller
– ident: ref_12
– ident: ref_25
  doi: 10.3390/electronics8111218
– ident: ref_15
– ident: ref_36
  doi: 10.1145/3533767.3534414
– ident: ref_46
  doi: 10.1109/ETFA.2012.6489544
– ident: ref_14
  doi: 10.1109/ISCC47284.2019.8969728
– volume: 50
  start-page: 3488
  year: 2020
  ident: ref_52
  article-title: A2G2V: Automatic Attack Graph Generation and Visualization and Its Applications to Computer and SCADA Networks
  publication-title: IEEE Trans. Syst. Man Cybern. Syst.
  doi: 10.1109/TSMC.2019.2915940
  contributor:
    fullname: Ghazo
– ident: ref_43
– ident: ref_50
  doi: 10.1145/3407023.3409185
– ident: ref_53
  doi: 10.1007/978-1-4842-4294-0
– ident: ref_13
  doi: 10.14722/ndss.2019.23488
SSID ssj0000913830
Score 2.3025904
Snippet Current Internet of Things (IoT) systems comprise multiple software systems that are deployed to provide users with the required functionalities. System...
SourceID proquest
gale
crossref
SourceType Aggregation Database
StartPage 2278
SubjectTerms Architecture
Cybersecurity
Data security
Integer programming
Internet of Things
Java
Linux
Methods
Open source software
Operating systems
Public domain
Software engineering
Software reliability
Specifications
Taxonomy
User requirements
Title A Software Vulnerability Management Framework for the Minimization of System Attack Surface and Risk
URI https://www.proquest.com/docview/2819435383
Volume 12
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LS8NAEB60vaggWhWrVfYgeDGY7aZ5nCRKaxFapLXiLWx2N1DUVJsU8eJvdyZNbQ_FY9hDYGZ35pvXNwAXkmCtcn1Ly1hbjiuVFdtuYHGlfEdoEZgmTSP3-m535Dy8tF7KhFtWtlUubGJhqPVEUY78mgo-6NoxoLr5-LRoaxRVV8sVGptQ5U3Po5Yuv3P_l2Mhzktf2HOyIYHR_fVyt0xWMGc1ab3aikNab5YLX9PZg90SJLJwrtV92DBpDXbClZx_DbZXmAQPQIdsiAb1S04Ne569EZV00fX6zZb9LayzaMRiiFQZIj_WG6fj93ISk00SNucvZ2GeS_XKhrNpIpVhMtVsMM5eD2HUaT_dda1ygYKlhMtzlL9Cb4_xZss3PNEaw93At5PEi4V0E1sITys3MYhIqPhnk7q4aHmetAUCA6nEEVTSSWqOgXHfVg6PPTeJtSMNDyRiNRm0JIqRPFodrhZSjD7mPBkRxhck9GiN0OtwSZKO6BXlU6lkOQyAPyM-qij0CDgGiJ7q0FgoIyqfVxYtL8PJ_8ensEX74ancz_0GVPLpzJwhisjj8-KqnEP1tt1_HOBX76f9C2LtzAs
link.rule.ids 315,783,787,12778,21401,27937,27938,33386,33757,43613,43818,74370,74637
linkProvider ProQuest
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LS8NAEB60PfgA8Yn1uQfBi8Gkm-Zxkigt9dEivugtbHY3UKqptiniv3cm3dgeiuccAjO7M9889vsAzgTBWukFlhKJslxPSCuxvdBypAxcrnio6_QaudP12q_uXa_RMw23sVmrLGNiEajVUFKP_JIGPpjasaC6-vyySDWKpqtGQmMZqkRVFVSget3sPj79dVmI9TLg9pRuiGN9fzlTlxkX3Fl1ElibS0mLA3ORbVqbsGFgIoumft2CJZ1tw3o01_XfhrU5LsEdUBF7xpD6LUaavU3eiUy62Hv9YbMNF9YqV7EYYlWG2I91-ln_w7zFZMOUTRnMWZTnQg7Y82SUCqmZyBR76o8Hu_Daar7ctC0joWBJ7jk5ekBivseKsxFoJ1UKC94wsNPUT7jwUptzX0kv1YhJaPxnk8Mc3vB9YXOEBkLyPahkw0zvA3MCW7pO4ntpolyhnVAgWhNhQ6AZKafV4KK0Yvw5ZcqIscIgo8cLjF6Dc7J0TPcoHwkpzHMA_BkxUsWRT9AxRPxUg6PSGbG5YON4dhwO_v98Civtl85D_HDbvT-EVVKLp-G_ExxBJR9N9DFiijw5MQfnF1NgzZE
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LS8NAEB60gqggPrFadQ-CF0OTbrpJThIfxWcRX3gLm31AUVNtU8R_70y7tT2I5xwCM7Mz3-x8-w3AgSRYq0TsaZlrLxRSebkvEi9QKg655olp0Gvk27a4eAqvXpovjv_Ud7TKcU4cJmrdVXRHXqeBD5Z2bKjq1tEi7s5axx-fHm2QokmrW6cxC3NRKDg2YnMn5-27-98bF1LAjLk_kh7i2OvXJ5tm-kMdrQYtW5sqT38n6WHlaa3AsoOMLB35eBVmTLEGS-nUBGANFqd0BddBp-wB0-uX7Bn2PHgjYekhB_abTdgurDWmZTHErQxxILvtFJ139y6TdS0bqZmztCylemUPg56VyjBZaHbf6b9uwFPr_PH0wnPrFDzFRVCiNxTWfuw-m7EJrNbY_Caxb22Ucymsz3mklbAG8QmNAn1yXsCbUSR9jjBBKr4JlaJbmC1gQeyrMMgjYXMdShMkEpGbTJoSzUj1rQpHYytmHyPVjAy7DTJ69ofRq3BIls7oTJU9qaR7GoA_I3WqLI0IRiaIpapQGzsjc4etn01CY_v_z_swjzGT3Vy2r3dggRbHEw8giGtQKXsDs4vwosz3XNz8AKy-0cU
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Software+Vulnerability+Management+Framework+for+the+Minimization+of+System+Attack+Surface+and+Risk&rft.jtitle=Electronics+%28Basel%29&rft.au=Sotiropoulos%2C+Panagiotis&rft.au=Christos-Minas+Mathas&rft.au=Vassilakis%2C+Costas&rft.au=Kolokotronis%2C+Nicholas&rft.date=2023-05-18&rft.pub=MDPI+AG&rft.eissn=2079-9292&rft.volume=12&rft.issue=10&rft.spage=2278&rft_id=info:doi/10.3390%2Felectronics12102278&rft.externalDBID=HAS_PDF_LINK
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2079-9292&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2079-9292&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2079-9292&client=summon